Aktualizacje na programosy.pl:
PassMark DiskCheckup • ZD Soft Screen Recorder • GridinSoft Anti-Malware • Loaris Trojan Remover • Mozilla Firefox • Cent Browser • Chromium • Kaspersky Rescue Disk • Vim
-
- Ogłoszenie:
Logi do sprawdzenia systemservice.exe
2 posty(ów) • Strona 1 z 1
Logi do sprawdzenia systemservice.exe
przez Pelikan 02 Gru 2017, 21:15
- Załączniki
-
Shortcut.txt- (128.14 KiB) Ściągnięto 50 razy
-
- Addition.txt
- (72.42 KiB) Ściągnięto 45 razy
-
- FRST.txt
- (76.34 KiB) Ściągnięto 49 razy
Logi do sprawdzenia systemservice.exe
przez ordynat 02 Gru 2017, 23:12
1) Odinstaluj te programy:
AlphaGo (HKLM-x32\...\{B7CB7055-EFAE-4CD2-928A-15DB5F4FF7C7}) (Version: 1.2.5 - AlphaGo) <==== UWAGA
Run_Dregol (HKLM-x32\...\Run_Dregol) (Version: - Run_Dregol) <==== UWAGA
SafeFinder (HKLM-x32\...\{0D833A85-6F25-4BCB-88C2-39AF01D49A52}) (Version: 1.0.0.0 - Linkury) <==== UWAGA
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL cenzura!ÇÕES LTDA) <==== UWAGA
yoursearching uninstall (HKLM-x32\...\yoursearching uninstall) (Version: - yoursearching) <==== UWAGA
Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"
2) Odinstaluj niepotrzebny do niczego Akamai NetSession Interface
3)
Te skróty Chrome dam do usunięcia, bo przekierowują do fałszywej przeglądarki C:\Program Files (x86)\Cupduck
Potem zrobisz sobie nowe skróty w tych samych lokalizacjach.
4) Otwórz Notatnik i wklej w nim:
Plik zapisz pod nazwą fixlist.txt i umieść na pulpicie
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
5) Zrób nowe logi FRST.
przed skanem zaznacz: Additional.txt Shortcut.txt,
Autor postu otrzymał pochwałę
AlphaGo (HKLM-x32\...\{B7CB7055-EFAE-4CD2-928A-15DB5F4FF7C7}) (Version: 1.2.5 - AlphaGo) <==== UWAGA
Run_Dregol (HKLM-x32\...\Run_Dregol) (Version: - Run_Dregol) <==== UWAGA
SafeFinder (HKLM-x32\...\{0D833A85-6F25-4BCB-88C2-39AF01D49A52}) (Version: 1.0.0.0 - Linkury) <==== UWAGA
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL cenzura!ÇÕES LTDA) <==== UWAGA
yoursearching uninstall (HKLM-x32\...\yoursearching uninstall) (Version: - yoursearching) <==== UWAGA
Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"
2) Odinstaluj niepotrzebny do niczego Akamai NetSession Interface
3)
Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Cupduck\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Cupduck\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Cupduck\Application\chrome.exe (Google Inc.)
Te skróty Chrome dam do usunięcia, bo przekierowują do fałszywej przeglądarki C:\Program Files (x86)\Cupduck
Potem zrobisz sobie nowe skróty w tych samych lokalizacjach.
4) Otwórz Notatnik i wklej w nim:
c:\Users\Lenovo\AppData\Local\Akamai\netsession_win.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1645354413-3269549010-1607250804-1005\...\Run: [Akamai NetSession Interface] => C:\Users\Lenovo\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1645354413-3269549010-1607250804-1005\...\Policies\Explorer: []
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433781358&z=589f9709000b38036d23e05gcz8c8cam2b1g7c2w1q&from=cor&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493718609&z=04315e34d8b7bc4823f0c06g5zat3cdm9gabcq3e5t&from=ypid&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433781358&z=589f9709000b38036d23e05gcz8c8cam2b1g7c2w1q&from=cor&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX&q={searchTerms}
HKU\S-1-5-21-1645354413-3269549010-1607250804-1005\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718609&z=04315e34d8b7bc4823f0c06g5zat3cdm9gabcq3e5t&from=ypid&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX&q={searchTerms}
HKU\S-1-5-21-1645354413-3269549010-1607250804-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1493718609&z=04315e34d8b7bc4823f0c06g5zat3cdm9gabcq3e5t&from=ypid&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX
HKU\S-1-5-21-1645354413-3269549010-1607250804-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1493718609&z=04315e34d8b7bc4823f0c06g5zat3cdm9gabcq3e5t&from=ypid&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX
HKU\S-1-5-21-1645354413-3269549010-1607250804-1005\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718609&z=04315e34d8b7bc4823f0c06g5zat3cdm9gabcq3e5t&from=ypid&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX&q={searchTerms}
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://do-search.com/web/?type=ds&ts=1433781358&z=589f9709000b38036d23e05gcz8c8cam2b1g7c2w1q&from=cor&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX&q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csSWwriXAvsOfjoGPol9er0m_PCicC843-JCJMNN1PBWkq5fiX5ZyYqHyQ8oMJqKXehAX7md1kYzvnfxAz4AN9DKKUUFa-rW5nC3E4Bu522UpJPRc51fTYc4xrtFMJ2sR8cpe6xGX7qGjsMXDovbqpS651i7SiM,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718609&z=04315e34d8b7bc4823f0c06g5zat3cdm9gabcq3e5t&from=ypid&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493718609&z=04315e34d8b7bc4823f0c06g5zat3cdm9gabcq3e5t&from=ypid&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005 -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = hxxp://do-search.com/web/?type=ds&ts=1433781358&z=589f9709000b38036d23e05gcz8c8cam2b1g7c2w1q&from=cor&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csSWwriXAvsOfjoGPol9er0m_PCicC843-JCJMNN1PBWkq5fiX5ZyYqHyQ8oMJqKXehAX7md1kYzvnfxAz4AN9DKKUUFa-rW5nC3E4Bu522UpJPRc51fTYc4xrtFMJ2sR8cpe6xGX7qGjsMXDovbqpS651i7SiM,&q={searchTerms}
BHO-x32: Brak nazwy -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Brak pliku
BHO-x32: Brak nazwy -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Brak pliku
Edge HomeButtonPage: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005 -> hxxp://www.ourluckysites.com/?type=hp&ts=1493718609&z=04315e34d8b7bc4823f0c06g5zat3cdm9gabcq3e5t&from=ypid&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX
FF Homepage: Mozilla\Firefox\Profiles\13m79xkg.default -> hxxp://www.luckysearch123.com?type=hp&ts=1493998077&from=d6440504&uid=st1000lm014-1ej164_w380nmdxxxxxw380nmdx&z=5db6ab3228945f58d9492e2g6z8t4c0t8tebee5mbb
FF NewTab: Mozilla\Firefox\Profiles\13m79xkg.default -> hxxp://www.luckysearch123.com?type=hp&ts=1493998077&from=d6440504&uid=st1000lm014-1ej164_w380nmdxxxxxw380nmdx&z=5db6ab3228945f58d9492e2g6z8t4c0t8tebee5mbb
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\13m79xkg.default\searchplugins\ask-search.xml [2015-02-17]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\13m79xkg.default\searchplugins\avg-secure-search.xml [2017-02-06]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\13m79xkg.default\searchplugins\do-search.xml [2015-11-25]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\13m79xkg.default\searchplugins\dregol.xml [2015-07-06]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\13m79xkg.default\searchplugins\findit.xml [2016-01-13]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\13m79xkg.default\searchplugins\luck.xml [2017-05-05]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\13m79xkg.default\searchplugins\ourluckysites.xml [2017-05-09]
FF ProfilePath: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default [2017-05-21] <==== UWAGA
FF Homepage: Firefox\Firefox\Profiles\13m79xkg.default -> hxxp://www.searchinme.com/
C:\Users\Lenovo\AppData\Roaming\Firefox
FF NewTab: Firefox\Firefox\Profiles\13m79xkg.default -> about:newtab
FF Extension: (SimilarWeb) - C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-05-03] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (HSearch) - C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\Extensions\@E97YHOMI-FU8L-IM23-VUT9-RVDZT7M8XL8H.xpi [2017-05-03] [Brak podpisu cyfrowego]
FF Extension: (FF Adr) - C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-05-17] [Brak podpisu cyfrowego]
FF Extension: (AVG Web TuneUp) - C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\Extensions\avg@toolbar.xpi [2016-09-29] [Przestarzałe]
FF Extension: (Polski Language Pack) - C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-05-03] [Przestarzałe] [Brak podpisu cyfrowego]
FF Extension: (YahooToolsProtected ) - C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\Extensions\yahooprotected@gmail.com.xpi [2015-11-19] [Przestarzałe] [Brak podpisu cyfrowego]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\searchplugins\ask-search.xml [2015-02-17]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\searchplugins\avg-secure-search.xml [2017-02-06]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\searchplugins\do-search.xml [2015-11-25]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\searchplugins\dregol.xml [2015-07-06]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\searchplugins\findit.xml [2016-01-13]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\searchplugins\google-avg.xml [2017-04-12]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\searchplugins\ourluckysites.xml [2017-05-02]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\searchplugins\startsearch.xml [2017-05-03]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\searchplugins\szukaj-gazeta-pl.xml [2015-01-28]
FF SearchPlugin: C:\Users\Lenovo\AppData\Roaming\Firefox\Firefox\Profiles\13m79xkg.default\searchplugins\yoursearching.xml [2016-02-01]
CHR StartupUrls: Profile 1 -> "hxxp://www.yoursearching.com/?type=hp&ts=1449939985&z=ac20dab0bafa97be7e26ac1gczczetftec3tet7b2q&from=cornl&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX"
CHR DefaultSearchURL: Profile 1 -> hxxp://www.yoursearching.com/web/?type=ds&ts=1449939985&z=ac20dab0bafa97be7e26ac1gczczetftec3tet7b2q&from=cornl&uid=ST1000LM014-1EJ164_W380NMDXXXXXW380NMDX&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> yoursearching
CHR Extension: (dregol New Tab) - C:\Users\Lenovo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihokndmjeombjojnfkmapfnjeghjohim [2015-09-21]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1645354413-3269549010-1607250804-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-1645354413-3269549010-1607250804-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
HKU\S-1-5-21-1645354413-3269549010-1607250804-1005\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Cupduck\Application\chrome.exe (Google Inc.) <==== UWAGA
C:\Program Files (x86)\Cupduck
S3 Origin Client Service; "C:\Users\Lenovo\Desktop\fifa\Origin\OriginClientService.exe" [X]
S2 Origin Web Helper Service; "C:\Users\Lenovo\Desktop\fifa\Origin\OriginWebHelperService.exe" [X]
S1 edixzmkq; \??\C:\WINDOWS\system32\drivers\edixzmkq.sys [X]
C:\Users\Lenovo\AppData\Local\background_fault\aswRD.exe
HKU\S-1-5-21-1645354413-3269549010-1607250804-1005\...\Run: [background_fault] => C:\Users\Lenovo\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <==== UWAGA
Tools Update Platform (HKLM-x32\...\{6A128791-4857-4484-9BB2-71D4C1257200}) (Version: 1.1.0.15773 - Beijing Zhihuimen Techology co,.Ltd) <==== UWAGA
HKU\S-1-5-21-1645354413-3269549010-1607250804-1005\...\ChromeHTML: -> C:\Program Files (x86)\Cupduck\Application\chrome.exe (Google Inc.) <==== UWAGA
CustomCLSID: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005_Classes\CLSID\{000D0E00-0000-0000-C000-000000000046}\localserver32 -> "C:\Program Files\INTERsoft\ArCADia LT 10.1 PL\Icad.exe" => Brak pliku
CustomCLSID: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005_Classes\CLSID\{0D327DA6-B4DF-4842-B833-2CFF84F0948F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe /Automation => Brak pliku
CustomCLSID: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005_Classes\CLSID\{314AC707-0C11-4B4C-8CB1-564B3EE6BE5F}\localserver32 -> C:\Program Files\INTERsoft\ArCADia LT 10.1 PL\Icad.exe => Brak pliku
CustomCLSID: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Autocad 2014\AutoCAD 2014\acad.exe => Brak pliku
CustomCLSID: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2017\acad.exe => Brak pliku
CustomCLSID: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Autocad 2014\AutoCAD 2014\acad.exe /Automation => Brak pliku
CustomCLSID: HKU\S-1-5-21-1645354413-3269549010-1607250804-1005_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Autocad 2014\AutoCAD 2014\acad.exe /Automation => Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> Brak pliku
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP3\System\aimp_menu64.dll -> Brak pliku
Task: {0C5F22AB-8086-4807-A442-0A7EB3D337E2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {20932C60-7595-4952-8984-933CD0CAD1AE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
Task: {2326D917-4306-4A93-A893-EF76D72BFA05} - System32\Tasks\tools_update_{cfac34ab-5db5-4dea-94ec-1d42e3942873} => C:\Program Files (x86)\tools\update\tools_update.exe [2016-07-04] () <==== UWAGA
Task: {2A84EDB6-4E0A-44B6-A3B9-6FA09E275B3C} - System32\Tasks\Dregol nedo => "wscript.exe" "C:\ProgramData\{E4550C96-B4D7-DD10-0551-AD92D5D37E1C}\2.0.1.9\tisa.txt" "433a2f50726f6772616d446174612f7b45343535304339362d423444372d444431302d303535312d4144393244354433374531437d2f322e302e312e392f6e65646f2e646c6c" "687474703a2f2f73616f2e7265716472652e636f6d2f" "--IsErIk" "//E:jscript" <==== UWAGA
Task: {2E4FADBC-3DAF-49A1-861D-F8E005EE1B27} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
Task: {2E85362E-DC4B-421E-B241-78D58C62B515} - \WPD\SqmUpload_S-1-5-21-1645354413-3269549010-1607250804-1002 -> Brak pliku <==== UWAGA
C:\ProgramData\{E4550C96-B4D7-DD10-0551-AD92D5D37E1C}
Task: {34F5678B-56E7-4E6A-9A3F-9CBF3300AAF7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {44F46E23-E805-45AA-A830-9F6EA17B4006} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
Task: {5263B2F8-BAA1-4BC1-8436-F670E3B77E0A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {561EE046-FB6D-481A-A9E4-E21A77235211} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA
Task: {585C526E-9B39-4B71-AFA8-EEE6563639E9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: {5E43FFE8-B2F6-4AD8-BB07-E2D95ABDBC38} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
Task: {6EEA4220-25E8-48F5-BD4D-9831B43E5FE6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
Task: {825A1CDA-5CCB-4A0F-BE3F-A3538857693E} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {86E156A2-A768-4624-8C01-202E3C8C1E27} - System32\Tasks\nouac => c:\ProgramData\Microsoft\Systemservice\systemservice.cmd
Task: {8A47C48D-F663-4FB8-BC26-4F80FA1E69E4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
Task: {9606AB97-BE2E-4A61-B5BC-560378ACBE83} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
Task: {99594FC6-69A4-4950-BB45-FF3C013E225C} - System32\Tasks\DailyUAC => c:\ProgramData\Microsoft\Systemservice\systemservice.cmd
Task: {AA4C3F1A-5053-48BF-9539-E7BE6D086692} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
Task: {B9736412-D41E-4261-B5A7-544C278C4A5D} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{A24A336E-7D34-4D09-BD30-769C3EB294D4}.exe
Task: {BD211E32-6FDE-4B8C-8B43-2D033224AD02} - System32\Tasks\1014avUpdateInfo => C:\ProgramData\Avg_Update_1014av\1014av_AVG-Secure-Search-Update.exe [2014-09-23] ()
Task: {CA00A416-EF88-4E49-8E4C-26FEAD0FCF77} - System32\Tasks\{3DCA42A5-C8A0-44E9-9516-40480E7819E6} => C:\WINDOWS\system32\pcalua.exe -a "C:\Pakiet SPECBUD\Belka_free.exe" -d "C:\Pakiet SPECBUD"
Task: {DB14784C-E502-4931-BF5E-32E6571951DF} - System32\Tasks\Windows-PG => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\windows\psgo\psgo.ps1 <==== UWAGA
Task: {FA81E0CA-041C-43C5-9064-1B29721A8F32} - \WPD\SqmUpload_S-1-5-21-1645354413-3269549010-1607250804-1005 -> Brak pliku <==== UWAGA
Task: {FF2AE2A1-F747-43FE-A6B4-552957504DBE} - System32\Tasks\{15E7023C-4E9F-4174-92D6-A030439C5079} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Lenovo\AppData\Roaming\do-search\UninstallManager.exe -c -ptid=cor
C:\Users\Lenovo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
C:\Users\Public\Desktop\Google Chrome.lnk
FirewallRules: [{5265B28C-93A0-4038-B785-35BEBE69B8D0}] => (Allow) C:\Program Files (x86)\Cupduck\Application\chrome.exe
FirewallRules: [{76F0902D-4C7A-4666-B114-120AC26CD6C8}] => (Allow) C:\Program Files (x86)\MIO\loader\st1000lm014-1ej164_w380nmdxxxxxw380nmdx.dat
FirewallRules: [{E099F370-E795-4757-B712-B03A7262D0A1}] => (Allow) C:\Program Files (x86)\MIO\loader\st1000lm014-1ej164_w380nmdxxxxxw380nmdx.dat
FirewallRules: [{B2D018DD-371F-4414-B9B3-85936271ABED}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{19869D65-D4FE-499C-BBB1-737FE8AB3E6F}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
C:\Program Files (x86)\MIO
FirewallRules: [UDP Query User{09D1F041-BD05-4518-BEE9-D636EFF31004}C:\users\lenovo\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lenovo\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F2647E16-8627-444A-A255-AFDEF7FBBE48}C:\users\lenovo\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lenovo\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{5A83450D-EB77-4D50-8524-FE6261A2A29F}C:\users\lenovo\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lenovo\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2DD1C957-4FBA-41FE-850E-D471589E5115}C:\users\lenovo\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lenovo\appdata\local\akamai\netsession_win.exe
c:\ProgramData\Microsoft\Systemservice\systemservice.cmd
C:\Users\Lenovo\Documents\INTERsoft\ArCADia LT\10.1\Style wydruku\Utwórz Tabelę Stylu Wydruku.lnk
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść na pulpicie
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
5) Zrób nowe logi FRST.
przed skanem zaznacz: Additional.txt Shortcut.txt,
Autor postu otrzymał pochwałę
- ordynat
- ~user
- Posty: 4765
- Dołączenie: 02 Kwi 2010, 11:18
- Pochwały: 866
2 posty(ów) • Strona 1 z 1
Kto jest na forum
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 36 gości