Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Nawracający hao.169x.cn, załączone logi FRST

ariel2607 17 Lip 2018 15:00 123 2
  • Pomocny post
    #2 17 Lip 2018 16:49
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    Task: {11088AE2-895A-4B9E-B1CF-89F6277A2EE2} - System32\Tasks\{7480C904-5410-4388-93CD-7B208224AD20} => C:\Windows\system32\pcalua.exe -a C:\Users\Ariel\AppData\Local\Temp\jre-8u151-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== UWAGA
    Task: {702EBD55-EE96-49C3-BA69-B0B504270D86} - System32\Tasks\{EB0BF59F-6264-4A1E-9760-B4F4A529FF81} => C:\Windows\system32\pcalua.exe -a C:\Users\Ariel\Pobrane\irfanview_lang_polski.exe -d C:\Users\Ariel\Pobrane
    Task: {72BFEEA2-6BF8-4C58-8D5F-3A3DE2547C36} - System32\Tasks\{56269D8B-303A-4D73-A0FF-A29CC0353193} => C:\Windows\system32\pcalua.exe -a C:\Users\Ariel\AppData\Local\Temp\jre-8u91-windows-au.exe -d "C:\Program Files\Java\jre1.8.0_77\bin" -c /installmethod=jau-m FAMILYUPGRADE=1 <==== UWAGA
    Task: {76587E77-7730-4CC0-BDBE-4CCA8E341674} - \AutoKMS -> Brak pliku <==== UWAGA
    Task: {94AA96AD-A69E-4359-B5ED-6C3B00F3B27B} - System32\Tasks\{F7E79F92-220B-4258-9B94-4201FC172AC1} => C:\Windows\system32\pcalua.exe -a C:\Users\Ariel\Downloads\irfanview_plugins_438_setup.exe -d C:\Users\Ariel\Downloads
    Task: {9BF2B5B3-B849-4753-A154-E732CBFEED3B} - System32\Tasks\{9353F96C-70AD-4012-B61E-2CBA511E0C61} => C:\Windows\system32\pcalua.exe -a C:\Users\Ariel\AppData\Local\Temp\jre-8u65-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== UWAGA
    Task: {F6C43D47-6395-42E1-9ADF-C40BB2448A17} - \KMS10Server -> Brak pliku <==== UWAGA
    Task: {FE6A9C15-3727-4A58-968A-1396E8910FB4} - System32\Tasks\Opera scheduled Autoupdate 1427724245 => C:\Program Files (x86)\Opera\launcher.exe [2018-07-11] (Opera Software)
    HKLM\...\Run: [Windows Defender] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-21-4254424364-1307861593-3278221789-1000\...\MountPoints2: {1aa2ab2f-147d-11e5-830c-c89431769956} - L:\AutoRun.exe
    HKU\S-1-5-21-4254424364-1307861593-3278221789-1000\...\MountPoints2: {2be1e9cb-ec66-11e4-b611-f25a11adb056} - L:\SETUP.EXE
    HKU\S-1-5-21-4254424364-1307861593-3278221789-1000\...\MountPoints2: {3dff0ec2-0856-11e5-9da6-87499f3bbf53} - L:\AutoRun.exe
    HKU\S-1-5-21-4254424364-1307861593-3278221789-1000\...\MountPoints2: {998d9906-06ac-11e5-a4c4-b897ab3dd45d} - L:\AutoRun.exe
    HKU\S-1-5-21-4254424364-1307861593-3278221789-1000\...\MountPoints2: {998d995a-06ac-11e5-a4c4-b897ab3dd45d} - L:\AutoRun.exe
    HKU\S-1-5-21-4254424364-1307861593-3278221789-1000\...\MountPoints2: {d1585bbc-062e-11e5-83bf-c417fe5d5205} - L:\AutoRun.exe
    HKU\S-1-5-21-4254424364-1307861593-3278221789-1000\...\MountPoints2: {d1585be2-062e-11e5-83bf-c417fe5d5205} - L:\AutoRun.exe
    HKU\S-1-5-21-4254424364-1307861593-3278221789-1000\...\MountPoints2: {ee1d82cc-7468-11e5-b6bc-c417fe5d5205} - L:\AutoRun.exe




    HKU\S-1-5-21-4254424364-1307861593-3278221789-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\Explorer.exe [3229696 2016-08-29] (Microsoft Corporation) <==== UWAGA
    Lsa: [Notification Packages] scecli DPPWDFLT
    Startup: C:\Users\Ariel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 5520 series (sieć).lnk [2018-07-17]
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    BHO: Brak nazwy -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> Brak pliku
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [nie znaleziono]
    FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-07] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (DigitalPersona Extension) - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2015-03-31] [Przestarzałe] [Brak podpisu cyfrowego]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.2.13\Exts\Chrome.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
    2018-07-08 18:56 - 2018-07-08 18:57 - 000000000 ____D C:\AdwCleaner
    2018-07-06 12:15 - 2018-07-06 12:19 - 000000000 ____D C:\ProgramData\HitmanPro
    2015-03-30 16:59 - 2018-06-29 09:58 - 000238066 _____ () C:\Users\Ariel\IP_Log_Data.js
    2015-04-10 09:00 - 2018-06-29 11:00 - 000256995 _____ () C:\Users\Ariel\Network_Meter_Data.js
    2018-06-28 10:45 - 2018-06-28 10:45 - 000000543 _____ () C:\Users\Ariel\AppData\Roaming\All CPU MeterV3_Settings.ini
    2015-04-10 08:42 - 2018-06-03 03:23 - 000001073 _____ () C:\Users\Ariel\AppData\Roaming\Network Meter_Settings.ini
    2015-03-30 16:59 - 2018-06-29 11:23 - 000000027 _____ () C:\Users\Ariel\AppData\Roaming\Network Meter_Usage.ini
    2015-08-18 21:52 - 2015-09-13 18:34 - 014548992 _____ () C:\Users\Ariel\AppData\Roaming\Sandra.mdb
    2015-03-30 12:26 - 2015-03-30 12:26 - 000000000 _____ () C:\Users\Ariel\AppData\Local\AtStart.txt
    2015-03-30 12:26 - 2015-03-30 12:26 - 000000000 _____ () C:\Users\Ariel\AppData\Local\DSwitch.txt
    2015-03-30 12:26 - 2015-03-30 12:26 - 000000000 _____ () C:\Users\Ariel\AppData\Local\QSwitch.txt
    2015-03-31 15:41 - 2017-10-24 21:46 - 000007611 _____ () C:\Users\Ariel\AppData\Local\resmon.resmoncfg
    2015-03-31 23:11 - 2015-03-31 23:11 - 001888435 _____ () C:\Users\Ariel\AppData\Local\tmp20150331_194018.0
    2015-03-31 23:11 - 2015-03-31 23:11 - 000665446 _____ () C:\Users\Ariel\AppData\Local\tmp20150331_194018.JPG
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 17 Lip 2018 17:23
    ariel2607
    Poziom 2  

    BARDZO DZIĘKUJĘ za pomoc!
    Rozwiązało to całkowicie problem :)
    Poczytam o logach FRST, może się nauczę sam czytać te logi i jak naprawić sobie samemu problemy.
    Pozdrawiam!
    Zamykam

    0