Spyware


(cena6) #1

Proszę o sprawdzenie logów z siosty lapka , Dziękuję

FRST
http://www.wklej.org/id/3270546/
Addition
http://www.wklej.org/id/3270547/
Sho
http://www.wklej.org/id/3270548/


(Atis) #2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

CloseProcesses:
Startup: C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xe0305.exe [2010-12-09] ()
Startup: C:\Users\Kasia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zosta FIT Natalia Gacka - Trening A1.lnk [2015-04-08]
C:\ProgramData\{e7d8d7ba-bb8f-7871-e7d8-8d7babb85eea}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\uj5zrnbe.default -> YHS
FF SearchPlugin: C:\Users\Kasia\AppData\Roaming\Mozilla\Firefox\Profiles\uj5zrnbe.default\searchplugins\yhs.xml [2016-09-08]
2017-10-14 10:51 - 2015-05-17 11:26 - 000000000 ____D C:\AdwCleaner
2017-08-16 16:04 - 2017-08-16 16:04 - 000000268 ___RH () C:\Users\Kasia\AppData\Roaming\Image Manipulation
2017-08-16 16:04 - 2017-08-16 16:04 - 000000268 ___RH () C:\Users\Kasia\AppData\Roaming\Images
2010-12-22 20:21 - 2010-12-22 20:21 - 000027639 _____ () C:\Users\Kasia\AppData\Roaming\UserTile.png
2010-12-13 17:38 - 2010-12-13 17:38 - 000000000 _____ () C:\Users\Kasia\AppData\Local\AtStart.txt
2011-01-21 21:29 - 2016-09-10 12:30 - 000075264 _____ () C:\Users\Kasia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-12-13 17:38 - 2010-12-13 17:38 - 000000000 _____ () C:\Users\Kasia\AppData\Local\DSwitch.txt
2010-12-13 17:38 - 2010-12-13 17:38 - 000000000 _____ () C:\Users\Kasia\AppData\Local\QSwitch.txt
2011-08-09 13:44 - 2011-08-09 13:44 - 000385649 _____ () C:\Users\Kasia\AppData\Local\tmp20110805105.JPG
2011-08-09 13:17 - 2011-08-09 13:18 - 000000000 _____ () C:\Users\Kasia\AppData\Local\{74972C59-34D9-4E6B-BFA2-72621DE664CC}
2017-08-16 16:04 - 2017-08-16 16:04 - 000000268 ___RH () C:\ProgramData\Instrument Library
2017-08-16 16:04 - 2017-08-16 16:04 - 000000268 ___RH () C:\ProgramData\InkjetPrinter
C:\ProgramData\*.log
Task: {1947A37D-A267-4018-9BD2-B56BFF3717B5} - System32\Tasks\e-pity2015a_styczen => C:\Program Files (x86)\e-file\e-pity2015\Assets\signxml.exe
Task: {06AEEBF9-575C-48B2-B013-48E137AAF729} - System32\Tasks\Symantec\Symantec Error Processor 17.0.0.45 => C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.45\ccSvcHst.exe
Task: {5457587E-4898-4052-A5BE-D6BAB0E33CD2} - System32\Tasks\e-pity2015a_kwiecien => C:\Program Files (x86)\e-file\e-pity2015\Assets\signxml.exe
Task: {973F39BD-945C-4D7D-9FCC-0967B22348E2} - System32\Tasks\Symantec\Symantec Error Analyzer 17.0.0.45 => C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.45\ccSvcHst.exe
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.


(cena6) #3

Fixlog

http://www.wklej.org/id/3275661/

FRST

http://www.wklej.org/id/3275662/

Proszę o dalszą pomoc.


(Atis) #4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

C:\Users\Kasia\AppData\Local\QSwitch.txt
C:\Users\Kasia\AppData\Local\DSwitch.txt
C:\Users\Kasia\AppData\Local\AtStart.txt
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Skasuj folder C:\FRST
Czyszczenie folderów Przywracania systemu