Zamulony komputer


(Polarnik29) #1

Witam,

na komputerze wyskakują reklamy oraz wolno działa. Prośba o pomoc. Skan AdwCleaner wykonany.

http://www.wklej.org/id/1886773/ FRST.txt

http://www.wklej.org/id/1886776/ Addition.txt

http://www.wklej.org/id/1886777/ shortcut.txt

 


(Atis) #2

W jakim celu pobierasz szkodliwe pliki?

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
Task: {0D6C2DEE-AA12-44D5-86F4-408A1E13EBB3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d - Brak pliku ==== UWAGA
Task: {2113DEF3-F15F-43E1-995C-BD77F4E39AB1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d - Brak pliku ==== UWAGA
Task: {39C6963C-1A8E-48FB-BFC3-8C4CCDB25309} - \Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start - Brak pliku ==== UWAGA
Task: {4F9AF566-4B57-4F6E-B335-077BE1A69BBD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess - Brak pliku ==== UWAGA
Task: {55A77673-057E-4754-B2CE-F7DA51807696} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent - Brak pliku ==== UWAGA
Task: {58FC4737-D22F-48D7-8E88-6E3BF9D3E7AC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d - Brak pliku ==== UWAGA
Task: {60670E16-A3BE-4BDE-8F86-3D2515E06DA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig - Brak pliku ==== UWAGA
Task: {6725E8BE-5C3F-40B3-A7DA-F1DBDDAB2703} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd - Brak pliku ==== UWAGA
Task: {784BABDE-2DEC-4338-B870-A319D8125ABE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - Brak pliku ==== UWAGA
Task: {8A6BD2CD-859E-41EE-B664-DC8E742CFFBF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d - Brak pliku ==== UWAGA
Task: {E874F1AB-EE34-4C16-A408-9E77485015CD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d - Brak pliku ==== UWAGA
Task: {F4F307D7-D83D-41D1-8ABF-4BDA52740DC4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent - Brak pliku ==== UWAGA
ShortcutWithArgument: C:\Users\Emeryk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) - www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
ShortcutWithArgument: C:\Users\Emeryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) - www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
ShortcutWithArgument: C:\Users\Emeryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) - www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
ShortcutWithArgument: C:\Users\Emeryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) - www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Anti-Theft.lnk - C:\Program Files\Preload\McAfee Anti-Theft\StartURL.exe () - hxxp://home.mcafee.com/root/campaign.aspx?cid=103626
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) - www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) - www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
HKLM-x32\...\Run: [] = [X]
GroupPolicy: Ograniczenia - Chrome ======= UWAGA
GroupPolicy-x32: Ograniczenia - Chrome ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia ======= UWAGA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dsts=1446658293z=11d8e8094ec715f0dc7c210gbz7zcq4qbw4beoft1cfrom=cornluid=st320lt020-9yg142_w0q4rbpyxxxxw0q4rbpyq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dsts=1446658293z=11d8e8094ec715f0dc7c210gbz7zcq4qbw4beoft1cfrom=cornluid=st320lt020-9yg142_w0q4rbpyxxxxw0q4rbpyq={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-3914217614-3722202410-1534574955-1000 - Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Brak pliku
Toolbar: HKU\S-1-5-21-3914217614-3722202410-1534574955-1000 - Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  Brak pliku
Edge HomeButtonPage: HKU\S-1-5-21-3914217614-3722202410-1534574955-1000 - www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
FF SelectedSearchEngine: Yahoo! Search
FF SearchPlugin: C:\Users\Emeryk\AppData\Roaming\Mozilla\Firefox\Profiles\7lyky6l8.default\searchplugins\keepmysearch.xml [2014-06-30]
CHR Extension: (Wooden Seal) - C:\Users\Emeryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjphoolbnommgjeopjileehhmjegpe [2015-12-04] [UpdateUrl: hxxp://wwwwoodensealcom-a.akamaihd.net/update/chrome] ==== UWAGA
CHR HKU\S-1-5-21-3914217614-3722202410-1534574955-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3914217614-3722202410-1534574955-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
S2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer189.exe [236816 2015-10-09] (MustangService)
R2 WinNetSvc; C:\Users\Emeryk\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()
U3 idsvc; Brak ImagePath
S1 {03fe1e82-27a8-4c9c-9858-83f6dd0428dc}Gw64; system32\drivers\{03fe1e82-27a8-4c9c-9858-83f6dd0428dc}Gw64.sys [X]
S1 {51b98c97-fa2a-437c-b7d5-ab8b71a0231f}Gw64; system32\drivers\{51b98c97-fa2a-437c-b7d5-ab8b71a0231f}Gw64.sys [X]
S1 {8ce5ed93-24b7-4769-b5b4-962ea44ffd4e}Gw64; system32\drivers\{8ce5ed93-24b7-4769-b5b4-962ea44ffd4e}Gw64.sys [X]
2015-12-23 08:33 - 2015-12-23 08:33 - 04810368 _____ ( ) C:\Users\Emeryk\Desktop\setup_gmsd_en(3).exe
2015-12-26 11:48 - 2015-12-26 12:03 - 00000000 ____ D C:\AdwCleaner
2015-12-22 19:26 - 2015-12-22 19:26 - 00000000 __SHD C:\found.008
2015-12-22 19:14 - 2015-12-22 19:14 - 04810368 _____ ( ) C:\Users\Emeryk\Desktop\setup_gmsd_en(2).exe
2015-12-22 18:24 - 2015-12-22 18:24 - 00000000 __SHD C:\found.007
2015-12-22 17:39 - 2015-12-22 17:39 - 00000000 _____ C:\Users\Emeryk\AppData\Local\{490689C3-A461-4826-89A7-E50421BE341D}
2015-12-18 08:30 - 2015-12-18 08:30 - 00000000 __SHD C:\found.006
2015-12-17 08:24 - 2015-12-17 08:24 - 00000000 __SHD C:\found.005
2015-12-17 08:24 - 2015-12-17 08:24 - 00000000 __SHD C:\found.004
2015-12-17 08:24 - 2015-12-17 08:24 - 00000000 __SHD C:\found.003
2015-06-22 07:44 - 2015-06-22 07:44 - 0000000 _____ () C:\Users\Emeryk\AppData\Local\{8E1BC505-F49B-480D-999F-58FFC70AD086}
C:\Users\Emeryk\AppData\Roaming\WinNetSvc
C:\ProgramData\TempMoudleSet
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

 

 


(Polarnik29) #3

Niestety to nie mój komputer, więc nie biorę odpowiedzialności za pobierane pliki:

http://www.wklej.org/id/1886844/ fixlog

http://www.wklej.org/id/1886864/ frst

http://www.wklej.org/id/1886859/ Addition


(Atis) #4

Nie wiem jak to zrobiłeś, ale w pliku Fixlist brakuje ukośników w ścieżkach, więc nic nie zostało wykonane.

 

 


(Polarnik29) #5

Nowe skany wykonane. Teraz przestało ię uruchamiać menu start

 

http://www.wklej.org/id/1886890/ nowy fixlist

http://www.wklej.org/id/1886892/ frst

http://www.wklej.org/id/1886894/ addition

 


(Atis) #6

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-3914217614-3722202410-1534574955-1000\...\RunOnce: [Uninstall C:\Users\Emeryk\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Emeryk\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
CHR Extension: (Wooden Seal) - C:\Users\Emeryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjphoolbnommgjeopjileehhmjegpe [2015-12-04] [UpdateUrl: hxxp://wwwwoodensealcom-a.akamaihd.net/update/chrome] ==== UWAGA
C:\Users\Emeryk\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjphoolbnommgjeopjileehhmjegpe
C:\Users\Emeryk\Desktop\setup_gmsd_en*.exe
C:\Users\Emeryk\QuickTime-12821-dp.exe
ShortcutWithArgument: C:\Users\Emeryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) - www.aqovd.com?oem=sunadplv3uid=BA1407251E0800181968_SATASSDtm=1449341928
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Anti-Theft.lnk - C:\Program Files\Preload\McAfee Anti-Theft\StartURL.exe () - hxxp://home.mcafee.com/root/campaign.aspx?cid=103626
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Skasuj folder C:\FRST