Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

ASC Ultimate, złośliwe oprogramowanie, logi FRST

maripox258 22 Paź 2017 11:08 372 1
  • #1 22 Paź 2017 11:08
    maripox258
    Poziom 1  

    Witam, od wczoraj mam problem z usunięciem pewnego programu(?), próba odinstalowania w "Odinstaluj programy" w Windows nic nie daję, program to ASC Ultimate, zdjęcie oraz logi z FRST dołączam.

    ASC Ultimate, złośliwe oprogramowanie, logi FRST

    Dodatkowo w panelu sterowania jest taki program jak Advanced Systemcore Ultimate 8, to chyba to, nie da się tego usunąć

    0 1
  • #2 22 Paź 2017 13:16
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCExtMenu_64.dll [2014-11-28] (IObit)
    ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCExtMenu_64.dll [2014-11-28] (IObit)
    ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASCExtMenu_64.dll [2014-11-28] (IObit)
    ContextMenuHandlers3: [GB3ContextMenu] -> {3A488FE8-9916-4F36-BDFF-3DED559142E5} => -> Brak pliku
    Task: {76258F53-67AA-41FF-AF93-96D1F10C39C4} - System32\Tasks\{3F145DF2-D0F1-4A24-9DDB-F37A05AF8F6E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe" -c uninstall_start
    Task: {8ED95F45-A958-4F0E-AB56-1E3338CC95B1} - System32\Tasks\ASCU8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\Monitor.exe
    Task: {9EFC011C-5C21-4EAB-A451-16F6F8EFE4AB} - System32\Tasks\ASCU8_SkipUac_Mateusz => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 8\ASC.exe
    HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-21-4099016560-4044861955-2158133948-1000\...\MountPoints2: {9170a664-5ee4-11e6-ba98-4ccc6a03e850} - K:\AutoRun.exe
    HKU\S-1-5-21-4099016560-4044861955-2158133948-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== UWAGA
    FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\oo91eaoj.default -> Bing
    FF Keyword.URL: Mozilla\Firefox\Profiles\oo91eaoj.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q=
    FF Extension: (Bing Search) - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\oo91eaoj.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-03-28]
    FF Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\oo91eaoj.default\Extensions\iobitascsurfingprotection@iobit.com [2017-10-21] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\Profiles\oo91eaoj.default\searchplugins\bing-.xml [2017-03-28]
    FF Plugin-x32: @real.com/nppl3260;version=6.0.11.2027 -> C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nppl3260.dll [Brak pliku]




    FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.1040 -> C:\Program Files (x86)\ACE Mega CoDecS Pack\SystemS\RealMedia\Browser\plugins\nprpjplug.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-4099016560-4044861955-2158133948-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [Brak pliku]
    CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
    CHR HKU\S-1-5-21-4099016560-4044861955-2158133948-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    S2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
    S3 athur; system32\DRIVERS\athurx.sys [X]
    S3 AtiDCM; \??\C:\Users\Mateusz\AppData\Local\Temp\atdcm64a.sys [X] <==== UWAGA
    S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
    S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 MSICDSetup; \??\F:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
    S3 WinRing0_1_2_0; \??\D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
    2017-10-21 21:51 - 2017-10-21 22:12 - 000000000 ____D C:\ProgramData\McAfee
    2017-10-15 21:28 - 2017-10-15 21:28 - 000000040 ____H C:\789547E687E2
    2017-10-14 19:52 - 2017-10-14 20:55 - 000000000 ____D C:\Users\Mateusz\AppData\Roaming\discord
    2017-10-14 19:52 - 2017-10-14 19:52 - 000000000 ____D C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
    2017-10-14 19:52 - 2017-10-14 19:52 - 000000000 ____D C:\Users\Mateusz\AppData\Local\Discord
    2017-10-14 19:51 - 2017-10-14 19:52 - 000000000 ____D C:\Users\Mateusz\AppData\Local\SquirrelTemp
    2017-10-13 16:47 - 2017-10-13 16:47 - 000000000 ____D C:\Users\Mateusz\AppData\Roaming\.blazingpack
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze obok FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0