Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Proszę o sprawdzenie logów -

spider175 11 Mar 2016 08:18 597 13
  • #2 11 Mar 2016 08:48
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj Body Text Feathering i Setup.

    Cytat:

    ShortcutWithArgument: C:\Documents and Settings\All Users\Pulpit\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) -> hxxps://www.google.pl/?gws_rd=ssl
    () C:\Program Files\groover060220161050\Whcuw.exe
    () C:\Program Files\shopperz050220161153\Filmi.exe
    ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Brak pliku [ ]
    Tcpip\..\Interfaces\{E0221F86-A34E-4B5A-B7C0-2B23AE36F95A}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{E3A13D4A-879A-4D81-98BE-2236CE6F9337}: [NameServer] 104.197.191.4
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-823518204-362288127-1177238915-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-823518204-362288127-1177238915-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki" <======= UWAGA
    FF NewTab: hxxp://www.yoursearching.com/newtab/?type=nt&...=itr&uid=st9120822as_5ma6c1x1xxxx5ma6c1x1
    FF DefaultSearchEngine: yoursearching
    FF Homepage: hxxp://www.yoursearching.com/?type=hp&ts=...=itr&uid=st9120822as_5ma6c1x1xxxx5ma6c1x1
    FF user.js: detected! => C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\psii9qc0.default\user.js [2016-02-06]
    FF Extension: FirefixTab - C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\psii9qc0.default\Extensions\deskCutv2@gmail.com [2016-02-06] [Brak podpisu cyfrowego]
    FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\psii9qc0.default\extensions\deskCutv2@gmail.com
    FF HKLM\...\Firefox\Extensions: [{120B8CE1-52D0-4E7D-b4AE-5931F3E93838}] - C:\Program Files\shopperz050220161153\Firefox\{120B8CE1-52D0-4E7D-b4AE-5931F3E93838}.xpi
    FF Extension: shopperz050220161153 - C:\Program Files\shopperz050220161153\Firefox\{120B8CE1-52D0-4E7D-b4AE-5931F3E93838}.xpi [2016-02-06] [Brak podpisu cyfrowego]




    FF HKLM\...\Firefox\Extensions: [{1E9C4E3C-B533-4875-aE1E-7DC861B3F132}] - C:\Program Files\groover060220161050\Firefox\{1E9C4E3C-B533-4875-aE1E-7DC861B3F132}.xpi
    FF Extension: groover060220161050 - C:\Program Files\groover060220161050\Firefox\{1E9C4E3C-B533-4875-aE1E-7DC861B3F132}.xpi [2016-02-06] [Brak podpisu cyfrowego]
    S3 ALG; %SystemRoot%\System32\alg.exe [X]
    S3 CiSvc; %SystemRoot%\system32\cisvc.exe [X]
    S2 ihpmServer; Brak ImagePath
    S2 Winsere; Brak ImagePath
    S3 WMPNetworkSvc; Brak ImagePath
    S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]
    S2 wucotusy; Brak ImagePath
    S2 zigipyro; C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\E6EABA80-1454831916-81DC-2F6F-001D60EEB6E1\qnsg4D6.tmp [X]
    S2 ziminylu; C:\Program Files\E6EABA80-1454750179-81DC-2F6F-001D60EEB6E1\knsu1E9.tmpfs [X]
    S2 zutuzuni; Brak ImagePath
    S3 AtcL001; system32\DRIVERS\l151x86.sys [X]
    R3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S4 IntelIde; Brak ImagePath
    S0 MPCBase; System32\drivers\MPCBase.sys [X]
    S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    S1 QMUdisk; \??\C:\Program Files\Tencent\QQPCMgr\11.3.17207.222\QMUdisk.sys [X]
    S1 softaal; \??\C:\Program Files\Tencent\QQPCMgr\11.3.17207.222\softaal.sys [X]
    S3 Tosrfcom; Brak ImagePath
    U3 mbr; \??\C:\DOCUME~1\SysOp\USTAWI~1\Temp\mbr.sys [X]
    2016-03-11 07:30 - 2016-03-11 07:30 - 00014142 _____ C:\ComboFix.txt
    2016-03-11 07:15 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
    2016-03-11 07:15 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
    2016-03-11 07:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2016-03-11 07:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2016-03-11 07:15 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2016-03-11 07:15 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
    2016-03-11 07:15 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
    2016-03-11 07:15 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
    2016-03-11 07:14 - 2016-03-11 07:05 - 05658088 ____R (Swearware) C:\Documents and Settings\SysOp\Pulpit\ComboFix.exe
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    0
  • #4 11 Mar 2016 09:33
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0
  • #6 11 Mar 2016 10:02
    Kolobos
    Spec od komputerów

    Uruchom system w trybie awaryjnym.

    Odinstaluj:
    ĂŔÍĽäŻŔŔ

    Fixlist.txt dla FRST:
    CloseProcesses:
    Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1454147503.job => C:\Program Files\Opera\launcher.exe
    2016-02-06 09:53 - 2016-02-06 10:37 - 00158576 _____ () C:\Program Files\groover060220161050\Whcuw.exe
    2016-02-05 10:56 - 2016-02-06 10:26 - 00158584 _____ () C:\Program Files\shopperz050220161153\Filmi.exe
    2016-02-06 10:37 - 2016-02-04 12:34 - 03955928 _____ () C:\Program Files\rec_en_77\rec_en_77.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQPCMgr\11.0.16779.224\QMAccountProtection.exe] => Enabled:????-???
    DomainProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQPCMgr\11.3.17207.222\QMAccountProtection.exe] => Enabled:????-???
    DomainProfile\AuthorizedApplications: [c:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe] => Enabled:腾讯产品下载组件Crash上报
    DomainProfile\AuthorizedApplications: [c:\program files\common files\tencent\qqdownload\130\tencentdl.exe] => Enabled:腾讯产品下载组件
    StandardProfile\AuthorizedApplications: [c:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe] => Enabled:????????Crash??
    StandardProfile\AuthorizedApplications: [c:\program files\common files\tencent\qqdownload\130\tencentdl.exe] => Enabled:????????
    () C:\Program Files\groover060220161050\Whcuw.exe
    () C:\Program Files\shopperz050220161153\Filmi.exe
    (STA) C:\Program Files\MTV20160128\MTview.exe
    () C:\Program Files\rec_en_77\rec_en_77.exe
    C:\Program Files\rec_en_77\
    C:\Program Files\shopperz050220161153\
    C:\Program Files\groover060220161050\
    C:\Program Files\MTV20160128\
    HKLM\...\Run: [MTview] => C:\Program Files\MTV20160128\MTView.exe [1877512 2016-01-26] (STA)
    HKLM\...\Run: [rec_en_77] => C:\Program Files\rec_en_77\rec_en_77.exe [3955928 2016-02-04] ()
    HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe
    HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
    HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    BHO: Ó¦Óñ¦Ň»Ľü°˛×°˛ĺĽţ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯FF Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    C:\Program Files\Common Files\Tencent\
    FF SearchPlugin: C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\psii9qc0.default\searchplugins\yoursearching.xml [2016-02-06]
    OPR Extension: (Quick Searcher) - C:\Documents and Settings\SysOp\Dane aplikacji\Opera Software\Opera Stable\Extensions\dighmiipfpfdfbfmpodcmfdgkkcakbco [2016-02-06]
    S3 36944360-76A9-41AE-8976-57E0BEA92389; C:\Program Files\groover060220161050\Bukge.exe [292208 2016-02-06] ()
    S3 47135F2E-1FB3-4E78-9E37-D357C350525C; C:\Program Files\shopperz050220161153\Ocijwiu.exe [291192 2016-02-06] ()
    S3 csrcc; C:\Program Files\groover060220161050\csrcc.exe [1498480 2016-02-06] ()
    R2 groover060220161050 Updater; C:\Program Files\groover060220161050\Whcuw.exe [158576 2016-02-06] ()
    R2 shopperz050220161153 Updater; C:\Program Files\shopperz050220161153\Filmi.exe [158584 2016-02-06] ()
    R1 cherimoya; C:\WINDOWS\System32\drivers\cherimoya.sys [49408 2016-02-06] (Cherimoya Ltd) [Brak podpisu cyfrowego]
    C:\WINDOWS\System32\drivers\cherimoya.sys
    S3 TSSK; C:\WINDOWS\System32\tssk.sys [74040 2015-12-28] (电脑管家)
    C:\WINDOWS\System32\tssk.sys
    2016-03-11 05:54 - 2016-03-11 07:30 - 00000000 ____D C:\Qoobox
    2016-03-11 09:17 - 2016-01-30 10:51 - 00000446 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1454147503.job
    2016-03-11 07:24 - 2016-02-06 10:26 - 00000000 ____D C:\Documents and Settings\SysOp\Dane aplikacji\Company
    2016-02-10 19:06 - 2016-01-30 10:43 - 00000000 ____D C:\Program Files\SearchesToYesbnd
    2016-02-07 20:11 - 2016-02-07 20:11 - 0005120 _____ () C:\Documents and Settings\SysOp\Dane aplikacji\GiftBag.db
    C:\Documents and Settings\SysOp\TempWmicBatchFile.bat
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #7 11 Mar 2016 10:09
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1454147503.job => C:\Program Files\Opera\launcher.exe
    DomainProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQPCMgr\11.0.16779.224\QMAccountProtection.exe] => Enabled:????-???
    DomainProfile\AuthorizedApplications: [C:\Program Files\Tencent\QQPCMgr\11.3.17207.222\QMAccountProtection.exe] => Enabled:????-???
    DomainProfile\AuthorizedApplications: [c:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe] => Enabled:腾讯产品下载组件Crash上报
    DomainProfile\AuthorizedApplications: [c:\program files\common files\tencent\qqdownload\130\tencentdl.exe] => Enabled:腾讯产品下载组件
    StandardProfile\AuthorizedApplications: [c:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe] => Enabled:????????Crash??
    StandardProfile\AuthorizedApplications: [c:\program files\common files\tencent\qqdownload\130\tencentdl.exe] => Enabled:????????
    HKLM\...\Run: [rec_en_77] => C:\Program Files\rec_en_77\rec_en_77.exe [3955928 2016-02-04] ()
    HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe
    HKU\S-1-5-18\...\RunOnce: [_nltide_2] => regsvr32 /s /n /i:U shell32
    HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    BHO: Ó¦Óñ¦Ň»Ľü°˛×°˛ĺĽţ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    FF Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    FF SearchPlugin: C:\Documents and Settings\SysOp\Dane aplikacji\Mozilla\Firefox\Profiles\psii9qc0.default\searchplugins\yoursearching.xml [2016-02-06]
    OPR Extension: (Quick Searcher) - C:\Documents and Settings\SysOp\Dane aplikacji\Opera Software\Opera Stable\Extensions\dighmiipfpfdfbfmpodcmfdgkkcakbco [2016-02-06]
    S3 36944360-76A9-41AE-8976-57E0BEA92389; C:\Program Files\groover060220161050\Bukge.exe [292208 2016-02-06] ()
    S3 47135F2E-1FB3-4E78-9E37-D357C350525C; C:\Program Files\shopperz050220161153\Ocijwiu.exe [291192 2016-02-06] ()
    S3 csrcc; C:\Program Files\groover060220161050\csrcc.exe [1498480 2016-02-06] ()
    R2 groover060220161050 Updater; C:\Program Files\groover060220161050\Whcuw.exe [158576 2016-02-06] ()
    R2 shopperz050220161153 Updater; C:\Program Files\shopperz050220161153\Filmi.exe [158584 2016-02-06] ()
    S3 TSSK; C:\WINDOWS\System32\tssk.sys [74040 2015-12-28] (电脑管家)
    2016-02-10 19:06 - 2016-01-30 10:43 - 00000000 ____D C:\Program Files\SearchesToYesbnd
    C:\Documents and Settings\SysOp\TempWmicBatchFile.bat


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Przeskanuj progr. Malwarebytes Anti-Malware https://data-cdn.mbamupdates.com/web/mbam-setup-2.1.8.1057.exe
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

    0
  • #8 11 Mar 2016 10:12
    Kolobos
    Spec od komputerów

    @Acorus 20 Sporo przeoczyles, w tym te wazniejsze:
    R1 cherimoya; C:\WINDOWS\System32\drivers\cherimoya.sys [49408 2016-02-06] (Cherimoya Ltd) [Brak podpisu cyfrowego]
    HKLM\...\Run: [MTview] => C:\Program Files\MTV20160128\MTView.exe [1877512 2016-01-26] (STA)

    0
  • #10 11 Mar 2016 11:01
    Kolobos
    Spec od komputerów

    W services.msc zatrzymaj i wylacz usluge Windows Update, jest juz calkowicie zbedna.

    Wykonaj skan przy pomocy mbam i usun to co wyjryje (link podal @Acorus 20)

    Nowy Fixlist.txt dla FRST:
    HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe
    FF Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll [Brak pliku]
    2016-03-11 07:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe

    0
  • #13 11 Mar 2016 12:50
    Kolobos
    Spec od komputerów

    Czy cureit cos wykryl?

    0
  • #14 11 Mar 2016 13:06
    spider175
    Poziom 8  

    tak łącznie 225 zagrożeń

    0