Prośba o weryfikację logów frst

mw641 · 19 Styczeń 2016 20:53

Witam!

Bardzo proszę o weryfikacje logów frst.

Addition.txt

FRST.txt

Shortcut.txt

Atis · 19 Styczeń 2016 21:03

Przeczytaj w jaki sposób należy zamieścić logi i edytuj post:

https://forum.dobreprogramy.pl/t/471355/1?source_topic_id=506078

mw641 · 19 Styczeń 2016 21:09

Bardzo przepraszam ze złe zamieszczenie plików.

FRST: http://www.wklej.org/id/1911368/

addition: http://www.wklej.org/id/1911370/

shortcut: http://www.wklej.org/id/1911373/

Atis · 19 Styczeń 2016 21:34

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM-x32\...\Run: [pcmgr] = C:\Program Files (x86)\ppt\Uninst.exe
HKU\S-1-5-21-3543108252-308360466-193487373-1001\...\Run: [Akamai NetSession Interface] = "C:\Users\Monika\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3543108252-308360466-193487373-1001\...\Run: [{2A4E8F3D-6A3E-4804-A6CC-53DB71D706E4}] = powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\JCCF').YDIYJHQH)));
HKU\S-1-5-21-3543108252-308360466-193487373-1001\...\Policies\Explorer: []
AppInit_DLLs: C:\ProgramData\dlohn\Kaytouch.dll = C:\ProgramData\dlohn\Kaytouch.dll [805376 2016-01-18] ()
AppInit_DLLs-x32: C:\ProgramData\dlohn\Medphase.dll = C:\ProgramData\dlohn\Medphase.dll [257536 2016-01-18] ()
GroupPolicy: Ograniczenia - Chrome ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia ======= UWAGA
SearchScopes: HKU\S-1-5-21-3543108252-308360466-193487373-1001 - {B774E84B-35CC-47EA-AE1D-FDD8EE7D290C} URL =
CHR HomePage: Default - hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwYDNVTGfiWk6gFyDVcsyysvP4hR5Lwt5nOYDsqAJgZu4iZdUduWHPJpbtL6JQfsTTgwFZFaX0glAqszVDlZ73eCWfopfndIjshbjnoW8poVey017TOw1b6Qa3lduO1SfsFyWTtTZ-zvu7uS_60zsQV87HEKuFdg,
CHR StartupUrls: Default - "hxxp://www.istartpageing.com/?type=hpts=1453220913z=5eec6e1ac9165c78408203cg0z7w4cfo1o6e0t1o3bfrom=slbnewuid=SAMSUNGXMZMTD128HAFV-000_S15MNEBD105633"
CHR DefaultSearchURL: Default - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwYDNVTGfiWk6gFyDVcsyysvP4hR5Lwt5nOYDsqAJgZu4iZdUduWHPJpbtL6JQfsTTgwJAPT_86Xh1a_efIfBe6H2YCZ0LiitORcKhicHw8tCrobUNaOK5ZWZM5CkiT2D-JTPotkJ7iFtpjhch4xddZY-MV4oQPs,q={searchTerms}
CHR DefaultSearchKeyword: Default - feed.sonic-search.com
CHR DefaultSuggestURL: Default - hxxps://search.yahoo.com/sugg/chrome?output=fxjsonappid=crmascommand={searchTerms}
R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [539136 2016-01-18] () [Brak podpisu cyfrowego]
S2 downljqqinyraupuat; C:\Users\Monika\AppData\Local\Streetice.exe [28160 2016-01-17] () [Brak podpisu cyfrowego]
S2 vmserve; C:\Program Files (x86)\Common Update\vmserve Update\vmserve.exe [292952 2016-01-07] ()
S2 Vhyvaka; "C:\Users\Monika\AppData\Roaming\RypjenLacgoau\Julnonn.exe" -cms [X]
S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; \SystemRoot\System32\drivers\ew_juextctrl.sys [X]
S3 huawei_wwanecm; \SystemRoot\system32\DRIVERS\ew_juwwanecm.sys [X]
S3 SBIOSIO; \??\C:\Users\Monika\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
2016-01-19 21:06 - 2016-01-19 21:06 - 00000000 ____ D C:\Program Files (x86)\yessearches_bnd
2016-01-19 19:58 - 2016-01-19 19:58 - 00248760 _____ C:\Users\Monika\Downloads\Firefox Setup Stub 43.0.4.exe
2016-01-19 18:31 - 2016-01-19 18:31 - 00000000 _____ C:\autoexec.bat
2016-01-19 18:29 - 2016-01-19 18:29 - 00022704 _____ C:\windows\system32\Drivers\EsgScanner.sys
2016-01-18 21:18 - 2016-01-18 21:18 - 00000000 _____ C:\windows\SysWOW64\Number of results
2016-01-18 20:38 - 2016-01-19 21:13 - 00000000 ____ D C:\ProgramData\dlohn
2016-01-18 15:46 - 2016-01-19 21:13 - 00000000 ____ D C:\ProgramData\Airtostrong
2016-01-18 15:46 - 2016-01-18 15:46 - 00000000 ____ D C:\Program Files\Common Files\pcc0xfc0
2016-01-18 00:31 - 2016-01-18 00:31 - 00000000 ____ D C:\Program Files (x86)\Common Update
2016-01-18 00:03 - 2016-01-18 00:03 - 00000000 ____ D C:\Users\Monika\AppData\LocalLow\Company
2016-01-17 23:55 - 2016-01-17 23:56 - 00000000 ____ D C:\Program Files (x86)\ppt
2016-01-18 00:03 - 2016-01-18 00:03 - 00000000 ____ D C:\uninst
2016-01-19 21:04 - 2014-10-03 22:12 - 00000000 ____ D C:\AdwCleaner
C:\Users\Monika\AppData\Roaming\RypjenLacgoau
C:\Users\Monika\AppData\Local\Streetice.dat
C:\Users\Monika\AppData\Local\Streetice.exe.config
C:\Program Files\Common Files\*.exe
C:\Users\Monika\AppData\Local\*.exe
C:\Users\Monika\AppData\Roaming\*.exe
C:\ProgramData\*.exe
Task: {056F83B2-3616-4DC5-AEF7-8FADF29C470B} - System32\Tasks\Caddyai = C:\PROGRA~1\SHOPPE~1\Nyvok.bat
Task: {1F9F3A7C-2276-4D06-B2A0-D54AB78C2B11} - System32\Tasks\WIN-statsAdmin = C:\Users\Monika\AppData\Local\Microsoft\WinU\~psbcebd.exe ==== UWAGA
Task: {2066961D-0365-4638-B544-834E584EAAD0} - System32\Tasks\Virtual Bus2 = Rundll32.exe "C:\Users\Monika\AppData\Local\Virtual Bus\{08FF69CB-6C67-4539-F8CA-54D363020453}\olbpd.dll",#1 ==== UWAGA
C:\Users\Monika\AppData\Local\Virtual Bus
Task: {20999DD4-EE65-4EA4-A9CB-015D9BA3AE40} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC = C:\Users\Monika\AppData\Roaming\~odzdmzn.exe
Task: {24CD0D56-6ED8-41AF-9A7B-1D765009D69E} - System32\Tasks\prrducu = C:\windows\system32\config\systemprofile\AppData\Local\Trust ==== UWAGA
Task: {5DE8BCB8-0E90-403D-8047-CF8DB37F0B86} - System32\Tasks\psv_Rerandom = /c regedit.exe /s "C:\ProgramData\dlohn\Zotsaokix.reg" amp; del "C:\ProgramData\dlohn\Zotsaokix.reg" amp; SCHTASKS /Delete /TN "psv_Rerandom" /F ==== UWAGA
Task: {5DE8BCB8-0E90-403D-8047-CF8DB37F0B86} - System32\Tasks\psv_Rerandom = /c regedit.exe /s "C:\ProgramData\dlohn\Zotsaokix.reg" amp; del "C:\ProgramData\dlohn\Zotsaokix.reg" amp; SCHTASKS /Delete /TN "psv_Rerandom" /F ==== UWAGA
Task: {ACE8BE1C-871B-400D-A004-0823596E89D5} - System32\Tasks\Virtual Bus = Rundll32.exe "C:\Users\Monika\AppData\Local\Virtual Bus\{08FF69CB-6C67-4539-F8CA-54D363020453}\VirtualBus.dll",#1 ==== UWAGA
Task: {B19C6D03-C589-4A00-A97D-550369ABE2CF} - System32\Tasks\WIN-statsSystem = C:\Users\Monika\AppData\Local\Microsoft\WinU\~hphoaku.exe
Task: {C24FDCAD-78D5-43C6-A0A7-A3E925B4CA47} - System32\Tasks\Rymdu = C:\PROGRA~1\GROOVE~1\Hioslagv.bat
Task: {E79EE350-1117-4324-8A5A-E3434118F259} - System32\Tasks\psv_Ventonix = /c regedit.exe /s "C:\ProgramData\dlohn\ZerGocof.reg" amp; del "C:\ProgramData\dlohn\ZerGocof.reg" amp; SCHTASKS /Delete /TN "psv_Ventonix" /F ==== UWAGA
Task: {EF9F6E64-8192-4BB8-A732-EF51DD8FA0CC} - System32\Tasks\psv_Tranit = /c regedit.exe /s "C:\ProgramData\dlohn\Indigodontech.reg" amp; del "C:\ProgramData\dlohn\Indigodontech.reg" amp; SCHTASKS /Delete /TN "psv_Tranit" /F ==== UWAGA
Task: {FF1C5CC8-C8AF-4DB6-BEAC-7F5F962E5B7D} - System32\Tasks\{8525961B-AE96-4FD3-B58A-267E35FCDD07} = pcalua.exe -a C:\Users\Monika\AppData\Local\PriceMeter\uninst.exe -c /uninstall
Hosts:
DeleteKey: HKCU\Software\Classes\JCCF
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.