Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Logi FRST - prośba o sprawdzenie - bajzel w systemie

Pisklak 22 Kwi 2017 12:16 279 1
  • Pomocny post
    #2 22 Kwi 2017 12:33
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Online Application (x32 Version: 2.6.0 - Microleaves) Hidden <==== UWAGA
    Online Application Installer (x32 Version: 2.0.0 - Microleaves) Hidden <==== UWAGA

    W FRST wybierz Napraw.

    Usun recznie plik C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Eхрlоrer (Nо Аdd-ons).lnk

    Po wykonaniu odinstaluj:
    Online Application
    Online Application Installer

    Wykonaj kolejny Fixlist.txt:
    CloseProcesses:
    Task: {003A32AE-FCEE-4E75-92DB-D66684FDAC2B} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: {2397A893-300C-414D-ADAF-1C09BA638873} - System32\Tasks\{5EF8CBD5-6359-111C-E435-98F06C01C202} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\713d937c\262a5f4d.dll" <==== UWAGA
    Task: {6A05CD09-7B92-45AD-ADDF-99AC0C0C4849} - System32\Tasks\{A0C104C2-6E4F-4678-B336-4DC21D80944B} => pcalua.exe -a C:\Users\Damian\Downloads\vcredist_x64.exe -d C:\Users\Damian\Downloads
    Task: {71967485-2612-4DC3-BCE3-57F1C58B37A0} - System32\Tasks\{D767F072-6FCE-4A2F-BB62-366296874176} => pcalua.exe -a "C:\Program Files\APY2EOUPI7\uninstaller.exe" -d "C:\Program Files\APY2EOUPI7"
    Task: {A2337251-F028-4C59-9C04-F46F3AD023D7} - System32\Tasks\{9C890799-2B22-B032-29C8-7815AD4B5F56} => C:\ProgramData\{BC6C91C7-0BC7-266C-3623-27E0CD6D7586}\4595A1D7-F23E-167C-80A2-7C28320EC9DC.exe <==== UWAGA
    Task: {C2F64D21-E1F2-4FDC-A78D-BD4BD40FCC97} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: {CD8763E0-A287-45CA-BE6A-24162BA60CC6} - System32\Tasks\Luvotionthewot Builder => C:\Program Files (x86)\Grutisy\xploperse.exe
    Task: {E7F0323E-AA8C-41D8-95EA-5A0358157C0F} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe
    Task: {EDF8B6A6-6422-4BE5-8AF9-C5B7A71ED308} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: {FC0384A6-49B8-445E-9421-32285D0B6E4C} - System32\Tasks\SMW_UpdateTask_Time_323139363439363630352d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA




    Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe
    Shortcut: C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Eхрlоrer (Nо Аdd-ons).lnk -> C:\Users\Damian\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <===== Cyrillic
    C:\Users\Damian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Eхрlоrer (Nо Аdd-ons).lnk
    2017-04-17 11:43 - 2017-04-17 11:43 - 00313344 _____ () C:\Program Files (x86)\Luvotionthewot Builder\local64spl.dll
    Hosts:
    HKU\S-1-5-21-4092384839-2296639020-310742909-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-18\...\Run: [] => [X]
    HKLM\...\Providers\qywls9zt: C:\Program Files (x86)\Luvotionthewot Builder\local64spl.dll [313344 2017-04-17] ()
    ShellExecuteHooks: Brak nazwy - {6F518400-20E7-11E7-BCB6-64006A5CFC23} - -> Brak pliku
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{FC03E78E-BD3F-4C12-A231-46A491DB8FE7}: [DhcpNameServer] 82.163.143.157
    HKU\S-1-5-21-4092384839-2296639020-310742909-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...AXzRNrtkEjasu4RjALi13CrQC70hFGhXuT3w,,&q={searchTerms}
    HKU\S-1-5-21-4092384839-2296639020-310742909-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    R2 3DM; C:\Users\Damian\AppData\Local\3DM\Kitty.dll [754688 2017-04-19] (kitty.exe) [Brak podpisu cyfrowego]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2017-04-22 11:31 - 2017-04-22 11:31 - 00160808 _____ C:\Users\Damian\Desktop\OTL.Txt
    2017-04-22 11:31 - 2017-04-22 11:31 - 00056882 _____ C:\Users\Damian\Desktop\Extras.Txt
    2017-04-22 11:13 - 2017-04-22 11:15 - 00602112 _____ (OldTimer Tools) C:\Users\Damian\Downloads\OTL.exe
    2017-04-21 18:56 - 2017-04-21 18:56 - 00000000 _____ C:\Windows\SysWOW64\22
    2017-04-21 18:56 - 2017-04-21 18:56 - 00000000 _____ C:\Windows\SysWOW64\11
    2017-04-19 17:22 - 2017-04-21 21:15 - 00000000 ____D C:\Windows\Update
    2017-04-19 17:22 - 2017-04-19 17:22 - 00000000 ____D C:\Users\Damian\AppData\Local\3DM
    2017-04-18 17:37 - 2017-04-18 17:37 - 00000128 _____ C:\ProgramData\log.binb
    2017-04-17 12:01 - 2017-04-17 12:01 - 00003154 _____ C:\Windows\System32\Tasks\{D767F072-6FCE-4A2F-BB62-366296874176}
    2017-04-17 11:44 - 2017-04-22 12:07 - 00000342 _____ C:\Windows\Tasks\Online Application V2G3.job
    2017-04-17 11:44 - 2017-04-22 12:07 - 00000342 _____ C:\Windows\Tasks\Online Application V2G2.job
    2017-04-17 11:44 - 2017-04-22 12:07 - 00000342 _____ C:\Windows\Tasks\Online Application V2G1.job
    2017-04-17 11:44 - 2017-04-22 11:47 - 00000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
    2017-04-17 11:44 - 2017-04-17 11:44 - 00003820 _____ C:\Windows\System32\Tasks\{9C890799-2B22-B032-29C8-7815AD4B5F56}
    2017-04-17 11:44 - 2017-04-17 11:44 - 00003730 _____ C:\Windows\System32\Tasks\{5EF8CBD5-6359-111C-E435-98F06C01C202}
    2017-04-17 11:44 - 2017-04-17 11:44 - 00003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application
    2017-04-17 11:44 - 2017-04-17 11:44 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G3
    2017-04-17 11:44 - 2017-04-17 11:44 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G2
    2017-04-17 11:44 - 2017-04-17 11:44 - 00003170 _____ C:\Windows\System32\Tasks\Online Application V2G1
    2017-04-17 11:44 - 2017-04-17 11:44 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-04-17 11:44 - 2017-04-17 11:44 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-04-17 11:43 - 2017-04-22 12:01 - 00000000 ____D C:\AdwCleaner
    2017-04-17 11:43 - 2017-04-18 09:29 - 00004246 _____ C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323139363439363630352d3437415a556c2a3223346c41
    2017-04-17 11:43 - 2017-04-17 11:43 - 00006004 _____ C:\Windows\System32\Tasks\Luvotionthewot Builder
    2017-04-17 11:43 - 2017-04-17 11:43 - 00000000 ____D C:\Program Files (x86)\Luvotionthewot Builder
    2017-04-07 18:24 - 2017-02-18 15:59 - 01307648 _____ C:\Users\Damian\AppData\Local\file__0.localstorage
    2017-04-18 17:37 - 2017-04-18 17:37 - 0000128 _____ () C:\ProgramData\log.binb
    2017-04-17 11:42 - 2017-04-18 17:37 - 0000128 _____ () C:\ProgramData\log.ewbb
    2017-04-17 11:42 - 2017-04-18 17:37 - 0004762 _____ () C:\ProgramData\log.ewbt
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0