Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus Qtipr, UC , chinskie cos - komp wlacza sie super dlugo i ogolnie meki.

Greg_1981 08 Kwi 2017 08:55 351 6
  • Pomocny post
    #2 08 Kwi 2017 09:02
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Adobe Reader 9.4.0, zmien na Foxit: http://ninite.com/foxit/

    Wykonaj Fixlist.txt dla FRST:
    Task: {1BAD9A1F-78D8-4A6B-92D2-6083D6EEDB69} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {2F4BF82A-E08F-4543-8E8B-5A14911F9558} - System32\Tasks\Opera scheduled Autoupdate 1486753220 => C:\Users\Greg Ziembinski\AppData\Local\Programs\Opera\launcher.exe
    Task: {40BB2351-973E-41FA-9CD7-B9E9FC3EED8C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5C2E8401-1BDC-4DA4-84C7-9F4BA4B64E09} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {60978916-949A-408F-BCCD-B1BCC7B4140C} - \Microsoft\Windows\Setup\xtgt\refreshxtgtconfig -> No File <==== ATTENTION
    Task: {7BF082D1-55BA-4B72-A108-AE7656A3BCAD} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
    Task: {91139159-C121-4888-AE00-E835E78AEFD5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {94399A4B-80D0-42F5-887E-A59CF03A7F7A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {A26303A4-D41B-469D-9C2E-A3E0C3D31D9D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A8B65E4A-BC22-4BDD-AF1F-1B91F6CEBA14} - System32\Tasks\Opera scheduled suite Autoupdate 1486753222 => C:\Users\Greg Ziembinski\AppData\Local\Programs\Opera\launcher.exe
    Task: {C04822DC-F6F3-4B73-9735-3129E902EE0F} - \WPD\SqmUpload_S-1-5-21-739843496-4141260558-1509611572-1001 -> No File <==== ATTENTION
    Task: {C1C82EF4-7FD7-45FE-980B-315CB4E97411} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {D099DB98-FBD2-49C1-8978-BBE1FC411B23} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {EA565AFF-223B-49A0-B6F0-3621233E502D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {EDAC9957-57CF-4B87-A1FA-13B625166612} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {F4455231-33A7-465D-BDB2-499E0EAAF456} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {F7DB5D24-9ECC-41A2-96D0-C02AC8DD00A0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {FFBA9A3C-41BA-4B93-859F-5F87EB396B3C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    HKLM-x32\...\Run: [WindowsDefender] => -
    HKU\S-1-5-21-739843496-4141260558-1509611572-1001\...\Run: [Windows Defender] => -
    ShellExecuteHooks: No Name - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll -> No File




    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìѹ\X64\KZipShell.dll [2017-04-07] ()
    SearchScopes: HKLM-x32 -> {DCA0ADB4-A821-464A-9431-68D968037758} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-739843496-4141260558-1509611572-1001 -> {DCA0ADB4-A821-464A-9431-68D968037758} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    CHR Extension: (easychrome) - C:\Users\GREGZI~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw [2017-04-07]
    R1 cryptfd; C:\WINDOWS\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
    R0 flowhlp; C:\WINDOWS\System32\drivers\flowhlp.dat [155168 2017-04-07] ()
    S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
    S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
    2017-04-07 23:23 - 2017-04-07 23:37 - 00000000 ____D C:\Users\Greg Ziembinski\AppData\Roaming\KuaiZip
    2017-04-07 22:56 - 2017-04-07 23:06 - 00000000 ____D C:\AdwCleaner
    2017-04-07 22:44 - 2017-04-07 19:09 - 00797672 _____ (深圳市史宾赛科技有限公司) C:\Users\Greg Ziembinski\AppData\Local\FlowSprit.dll
    2017-04-07 22:44 - 2017-04-07 19:09 - 00516072 _____ (深圳市史宾赛科技有限公司) C:\Users\Greg Ziembinski\AppData\Local\uninst.tmp
    2017-04-07 19:10 - 2017-04-07 19:10 - 00021606 _____ C:\WINDOWS\System32\Tasks\PpZz0BfrEJju
    2017-04-07 19:10 - 2017-04-07 19:10 - 00000000 ____D C:\Program Files (x86)\PpZz0BfrEJju Updater
    2017-04-07 19:09 - 2017-04-07 19:10 - 00000000 ____D C:\Program Files (x86)\PpZz0BfrEJju
    2017-04-07 19:09 - 2017-04-07 19:09 - 00155168 _____ C:\WINDOWS\system32\Drivers\flowhlp.dat
    2017-04-07 19:07 - 2017-04-07 19:07 - 00000000 ____D C:\Users\Greg Ziembinski\AppData\Local\UCBrowser
    2017-04-07 19:05 - 2017-04-07 23:05 - 00000000 ____D C:\Program Files\¿ìѹ
    2017-04-07 19:05 - 2017-04-07 19:05 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2017-04-07 19:05 - 2017-04-07 19:05 - 00003660 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
    2017-04-07 19:05 - 2017-04-07 19:05 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-04-07 19:05 - 2017-04-07 19:05 - 00000000 ____D C:\Users\Greg Ziembinski\AppData\Local\kemgadeojglibflomicgnfeopkdfflnw
    2017-04-07 19:05 - 2017-04-07 19:05 - 00000000 ____D C:\Program Files (x86)\ttt
    2017-03-03 04:35 - 2017-03-03 04:35 - 00193448 _____ C:\WINDOWS\system32\Drivers\cryptfd.sys
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #4 08 Kwi 2017 10:02
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    S0 flowhlp; system32\drivers\flowhlp.dat [X]

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #5 08 Kwi 2017 10:15
    Greg_1981
    Poziom 2  

    Wszystko zdaje sie dzialac jak wczesniej. dziekuje bardzo za pomoc.

    p.s. czy moge wrocic do uzywania kompa do np. bankowosci? jest bezpiecznie?

    dzieki raz jeszcze!!

    za duzo filmow sie naogladalem, ale co JESLI to Wy wspolpracujecie z Chinczykami i to co mamy wpisywac w komputery, te fixlist, to juz w ogole jakies potezne wirusy i teraz sledzicie mnie jak jem kanapke? Co WTEDY??

    0
  • #6 08 Kwi 2017 10:22
    Kolobos
    Spec od komputerów

    > p.s. czy moge wrocic do uzywania kompa do np. bankowosci? jest bezpiecznie?

    Tak.

    > Co WTEDY??

    关闭计算机,并隐藏在衣柜里。

    0
  • #7 08 Kwi 2017 10:37
    Greg_1981
    Poziom 2  

    :))))))))))))))))))))))))

    0