Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o sprawdzenie logu - Portal delta homes, sup tub, sweet page

maniak_pl 23 Cze 2014 17:02 1944 18
  • CControls
  • Pomocny post
    #2 23 Cze 2014 17:08
    safbot1st
    Poziom 43  

    ADW znalazł 7 aktywnych procesów, deltę, babylon i sweet-page.
    Strasznie zarobaczony miałeś komputer. Po usunięciu "ożywił" się? :D

    0
  • Pomocny post
    #3 23 Cze 2014 17:35
    Kolobos
    Spec od komputerów

    Odinstaluj:
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {85E1D859-CED2-416F-B451-B392CC946E2F} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
    Task: {AD75FCDF-D559-4C5D-BBAA-D537072D8736} - System32\Tasks\temp_a3bb1f37-ca48-4005-9c57-de3ec606553c-2 => C:\Users\BUDMA_~1\AppData\Local\Temp\nsc5252.tmp\a3bb1f37-ca48-4005-9c57-de3ec606553c-2.exe <==== ATTENTION
    Task: {FEE0FD6A-D6F6-40EE-9F50-C1084AD17AE2} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    R1 {55685567-4840-4a91-962b-49a412e9485a}w64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [61112 2014-05-26] (StdLib)
    R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys [61112 2014-05-22] (StdLib)
    2014-06-23 16:30 - 2014-06-23 16:31 - 00000000 ____D () C:\AdwCleaner
    2014-05-26 10:28 - 2014-05-22 18:27 - 00061112 _____ (StdLib) C:\WINDOWS\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys
    C:\ProgramData\SetStretch.exe

    W FRST wybierz Fix.


    Uzyj http://www.bleepingcomputer.com/download/tfc/

    Usun katalog C:\FRST i to wszystko.

    0
  • #4 25 Cze 2014 10:05
    maniak_pl
    Poziom 6  

    Brat miał na kompie taki "porządek". Odżył komp i to jak:)
    Dzięki za pomoc. Teraz lecą kolejne maszynki do odrobaczenia.


    EDIT: Rzucam kolejne logi tym razem z mojego kompa z prośbą o rozszyfrowanie:

    0
  • CControls
  • Pomocny post
    #5 25 Cze 2014 15:50
    Acorus 20
    Spec od komputerów

    Otwórz Notatnik i wklej:

    Cytat:
    HKLM\...\Run: [] => [X]
    Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    2014-06-25 10:16 - 2014-06-25 10:41 - 00000000 ____D () C:\AdwCleaner
    2014-05-30 20:19 - 2014-05-30 20:19 - 00001783 _____ () C:\Documents and Settings\All Users\Pulpit\McAfee Security Scan Plus.lnk
    2014-05-30 20:19 - 2014-05-30 20:19 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2014-05-30 20:19 - 2014-05-30 20:19 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\McAfee Security Scan Plus
    C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\*.exe
    C:\Documents and Settings\Admin\Ustawienia lokalne\Temp\*.dll


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix.

    0
  • Pomocny post
    #7 04 Lip 2014 10:49
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
    Java(TM) 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)

    Zainstaluj http://ninite.com/java/

    fixlist.txt dla FRST:
    HKLM-x32\...\Run: [] => [X]
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKCU - {5A902010-C9DD-4BC5-BFC3-B45099EBA1F3} URL = http://uk.shopping.com/?linkin_id=8056359
    SearchScopes: HKCU - {9AABCB90-D44C-4630-97A8-1FD9126FA058} URL = http://rover.ebay.com/rover/1/710-42480-16445-5/4?satitle={searchTerms}
    SearchScopes: HKCU - {B6EA2532-50D2-420C-8516-DDEE27D4C884} URL = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
    2014-07-03 14:00 - 2014-07-03 14:04 - 00000000 ____D () C:\AdwCleaner

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #9 16 Sie 2014 15:11
    Kolobos
    Spec od komputerów

    fixlist.txt:
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?tpid=ORJ-V7C&o=APN11406&pf=V7&trgb=IE&
    URLSearchHook: HKCU - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
    SearchScopes: HKCU - {3C0AA065-AC2A-C051-9A90-1597BC1BCBA0} URL = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&
    SearchScopes: HKCU - {60A4A8A4-A1E3-4127-A594-29AA7453FD39} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&
    2014-08-16 14:28 - 2014-08-16 14:30 - 00000000 ____D () C:\AdwCleaner


    Uzyj http://www.bleepingcomputer.com/download/tfc/

    0
  • Pomocny post
    #11 23 Wrz 2014 21:49
    Kolobos
    Spec od komputerów

    Odinstaluj:
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

    Fixlist.txt:
    Task: {42C9B890-D5D5-4031-B4D0-9ACB2B7AA53C} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{44DC55B5-8FC2-4E5B-80A2-6AD2510AB684}.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{44DC55B5-8FC2-4E5B-80A2-6AD2510AB684}.exe
    HKU\S-1-5-21-426739553-1929402753-3404522831-1003\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] => "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
    FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    S2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
    2014-09-23 21:19 - 2014-09-23 21:22 - 00000000 ____D () C:\AdwCleaner
    EmptyTemp:

    0
  • Pomocny post
    #13 22 Kwi 2015 18:07
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-08-14] (Realtek Semiconductor)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
    HKLM-x32\...\Run: [WinampAgent] => C:\Program Files\Winamp\Winampa.exe [10752 2002-03-20] ()
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1828885249-3525503643-3855521561-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-1828885249-3525503643-3855521561-1001\...\MountPoints2: {3a70f112-dece-11e4-824f-806e6f6e6963} - "D:\CDSetup.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR Extension: (BetaFish Adblocker) - C:\Users\Lukasz Manko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-22]
    CHR Extension: (Bookmark Manager) - C:\Users\Lukasz Manko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
    2015-04-22 12:05 - 2015-04-22 12:08 - 00000000 ____D () C:\AdwCleaner
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix.

    0
  • #15 19 Paź 2015 00:46
    Kolobos
    Spec od komputerów

    Fixlist.txt:
    Task: {8A591004-5B60-443A-8030-229B3BD6FDB1} - System32\Tasks\desktopscf => D:\Bin\desktop.scf

    0
  • Pomocny post
    #17 31 Paź 2015 11:53
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9962016 2010-02-16] (Realtek Semiconductor)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S2 WTGService; C:\Program Files (x86)\OneClickInternet\WTGService.exe [X]
    2015-10-31 09:56 - 2015-10-31 09:57 - 00000000 ____D C:\AdwCleaner
    2015-10-30 18:47 - 2015-10-30 18:47 - 00000000 __SHD C:\found.000
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Reset Chrome: https://support.google.com/chrome/answer/3296214?hl=pl

    0
  • #19 15 Gru 2015 00:13
    Kolobos
    Spec od komputerów

    @maniak_pl


    Zainstaluj: https://support.microsoft.com/en-us/kb/2545227

    Fixlist:
    Task: {F466956F-B7EF-48CD-A214-9103A2F83D7C} - System32\Tasks\Opera scheduled Autoupdate 1447090946 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software)
    (TFuns LIMITED) C:\ProgramData\2WdM2\WdMan.exe
    (© 2015 Microsoft Corporation) C:\Users\PC\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe
    HKU\S-1-5-21-556801979-3308981351-1709481897-1000\...\Run: [BingSvc] => C:\Users\PC\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-11]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.226\SSScheduler.exe (McAfee, Inc.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-556801979-3308981351-1709481897-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.yoursites123.com/?type=sc&ts=1...id=WDCXWD1600HLFS-75G6U0_WD-WXL60808403184031
    R2 WdMan; C:\ProgramData\2WdM2\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-14] ()
    2015-12-14 17:31 - 2015-12-14 17:31 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2015-12-14 17:31 - 2015-12-14 17:31 - 00000000 _____ C:\autoexec.bat
    2015-12-14 15:47 - 2015-12-14 15:48 - 00000000 ____D C:\ProgramData\2WdM2
    2015-12-14 15:46 - 2015-12-14 15:46 - 00000000 ____D C:\ProgramData\nWdMn
    2015-12-14 15:46 - 2015-11-09 18:16 - 00000000 ____D C:\ProgramData\iWMiniProi
    EmptyTemp:

    0