Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Prosze o sprawdzenie logów frst. Windows 7 HP 64 bit.

popaw1 19 Sie 2018 15:11 93 4
  • #2 19 Sie 2018 15:34
    safbot1st
    Poziom 43  

    Masz rootkit, wykonaj skanowanie i usuwanie za pomocą TDSSKiller.
    EDIT:
    fixlist.txt dla Ciebie:


    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\Run: [] => [X]
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: G - G:\LaunchU3.exe -a
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {1daf3544-373b-11e2-b6de-c80aa93a3b2d} - G:\NokiaPCIA_Autorun.exe
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {9198e3e1-ec27-11df-8559-c80aa93a3b2d} - G:\AUTORUN.EXE
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {9198e3f2-ec27-11df-8559-c80aa93a3b2d} - G:\AUTORUN.EXE
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {9198e404-ec27-11df-8559-c80aa93a3b2d} - G:\AUTORUN.EXE
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {be994a72-99f1-11e0-b77c-c80aa93a3b2d} - G:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {be994a83-99f1-11e0-b77c-c80aa93a3b2d} - G:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {c464628b-0129-11e8-99e5-f67bcb3844a5} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {da1326a9-d792-11e0-821b-c80aa93a3b2d} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {e2f3a3f1-ec24-11df-a252-c80aa93a3b2d} - G:\AUTORUN.EXE
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => No File
    AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => No File
    GroupPolicy\User: Restriction ? <==== ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=hp-avast&type=agc511
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {3FA873EE-3070-4AC9-A9FF-36375FBC19B7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox




    SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {3FA873EE-3070-4AC9-A9FF-36375FBC19B7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> {A643E6AE-71FA-48C8-AE9B-0087E1AA8D2E} URL = hxxp://www.scanbasic.com/?prt=SCANBASIC115&keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-120039402-208589706-4021927294-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_enGB391
    SearchScopes: HKU\S-1-5-21-120039402-208589706-4021927294-1001 -> {A643E6AE-71FA-48C8-AE9B-0087E1AA8D2E} URL = hxxp://www.scanbasic.com/?prt=ScnbscNN&keywords={searchTerms}
    BHO: DataMngr -> {B939CF93-F2CB-443d-956C-DC523D85C9DB} -> C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\BROWSE~1.DLL => No File
    BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll => No File
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll => No File
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
    BHO-x32: Browser Companion Helper Verifier -> {963B125B-8B21-49A2-A3A8-E37092276531} -> C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll => No File
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll => No File
    BHO-x32: No Name -> {B939CF93-F2CB-443d-956C-DC523D85C9DB} -> No File
    BHO-x32: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll => No File
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll No File
    Toolbar: HKLM-x32 - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
    Toolbar: HKU\S-1-5-21-120039402-208589706-4021927294-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-120039402-208589706-4021927294-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
    FF Homepage: Mozilla\Firefox\Profiles\j6njaq6s.default -> hxxps://www.google.com
    FF SearchPlugin: C:\Users\Ramneek\AppData\Roaming\Mozilla\Firefox\Profiles\j6njaq6s.default\searchplugins\babylon.xml [2012-01-05]
    FF Extension: (ACFF5Component) - C:\Users\Ramneek\AppData\Roaming\Mozilla\FireFox\{5cea9a87-a3a5-4c2a-b08d-8a1876d4931c} [2012-03-07] [Legacy] [not signed]
    FF HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\Firefox\Extensions: [{f45a0de0-b4de-11de-8a39-0800200c9a66}] - C:\Users\Ramneek\AppData\Roaming\Mozilla\Firefox\Profiles\j6njaq6s.default\extensions\{f45a0de0-b4de-11de-8a39-0800200c9a66} => not found
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin HKU\S-1-5-21-120039402-208589706-4021927294-1001: BearSharePlugin -> C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll [No File]
    CHR HKLM-x32\...\Chrome\Extension: [ibgfbdggapddbjjbopabhlhianklajie] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
    CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx <not found>
    HKLM\SYSTEM\CurrentControlSet\Services\458367E10CAA7793 <==== ATTENTION (Rootkit!)
    S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
    U4 eabfiltr; no ImagePath
    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
    2018-08-19 13:30 - 2009-07-14 05:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2018-08-19 13:30 - 2009-07-14 05:45 - 000026192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-11-11 21:56 - 2016-11-11 21:56 - 007065600 _____ () C:\Program Files (x86)\GUT8363.tmp
    2016-05-20 16:17 - 2016-05-20 16:17 - 003056148 _____ () C:\Users\Ramneek\AppData\Roaming\sb98.dat
    2013-09-28 16:07 - 2017-01-14 22:16 - 000000424 _____ () C:\Users\Ramneek\AppData\Roaming\WB.CFG
    2010-07-07 19:21 - 2010-07-07 19:21 - 000000000 _____ () C:\Users\Ramneek\AppData\Local\AtStart.txt
    2011-02-23 16:48 - 2012-09-03 10:50 - 000006656 _____ () C:\Users\Ramneek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-07-07 19:21 - 2010-07-07 19:21 - 000000000 _____ () C:\Users\Ramneek\AppData\Local\DSwitch.txt
    2013-08-06 15:04 - 2013-08-06 15:03 - 000423709 _____ () C:\Users\Ramneek\AppData\Local\mysearchdial_speedial_v9.0.2.crx
    2011-08-01 22:46 - 2011-08-01 22:46 - 000000000 _____ () C:\Users\Ramneek\AppData\Local\{F406193F-7288-4661-BDEC-BB648D97CA56}
    2011-07-16 05:03 - 2011-07-16 05:03 - 000000000 _____ () C:\Users\Ramneek\AppData\Local\{F95826AA-431F-42F4-9D69-A25C03879745}
    Task: {360FE5DF-EFE0-4894-8B5A-28CC801146F5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
    Task: {360FE5DF-EFE0-4894-8B5A-28CC801146F5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
    Task: {64338AFF-5E7D-43B4-BEF4-4FD804DD82CB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
    Task: {64338AFF-5E7D-43B4-BEF4-4FD804DD82CB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
    Task: {64338AFF-5E7D-43B4-BEF4-4FD804DD82CB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
    Task: {768E4DA5-D1B2-410C-A3E2-9BACA70A116F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
    Task: {768E4DA5-D1B2-410C-A3E2-9BACA70A116F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
    Task: {8367F761-7737-40AD-A1FD-7ED0203CB731} - System32\Tasks\{FA37683F-C61E-445B-A82E-4AFB447BC86C} => C:\Windows\system32\pcalua.exe -a "C:\Users\Ramneek\Downloads\installer_adobe_flash_player_English (1).exe" -d C:\Users\Ramneek\Desktop
    Task: {8E0C3A58-D91C-4CAF-95D6-D8DD0065CCB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
    Task: {988D3C36-C5C7-4603-B55E-7955F4FA20F6} - System32\Tasks\{A7635442-E130-475C-8FFA-9D22AA0480A4} => C:\Windows\system32\pcalua.exe -a F:\SETUP.EXE -d F:\
    Task: {EC31899D-7222-4333-933C-5267F6BA2D7E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
    Task: {EC31899D-7222-4333-933C-5267F6BA2D7E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-03-20] (Microsoft Corporation)
    EmptyTemp:

    Zamieść log z TDSSKiller.

    0
  • #3 19 Sie 2018 15:35
    krzychupar
    Poziom 40  

    Odinstaluj:

    Tango
    YourTemplateFinder Internet Explorer Homepage and New Tab

    Otwórz notatnik systemowy i wklej:
    Task: {988D3C36-C5C7-4603-B55E-7955F4FA20F6} - System32\Tasks\{A7635442-E130-475C-8FFA-9D22AA0480A4} => C:\Windows\system32\pcalua.exe -a F:\SETUP.EXE -d F:\
    Task: {F1DAF287-BC63-4E15-BB3D-C2582E321A62} - System32\Tasks\{2EA78F5B-3F11-4312-B0CD-0DD71BAB877C} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\GoogleTalkLabsEditionSetup.exe" -d "C:\Program Files (x86)"
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\Run: [] => [X]
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\Policies\system: [DisableChangePassword] 0
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {1daf3544-373b-11e2-b6de-c80aa93a3b2d} - G:\NokiaPCIA_Autorun.exe
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {9198e3e1-ec27-11df-8559-c80aa93a3b2d} - G:\AUTORUN.EXE
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {9198e3f2-ec27-11df-8559-c80aa93a3b2d} - G:\AUTORUN.EXE
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {9198e404-ec27-11df-8559-c80aa93a3b2d} - G:\AUTORUN.EXE
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {be994a72-99f1-11e0-b77c-c80aa93a3b2d} - G:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {be994a83-99f1-11e0-b77c-c80aa93a3b2d} - G:\setup_vmc_lite.exe /checkApplicationPresence
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {c464628b-0129-11e8-99e5-f67bcb3844a5} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {da1326a9-d792-11e0-821b-c80aa93a3b2d} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\MountPoints2: {e2f3a3f1-ec24-11df-a252-c80aa93a3b2d} - G:\AUTORUN.EXE
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll => No File
    AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll => No File
    GroupPolicy\User: Restriction ? <==== ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.yahoo.com/?fr=hp-avast&type=agc511
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {3FA873EE-3070-4AC9-A9FF-36375FBC19B7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {3FA873EE-3070-4AC9-A9FF-36375FBC19B7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> {A643E6AE-71FA-48C8-AE9B-0087E1AA8D2E} URL = hxxp://www.scanbasic.com/?prt=SCANBASIC115&keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-120039402-208589706-4021927294-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_enGB391
    SearchScopes: HKU\S-1-5-21-120039402-208589706-4021927294-1001 -> {A643E6AE-71FA-48C8-AE9B-0087E1AA8D2E} URL = hxxp://www.scanbasic.com/?prt=ScnbscNN&keywords={searchTerms}
    BHO: DataMngr -> {B939CF93-F2CB-443d-956C-DC523D85C9DB} -> C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\x64\BROWSE~1.DLL => No File
    BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll => No File
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll => No File
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
    BHO-x32: Browser Companion Helper Verifier -> {963B125B-8B21-49A2-A3A8-E37092276531} -> C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll => No File
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll => No File
    BHO-x32: No Name -> {B939CF93-F2CB-443d-956C-DC523D85C9DB} -> No File
    BHO-x32: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll => No File
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll No File
    Toolbar: HKLM-x32 - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File
    Toolbar: HKU\S-1-5-21-120039402-208589706-4021927294-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-120039402-208589706-4021927294-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
    FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2014-01-27] [Legacy] [not signed]
    FF Session Restore: Mozilla\Firefox\Profiles\j6njaq6s.default -> is enabled.
    FF SearchPlugin: C:\Users\Ramneek\AppData\Roaming\Mozilla\Firefox\Profiles\j6njaq6s.default\searchplugins\babylon.xml [2012-01-05]
    FF HKU\S-1-5-21-120039402-208589706-4021927294-1001\...\Firefox\Extensions: [{f45a0de0-b4de-11de-8a39-0800200c9a66}] - C:\Users\Ramneek\AppData\Roaming\Mozilla\Firefox\Profiles\j6njaq6s.default\extensions\{f45a0de0-b4de-11de-8a39-0800200c9a66} => not found
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin HKU\S-1-5-21-120039402-208589706-4021927294-1001: BearSharePlugin -> C:\Program Files (x86)\BearShare Applications\BearShare\npBearSharePlugin.dll [No File]
    CHR HKLM-x32\...\Chrome\Extension: [ibgfbdggapddbjjbopabhlhianklajie] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx <not found>
    S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
    U4 eabfiltr; no ImagePath
    S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
    2018-08-19 13:20 - 2018-08-19 13:20 - 000000000 ____D C:\Users\Ramneek\Doctor Web
    2018-08-19 13:20 - 2018-08-19 13:20 - 000000000 ____D C:\ProgramData\Doctor Web
    2018-08-19 12:53 - 2018-08-19 12:55 - 000000000 ____D C:\AdwCleaner
    2011-06-10 20:40 - 2011-06-10 20:40 - 002513223 _____ () C:\Program Files\aresregular217_installer.exe
    2011-11-18 23:09 - 2011-11-18 23:09 - 000463080 _____ (CNET Download.com) C:\Program Files\cnet2_winamp5622_full_emusic-7plus_en-us_exe.exe
    2011-06-10 20:40 - 2011-06-10 20:40 - 002513223 _____ () C:\Program Files\aresregular217_installer.exe
    2011-11-18 23:09 - 2011-11-18 23:09 - 000463080 _____ (CNET Download.com) C:\Program Files\cnet2_winamp5622_full_emusic-7plus_en-us_exe.exe
    2011-06-19 23:15 - 2011-06-19 23:15 - 000107698 _____ () C:\Program Files\Dining Room Assistant MFDRA0611.pdf
    2011-11-03 20:03 - 2011-11-03 20:03 - 202463960 _____ (Nero AG) C:\Program Files\FLVPlayer_install.exe
    2011-06-17 19:08 - 2011-06-17 19:08 - 000117353 _____ () C:\Program Files\Front of House Cleaner MFFHC0611.pdf
    2011-07-23 11:02 - 2011-07-23 11:02 - 001592512 _____ (W3i, LLC) C:\Program Files\musicoasis.exe
    2011-06-12 15:32 - 2011-06-12 15:32 - 001029000 _____ (Skype Technologies S.A.) C:\Program Files\SkypeSetup.exe
    2011-01-13 09:51 - 2011-01-13 09:52 - 004026160 _____ (Acro Software Inc. ) C:\Program Files (x86)\CuteWriter.exe
    2010-12-21 16:32 - 2010-12-21 16:32 - 002806680 _____ (Moyea Software Co., Ltd. ) C:\Program Files (x86)\FLVPlayer_install.exe
    2011-01-06 11:42 - 2011-10-04 20:32 - 000921032 _____ () C:\Program Files (x86)\GoogleTalkLabsEditionSetup.exe
    2016-11-11 21:56 - 2016-11-11 21:56 - 007065600 _____ () C:\Program Files (x86)\GUT8363.tmp
    2011-10-04 20:37 - 2011-10-04 20:37 - 020787924 _____ (Windows 7) C:\Program Files (x86)\windows.7.codec.pack.v3.3.0.setup.exe
    2016-05-20 16:17 - 2016-05-20 16:17 - 003056148 _____ () C:\Users\Ramneek\AppData\Roaming\sb98.dat
    2013-09-28 16:07 - 2017-01-14 22:16 - 000000424 _____ () C:\Users\Ramneek\AppData\Roaming\WB.CFG
    2010-07-07 19:21 - 2010-07-07 19:21 - 000000000 _____ () C:\Users\Ramneek\AppData\Local\AtStart.txt
    2011-02-23 16:48 - 2012-09-03 10:50 - 000006656 _____ () C:\Users\Ramneek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-07-07 19:21 - 2010-07-07 19:21 - 000000000 _____ () C:\Users\Ramneek\AppData\Local\DSwitch.txt
    2013-08-06 15:04 - 2013-08-06 15:03 - 000423709 _____ () C:\Users\Ramneek\AppData\Local\mysearchdial_speedial_v9.0.2.crx
    2010-07-07 19:21 - 2010-07-07 19:21 - 000000000 _____ () C:\Users\Ramneek\AppData\Local\QSwitch.txt
    2011-08-01 22:46 - 2011-08-01 22:46 - 000000000 _____ () C:\Users\Ramneek\AppData\Local\{F406193F-7288-4661-BDEC-BB648D97CA56}
    2011-07-16 05:03 - 2011-07-16 05:03 - 000000000 _____ () C:\Users\Ramneek\AppData\Local\{F95826AA-431F-42F4-9D69-A25C03879745}

    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #4 19 Sie 2018 15:40
    safbot1st
    Poziom 43  

    @krzychupar Kolega ominął Rootkit:
    HKLM\SYSTEM\CurrentControlSet\Services\458367E10CAA7793 <==== ATTENTION (Rootkit!)
    ,ale obie fixlisty są OK.

    0
  • #5 03 Lis 2018 12:08
    popaw1
    Poziom 19  

    Znajomy chciał wszystko wyczyścić. Partycja przywracania zrobiła swoje:)

    PS::
    Po zastosowaniu logów system "wysypał się". Oryginalny Windows twierdził, że jest nieorginalny:(

    0