Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Zainfekowany komputer proszę o pomoc

marco387 18 Lis 2015 23:40 1092 11
  • CControls
  • #2 19 Lis 2015 00:24
    Kolobos
    Spec od komputerów

    Wymagane sa logi z FRST, a nie jeden z frst i drugi z OTL.

    Brakuje addition.txt.

    0
  • #4 19 Lis 2015 09:23
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj CinemaP-1.9cV09.11, globalupdate Helper, Setup, SpaceSoundPro Service, SpyHunter4 i WordFly 1.10.0.25.

    Cytat:

    Task: {E998718A-A566-4FEB-B4AF-63DDA5A86CE6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-01-30] (Enigma Software Group USA, LLC.)
    (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
    (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    BootExecute: autocheck autochk * sh4native Sh4Removal
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=144...9t&from=cor&uid=395049983_1052499_24a43ae1&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=144...9t&from=cor&uid=395049983_1052499_24a43ae1&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\S-1-5-21-2579325959-1081915326-3775426705-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...3rPJCNmnCnUCfd4dacSu-23__mdMLTpIA7SPdiJyQ,&q={searchTerms}
    HKU\S-1-5-21-2579325959-1081915326-3775426705-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...X2l0ow1Og8z1QDJpUeTyO2ZPHeO6ekP3X-t9-rDxWx-A,,




    HKU\S-1-5-21-2579325959-1081915326-3775426705-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...3rPJCNmnCnUCfd4dacSu-23__mdMLTpIA7SPdiJyQ,&q={searchTerms}
    HKU\S-1-5-21-2579325959-1081915326-3775426705-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...3rPJCNmnCnUCfd4dacSu-23__mdMLTpIA7SPdiJyQ,&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...3rPJCNmnCnUCfd4dacSu-23__mdMLTpIA7SPdiJyQ,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2579325959-1081915326-3775426705-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...3rPJCNmnCnUCfd4dacSu-23__mdMLTpIA7SPdiJyQ,&q={searchTerms}
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => Brak pliku
    BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [Brak pliku]
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku]
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku]
    FF user.js: detected! => C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\user.js [2015-11-18]
    FF SearchPlugin: C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\searchplugins\coldsearch.xml [2015-11-15]
    FF SearchPlugin: C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\searchplugins\istartpageing.xml [2015-11-18]
    FF HKLM\...\Firefox\Extensions: [{FEF0C665-BB7A-42E8-84F5-2763B34B1B5C}] - C:\Program Files\groover171120151845\Firefox\{FEF0C665-BB7A-42E8-84F5-2763B34B1B5C}.xpi => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [smartffsearch@gmail.com] - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\extensions\smartffsearch@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [ffsmartsearchbar@gmail.com] - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\extensions\ffsmartsearchbar@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\extensions\sidebarff@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{FEF0C665-BB7A-42E8-84F5-2763B34B1B5C}] - C:\Program Files\groover171120151845\Firefox\{FEF0C665-BB7A-42E8-84F5-2763B34B1B5C}.xpi => nie znaleziono
    R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-30] (Enigma Software Group USA, LLC.)
    S2 bykesute; C:\Program Files (x86)\46364331-1447779043-3542-4639-3835FFFFFFFF\hnsuB0FC.tmp [X]
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
    S2 pudeciji; C:\Program Files (x86)\46364331-1447779043-3542-4639-3835FFFFFFFF\knsp84A7.tmpfs [X]
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-01-30] (Enigma Software Group USA, LLC.)
    2015-11-18 21:18 - 2015-11-18 23:31 - 00574346 _____ C:\spyhunter.fix
    2015-11-18 21:18 - 2015-11-18 21:18 - 00003272 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2015-11-18 20:54 - 2015-11-18 20:54 - 00001051 _____ C:\Users\Marco\Desktop\SpyHunter4.lnk
    2015-11-18 20:54 - 2015-11-18 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    Przeskanuj komputer programem ADWCleaner i usuń wszystko co znalazł.

    0
  • CControls
  • #5 19 Lis 2015 09:32
    Kolobos
    Spec od komputerów

    Utworz punkt przywracania systemu.

    Odinstaluj:
    Ad-Aware
    Setup
    SpaceSoundPro Service
    SpyHunter4 wersja 4.18.9.4384
    WordFly 1.10.0.25
    CinemaP-1.9cV09.11

    Uzyj http://www.bleepingcomputer.com/download/adwcleaner/ opcja Szukaj i po zakoneczeniu Usun.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== UWAGA
    Task: {21953319-BE87-4F6D-B722-1A05B63D621B} - System32\Tasks\Opera scheduled Autoupdate 1447885931 => C:\Program Files (x86)\Opera\launcher.exe [2015-11-17] (Opera Software)
    Task: {5BC8EC24-7AEA-4E45-B6C2-3A4A9E0169D2} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-10-05] ()
    Task: {5C5DD213-7A34-44AE-B7C0-B38EC38ED893} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2015-11-18] (Lavasoft Limited )
    Task: {E998718A-A566-4FEB-B4AF-63DDA5A86CE6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-01-30] (Enigma Software Group USA, LLC.)
    AlternateDataStreams: C:\ProgramData\TEMP:B755D674
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
    (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
    (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    () C:\Users\Marco\AppData\Roaming\NetService\netservice.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    (DTools LIMITED) C:\ProgramData\QWMiniProQ\WMiniPro.exe
    (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    HKU\S-1-5-21-2579325959-1081915326-3775426705-1000\...\MountPoints2: {3e554940-788b-11e5-a8b5-1c6f65b5f985} - F:\SETUP.EXE
    AppInit_DLLs: C:\ProgramData\Solotough\Trustzootouch.dll => C:\ProgramData\Solotough\Trustzootouch.dll [518656 2015-11-17] ()
    AppInit_DLLs-x32: C:\ProgramData\Solotough\SoloFind.dll => C:\ProgramData\Solotough\SoloFind.dll [320512 2015-11-17] ()
    BootExecute: autocheck autochk * sh4native Sh4Removal
    Winsock: Catalog9-x64 01 C:\Windows\system32\Cinjoff64.dll [375168 2015-11-17] ()
    Winsock: Catalog9-x64 02 C:\Windows\system32\Cinjoff64.dll [375168 2015-11-17] ()
    Winsock: Catalog9-x64 03 C:\Windows\system32\Cinjoff64.dll [375168 2015-11-17] ()
    Winsock: Catalog9-x64 04 C:\Windows\system32\Cinjoff64.dll [375168 2015-11-17] ()
    Winsock: Catalog9-x64 15 C:\Windows\system32\Cinjoff64.dll [375168 2015-11-17] ()
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts...cor&uid=395049983_1052499_24a43ae1&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts...cor&uid=395049983_1052499_24a43ae1&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\S-1-5-21-2579325959-1081915326-3775426705-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...CNmnCnUCfd4dacSu-23__mdMLTpIA7SPdiJyQ,&q={searchTerms}
    HKU\S-1-5-21-2579325959-1081915326-3775426705-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...X2l0ow1Og8z1QDJpUeTyO2ZPHeO6ekP3X-t9-rDxWx-A,,
    HKU\S-1-5-21-2579325959-1081915326-3775426705-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...CNmnCnUCfd4dacSu-23__mdMLTpIA7SPdiJyQ,&q={searchTerms}
    HKU\S-1-5-21-2579325959-1081915326-3775426705-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...CNmnCnUCfd4dacSu-23__mdMLTpIA7SPdiJyQ,&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...CNmnCnUCfd4dacSu-23__mdMLTpIA7SPdiJyQ,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2579325959-1081915326-3775426705-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...CNmnCnUCfd4dacSu-23__mdMLTpIA7SPdiJyQ,&q={searchTerms}
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => Brak pliku
    BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku
    FF NetworkProxy: "socks_remote_dns", true
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku]
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [Brak pliku]
    FF user.js: detected! => C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\user.js [2015-11-18]
    FF SearchPlugin: C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\searchplugins\coldsearch.xml [2015-11-15]
    FF SearchPlugin: C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\searchplugins\istartpageing.xml [2015-11-18]
    FF HKLM\...\Firefox\Extensions: [{FEF0C665-BB7A-42E8-84F5-2763B34B1B5C}] - C:\Program Files\groover171120151845\Firefox\{FEF0C665-BB7A-42E8-84F5-2763B34B1B5C}.xpi => nie znaleziono
    C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [smartffsearch@gmail.com] - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\extensions\smartffsearch@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [ffsmartsearchbar@gmail.com] - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\extensions\ffsmartsearchbar@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\t1pdsviq.default\extensions\sidebarff@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{FEF0C665-BB7A-42E8-84F5-2763B34B1B5C}] - C:\Program Files\groover171120151845\Firefox\{FEF0C665-BB7A-42E8-84F5-2763B34B1B5C}.xpi => nie znaleziono
    R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2015-11-18] (Lavasoft Limited)
    S2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer150.exe [236816 2015-10-09] (MustangService)
    R2 NetTcpHandler; C:\Users\Marco\AppData\Roaming\NetService\netservice.exe [173088 2015-07-09] ()
    R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-01-30] (Enigma Software Group USA, LLC.)
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170656 2015-11-18] (TODO: <公司名>)
    R2 WdsManPro; C:\ProgramData\QWMiniProQ\WMiniPro.exe [309384 2015-11-18] (DTools LIMITED)
    S2 bykesute; C:\Program Files (x86)\46364331-1447779043-3542-4639-3835FFFFFFFF\hnsuB0FC.tmp [X]
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
    S2 pudeciji; C:\Program Files (x86)\46364331-1447779043-3542-4639-3835FFFFFFFF\knsp84A7.tmpfs [X]
    R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61344 2015-11-17] (Cherimoya Ltd)
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-01-30] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-01-30] ()
    R3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2015-11-18] ()
    R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2012-03-20] (Lavasoft AB)
    R1 wfdrvr_vt_1_10_0_25; C:\Windows\System32\drivers\wfdrvr_vt_1_10_0_25.sys [61296 2015-09-30] (WF)
    2015-11-18 23:40 - 2015-11-18 23:40 - 00110636 _____ C:\Users\Marco\Desktop\OTL.Txt
    2015-11-18 23:39 - 2015-11-18 23:39 - 00110636 _____ C:\Users\Marco\Downloads\OTL.Txt
    2015-11-18 23:39 - 2015-11-18 23:39 - 00044716 _____ C:\Users\Marco\Downloads\Extras.Txt
    2015-11-18 23:33 - 2015-11-18 23:33 - 00602112 _____ (OldTimer Tools) C:\Users\Marco\Downloads\OTL.exe
    2015-11-18 23:32 - 2015-11-18 23:32 - 00003874 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1447885931
    2015-11-18 21:18 - 2015-11-18 23:31 - 00574346 _____ C:\spyhunter.fix
    2015-11-18 21:18 - 2015-11-18 21:18 - 00003272 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2015-11-18 21:18 - 2015-01-30 17:12 - 00014232 _____ C:\Windows\SysWOW64\sh4native.exe
    2015-11-18 20:54 - 2015-11-18 20:54 - 00001051 _____ C:\Users\Marco\Desktop\SpyHunter4.lnk
    2015-11-18 20:54 - 2015-11-18 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4
    2015-11-18 20:54 - 2015-11-18 20:54 - 00000000 ____D C:\Program Files\Enigma Software Group
    2015-11-18 20:54 - 2015-01-30 17:12 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2015-11-18 19:05 - 2015-11-19 07:53 - 00003626 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
    2015-11-18 19:05 - 2015-11-18 19:05 - 00001060 _____ C:\Users\Public\Desktop\Ad-Aware.lnk
    2015-11-18 19:05 - 2015-11-18 19:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2015-11-18 19:05 - 2015-11-18 19:05 - 00000000 ____D C:\ProgramData\Lavasoft
    2015-11-18 19:05 - 2015-11-18 19:05 - 00000000 ____D C:\Program Files (x86)\Lavasoft
    2015-11-18 19:05 - 2012-03-20 13:41 - 00069376 _____ (Lavasoft AB) C:\Windows\system32\Drivers\Lbd.sys
    2015-11-18 13:39 - 2015-11-18 13:39 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
    2015-11-18 13:38 - 2015-11-18 13:38 - 00000000 ____D C:\Users\Marco\AppData\Roaming\RHEng
    2015-11-18 10:38 - 2015-11-18 10:39 - 00000000 ____D C:\ProgramData\QWMiniProQ
    2015-11-17 19:51 - 2015-11-17 19:51 - 00000000 ____D C:\Users\Marco\AppData\Roaming\shortCutStore
    2015-11-17 19:36 - 2015-11-17 19:36 - 00004688 _____ C:\Windows\SysWOW64\Cinjoff.ini
    2015-11-17 19:36 - 2015-11-17 19:36 - 00002408 _____ C:\Windows\SysWOW64\CinjoffOff.ini
    2015-11-17 19:36 - 2015-11-17 19:36 - 00002408 _____ C:\Windows\system32\CinjoffOff.ini
    2015-11-17 19:36 - 2015-11-17 19:36 - 00000000 ____D C:\Windows\system32\esug
    2015-11-17 19:36 - 2015-11-17 19:36 - 00000000 ____D C:\Users\Marco\AppData\LocalLow\Company
    2015-11-17 19:36 - 2015-11-17 19:36 - 00000000 ____D C:\Users\Marco\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2015-11-17 19:36 - 2015-11-17 19:36 - 00000000 ____D C:\Users\Marco\AppData\Local\Tempfolder
    2015-11-17 19:36 - 2015-11-17 19:36 - 00000000 ____D C:\uninst
    2015-11-17 19:36 - 2015-11-17 17:47 - 00375168 _____ C:\Windows\system32\Cinjoff64.dll
    2015-11-17 19:36 - 2015-11-17 17:47 - 00289152 _____ C:\Windows\SysWOW64\Cinjoff.dll
    2015-11-17 19:35 - 2015-11-18 19:55 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-11-17 19:35 - 2015-11-18 10:38 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-11-17 19:35 - 2015-11-17 19:35 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    2015-11-17 19:34 - 2015-11-17 19:51 - 00000000 ____D C:\Users\Marco\AppData\Roaming\RunDir
    2015-11-17 19:34 - 2015-11-17 19:34 - 00000000 ____D C:\Users\Marco\AppData\Roaming\NetService
    2015-11-17 19:34 - 2015-11-17 19:34 - 00000000 ____D C:\Users\Marco\AppData\Roaming\istartpageing
    2015-11-17 17:54 - 2015-11-17 19:47 - 00000000 ____D C:\Users\Marco\AppData\Roaming\systweak
    2015-11-17 17:54 - 2015-11-17 17:54 - 00002385 _____ C:\Windows\SysWOW64\findit.xml
    2015-11-17 17:54 - 2015-11-17 17:54 - 00000000 ____D C:\ProgramData\Solotoughs
    2015-11-17 17:53 - 2015-11-17 19:08 - 00000000 ____D C:\ProgramData\ApplicationHosting
    2015-11-17 17:53 - 2015-11-17 19:01 - 00000000 ____D C:\ProgramData\Solotough
    2015-11-17 17:51 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2015-11-17 17:47 - 2015-11-17 19:36 - 00061344 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
    2015-11-17 17:46 - 2015-11-17 19:53 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-11-17 17:46 - 2015-11-17 19:34 - 00000008 _____ C:\END
    2015-11-17 17:46 - 2015-11-17 17:46 - 00000000 ____D C:\Users\Marco\AppData\Local\globalUpdate
    2015-11-15 12:00 - 2015-11-15 12:00 - 00000000 ____D C:\ProgramData\TempMoudleSet
    2015-10-26 20:30 - 2015-10-26 20:30 - 00000000 ____D C:\Users\Marco\AppData\Roaming\OpenCandy
    2015-10-26 20:26 - 2015-10-26 20:26 - 00000000 ___HD C:\Users\Marco\AppData\Roaming\GoldenGate
    2015-10-26 20:25 - 2015-10-26 20:30 - 00000000 ____D C:\Users\Marco\AppData\Roaming\sweet-page
    2015-10-26 20:25 - 2015-10-26 20:28 - 00000000 ____D C:\Users\Marco\AppData\Local\Gameo
    2015-10-26 20:07 - 2015-10-26 20:07 - 00000000 ____D C:\Users\Marco\AppData\Local\Lenovo
    2015-10-26 20:06 - 2015-10-26 20:29 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
    2015-10-26 20:06 - 2015-10-26 20:06 - 00000000 ____D C:\Program Files (x86)\WordFly_1.10.0.25
    2015-10-21 11:26 - 2015-10-18 07:10 - 00000000 ____D C:\Program Files (x86)\HDD Regenerator
    2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Marco\AppData\Roaming\EALLHmAddq1RPQ62V
    2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Marco\AppData\Roaming\GTYldYw1Ab2
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    CMD: netsh winsock reset
    EmptyTemp:

    W FRST wybierz Napraw.

    Odinstaluj po wykonaniu globalupdate Helper.

    Wykonaj pelny skan przy pomocy http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun to co wykryje.

    Po wykonaniu daj nowe logi z FRST, ze skanowania.


    @Domino_2 porownaj swoj fixlist z tym, ktory podalem, a pozniej sie zastanow czy takie sprawdzanie ma sens.

    0
  • #6 19 Lis 2015 09:50
    Domino_2
    Pomocny dla użytkowników

    @Kolobos No ździebko się różni :)

    0
  • #7 19 Lis 2015 09:53
    Kolobos
    Spec od komputerów

    Rownie dobrze mozesz sobie tak sprawdzac sam dla siebie i nie publikowac tego na forum, wyjdzie na to samo skoro i tak trzeba to zrobic ponownie, dokladnie i bez pomijania infekcji.

    0
  • #8 19 Lis 2015 10:25
    Domino_2
    Pomocny dla użytkowników

    Zanotowałem.

    0
  • #9 19 Lis 2015 10:28
    marco387
    Poziom 7  

    Dziękuje za pomoc
    kilka z tych programów nie ma możliwości odinstalowania ani w systemie ani poprzez cc cleaner.
    dalej Firefox nie możne połączyć się z internetem.
    Ale na szczęscie nic juz nie chce się samo instalować.
    Przesyłam log z AdwCleaner czyszczeniu i restarcie kompa.
    oraz nowe logi z FRST po w/w czynnościach.
    I proszę o pomoc co mam dalej zrobić aby w Firefoksie powróciło łącze bo poza nim czyli np. w operze jest normalnie.
    Z góry dziękuje

    0
  • #10 19 Lis 2015 10:34
    Kolobos
    Spec od komputerów

    @marco387 dlaczego nie wykonales fixlist.txt, ktory podalem? Odinstaluj to co podalem, zostal Ad-aware i SpyHunter. Wykonaj fixlist i dopiero zamiesc nowe logi, razem z fixlog.txt.

    0
  • #11 19 Lis 2015 11:17
    marco387
    Poziom 7  

    Przepraszam poprawiłem się
    Odinstalowałem adware nie mam mozliwości odinstalowania spy hunter
    wkleiłem do notatnika fixlist i umieściłem przy FRST.exe dałem napraw i załączam efekt.
    zrobiłem jeszcze jedno czyszczenie adwcleaner.pl nie wykrył zagrozeń log ponizej
    oraz FRST z logami.
    co dalej

    0
  • #12 19 Lis 2015 12:09
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {5E6FA310-E8C7-4DED-8AD9-903C3D916D5C} - \Lenovo\Lenovo Customer Feedback Program 64 -> Brak pliku <==== UWAGA
    Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    2015-11-19 09:47 - 2015-11-19 11:01 - 00000000 ____D C:\Users\Marco\Desktop\FRST-OlderVersion
    2015-11-19 09:55 - 2013-09-16 20:17 - 00000000 ____D C:\AdwCleaner


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Przeskanuj progr. Malwarebytes Anti-Malware https://data-cdn.mbamupdates.com/web/mbam-setup-2.1.8.1057.exe
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
    W pasek adresu wpisz: about:support Kliknij Odśwież program Firefox.

    0