Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

prosze o sprawdzenie logów Frst

mayday28 29 Mar 2017 18:41 405 7
  • #2 29 Mar 2017 18:56
    krzychupar
    Poziom 40  

    Odinstaluj:
    Browser-Security (HKLM-x32\...\Browser-Security) (Version: 1.2.0.0 - Vondos Media GmbH) <==== UWAGA
    Update for Video Converter (HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\...\DSite) (Version: - ) <==== UWAGA
    Video Converter Packages (HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\...\Video Converter Packages) (Version: - ) <==== UWAGA
    Video Converter Packages 96 (HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\...\Video Converter Packages 96) (Version: - ) <==== UWAGA
    Yontoo 1.10.03 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.03 - Yontoo LLC) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    Task: {0072D759-5FAB-427F-811F-B92860F9529F} - System32\Tasks\{A68BA454-089E-4029-9449-42627A5EEBDF} => pcalua.exe -a C:\Users\Tomek\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Docs\setup.part1.exe -d C:\Users\Tomek\AppData\Local\Temp\ir_ext_temp_0\ <==== UWAGA
    Task: {6CA52211-2697-45DA-9BA0-02F1005BC96E} - System32\Tasks\{48FBCC77-E0F8-488C-BB88-021D85A7272B} => pcalua.exe -a C:\Users\Tomek\Downloads\VirtualDub-1.10.2\auxsetup.exe -d C:\Users\Tomek\Downloads\VirtualDub-1.10.2
    Task: {92AF666F-0559-48C6-8484-28984FEB03E5} - System32\Tasks\{1515B7EA-7D98-454D-AE99-2683DE50ABED} => pcalua.exe -a "D:\G780 DriverCD 1.1\Win7\15. EM\setup.exe" -d "D:\G780 DriverCD 1.1\Win7\15. EM"
    Task: {AAA68025-A2D6-4A73-BFBA-A5C61730BB84} - System32\Tasks\DSite => C:\Users\Tomek\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-04-07] () <==== UWAGA
    HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\...\MountPoints2: {00e79ffb-47d6-11e3-bb87-08edb9a70d5c} - G:\AutoRun.exe
    HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\...\MountPoints2: {347f43e6-86d1-11e4-8da2-08edb9a70d5c} - G:\setup.exe
    HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\...\MountPoints2: {9528250f-9fb1-11e2-8844-08edb9a70d5c} - G:\iStudio.exe
    HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\...\MountPoints2: {9cd2c5d1-2450-11e4-ae60-806e6f6e6963} - I:\setup.exe
    HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\...\MountPoints2: {b307a0ec-cb72-11e5-a4b9-08edb9a70d5c} - G:\AutoRun.exe
    HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\...\MountPoints2: {e765a57c-8796-11e4-a4b1-08edb9a70d5c} - G:\setup.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    Startup: C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 1510 series.lnk [2017-03-29]
    Winsock: Catalog5 01 mswsock.dll => Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 02 mswsock.dll => Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5-x64 01 mswsock.dll => Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\system32\NLAapi.dll"




    Winsock: Catalog5-x64 02 mswsock.dll => Brak pliku UWAGA: LibraryPath powinno kierować na "%SystemRoot%\System32\mswsock.dll"
    Tcpip\..\Interfaces\{E51DC7D8-D4B4-4155-99AC-AB9327D48F45}: [DhcpNameServer] 172.20.10.1
    HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119370&babsrc=HP_ss&mntrId=425908EDB9A70D5C
    URLSearchHook: HKU\S-1-5-21-4073571731-3810753117-1263751950-1000 - (Brak nazwy) - {ecfbff3c-fd5b-4a47-816c-c926ea321561} - Brak pliku
    SearchScopes: HKLM-x32 -> DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3069202
    SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3069202
    SearchScopes: HKU\S-1-5-21-4073571731-3810753117-1263751950-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=425908EDB9A70D5C
    SearchScopes: HKU\S-1-5-21-4073571731-3810753117-1263751950-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=425908EDB9A70D5C
    SearchScopes: HKU\S-1-5-21-4073571731-3810753117-1263751950-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3069202
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Brak pliku
    BHO-x32: Yontoo -> {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -> C:\Program Files (x86)\Yontoo\YontooIEClient.dll [2012-10-24] (Yontoo LLC)
    Toolbar: HKU\S-1-5-21-4073571731-3810753117-1263751950-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    CHR Extension: (Serif MoviePlus) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfafkpaifpmpadngdmgiikeipjiedbpc [2016-02-12] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-service...extensionData=&lt;extension_data&gt;] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx [2013-03-19]
    S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
    U0 aswVmm; Brak ImagePath
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 29 Mar 2017 19:05
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #5 29 Mar 2017 20:03
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Adobe Reader 9.5.0 - Polish, zmien na najnowsza wersje AR lub na Foxit: http://ninite.com/foxit/
    Browser-Security
    Update for Video Converter
    Video Converter Packages
    Video Converter Packages 96
    Yontoo 1.10.03

    Miales to zrobic juz wczesniej.

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Nowy Fixlist.txt dla FRST:
    () C:\Users\Tomek\AppData\Roaming\Browser-Security\s768.exe
    C:\Users\Tomek\AppData\Local\*.exe
    HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\...\Run: [safe_urls768] => C:\Users\Tomek\AppData\Roaming\Browser-Security\s768.exe [2548944 2016-06-20] ()
    HKU\S-1-5-21-4073571731-3810753117-1263751950-1000\...\Run: [Tok-Cirrhatus] => C:\Users\Tomek\AppData\Local\smss.exe [42713 2015-02-17] ()
    C:\Users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Empty.pif
    FF user.js: detected! => C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\vp7ojpi5.default\user.js [2016-12-31]
    FF Extension: (Browser-Security) - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\vp7ojpi5.default\Extensions\firefox@browser-security.de.xpi [2016-12-31]
    CHR HKLM-x32\...\Chrome\Extension: [pfafkpaifpmpadngdmgiikeipjiedbpc] - C:\Users\Tomek\AppData\Local\Temp\ccex.crx <nie znaleziono>
    2017-02-28 17:58 - 2017-02-28 17:58 - 00000000 ____D C:\Users\Tomek\AppData\Local\Bron.tok-12-28
    2017-02-27 17:41 - 2017-02-27 17:41 - 00000000 ____D C:\Users\Tomek\AppData\Local\Bron.tok-12-27
    2017-03-29 19:34 - 2013-03-19 22:05 - 00000000 ____D C:\Program Files (x86)\Yontoo
    2017-01-12 23:00 - 2017-01-12 23:00 - 0043603 _____ () C:\Users\Tomek\AppData\Local\Bron.tok.A12.em.bin
    2013-02-23 18:20 - 2015-02-17 18:20 - 0042713 _____ () C:\Users\Tomek\AppData\Local\csrss.exe
    2013-01-06 21:53 - 2014-07-17 09:13 - 0003584 _____ () C:\Users\Tomek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-02-23 18:20 - 2015-02-17 18:20 - 0042713 _____ () C:\Users\Tomek\AppData\Local\inetinfo.exe
    2017-01-12 22:54 - 2017-01-12 22:54 - 0000051 _____ () C:\Users\Tomek\AppData\Local\Kosong.Bron.Tok.txt
    2013-02-23 18:20 - 2015-02-17 18:20 - 0042713 _____ () C:\Users\Tomek\AppData\Local\lsass.exe
    2013-02-23 18:20 - 2015-02-17 18:20 - 0042713 _____ () C:\Users\Tomek\AppData\Local\services.exe
    2013-02-23 18:20 - 2015-02-17 18:20 - 0042713 _____ () C:\Users\Tomek\AppData\Local\smss.exe
    2013-02-23 18:20 - 2015-02-17 18:20 - 0042713 ____N () C:\Users\Tomek\AppData\Local\winlogon.exe
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    DeleteJunctionsIndirectory: C:\Windows\system64

    Uzyj http://download.eset.com/special/ESETSirefefCleaner.exe

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #7 30 Mar 2017 23:30
    Kolobos
    Spec od komputerów

    Nie wykonales:
    > Odinstaluj:
    > Adobe Reader 9.5.0 - Polish, zmien na najnowsza wersje AR lub na Foxit: http://ninite.com/foxit/

    Usun katalogi:
    C:\AdwCleaner
    C:\FRST
    i to wszystko.

    0
  • #8 23 Kwi 2017 11:56
    mayday28
    Poziom 12  

    dziekuje pomogło

    0