Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Sprawdzenie logów FRST - DNS unlocker

ceqa 29 Lut 2016 22:18 774 7
  • CControls
  • CControls
  • Pomocny post
    #3 01 Mar 2016 10:05
    Kolobos
    Spec od komputerów

    UPC nadal wpycha klientom badziewny F-Secure? Trzeba za to dodatkowo placic?

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {4D9FA02A-9DE8-43D8-803C-52DDBB3B877B} - System32\Tasks\{62DC2033-114A-4DB3-322C-DC2BADED801D} => /s /n /i:"/rt" "C:\PROGRA~3\7e73f8e2\1c01d819.dll"
    Task: {924DA051-8F8B-43F4-91DE-CA2DA0DA59DC} - System32\Tasks\{080D0D47-047E-090F-7811-0C7F7E78110E} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand
    Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{5287f2fd-8e32-4bad-922f-0af1d4524e4b}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{92a1b160-9f65-4933-8db5-321b2f5ac38c}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{92a1b160-9f65-4933-8db5-321b2f5ac38c}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{bc43933e-3c57-4a22-987c-c5485d10250f}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{bc43933e-3c57-4a22-987c-c5485d10250f}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{d8f89543-159d-48c1-958f-595eb35e28d9}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{d8f89543-159d-48c1-958f-595eb35e28d9}: [DhcpNameServer] 82.163.142.7
    2016-02-28 22:11 - 2016-02-28 22:11 - 00000000 ____D C:\ProgramData\2bdc2c32-73a1-0
    2016-02-28 22:06 - 2016-02-28 22:06 - 00003884 _____ C:\WINDOWS\System32\Tasks\{62DC2033-114A-4DB3-322C-DC2BADED801D}
    2016-02-28 22:06 - 2016-02-28 22:06 - 00000000 ____D C:\ProgramData\7e73f8e2
    2016-02-28 22:06 - 2016-02-28 22:06 - 00000000 ____D C:\ProgramData\2bdc2c32-1dc5-0
    2016-02-28 22:05 - 2016-02-28 22:05 - 00000000 ____D C:\ProgramData\{2a8486d9-412c-1}
    2016-02-28 22:05 - 2016-02-28 22:05 - 00000000 ____D C:\ProgramData\{1fd1f966-412c-0}
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • #4 01 Mar 2016 12:39
    ceqa
    Poziom 6  

    Bardzo dziękuję za odpowiedź, zawartość fixlist.txt rozwiązałą problem. UPC dalej dorzuca swoim klientom F-Secure, płacę bodajże za to jakieś 5 zł netto miesięcznie, ale rozumiem czas zmienić program antywirusowy. Ogromna prośba, moglibyście jeszcze zerknąć na logi z komputera mojej dziewczyny? Ma bardzo podobny problem. Dzięki jeszcze raz za pomoc

    0
  • Pomocny post
    #5 01 Mar 2016 12:48
    Kolobos
    Spec od komputerów

    Nie warto placic za taki program. Mozna zmienic program na darmowy skoro i tak nie dziala jak trzeba.

    Na drugim komputerze masz nortona ale jest wylaczony, moze warto go wlaczyc? Oczywiscie juz po wykonaniu tego co podalem.

    Tutaj jest powazniejsza infekcja, Fixlist.txt dla FRST:
    Task: {0FDACB9D-7D53-45B3-8ABC-93EC48D9ED7C} - System32\Tasks\{63A88C53-CFCB-432E-A036-393F1918B42D} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {1BD6D794-9E2A-4E66-8BFA-69DCD983E752} - System32\Tasks\{ACBCF3FC-4A91-48D6-8C78-A114239748B2} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {1F3EDE87-2544-459E-947D-382C85D8151E} - System32\Tasks\{17A81F92-4BD1-473D-9299-073AC96ABE19} => pcalua.exe -a C:\Users\242pl\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=tugs
    Task: {1FF4ED29-E72B-4D31-AB93-0295A3E29FC3} - System32\Tasks\{8390D282-B5EA-49C6-B484-A45E48FF8617} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {26A53C40-69CA-49CD-A90C-56008E0E9F50} - System32\Tasks\{C82E790E-C186-CFA8-BB82-AC61EC8E07FC} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand
    Task: {340EA2D6-C0CE-497A-A49B-628EA317F338} - System32\Tasks\{7C761A46-66C2-4312-91B2-7C5463D18D68} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {606D74EE-B0C2-493A-BA6F-4C8FB8D3E89B} - System32\Tasks\{5BCB2337-C3BF-4D79-8B6C-F7D00059F001} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {637FF931-0728-4D3B-B379-CA422C3414DA} - System32\Tasks\{8E7E2105-8145-4966-887A-58067257D4EA} => pcalua.exe -a D:\epson326685eu.exe -d D:\
    Task: {65FDA0E5-E6FE-4A0F-8B02-4D8C8163F317} - System32\Tasks\{477D79F3-7C0F-4206-81A2-61D0E8852CBE} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {71C08C6A-5B21-4F91-BC5D-CCBAC03A877D} - System32\Tasks\{C5472E5F-EE52-4393-B19B-8E8546D4F3B6} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {75B32ABF-244C-455B-8655-3FD82C19886B} - System32\Tasks\{B2872EBF-CA3A-4F26-996F-FCA95F13ED59} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {7DBB1192-34BD-4253-B012-F7C7768D9A90} - System32\Tasks\{1DEE41E6-73B7-43BC-A6D0-0F9670B6C0DB} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {8918D818-88B0-42CD-BB07-274F815E3884} - System32\Tasks\PrivateFiles => c:\programdata\{a0d59f2a-86e0-d62e-a0d5-59f2a86e7caa}\4921923517474175889c.exe [2014-07-13] () <==== UWAGA
    Task: {96BA2169-527E-4D0A-B289-DAC319258FC6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== UWAGA
    Task: {97DFE622-877A-4129-AA39-A7B9B5226C5A} - System32\Tasks\{EB42FF9E-2DE4-4716-9E2A-0A7F0C0FA35F} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {B66FFCC6-8930-4234-9ED8-943B94F1D60A} - System32\Tasks\{17DD4CCE-0F11-495D-A589-E36E2CDBFD8D} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {BE8F2844-DF6F-4E57-97D2-770AACE1E55F} - System32\Tasks\Optscan => c:\programdata\{68031b8c-0020-b498-6803-31b8c0026e30}\hqghumeaylnlf.exe [2014-08-20] (PC Utilities Software Limited) <==== UWAGA




    Task: {C4833536-4CBB-4E0B-B031-554967DE60F6} - System32\Tasks\{EA9EA361-7E0B-47A3-B3A6-7BDE671B838D} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {E376E0B8-0836-49AA-9A30-F2B290E089C5} - System32\Tasks\{E14A1A0A-89B9-4F94-AE4C-94D22745EEB2} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {E511F7D9-25C5-44D2-8736-B1ABBD400621} - System32\Tasks\{F0B961A8-213B-4959-A11B-49F9F4FF1A7B} => pcalua.exe -a D:\epson326328eu.exe -d D:\
    Task: {F26E540D-0903-444A-96F0-666C6C8F814F} - System32\Tasks\{5E690155-556E-40B0-A81A-08F61C2030A5} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {FB741F52-9361-4718-ABD0-D521210A983E} - System32\Tasks\{BE22DDE9-5D19-438E-88E8-D348857B3AC6} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: {FDCBE1BF-FB12-48A4-94C5-6CB101AB0113} - System32\Tasks\{53014CED-08EA-4433-BA62-9715A3F97DA6} => D:\Gry\EA GAMES\The Sims 2\TSBin\Sims2.exe
    Task: C:\Windows\Tasks\Optscan.job => c:\programdata\{68031b8c-0020-b498-6803-31b8c0026e30}\hqghumeaylnlf.exe <==== UWAGA
    Task: C:\Windows\Tasks\PrivateFiles.job => c:\programdata\{a0d59f2a-86e0-d62e-a0d5-59f2a86e7caa}\4921923517474175889c.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\242pl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.omniboxes.com/?type=sc&ts=1449...HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX
    ShortcutWithArgument: C:\Users\242pl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.omniboxes.com/?type=sc&ts=1449...HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX
    ShortcutWithArgument: C:\Users\242pl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.omniboxes.com/?type=sc&ts=1449...HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rff42i15r14e33f26o83x.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> -new-tab hxxp://www.mysearch123.com/?type=hp&ts=14...HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX
    2012-04-24 19:46 - 2012-04-24 19:46 - 00028672 ___SH () C:\Users\242pl\AppData\Roaming\web2net.exe
    2011-10-17 10:24 - 2011-10-17 10:24 - 00115137 _____ () C:\Users\242pl\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
    2012-02-13 20:49 - 2016-03-01 12:10 - 00009728 ____H () C:\Users\242pl\AppData\Roaming\desktop.ini
    2012-02-13 20:49 - 2016-03-01 12:10 - 00055808 ____H () C:\Users\242pl\AppData\Roaming\ntuser.dat
    (tsvr.com) C:\Users\242pl\AppData\Roaming\TSv\TSvr.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    () C:\Program Files (x86)\Steady Village\Steady Village.exe
    (Mach5 Software) C:\Users\242pl\AppData\Roaming\WMPRWISE.EXE
    () C:\Users\242pl\AppData\Roaming\web2net.exe
    (Super PC Tools Ltd) C:\ProgramData\{314e4b9e-fcf3-ed56-314e-e4b9efcf2e7b}\superoptimizersetup.exe
    (TFuns LIMITED) C:\ProgramData\iWdMi\WdMan.exe
    (XTab system) C:\Program Files (x86)\MiuiTab\ProtectService.exe
    (SearchProtect) C:\Program Files (x86)\MiuiTab\CmdShell.exe
    (XTab system) C:\Program Files (x86)\MiuiTab\HPNotify.exe
    HKU\S-1-5-21-2603176661-1732253778-1140743148-1000\...\Run: [Microsoft Firewall 2.9] => C:\Users\242pl\AppData\Roaming\WMPRWISE.EXE [138240 2012-02-13] (Mach5 Software)
    HKU\S-1-5-21-2603176661-1732253778-1140743148-1000\...\Run: [Windows] => C:\Users\242pl\AppData\Local\Microsoft\sys32.exe [110797 2012-04-17] ( )
    HKU\S-1-5-21-2603176661-1732253778-1140743148-1000\...\Run: [Windows Login access] => C:\Users\242pl\AppData\Roaming\web2net.exe [28672 2012-04-24] ()
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
    Startup: C:\Users\242pl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\superoptimizersetup.lnk [2015-02-25]
    ShortcutTarget: superoptimizersetup.lnk -> C:\ProgramData\{314e4b9e-fcf3-ed56-314e-e4b9efcf2e7b}\superoptimizersetup.exe (Super PC Tools Ltd)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-2603176661-1732253778-1140743148-1000\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    ProxyServer: [S-1-5-21-2603176661-1732253778-1140743148-1000] => 127.0.0.1:9666
    Tcpip\Parameters: [NameServer] 199.203.131.151 82.163.143.181
    Tcpip\..\Interfaces\{63FCAFE8-F3E0-4200-A391-042C7A581195}: [NameServer] 199.203.131.151 82.163.143.181
    Tcpip\..\Interfaces\{63FCAFE8-F3E0-4200-A391-042C7A581195}: [DhcpNameServer] 199.203.131.151
    Tcpip\..\Interfaces\{669B995C-F363-4F1C-9CEB-1A5F76F84F3F}: [NameServer] 199.203.131.151 82.163.143.181
    Tcpip\..\Interfaces\{7CE85BBD-710E-4F52-B873-D0871288DCE5}: [NameServer] 199.203.131.151 82.163.143.181
    Tcpip\..\Interfaces\{E38C6663-3BAE-414D-901A-2FB18DABE31E}: [NameServer] 199.203.131.151 82.163.143.181
    Tcpip\..\Interfaces\{E38C6663-3BAE-414D-901A-2FB18DABE31E}: [DhcpNameServer] 199.203.131.151
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=dspp&a...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    HKU\S-1-5-21-2603176661-1732253778-1140743148-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    HKU\S-1-5-21-2603176661-1732253778-1140743148-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.premierarticles.info
    HKU\S-1-5-21-2603176661-1732253778-1140743148-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX
    HKU\S-1-5-21-2603176661-1732253778-1140743148-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
    HKU\S-1-5-21-2603176661-1732253778-1140743148-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSF&bmod=FTSF
    HKU\S-1-5-21-2603176661-1732253778-1140743148-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    URLSearchHook: HKLM-x32 -> Domyślne = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
    URLSearchHook: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 - (Brak nazwy) - {00000000-6E41-4FD3-8538-502F5495E5FC} - Brak pliku
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}&barid={C6B78515-D0D4-470B-B6E3-A993E56CDE04}
    SearchScopes: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=...SJX&ts=1438378158&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> {07D1CBF7-1083-40ED-975D-6A9EB75BFC5D} URL = hxxp://www.mystartsearch.com/web/?utm_source=...SJX&ts=1438378158&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=...SJX&ts=1438378158&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> {27B613E5-E526-4E68-9D79-F37F489311CE} URL = hxxp://www.mystartsearch.com/web/?utm_source=...SJX&ts=1438378158&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> {34873255-1EB0-4F96-A81F-A88F109BCFEB} URL = hxxp://www.mystartsearch.com/web/?utm_source=...SJX&ts=1438378158&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=...SJX&ts=1438378158&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.mystartsearch.com/web/?utm_source=...SJX&ts=1438378158&type=default&q={searchTerms}
    BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-07-30] (Thinkgood Co. Limited)
    BHO-x32: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll => Brak pliku
    Toolbar: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    Toolbar: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku
    Toolbar: HKU\S-1-5-21-2603176661-1732253778-1140743148-1000 -> Brak nazwy - {D4027C7F-154A-4066-A1AD-4243D8127440} - Brak pliku
    FF NewTab: hxxp://www.yoursites123.com/newtab/?type=nt&a...HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX
    FF DefaultSearchEngine: yoursites123
    FF SelectedSearchEngine: yoursites123
    FF Homepage: hxxp://www.premierarticles.info
    FF user.js: detected! => C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\8rtv168l.default-1441180351917\user.js [2016-03-01]
    FF SearchPlugin: C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\8rtv168l.default-1441180351917\searchplugins\yoursites123.xml [2015-12-28]
    FF Extension: Default NewTab - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\8rtv168l.default-1441180351917\Extensions\default_newtabff@gmail.com [2015-12-28] [Brak podpisu cyfrowego]
    FF Extension: sidebar - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\8rtv168l.default-1441180351917\Extensions\sidebarff@gmail.com [2015-11-07] [Brak podpisu cyfrowego]
    FF Extension: YahooToolsProtected - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\8rtv168l.default-1441180351917\Extensions\yahooprotected@gmail.com.xpi [2015-11-19] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\1tw9dpc6.default\extensions\searchengine@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\1tw9dpc6.default\extensions\faststartff@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\1tw9dpc6.default\extensions\fftoolbar2014@etech.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\al76q88v.default-1424881729432\extensions\quick_searchff@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\al76q88v.default-1424881729432\extensions\sweetsearch@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\8rtv168l.default-1441180351917\extensions\default_newtabff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\8rtv168l.default-1441180351917\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\8rtv168l.default-1441180351917\extensions\sidebarff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\242pl\AppData\Roaming\Mozilla\Firefox\Profiles\8rtv168l.default-1441180351917\extensions\yahooprotected@gmail.com => nie znaleziono
    CHR HomePage: Default -> hxxp://s.piesearch.com/?type=chhp
    CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449846669&z=135fe04255b683f0d17a37dg8zdz0t9b4zfqbq4m3q&from=ient07021&uid=HitachiXHTS545032B9A300_110304PBP360ETFWXVSJX"
    CHR DefaultSearchURL: Default -> hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545032B9A300_110304PBP360ETFWXVSJX&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> yoursites123
    CHR Extension: (Strong Signal) - C:\Users\242pl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhcklkloafcpghahpjomodagghgpdmgb [2015-07-31] [UpdateUrl: hxxp://cdn.mystrongsignal.com/update] <==== UWAGA
    CHR Extension: (Shortcuts for All Google™) - C:\Users\242pl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf [2015-11-07]
    CHR Extension: (Web Protector - Reliable Phishing Protection) - C:\Users\242pl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfecnpmgnlnbmipaogfhoacoioifjgko [2015-07-31]
    CHR Extension: (Smart Search) - C:\Users\242pl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj [2015-09-28]
    CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\242pl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKLM\...\Chrome\Extension: [ljnfelhdldlokjkohcmjpogkdjgbgjpj] - C:\Users\242pl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj.crx [2015-09-28]
    CHR HKU\S-1-5-21-2603176661-1732253778-1140743148-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\242pl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ljnfelhdldlokjkohcmjpogkdjgbgjpj] - C:\Users\242pl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj.crx [2015-09-28]
    R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [119808 2015-12-11] (XTab system) [Brak podpisu cyfrowego]
    R2 IhPul; C:\Users\242pl\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [302240 2015-12-28] (TODO: <公司名>)
    R2 Steady Village; C:\Program Files (x86)\Steady Village\Steady Village.exe [8016489 2015-07-09] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 WdMan; C:\ProgramData\iWdMi\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
    2016-03-01 12:12 - 2015-09-22 11:32 - 00000000 ____D C:\Program Files (x86)\SFK
    2016-02-23 21:02 - 2015-08-20 20:02 - 00000340 _____ C:\Windows\Tasks\Optscan.job
    2016-02-20 19:36 - 2015-07-13 18:36 - 00000354 _____ C:\Windows\Tasks\PrivateFiles.job
    2015-12-28 17:46 - 2015-12-28 17:46 - 2539857 _____ () C:\Program Files (x86)\SSFK.exe
    C:\Users\242pl\AppData\Roaming\*.tmp
    C:\Users\242pl\AppData\Roaming\5984.exe
    C:\Users\242pl\AppData\Roaming\WMPRWISE.EXE
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Uzyj http://www.bleepingcomputer.com/download/adwcleaner/ opcja Szukaj i Usun.

    Zrob pelny skan przy pomocy http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun to co wykryje.

    Po wykonaniu wszystkiego zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #7 01 Mar 2016 15:58
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    2016-03-01 13:08 - 2016-03-01 13:40 - 00000000 ____D C:\AdwCleaner
    2016-02-23 19:50 - 2016-03-01 13:27 - 00001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rff42i15r14e33f26o83x.lnk
    2016-03-01 14:14 - 2012-06-25 14:47 - 00000000 ____D C:\ProgramData\InstallMate
    2016-03-01 13:34 - 2015-07-09 08:02 - 00000000 ____D C:\Program Files (x86)\Steady Village
    2012-03-24 18:12 - 2012-03-24 18:12 - 0000000 _____ () C:\Users\242pl\AppData\Roaming\2BB7.exe
    2012-03-16 22:21 - 2012-03-16 22:21 - 0000000 _____ () C:\Users\242pl\AppData\Roaming\54CD.exe
    2012-03-16 22:12 - 2012-03-16 22:12 - 0000000 _____ () C:\Users\242pl\AppData\Roaming\DFC.exe

    Po wykonaniu usun katalog C:\FRST i wlacz Nortona.

    0
  • #8 01 Mar 2016 18:28
    ceqa
    Poziom 6  

    Zrobiłem tak jak napisałeś, jeszcze raz dziękuję za pomoc

    0