hudygrand utworzono 21 grudnia 2016 utworzono 21 grudnia 2016 Proszę o sprawdzenie i ewentualnie naprawienie Addition.txt FRST.txt Shortcut.txt
Twój_Anioł_Stróż komentarz 21 grudnia 2016 komentarz 21 grudnia 2016 Otwórz Notatnik i wklej w nim: RemoveDirectory: C:\ProgramData\941233386d94t6351606 RemoveDirectory: C:\Program Files (x86)\UCBrowser RemoveDirectory: c:\users\sekretariat\appdata\roaming\360bizhi RemoveDirectory: C:\Program Files (x86)\LDSGameCenter RemoveDirectory: C:\Users\Sekretariat\AppData\Roaming\Ludashi RemoveDirectory: C:\Users\Sekretariat\AppData\Roaming\lockhomepage RemoveDirectory: C:\Users\Sekretariat\AppData\Roaming\360wp RemoveDirectory: C:\Program Files (x86)\360 RemoveDirectory: C:\Users\Sekretariat\AppData\Roaming\navplugin RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师 RemoveDirectory: C:\ProgramData\{E64689D4-E5B1-4623-B6C2-29248E22BBE0}.tmp RemoveDirectory: C:\Users\Sekretariat\AppData\Local\UCBrowser RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器 RemoveDirectory: C:\Users\Sekretariat\AppData\Local\svchost Task: {523EA6B5-78A8-432A-926D-DEEA3F76EA48} - System32\Tasks\941233386d94t6351606 => Rundll32.exe "C:\ProgramData\941233386d94t6351606\941233386d94t6351606.dll",DMT Task: {59FE7899-56D0-408E-BA32-0ED97A350DDE} - System32\Tasks\Sparta2 => Firefox.exe hxxps://plarium.com/play/en/sparta/top?plid=101402&pxl&clickID=0FtDyByCtC0C0F0FyEzy0CtDyE0F0CtC&publisherID=100 <==== UWAGA Task: {8BF79241-0D02-4A59-88A6-5CD6D4AF77AE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA Task: {A766E495-207A-435D-8099-97EB10BC98F0} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-12-20] (UCWeb Inc) <==== UWAGA Task: {B8AD8BB3-93EE-4450-9433-A5B12F84545F} - System32\Tasks\Sparta3 => Firefox.exe hxxps://plarium.com/play/en/sparta/top?plid=101402&pxl&clickID=0FtDyByCtC0C0F0FyEzy0CtDyE0F0CtC&publisherID=100 <==== UWAGA Task: {C19C1E06-A847-4A51-9C58-3BB0E8B078D7} - System32\Tasks\Sparta1 => Firefox.exe hxxps://plarium.com/play/en/sparta/top?plid=101402&pxl&clickID=0FtDyByCtC0C0F0FyEzy0CtDyE0F0CtC&publisherID=100 <==== UWAGA Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850] AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [364744] AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1176354] FirewallRules: [{9BAC722E-C86D-4990-8587-64833E78F237}] => C:\Users\Sekretariat\AppData\Local\Temp\is-VEV7N.tmp\download\MiniThunderPlatform.exe FirewallRules: [{D0F3396D-9E07-4FE4-B4EE-38663E3FDAF7}] => C:\Users\Sekretariat\AppData\Local\Temp\00024580\inst_buychannel_07.exe FirewallRules: [{0DCB264A-23A9-4A28-87BF-4F739543C1DB}] => C:\Users\Sekretariat\AppData\Local\Temp\00024580\inst_buychannel_07.exe FirewallRules: [{2388FD53-A444-4F86-B451-45922DB7F41D}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe FirewallRules: [{C338319A-FF5B-4396-B451-79AB16899272}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe HKLM\...\RunOnce: [wd] => C:\WINDOWS\TEMP\g3EA2.tmp.exe [252416 2016-12-21] () <===== UWAGA HKU\S-1-5-21-356114917-3974420594-2582102351-1001\...\Run: [360wp-srv] => C:\Users\Sekretariat\AppData\Roaming\360bizhi\360wpsrv.exe [1636264 2016-12-09] (360.cn) ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => Brak pliku Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2016-12-21] ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Brak pliku) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk R2 WpSvc; C:\Users\Sekretariat\AppData\Roaming\360bizhi\lpi\WpSvc.dll [253352 2016-11-17] () S2 GmSvc; C:\Program Files (x86)\LDSGameCenter\GmSvc.dll [X] NETSVCx32: HpSvc -> Brak ścieżki do pliku. NETSVCx32: GmSvc -> C:\Program Files (x86)\LDSGameCenter\GmSvc.dll ==> Brak pliku NETSVCx32: WpSvc -> C:\Users\Sekretariat\AppData\Roaming\360bizhi\lpi\WpSvc.dll () C:\WINDOWS\Tasks\UCBrowserUpdater.job C:\WINDOWS\System32\Tasks\UCBrowserUpdater C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk C:\Users\Sekretariat\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk C:\WINDOWS\system32\chtbrkg.dll C:\WINDOWS\SysWOW64\chtbrkg.dll C:\WINDOWS\rsrcs.dll CMD: fltmc instances C:\Users\Sekretariat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器\卸载UC浏览器.lnk -> C:\Program Files (x86)\UCBrowser\Application\Uninstall.exe (UCWeb Inc.) -> --uninstall --system-level HOSTS: EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe Uruchom FRST i kliknij przycisk Fix (NAPRAW). Zrób nowe logi FRST. przed skanem zaznacz: Additional.txt Shortcut.txt, .
hudygrand komentarz 22 grudnia 2016 Autor komentarz 22 grudnia 2016 oto nowe skany Addition.txt FRST.txt Shortcut.txt
Twój_Anioł_Stróż komentarz 22 grudnia 2016 komentarz 22 grudnia 2016 (edytowane) 1) Odinstaluj te programy: BrowserAir (HKU\S-1-5-21-356114917-3974420594-2582102351-1001\...\BrowserAir) (Version: 48.0.0.0 - BrowserAir) <==== UWAGA Search module (HKLM-x32\...\Search module) (Version: - Goobzo) <==== UWAGA 2) Otwórz Notatnik i wklej w nim: RemoveDirectory: C:\Users\Sekretariat\AppData\Local\BrowserAir RemoveDirectory: C:\ProgramData\SearchModule C:\Program Files\Common Files\Noobzo Task: {64BC0940-7888-4047-B8FE-91413F12A120} - System32\Tasks\IBUpd2 => C:\Users\Sekretariat\AppData\Local\BrowserAir\48.0.0.0\updater.exe [2016-06-30] () <==== UWAGA Task: {6626D4D1-C9E2-4AE8-B21B-F65A981398CB} - System32\Tasks\SMW_UpdateTask_Time_3131373233372d4a375b5a5a6c783245343741 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA Task: {A1D7C86E-F696-43D8-AE55-2A0B26523C36} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2016-12-22] () <==== UWAGA Task: {A9811BE3-9925-45D8-BD2F-D1C745F10BF4} - System32\Tasks\IBUpd => C:\Users\Sekretariat\AppData\Local\BrowserAir\48.0.0.0\updater.exe [2016-06-30] () <==== UWAGA C:\ProgramData\smp2.exe ShortcutWithArgument: C:\Users\Sekretariat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=gclzamobl20603au,83659ada-b2e4-4183-99b7-f19f11521d78, ShortcutWithArgument: C:\Users\Sekretariat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sparta.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=gclzamobl20603au,83659ada-b2e4-4183-99b7-f19f11521d78, ShortcutWithArgument: C:\Users\Sekretariat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=gclzamobl20603au,83659ada-b2e4-4183-99b7-f19f11521d78," ShortcutWithArgument: C:\Users\Sekretariat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epf&s=gclzamobl20603au,83659ada-b2e4-4183-99b7-f19f11521d78, ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epf&s=gclzamobl20603au,83659ada-b2e4-4183-99b7-f19f11521d78, ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epf&s=gclzamobl20603au,83659ada-b2e4-4183-99b7-f19f11521d78, FirewallRules: [{0C557B20-B6D2-433F-93D4-ACA1E6BBDBB2}] => C:\Users\Sekretariat\AppData\Local\BrowserAir\Application\BrowserairExec.exe FF user.js: detected! => C:\Users\Sekretariat\AppData\Roaming\Mozilla\Firefox\Profiles\vh2c5vt1.default\user.js [2016-12-21] FF Homepage: Mozilla\Firefox\Profiles\vh2c5vt1.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=gclzamobl20603au,83659ada-b2e4-4183-99b7-f19f11521d78, FF NewTab: Mozilla\Firefox\Profiles\vh2c5vt1.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=gclzamobl20603au,83659ada-b2e4-4183-99b7-f19f11521d78, FF SearchPlugin: C:\Users\Sekretariat\AppData\Roaming\Mozilla\Firefox\Profiles\vh2c5vt1.default\searchplugins\smod.xml [2016-12-22] R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3109888 2016-12-19] (Search Module Ltd.) [Brak podpisu cyfrowego] S2 0158501482320750mcinstcleanup; C:\Users\SEKRET~1\AppData\Local\Temp\015850~1.EXE -cleanup -nolog [X] R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2016-12-19] () 2016-12-22 10:03 - 2016-12-22 10:03 - 00002443 _____ C:\Users\Sekretariat\Desktop\BrowserAir.lnk 2016-12-22 10:03 - 2016-12-22 10:03 - 00000000 ____D C:\Users\Sekretariat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir 2016-12-22 10:02 - 2016-12-22 10:03 - 00000000 ____D C:\Users\Sekretariat\AppData\Local\BrowserAir 2016-12-22 09:54 - 2016-12-22 09:54 - 00439808 _____ C:\ProgramData\smp2.exe 2016-12-22 09:54 - 2016-12-22 09:54 - 00004416 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_3131373233372d4a375b5a5a6c783245343741 2016-12-22 09:54 - 2016-12-22 09:54 - 00004258 _____ C:\WINDOWS\System32\Tasks\SMW_P 2016-12-22 09:54 - 2016-12-22 09:54 - 00000000 ____D C:\ProgramData\SearchModule 2016-12-22 09:54 - 2016-12-22 09:54 - 00000000 ____D C:\Program Files\Common Files\Noobzo 2016-12-21 12:00 - 2016-12-21 12:00 - 00000000 ____D C:\Users\Sekretariat\AppData\Roaming\Sparta 2016-12-21 12:00 - 2016-12-21 12:00 - 00000000 ____D C:\Users\Sekretariat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sparta 2016-12-21 10:50 - 2016-12-21 10:50 - 00000000 ____D C:\Users\Sekretariat\AppData\Roaming\LDSGameAssistant 2016-12-21 10:48 - 2016-12-21 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师 2016-12-21 10:46 - 2016-12-21 10:46 - 00001602 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk 2016-12-21 10:46 - 2016-12-21 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器 EmptyTemp: >>Menu Notatnika >> Plik >> >>Zapisz jako >> Nazwa pliku: fixlist Zapisz jako typ: Dokumenty tekstowe Kodowanie: UTF -8 >>Zapisz Plik umieść w folderze C:\Users\Sekretariat\Downloads\Programs Uruchom FRST i kliknij przycisk Fix (NAPRAW). 3) Zrób nowe logi FRST. .
hudygrand komentarz 22 grudnia 2016 Autor komentarz 22 grudnia 2016 skany Addition.txt FRST.txt Shortcut.txt
Twój_Anioł_Stróż komentarz 22 grudnia 2016 komentarz 22 grudnia 2016 W nowych logach nie widzę już niczego podejrzanego, więc chyba możemy kończyć: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. W Adw-Cleaner kliknij na PLIK, potem na ODINSTALUJ. 1
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.