Prośba o pomoc, sprawdzenie logów
#1
Witam,

Załapałam jakieś syfne programy, myślałam, że mbtm je usunie, ale podczas skanowania wywalił niebieski ekran i system się zamknął Sad .
Coś tam próbowałam odinstalować ręcznie, ale nie wszystko się dało.

Logi:

FRST

[Aby zobaczyć linki, zarejestruj się tutaj]


Addition:

[Aby zobaczyć linki, zarejestruj się tutaj]


Shortcut:

[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#2
Do notatnika wklej i zapisz jako fixlist.txt

Kod:
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [mbot_pl_014010102] => [X]
HKLM\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKLM\...\Run: [gmsd_pl_005010102] => [X]
HKU\S-1-5-21-2385163379-3674596410-3245858452-1000\...\Run: [YTDownloader] => "C:\Program Files\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2385163379-3674596410-3245858452-1000\...\Run: [GoogleChromeAutoLaunch_707AB4DC4851505403C8FD2DF14CF292] => C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe [769536 2015-08-31] (MyBrowser)
HKU\S-1-5-21-2385163379-3674596410-3245858452-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> none
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1443626764&z=985ffcb16265d4a2b520cc0g5z3z1cdq7o4q1m4q5z&from=amt&uid=st9250315as_5vc0tr4lxxxx5vc0tr4l
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1443626764&z=985ffcb16265d4a2b520cc0g5z3z1cdq7o4q1m4q5z&from=amt&uid=st9250315as_5vc0tr4lxxxx5vc0tr4l&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1443626764&z=985ffcb16265d4a2b520cc0g5z3z1cdq7o4q1m4q5z&from=amt&uid=st9250315as_5vc0tr4lxxxx5vc0tr4l
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1443626764&z=985ffcb16265d4a2b520cc0g5z3z1cdq7o4q1m4q5z&from=amt&uid=st9250315as_5vc0tr4lxxxx5vc0tr4l&q={searchTerms}
HKU\S-1-5-21-2385163379-3674596410-3245858452-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1443626764&z=985ffcb16265d4a2b520cc0g5z3z1cdq7o4q1m4q5z&from=amt&uid=st9250315as_5vc0tr4lxxxx5vc0tr4l&q={searchTerms}
HKU\S-1-5-21-2385163379-3674596410-3245858452-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKU\S-1-5-21-2385163379-3674596410-3245858452-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
HKU\S-1-5-21-2385163379-3674596410-3245858452-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1443626764&z=985ffcb16265d4a2b520cc0g5z3z1cdq7o4q1m4q5z&from=amt&uid=st9250315as_5vc0tr4lxxxx5vc0tr4l&q={searchTerms}
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUS
SearchScopes: HKU\S-1-5-21-2385163379-3674596410-3245858452-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2385163379-3674596410-3245858452-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-09-30] (globalUpdate) [Brak podpisu cyfrowego] <==== UWAGA
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-09-30] (globalUpdate) [Brak podpisu cyfrowego] <==== UWAGA
R2 gyvixodu; C:\Program Files\F5D00700-1443626850-81DE-2747-00248CAEEB57\hnshC277.tmp [203776 2015-09-30] () [Brak podpisu cyfrowego]
R2 ihpmServer; C:\Program Files\RayDld\ihpmServer.exe [268520 2015-09-25] ()
R2 lehicewu; C:\Program Files\F5D00700-1443626850-81DE-2747-00248CAEEB57\jnsmAD40.tmp [181760 2015-09-30] () [Brak podpisu cyfrowego]
R2 SSFK; C:\Program Files\SFK\SSFK.exe
R2 WdsManPro; C:\ProgramData\4WdsManPro4\WdsManPro.exe [442504 2015-09-30] (DTools LIMITED)
R2 jugilohe; C:\Program Files\F5D00700-1443626850-81DE-2747-00248CAEEB57\knsc94EA.tmpfs [X]
S2 ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SNP2UVC; system32\DRIVERS\snp2uvc.sys [X]
S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
C:\Users\Admin\AppData\Local\Google
C:\Users\Admin\Desktop\AnyProtect.lnk
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
C:\Users\Admin\AppData\Roaming\systweak
C:\ProgramData\4WdsManPro4
C:\Users\Admin\AppData\Local\nslA454.tmp
C:\Users\Admin\AppData\Roaming\AnyProtectEx
C:\Users\Admin\AppData\Local\SmartWeb
C:\Program Files\SFK
C:\Users\Admin\AppData\Local\MyBrowser
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\ProgramData\8WdsManPro8
C:\Users\Admin\AppData\Roaming\mystartsearch
C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
C:\Users\Admin\AppData\Local\globalUpdate
C:\Users\Admin\AppData\Local\BrowserHelper
C:\Users\Public\Documents\ShopperPro
C:\Users\Admin\AppData\Local\CrashRpt
C:\Users\Admin\AppData\Local\F5D00700-1443634133-81DE-2747-00248CAEEB57
C:\Program Files\F5D00700-1443626850-81DE-2747-00248CAEEB57
C:\Windows\system32\Drivers\etc\hp.bak
C:\Program Files\RayDld
C:\Program Files\Google
C:\Users\Admin\AppData\Roaming\9FYYXZZugj4A
C:\Users\Admin\AppData\Roaming\9FYYXZZugj4A.exe
C:\Users\Admin\AppData\Roaming\ILpNT5aV8a9rH
C:\Users\Admin\AppData\Roaming\ILpNT5aV8a9rH.exe
C:\Users\Admin\AppData\Roaming\QgXk3tvRietBPQjyftw98fDPhR
C:\Users\Admin\AppData\Roaming\QgXk3tvRietBPQjyftw98fDPhR.exe
C:\Users\Admin\AppData\Local\nsd556.tmp
C:\Users\Admin\AppData\Local\nslA454.tmp
C:\Users\Admin\AppData\Local\uninstall.tmp
C:\ProgramData\1435582781.bdinstall.bin
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
ShortcutWithArgument: C:\Users\Admin\Desktop\Start Tor Browser.lnk -> D:\Programy\Tor Browser\Browser\firefox.exe (Mozilla Corporation) -> hxxp://www.oursurfing.com/?type=sc&ts=1443626764&z=985ffcb16265d4a2b520cc0g5z3z1cdq7o4q1m4q5z&from=amt&uid=st9250315as_5vc0tr4lxxxx5vc0tr4l
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk -> D:\Programy\Tor Browser\Browser\firefox.exe (Mozilla Corporation) -> hxxp://www.oursurfing.com/?type=sc&ts=1443626764&z=985ffcb16265d4a2b520cc0g5z3z1cdq7o4q1m4q5z&from=amt&uid=st9250315as_5vc0tr4lxxxx5vc0tr4l
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.oursurfing.com/?type=sc&ts=1443626764&z=985ffcb16265d4a2b520cc0g5z3z1cdq7o4q1m4q5z&from=amt&uid=st9250315as_5vc0tr4lxxxx5vc0tr4l
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.oursurfing.com/?type=sc&ts=1443626764&z=985ffcb16265d4a2b520cc0g5z3z1cdq7o4q1m4q5z&from=amt&uid=st9250315as_5vc0tr4lxxxx5vc0tr4l
Task: {05589539-C156-4D16-B7E4-475C882462E1} - System32\Tasks\7568142b-fc11-4c81-9f86-79daac2a51ce-5 => C:\Program Files\GoHD\7568142b-fc11-4c81-9f86-79daac2a51ce-5.exe [2015-09-30] (InstallMoon) <==== UWAGA
Task: {06AA293F-11C4-451F-8B8F-5289E4277425} - System32\Tasks\QgXk3tvRietBPQjyftw98fDPhR => C:\Users\Admin\AppData\Roaming\QgXk3tvRietBPQjyftw98fDPhR.exe [2015-04-20] () <==== UWAGA
Task: {124BDC02-BF4F-475D-90B9-E0DB042B71E5} - System32\Tasks\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-5 => C:\Program Files\CinemaPlus-3.2cV30.09\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-5.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {18CD4D63-2823-4BB1-BFAA-78E76128489A} - System32\Tasks\ASUS Live Update => C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {1988F2C4-2E1E-4FBE-B4F9-2E930A8EBDA9} - System32\Tasks\9FYYXZZugj4A => C:\Users\Admin\AppData\Roaming\9FYYXZZugj4A.exe [2015-04-20] () <==== UWAGA
Task: {1A22912A-EC9C-46BB-9E38-AB811C8C0FF8} - System32\Tasks\7568142b-fc11-4c81-9f86-79daac2a51ce-10_user => C:\Program Files\GoHD\7568142b-fc11-4c81-9f86-79daac2a51ce-10.exe [2015-09-30] (InstallMoon) <==== UWAGA
Task: {276E00D9-7C88-46C1-9F89-6100C2D3E950} - System32\Tasks\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-5_user => C:\Program Files\CinemaP-1.9cV30.09\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-5.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {2800D9B3-853F-4048-A1BD-98EDC6344DE3} - System32\Tasks\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-5_user => C:\Program Files\CinemaPlus-3.2cV30.09\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-5.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {288DC8E3-7FA6-419F-A670-F60A724A79CD} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-09-30] (globalUpdate) <==== UWAGA
Task: {2BABB05D-BE99-4A16-B080-A9BBD23852F4} - System32\Tasks\81840b92-cdcf-40f2-9fb4-117dc7376ebf-1-7 => C:\Program Files\Object Browser\81840b92-cdcf-40f2-9fb4-117dc7376ebf-1-7.exe <==== UWAGA
Task: {365BF7E5-700E-4C11-8C07-8F12686C48A0} - System32\Tasks\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-4 => C:\Program Files\CinemaPlus-3.2cV30.09\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-4.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {46493D6D-56D1-43BC-ACFA-B5784CBEE1D6} - System32\Tasks\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-1-6 => C:\Program Files\CinemaPlus-3.2cV30.09\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-1-6.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {4DE1600C-9B82-443A-BCB8-8E45893C23B6} - System32\Tasks\ILpNT5aV8a9rH => C:\Users\Admin\AppData\Roaming\ILpNT5aV8a9rH.exe [2015-04-20] () <==== UWAGA
Task: {4F2EDB10-C94A-45F6-8C16-3EF55960EB03} - System32\Tasks\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-1-6 => C:\Program Files\CinemaP-1.9cV30.09\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-1-6.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {50303C18-908F-4E09-9561-E8B19D57DBF1} - System32\Tasks\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-4 => C:\Program Files\CinemaP-1.9cV30.09\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-4.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {5CAEF395-BED1-4559-AA48-13DF77334EA3} - System32\Tasks\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-1-7 => C:\Program Files\CinemaPlus-3.2cV30.09\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-1-7.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {5D1F01A1-9241-4514-A788-B5895A99EBC7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {62ED7A62-CD6E-402D-B148-CC8AAD1008A0} - System32\Tasks\7568142b-fc11-4c81-9f86-79daac2a51ce-4 => C:\Program Files\GoHD\7568142b-fc11-4c81-9f86-79daac2a51ce-4.exe [2015-09-30] (InstallMoon) <==== UWAGA
Task: {6B92DCD4-BC60-4847-A2AC-CA324A748D5A} - System32\Tasks\7568142b-fc11-4c81-9f86-79daac2a51ce-1-6 => C:\Program Files\GoHD\7568142b-fc11-4c81-9f86-79daac2a51ce-1-6.exe [2015-09-30] (InstallMoon) <==== UWAGA
Task: {79497B9E-0AD3-45D2-AD14-544F3DECF38E} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-09-30] (globalUpdate) <==== UWAGA
Task: {8057D2CF-F7FE-43B1-85F6-0F59BD76802D} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Admin\AppData\Local\SmartWeb\SmartWebHelper.exe <==== UWAGA
Task: {854279F6-A602-4FAE-9D33-110113D81ACB} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-09-30] (AnyProtect.com) <==== UWAGA
Task: {8DEB3E2A-640B-4927-9ADA-8DF2078246C8} - System32\Tasks\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-5 => C:\Program Files\CinemaP-1.9cV30.09\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-5.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {9022C509-4EE5-4141-9C57-4FF566A7CD5D} - System32\Tasks\81840b92-cdcf-40f2-9fb4-117dc7376ebf-5_user => C:\Program Files\Object Browser\81840b92-cdcf-40f2-9fb4-117dc7376ebf-5.exe <==== UWAGA
Task: {945A3FFE-D10F-4E90-AA99-D562017B59C9} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-08-03] ()
Task: {95F62F42-2D4E-4C91-9D74-03F43237EE57} - System32\Tasks\81840b92-cdcf-40f2-9fb4-117dc7376ebf-5 => C:\Program Files\Object Browser\81840b92-cdcf-40f2-9fb4-117dc7376ebf-5.exe <==== UWAGA
Task: {97BDEFDB-CBEF-46A8-8D25-2D86438546CC} - System32\Tasks\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-10_user => C:\Program Files\CinemaP-1.9cV30.09\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-10.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {9B5770C1-2D1C-40B5-85F8-13A55A679B8C} - System32\Tasks\7568142b-fc11-4c81-9f86-79daac2a51ce-5_user => C:\Program Files\GoHD\7568142b-fc11-4c81-9f86-79daac2a51ce-5.exe [2015-09-30] (InstallMoon) <==== UWAGA
Task: {C5DEAA9D-B044-4A6C-97F6-CAF5297E4F5B} - System32\Tasks\MyBrowser => C:\Program Files\MyBrowser\MyBrowser\Application\utility.exe [2015-09-30] ()
Task: {C73FD556-AB84-402B-83AE-AEC3150A5D5C} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-09-30] (AnyProtect.com) <==== UWAGA
Task: {CA8D9EDF-E86E-4D6A-9E87-327A51D5E517} - System32\Tasks\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-1-7 => C:\Program Files\CinemaP-1.9cV30.09\c65a4f8a-cf2a-42b9-9dbb-7d537de24b9e-1-7.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {D4FE8553-179B-421C-98C5-724E2AF09CA2} - System32\Tasks\81840b92-cdcf-40f2-9fb4-117dc7376ebf-1-6 => C:\Program Files\Object Browser\81840b92-cdcf-40f2-9fb4-117dc7376ebf-1-6.exe <==== UWAGA
Task: {DF78045E-D425-4E4F-9CAC-D11CEAC480E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-30] (Adobe Systems Incorporated)
Task: {E0959D1B-E09A-475E-8BB9-A263CE82A16F} - System32\Tasks\7568142b-fc11-4c81-9f86-79daac2a51ce-1-7 => C:\Program Files\GoHD\7568142b-fc11-4c81-9f86-79daac2a51ce-1-7.exe [2015-09-30] (InstallMoon) <==== UWAGA
Task: {E182575E-B834-4E01-A9E0-D738B71E0758} - System32\Tasks\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-10_user => C:\Program Files\CinemaPlus-3.2cV30.09\29ffc21b-d8f2-4d5f-991e-086d6c54ce38-10.exe [2015-09-30] (Cinema PlusV30.09) <==== UWAGA
Task: {ED303472-17E0-4D93-A782-45586E46688F} - System32\Tasks\81840b92-cdcf-40f2-9fb4-117dc7376ebf-4 => C:\Program Files\Object Browser\81840b92-cdcf-40f2-9fb4-117dc7376ebf-4.exe <==== UWAGA
Task: {EF18EB0B-982D-488E-8F41-3D6FAEF7A97E} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-09-30] (AnyProtect.com) <==== UWAGA
CMD: netsh advfirewall reset
EmptyTemp:

Zapisany skrypt umieść obok ściągniętego programu FRST 
Następnie w programie kliknij Napraw. Po wykonaniu pokaż raport z tego działania.


Odinstaluj:

Adobe Flash Player Packages
AnyProtect
CinemaP-1.9cV30.09
CinemaPlus-3.2cV30.09
GoHD
MyBrowser
Sharp Angle


globalupdate Helper
Odinstaluj za pomocą

[Aby zobaczyć linki, zarejestruj się tutaj]



Wybierz tryb nieautomatyczny i na liście deinstalacji wskaż globalupdate Helper


W przeglądarce Firefox

Otwórz menu w górnym rogu po prawej stronie > otwórz menu pomoc oznaczone czerwoną ramką.

[Aby zobaczyć linki, zarejestruj się tutaj]



Informacje dla pomocy technicznej > Odśwież program Firefox. Reset nie naruszy zakładek i haseł.


Ściągnij program

[Aby zobaczyć linki, zarejestruj się tutaj]

kliknij Szukaj i następnie Usuń

Pokaż raport z niego.


Ściągnij 

[Aby zobaczyć linki, zarejestruj się tutaj]



Po uruchomieniu otworzy się okno cmd proszące o wciśnięcie jakiegokolwiek klawisza, by kontynuować. Rozpoczyna się skan i usuwanie. Wynikowo na Pulpicie powstanie log JRT.txt.

Zrób pełny skan programem MBAM i pokaż raport.

Zrób nowe logi i przedstaw z FRST.txt > Addition.txt
Odpowiedz
#3
Fixlog:

[Aby zobaczyć linki, zarejestruj się tutaj]


AnyProtect nie chciał się odinstalować ręcznie, ale potem raczej go usunęło.

AdwCleaner:

[Aby zobaczyć linki, zarejestruj się tutaj]


JRT:

[Aby zobaczyć linki, zarejestruj się tutaj]


MBAM:

[Aby zobaczyć linki, zarejestruj się tutaj]


FRST:

[Aby zobaczyć linki, zarejestruj się tutaj]


Addition:

[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#4
Do notatnika wklej i zapisz jako fixlist.txt

Kod:
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (dane wartości zawierają 36 znaków więcej).
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
SearchScopes: HKU\S-1-5-21-2385163379-3674596410-3245858452-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-23]
S3 ASUSProcObsrv; \??\F:\I386\AsProcOb.sys [X]
RemoveDirectory: C:\AdwCleaner
Task: C:\Windows\Tasks\9FYYXZZugj4A.job => C:\Users\Admin\AppData\Roaming\9FYYXZZugj4A.exe <==== UWAGA
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ILpNT5aV8a9rH.job => C:\Users\Admin\AppData\Roaming\ILpNT5aV8a9rH.exe <==== UWAGA
Task: C:\Windows\Tasks\QgXk3tvRietBPQjyftw98fDPhR.job => C:\Users\Admin\AppData\Roaming\QgXk3tvRietBPQjyftw98fDPhR.exe <==== UWAGA
EmptyTemp:

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Napraw. Po wykonaniu pokaż raport z tego działania.

Zrób nowe logi i przedstaw z FRST.txt > Addition.txt

Zrób dodatkowe logi z konta Beata
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości