Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o sprawdzenie logów FRST

irondick 28 Lut 2016 16:36 822 16
  • Pomocny post
    #2 28 Lut 2016 16:56
    Kolobos
    Spec od komputerów

    Odinstaluj:
    DNS Unlocker version 1.4
    Music Toolbar for Chrome
    Music Toolbar for Internet Explorer (Dist. by Musiclab, Inc.)
    OpenOffice.org 3.3.0 Packages
    WarThunder
    WPM18.8.0.212

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Fixlist.txt dla FRST:
    Task: {157D3544-7592-4178-B8C9-82B36FE202EF} - System32\Tasks\{C2E619D6-A579-0859-B243-5ACAEEE17A03} => /s /n /i:"/rt" "C:\PROGRA~3\a1fd97dd\95bb113c.dll"
    Task: {8402F10E-622F-4A54-98E0-DACE3B0B93C0} - System32\Tasks\{0E040E47-0F0A-0508-0D11-7E0D040D117D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand
    Task: {8C669B88-0AF1-4DC1-B55F-1CF7A3C2EEC4} - System32\Tasks\{BF47A3EF-EB2D-4909-B74E-0836091D1B99} => pcalua.exe -a "E:\INTEGRA 4.91 Q3\Setup.exe" -d "E:\INTEGRA 4.91 Q3"
    Task: {9A6323DA-3DFB-4A40-B1B8-FE833CB0BCC0} - System32\Tasks\DNSKALAMAZOO => dnskalamazoo.exe <==== UWAGA
    Task: {A5390FC6-4C15-46E4-9543-D65A037A4CF1} - System32\Tasks\Opera scheduled Autoupdate 1388763550 => C:\Program Files (x86)\Opera\launcher.exe [2016-02-26] (Opera Software)
    Task: {C355EAC3-6836-4108-9843-354D6AE6A18D} - System32\Tasks\{11E104F1-FD4C-4DFD-9F5F-2F1DEBF1C3CB} => pcalua.exe -a C:\Users\piotr\AppData\Roaming\Gameo\uninstall.exe
    ShortcutWithArgument: C:\Users\piotr\Desktop\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/...C0DyEyCtC2RtBtDtCyCtDtCtDtCtDzyyDtCtAtAyEtByE
    ShortcutWithArgument: C:\Users\piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/...C0DyEyCtC2RtBtDtCyCtDtCtDtCtDzyyDtCtAtAyEtByE
    ShortcutWithArgument: C:\Users\piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/...C0DyEyCtC2RtBtDtCyCtDtCtDtCtDzyyDtCtAtAyEtByE
    HKU\S-1-5-21-151858827-3762305293-3908228267-1001\...\StartupApproved\Run: => "GetNowUpdater"




    HKU\S-1-5-21-151858827-3762305293-3908228267-1001\...\StartupApproved\Run: => "Gameo"
    () C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe
    () C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe
    () C:\Program Files (x86)\DNS Unlocker\dnskalamazoo.exe
    HKU\S-1-5-21-151858827-3762305293-3908228267-1001\...\Run: [GetNowUpdater] => "C:\Users\piotr\AppData\Roaming\GetNowUpdater\update.0\update.0\bin\GetNowUpdater.exe" /silent_startup
    HKU\S-1-5-21-151858827-3762305293-3908228267-1001\...\MountPoints2: {64963291-c45a-11e3-be88-8056f225ceea} - "F:\AutoRun.exe"
    HKU\S-1-5-21-151858827-3762305293-3908228267-1001\...\MountPoints2: {649632c0-c45a-11e3-be88-8056f225ceea} - "F:\AutoRun.exe"
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\music toolbar\datamngr\x64\apcrtldr.dll <===== UWAGA
    HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\music toolbar\datamngr\apcrtldr.dll <===== UWAGA
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Brak pliku
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Brak pliku
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Brak pliku
    Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{56A7BF53-E7E2-49FA-9089-42E9D00B8360}: [NameServer] 82.163.142.7,95.211.158.134
    Tcpip\..\Interfaces\{673BDB25-AC99-4C32-B210-8C8D6CD6CC2A}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{673BDB25-AC99-4C32-B210-8C8D6CD6CC2A}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{D4212779-186D-401A-822D-E5F140AC129B}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{D4212779-186D-401A-822D-E5F140AC129B}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{EAAEAEC9-9AE5-4450-B447-6694483BABED}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{EAAEAEC9-9AE5-4450-B447-6694483BABED}: [DhcpNameServer] 82.163.142.7
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPVX-60JC3T0_WD-WXD1E63MDRZ6MDRZ6&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPVX-60JC3T0_WD-WXD1E63MDRZ6MDRZ6&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPVX-60JC3T0_WD-WXD1E63MDRZ6MDRZ6&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPVX-60JC3T0_WD-WXD1E63MDRZ6MDRZ6&q={searchTerms}
    HKU\S-1-5-21-151858827-3762305293-3908228267-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pl.yahoo.com?fr=fp-comodo
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPVX-60JC3T0_WD-WXD1E63MDRZ6MDRZ6&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPVX-60JC3T0_WD-WXD1E63MDRZ6MDRZ6&q={searchTerms}
    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=...ME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
    SearchScopes: HKLM -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPVX-60JC3T0_WD-WXD1E63MDRZ6MDRZ6&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPVX-60JC3T0_WD-WXD1E63MDRZ6MDRZ6&q={searchTerms}
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=...ME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
    SearchScopes: HKLM-x32 -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-151858827-3762305293-3908228267-1001 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=...ME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-151858827-3762305293-3908228267-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    SearchScopes: HKU\S-1-5-21-151858827-3762305293-3908228267-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=...ME002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-151858827-3762305293-3908228267-1001 -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    BHO: Music Toolbar (Dist. by Musiclab, Inc.) -> {cfc3366e-c743-48b5-a136-642e86be865e} -> C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll [2013-12-10] ()
    BHO-x32: Music Toolbar (Dist. by Musiclab, Inc.) -> {cfc3366e-c743-48b5-a136-642e86be865e} -> C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll => Brak pliku
    Toolbar: HKLM - Music Toolbar (Dist. by Musiclab, Inc.) - {cfc3366e-c743-48b5-a136-642e86be865e} - C:\Program Files (x86)\Music Toolbar\Datamngr\SRTOOL~1\IE\searchresultsDx64.dll [2013-12-10] ()
    Toolbar: HKLM-x32 - Music Toolbar (Dist. by Musiclab, Inc.) - {cfc3366e-c743-48b5-a136-642e86be865e} - C:\PROGRA~2\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll Brak pliku
    CHR Extension: (Music App) - C:\Users\piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaiihjniipljfegaknmbkneamnoajd [2014-09-14]
    CHR HKLM-x32\...\Chrome\Extension: [aaaaiihjniipljfegaknmbkneamnoajd] - C:\Users\piotr\AppData\Local\bearsharemusicboxtoolbar181\GC\toolbar.crx [2013-12-10]
    R2 Update BrowseMark; C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe [316704 2014-04-30] ()
    R2 Util BrowseMark; C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe [351008 2014-04-30] ()
    S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe -service [X]
    S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe -service [X]
    S1 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Music Toolbar\Datamngr\x64\setmgrc1.cfg [X]
    S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [X]
    S1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64; system32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys [X]
    2016-02-27 12:24 - 2016-02-27 12:24 - 00000000 ____D C:\ProgramData\ca5a43b3-1ba3-0
    2016-02-27 12:21 - 2016-02-27 12:21 - 00022168 _____ C:\WINDOWS\System32\Tasks\DNSKALAMAZOO
    2016-02-27 12:21 - 2016-02-27 12:21 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
    2016-02-27 12:19 - 2016-02-27 12:19 - 00003728 _____ C:\WINDOWS\System32\Tasks\{C2E619D6-A579-0859-B243-5ACAEEE17A03}
    2016-02-27 12:19 - 2016-02-27 12:19 - 00000000 ____D C:\ProgramData\ca5a43b3-7eb5-0
    2016-02-27 12:19 - 2016-02-27 12:19 - 00000000 ____D C:\ProgramData\a1fd97dd
    2016-02-27 12:17 - 2016-02-27 12:17 - 00000000 ____D C:\ProgramData\{1781da6e-212c-0}
    2016-02-27 12:17 - 2016-02-27 12:17 - 00000000 ____D C:\ProgramData\{0884ffdb-712c-1}
    2016-02-27 12:17 - 2016-02-27 12:17 - 00000000 ____D C:\ProgramData\{00ae2cf2-112c-0}
    2016-02-27 12:23 - 2016-01-01 09:52 - 00000000 ____D C:\ProgramData\bbf26cd8-5e33-1
    2016-02-27 12:21 - 2016-01-01 09:52 - 00000000 ____D C:\ProgramData\bbf26cd8-7b61-0
    2016-02-26 08:48 - 2014-06-03 20:20 - 00003880 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1388763550
    2016-02-19 21:26 - 2014-04-15 10:11 - 00000000 ____D C:\Users\piotr\AppData\Roaming\SupTab
    2016-02-19 21:26 - 2014-04-15 10:11 - 00000000 ____D C:\Program Files (x86)\SupTab
    EmptyTemp:



    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Zainstaluj http://ninite.com/java/

    0
  • #4 02 Mar 2016 14:01
    Kolobos
    Spec od komputerów

    Nadal jest stara java:
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
    Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)

    Podawalem wczesniej: Zainstaluj http://ninite.com/java/

    Fixlist.txt dla FRST:
    Tcpip\..\Interfaces\{56A7BF53-E7E2-49FA-9089-42E9D00B8360}: [NameServer] 82.163.142.7 95.211.158.134
    2016-02-28 17:32 - 2016-02-28 17:37 - 00000000 ____D C:\AdwCleaner

    0
  • #6 02 Mar 2016 16:50
    Kolobos
    Spec od komputerów

    Wyglada ok.

    0
  • #8 02 Mar 2016 17:37
    Kolobos
    Spec od komputerów

    Odinstaluj Opere, usun katalog profilu przegladarki i zainstaluj ponownie.

    0
  • #10 02 Mar 2016 18:00
    Kolobos
    Spec od komputerów

    To by wskazywalo na problem z dnsami ale adresy sa poprawne. Mozna na probe zmienic na 8.8.8.8 oraz 8.8.4.4

    Do tego w oknie cmd uruchomic: ipconfig /flushdns

    0
  • #11 02 Mar 2016 19:45
    irondick
    Poziom 31  

    To nie wina DNS bo u mnie jest inny dostawca niż u sąsiada i inne konfiguracja sieci. On ma Neo ja nie a DNS przydziela u mnie router po DHCP. Zresztą 8.8.8.8 jest alternatywny. Przez IE jest to samo... edytowałem post powyższy.

    0
  • #12 02 Mar 2016 20:08
    Kolobos
    Spec od komputerów

    Dnsy sa ok.
    Hosts jest pusty.
    Nie widac szkodliwych aplikacji ani rozszerzen.

    0
  • #13 02 Mar 2016 20:38
    irondick
    Poziom 31  

    Może nagram filmik... jest sens?

    0
  • #14 02 Mar 2016 20:57
    Kolobos
    Spec od komputerów

    Nie trzeba. Czy po wykonaniu tego co podalem w Operze cos sie zmienilo?

    Zmiana dns na: 8.8.8.8 oraz 8.8.4.4
    Uruchomienie w oknie cmd uruchomic: ipconfig /flushdns
    Odinstalowanie Opery, usuniecie katalogu profilu przegladarki i zainstalowanie ponownie.

    Zrob tez skan przy pomocy http://ftp.drweb.com/pub/drweb/cureit/launch.exe oraz zamiesc log z TDSSKiller.

    0
  • #16 02 Mar 2016 22:04
    Kolobos
    Spec od komputerów

    Pobierz na innym komputerze i przenies, wyslij poczta na maila. Probuj pod FF.
    W IE wyczysc pamiec podreczna i przywroc domyslne ustawienia. Probuj pobrac stad: https://ninite.com/opera/ samo powinno sie otworzyc okno pobierania.

    0
  • #17 02 Mar 2016 22:35
    irondick
    Poziom 31  

    Wyczyściłem cach i przywróciłem domyślne w IE i zaczęło działać. Zassałem Operę i na razie działa. Będę jutro testował. Zassałem też tego DR.Web jutro podziałam i dam znać. Na dzisiaj dzięki i idę spać.


    Dzięki za pomoc. Sprzęt teraz działa prawidłowo.

    0