Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Reklamy i logi FRST - jak wygenerować fix?

Syurkowsky 11 Lip 2015 00:23 1176 13
  • CControls
  • Pomocny post
    #2 11 Lip 2015 09:20
    Acorus 20
    Spec od komputerów

    Odinstaluj CinemaPlus-3.2cV10.07, McAfee Security Scan Plus, SmartWeb. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Pokaż nowe logi z FRST.

    3
  • Pomocny post
    #4 11 Lip 2015 14:35
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {3016F839-827D-4F20-A04D-347E5DCC5C27} - System32\Tasks\Bm34cROHkLg4sSSw6wNiA2 => C:\Users\Syure\AppData\Roaming\Bm34cROHkLg4sSSw6wNiA2.exe <==== ATTENTION
    Task: {FB538EA7-F101-40E9-8C2B-478ED96BA10D} - System32\Tasks\Oi2VZmCwyh8udveVkdUtcmIRK => C:\Users\Syure\AppData\Roaming\Oi2VZmCwyh8udveVkdUtcmIRK.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Bm34cROHkLg4sSSw6wNiA2.job => C:\Users\Syure\AppData\Roaming\Bm34cROHkLg4sSSw6wNiA2.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Oi2VZmCwyh8udveVkdUtcmIRK.job => C:\Users\Syure\AppData\Roaming\Oi2VZmCwyh8udveVkdUtcmIRK.exe <==== ATTENTION
    HKLM-x32\...\Run: [] => [X]
    BootExecute: autocheck autochk *
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Extension: Coupon Time 1.0.1 - C:\Users\Syure\AppData\Roaming\Mozilla\Firefox\Profiles\pwqnufyd.default\Extensions\{a2e82ae1-2091-454c-aac9-49113691b4df}.xpi [2015-07-10]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
    CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=143...uid=WDCXWD10JPVT-24A1YT0_WD-WX61A532093020930
    CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1436565223&z=bdaba28c9ac358c26c0be4cgdz4c8q5wdqfwbo7o8e&from=face&uid=WDCXWD10JPVT-24A1YT0_WD-WX61A532093020930"
    CHR DefaultSearchKeyword: Default -> istartsurf
    CHR DefaultSearchURL: Default -> http://www.istartsurf.com/web/?type=ds&ts...XWD10JPVT-24A1YT0_WD-WX61A532093020930&q={searchTerms}
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe http://www.istartsurf.com/?type=sc&ts=143...uid=WDCXWD10JPVT-24A1YT0_WD-WX61A532093020930
    S3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe" [X]
    U3 aews45h1; C:\Windows\System32\Drivers\aews45h1.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
    U3 av16y5h3; C:\Windows\System32\Drivers\av16y5h3.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    2015-07-11 00:19 - 2015-07-11 01:43 - 00000000 ____D C:\Program Files (x86)\4d6b25a0-afd3-4f67-9e07-91dffd1d70fd
    2015-07-10 23:43 - 2015-07-10 23:43 - 00000000 ____D C:\Program Files (x86)\52248bc8-aaad-4ba9-8860-534688260270
    2015-07-11 10:36 - 2015-01-07 20:56 - 00000000 ____D C:\AdwCleaner
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Syure\AppData\Roaming\Bm34cROHkLg4sSSw6wNiA2
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Syure\AppData\Roaming\Oi2VZmCwyh8udveVkdUtcmIRK
    C:\Users\Syure\lame_enc.dll
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.
    Najpierw możesz wyeksportować zakładki: https://support.google.com/chrome/answer/96816?hl=pl
    Później zainstaluj stabilną wersję: https://www.google.pl/chrome/browser/desktop/

    2
  • #5 11 Lip 2015 15:43
    Syurkowsky
    Poziom 4  

    Bardzo dziękuję ;)

    0
  • CControls
  • #6 11 Lip 2015 16:09
    Acorus 20
    Spec od komputerów

    Skasuj folder C:\FRST.

    0
  • #9 12 Lip 2015 22:54
    Direj
    Poziom 2  

    Właśnie te logi które umieściłem to one są już po skanowaniu i usunięciu śmieci z MBAM. Czy dodatkowy skan z ADWcleaner jest bardzo istotny ?

    0
  • #10 13 Lip 2015 09:33
    Acorus 20
    Spec od komputerów

    Odinstaluj McAfee Security Scan Plus. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {14446E8E-462E-4831-9ABB-7D347700E0AD} - \Price Fountain No Task File <==== ATTENTION
    Task: {530840F5-463E-4999-87A1-F6FA3D80E2E2} - System32\Tasks\Malware Cleaner => C:\Users\Direj\AppData\Roaming\393A.tmp.exe [2015-03-24] () <==== ATTENTION
    Task: {936C3CC3-F1E3-41BD-861A-7A34383DADC4} - System32\Tasks\{D7D6EB06-CA70-4B1C-B1C7-623076A893B1} => pcalua.exe -a C:\Users\Direj\AppData\Local\AdTrustMedia\PrivDog\PrivDogSetup_3.0.97.0.exe -d C:\Users\Direj\AppData\Local\AdTrustMedia\PrivDog -c /u /s /t /nd
    Task: {AA57A9FF-016D-488E-A9ED-8E62AB48D679} - System32\Tasks\Giga Perfect Uninstaller => C:\Program Files (x86)\PrivateVPN\gpup.exe [2015-03-24] () <==== ATTENTION
    Task: {AD5E326E-CE05-4EB5-8005-792BAE3A2D2F} - System32\Tasks\{4D04E4D6-034A-494B-BC1C-E2E75828D5F5} => pcalua.exe -a C:\Users\Direj\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== ATTENTION
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-17]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=...CH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}




    SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=...CH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4232599175-1144476272-1821699108-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
    SearchScopes: HKU\S-1-5-21-4232599175-1144476272-1821699108-1000 -> {2581E596-44DF-4635-8EF0-36E8A15D25DE} URL = http://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
    SearchScopes: HKU\S-1-5-21-4232599175-1144476272-1821699108-1000 -> {7D0BAB18-DE60-4e8f-AC9E-8906B3E8479C} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
    SearchScopes: HKU\S-1-5-21-4232599175-1144476272-1821699108-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=ieb&gct=...CH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    FF DefaultSearchEngine: WebSearch
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.thesearchpage.info/?pid=3458...p;lg=EN&cc=PL&unqvl=74&l=1&q=
    FF SearchEngineOrder.1: WebSearch
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF Plugin HKU\S-1-5-21-4232599175-1144476272-1821699108-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
    FF HKU\S-1-5-21-4232599175-1144476272-1821699108-1000\...\Firefox\Extensions: [PrivDog@AdTrustMedia.com] - C:\Users\Direj\AppData\Roaming\Mozilla\Firefox\Profiles\dgkekthj.default\extensions
    OPR Extension: (iWebar) - C:\Users\Direj\AppData\Roaming\Opera Software\Opera Stable\Extensions\gnjbfdmiommbcdfigaefehgdndnpeech [2014-10-25]
    R2 Live Malware Protection; C:\Windows\mlwps.exe [239104 2015-03-24] (AV Security Software) [File not signed] <==== ATTENTION
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
    S2 SystemkService; C:\Program Files (x86)\Settings Manager\systemk\SystemkService.exe [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2015-07-12 22:32 - 2015-07-12 22:32 - 00000000 ____D C:\Users\Direj\Downloads\FRST-OlderVersion
    2015-07-12 22:27 - 2015-03-23 03:13 - 00000000 ____D C:\Program Files (x86)\FunDealsa
    2015-07-12 22:27 - 2015-01-14 15:50 - 00000000 ____D C:\Program Files (x86)\unisaaLeS
    2015-07-12 22:27 - 2014-06-25 23:41 - 00000000 ____D C:\Users\Direj\AppData\Roaming\Settings Manager
    2015-07-12 22:27 - 2014-06-25 23:41 - 00000000 ____D C:\Program Files (x86)\Settings Manager
    2015-03-24 18:43 - 2015-03-24 18:43 - 0775168 _____ () C:\Users\Direj\AppData\Roaming\393A.tmp.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.
    Najpierw możesz wyeksportować zakładki: https://support.google.com/chrome/answer/96816?hl=pl
    Później zainstaluj stabilną wersję: https://www.google.pl/chrome/browser/desktop/

    0
  • #12 13 Lip 2015 20:10
    Acorus 20
    Spec od komputerów

    Odinstaluj McAfee Security Scan Plus. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {53D7A4C9-6BB5-4E29-9B24-94F717E9C56E} - System32\Tasks\{586782FC-7A3C-4328-BC2E-6D1A6B22608F} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor
    HKLM-x32\...\Run: [] => [X]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-10]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2419854233-2087240343-2712510175-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts...cor&uid=395049983_1052514_84B1715B&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts...cor&uid=395049983_1052514_84B1715B&q={searchTerms}
    HKU\S-1-5-21-2419854233-2087240343-2712510175-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2419854233-2087240343-2712510175-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=hp-ddc-bd&type=bl-bir-is__alt__ddc_dsssyc_bd_com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/yhs/search?hspart=ddc...mp;type=bl-bir-is__alt__ddc_dss_bd_com&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.yahoo.com/yhs/search?hspart=ddc...mp;type=bl-bir-is__alt__ddc_dss_bd_com&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2419854233-2087240343-2712510175-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&a...15B&ts=1435246026&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2419854233-2087240343-2712510175-1000 -> OldSearch URL = http://www.istartsurf.com/web/?utm_source=b&a...15B&ts=1435246026&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2419854233-2087240343-2712510175-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&a...15B&ts=1435246026&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2419854233-2087240343-2712510175-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://search.yahoo.com/yhs/search?hspart=ddc...mp;type=bl-bir-is__alt__ddc_dss_bd_com&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2419854233-2087240343-2712510175-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&a...15B&ts=1435246026&type=default&q={searchTerms}
    BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-16] (Thinknice Co. Limited)
    BHO-x32: Assist Point -> {dc727a8c-7582-483c-a1c2-2b885f099bb5} -> C:\Program Files (x86)\Assist Point\Extensions\dc727a8c-7582-483c-a1c2-2b885f099bb5.dll No File
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
    CHR Extension: (Assist Point) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcfnfdnilflnlcoedeonodkhdkhibip [2015-07-08]
    OPR Extension: (Assist Point) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbcfnfdnilflnlcoedeonodkhdkhibip [2015-05-01]
    S2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-06-16] (XTab system)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2015-07-13 17:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-07-13 17:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-07-13 17:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-07-13 17:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-07-13 17:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-07-13 17:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
    2015-07-13 17:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
    2015-07-13 17:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
    2015-07-13 17:02 - 2015-07-13 17:14 - 00000000 ____D C:\Qoobox
    2015-07-08 22:59 - 2015-07-08 22:59 - 00003152 _____ C:\Windows\System32\Tasks\{586782FC-7A3C-4328-BC2E-6D1A6B22608F}
    2015-06-25 17:27 - 2015-06-25 17:27 - 00000000 ____D C:\Program Files (x86)\MiuiTab
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    1
  • #13 13 Lip 2015 21:55
    micho_88
    Poziom 2  

    Pomogło, jak ręką odjął :) wielkie dz. Jak się sprawa powtórzy to mam tak samo działać ?

    0
  • #14 13 Lip 2015 22:02
    Domino_2
    Pomocny dla użytkowników

    Jeśli się to powtórzy to przeskanuj komputer programem MBAM i ADWCleaner, a nasŧępnie załącz nowe logi z FRST i będziemy radzić.

    0