logo elektroda
logo elektroda
X
logo elektroda
Szukanie Zaawansowane
logo elektroda
Adblock/uBlockOrigin/AdGuard mogą powodować znikanie niektórych postów z powodu nowej reguły.

Analiza logów po infekcji wirusem dll28stny.com u znajomego – prośba o sprawdzenie

damjack16 08 Paź 2014 18:46 1590 5
Zgłoś naruszenie prawa
| Nowy temat
  • #1 14025791
    damjack16
    Poziom 8  
    Posty: 15
    Witam, pisałem już o tym problemie na forum i go rozwiązałem, a teraz przytrafiłsię ten wirus mojemu znajomemu i prosiłbym o sprawdzenie logów.
    Załączniki:
    • Addition_08-10-2014_18-14-17.txt (26.43 KB) Musisz być zalogowany, aby pobrać ten załącznik.
    • FRST_08-10-2014_18-14-19.txt (30.84 KB) Musisz być zalogowany, aby pobrać ten załącznik.
  • #2 14025853
    Acorus 20
    Poziom 43  
    Posty: 10541
    Pomógł: 3247
    Ocena: 1063
    Odinstaluj Ask Toolbar,Browser Tab Search by Ask for Google Chrome,fst_en_105,GoldenCoupon,omiga-plus uninstaller,Optimizer Pro v3.2,RegClean-Pro,RoyialCoupon,sAvuEroN,Search Protect,trolatunt,WindowsProtectManger20.0.0.339.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.
    Pokaż nowe logi z FRST.
  • #3 14029124
    damjack16
    Poziom 8  
    Posty: 15
    Proszę bardzo, oto nowe logi FRST
    Załączniki:
    • Addition.txt (24.19 KB) Musisz być zalogowany, aby pobrać ten załącznik.
    • FRST.txt (26.48 KB) Musisz być zalogowany, aby pobrać ten załącznik.
  • #4 14029771
    Acorus 20
    Poziom 43  
    Posty: 10541
    Pomógł: 3247
    Ocena: 1063
    Otwórz Notatnik i wklej:

    Cytat:
    Task: {1BBF9A22-603E-4FDB-9EB1-D56D91BC2133} - System32\Tasks\Browser Updater\Zapp Browser Updater => C:\Program Files\Zapp\WPackageUpgrade.exe [2014-10-03] ()
    Task: {4F2084EC-D315-40B6-AAE3-82C9840046F4} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files\Zapp\WBrokerDirect.exe [2014-10-03] () <==== ATTENTION
    Task: C:\Windows\Tasks\Opera D1.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D2.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D3.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D4.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D5.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D6.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D7.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera N.job => C:\Program Files\Opera\launcher.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=...CH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
    SearchScopes: HKCU - {4726483D-F832-468D-9925-AEA21D37F1CE} URL = http://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11467&pf=V7&p2=^BED^OSJ000^YY^PL&gct=&itbv=12.15.1.21&apn_uid=B7D2C065-985F-482E-962B-F9BBAB5B22BE&apn_ptnrs=BED&apn_dtid=^OSJ000^YY^PL&apn_dbr=cr_35.0.1916.153&doi=2014-07-27&trgb=CR&q={searchTerms}&psv=&pt=tb
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=...CH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
    BHO: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll" No File
    BHO: Zapp -> {e6eeb20c-cf4a-4789-becf-64f78340708f} -> C:\Program Files\Zapp\IE\Zapp.dll No File
    Toolbar: HKLM - Zapp - {e6eeb20c-cf4a-4789-becf-64f78340708f} - C:\Program Files\Zapp\IE\Zapp.dll No File
    Toolbar: HKLM - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll" No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2014-10-09 10:17 - 2014-10-09 21:43 - 00000444 ____H () C:\Windows\Tasks\Norton Security Scan for Mateusz.job
    2014-10-09 10:17 - 2014-10-09 10:17 - 00001375 _____ () C:\Users\Public\Desktop\Norton Security Scan.LNK
    2014-10-09 10:17 - 2014-10-09 10:17 - 00000000 ____D () C:\Windows\system32\Drivers\NSS
    2014-10-09 10:17 - 2014-10-09 10:17 - 00000000 ____D () C:\ProgramData\Symantec
    2014-10-09 10:17 - 2014-10-09 10:17 - 00000000 ____D () C:\ProgramData\Norton
    2014-10-09 10:17 - 2014-10-09 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
    2014-10-09 10:17 - 2014-10-09 10:17 - 00000000 ____D () C:\Program Files\Norton Security Scan
    2014-10-09 21:41 - 2014-07-06 16:22 - 00000000 ____D () C:\AdwCleaner
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix.Skasuj folder C:\FRST
  • #5 14029778
    Kolobos
    Spec od komputerów
    Posty: 85152
    Pomógł: 17160
    Ocena: 10422
    Odinstaluj:
    AVG PC TuneUp 2014 (HKLM\...\AVG PC TuneUp) (Version: 14.0.1001.380 - AVG)
    Shopping App by Ask (HKLM\...\{4F524A2D-5354-2D53-5045-A758B70C1101}) (Version: 12.17.1.64 - APN, LLC)
    Zapp 7.0 (HKLM\...\{447f77b7-9433-4a8b-b657-79e1c71898f6}_is1) (Version: 7.0 - SimplyTech LTD)

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {1BBF9A22-603E-4FDB-9EB1-D56D91BC2133} - System32\Tasks\Browser Updater\Zapp Browser Updater => C:\Program Files\Zapp\WPackageUpgrade.exe [2014-10-03] ()
    Task: {4F2084EC-D315-40B6-AAE3-82C9840046F4} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files\Zapp\WBrokerDirect.exe [2014-10-03] () <==== ATTENTION
    Task: {633EC13E-2EFF-4E9C-B659-E21DFC40D8E1} - System32\Tasks\Norton Security Scan for Mateusz => C:\Program Files\Norton Security Scan\Engine\4.0.1.16\Nss.exe [2013-05-07] (Symantec Corporation)
    Task: C:\Windows\Tasks\Norton Security Scan for Mateusz.job => C:\PROGRA~1\NORTON~2\Engine\401~1.16\Nss.exe
    Task: C:\Windows\Tasks\Opera D1.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D2.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D3.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D4.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D5.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D6.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera D7.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera N.job => C:\Program Files\Opera\launcher.exe
    Task: C:\Windows\Tasks\Opera scheduled Autoupdate 1404590118.job => C:\Program Files\Opera\launcher.exe
    () C:\Program Files\Zapp\WBrokerDirect.exe
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=...CH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
    SearchScopes: HKCU - {4726483D-F832-468D-9925-AEA21D37F1CE} URL = http://www.search.ask.com/web?tpid=ORJ-ST-SPE&o=APN11467&pf=V7&p2=^BED^OSJ000^YY^PL&gct=&itbv=12.15.1.21&apn_uid=B7D2C065-985F-482E-962B-F9BBAB5B22BE&apn_ptnrs=BED&apn_dtid=^OSJ000^YY^PL&apn_dbr=cr_35.0.1916.153&doi=2014-07-27&trgb=CR&q={searchTerms}&psv=&pt=tb
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=...CH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
    BHO: Shopping App by Ask -> {4F524A2D-5354-2D53-5045-7A786E7484D7} -> "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll" No File
    BHO: Zapp -> {e6eeb20c-cf4a-4789-becf-64f78340708f} -> C:\Program Files\Zapp\IE\Zapp.dll No File
    Toolbar: HKLM - Zapp - {e6eeb20c-cf4a-4789-becf-64f78340708f} - C:\Program Files\Zapp\IE\Zapp.dll No File
    Toolbar: HKLM - Shopping App by Ask - {4F524A2D-5354-2D53-5045-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Passport.dll" No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    2014-10-09 21:41 - 2014-07-06 16:22 - 00000000 ____D () C:\AdwCleaner
    2014-10-09 10:26 - 2014-06-05 23:01 - 00000000 ____D () C:\Program Files\Zapp
    2014-10-06 21:37 - 2014-06-21 17:34 - 00000000 ____D () C:\ProgramData\798ace41656c2ba
    EmptyTemp:

    W FRST wybierz Fix.

    Usun katalog C:\FRST i to wszystko.
  • #6 14042775
    damjack16
    Poziom 8  
    Posty: 15
    Dziekuje za pomoc. Wszystko działa :)
| Nowy temat
Zgłoś naruszenie prawa
REKLAMA