Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Proszę o analizę logów FRST. - WinZipper, strona startowa.

Damonn 04 Sie 2016 13:58 702 4
  • CControls
  • Pomocny post
    #2 04 Sie 2016 14:11
    djarta
    Poziom 9  

    1. Otwórz notatnik i wklej:

    Cytat:

    CloseProcesses:
    R2 winsaber; C:\Program Files (x86)\WinSaber\WinSaber.exe [422616 2016-08-04] ()
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1002616 2016-08-04] (ExWzp Pvt Ltd.) <==== UWAGA
    S4 yahoochrometechnology; C:\ProgramData\yahoochrome\desktop65.exe [236768 2016-05-02] (YahooChrome)
    S2 BugreportW; "C:\Program Files (x86)\yesbnd\mbat.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
    S2 kiderobezbt; C:\Program Files (x86)\2E1E4CA0-1462279433-11B2-8000-F9A182661755\knspA8F9.tmp [X]
    C:\Program Files (x86)\2E1E4CA0-1462279433-11B2-8000-F9A182661755
    C:\Program Files (x86)\yesbnd
    C:\ProgramData\yahoochrome
    C:\Program Files (x86)\WinZipper
    C:\Program Files (x86)\WinSaber
    R2 WdMan; C:\ProgramData\1winp1\WFini.exe [564456 2016-08-02] (WFini LIMITED)
    C:\ProgramData\1winp1
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [162528 2016-07-27] ()
    C:\Program Files (x86)\SFK
    R2 IhPul; C:\Users\Damian\AppData\Roaming\TSv\TSvr.exe [210128 2016-07-28] (Trend Corp.)
    C:\Users\Damian\AppData\Roaming\TSv
    R2 EOF; C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f\EOF.exe [2958336 2016-08-04] () [Brak podpisu cyfrowego]
    C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f
    CHR HKU\S-1-5-21-3208515226-2010266281-175035788-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.attirerpage.com/?type=hp&ts=14...pm0616&uid=SAMSUNGXHM641JI_S26XJ9BB106291
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.attirerpage.com/search/?type=ds&am...amp;uid=SAMSUNGXHM641JI_S26XJ9BB106291&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}




    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.attirerpage.com/?type=hp&ts=14...pm0616&uid=SAMSUNGXHM641JI_S26XJ9BB106291
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.attirerpage.com/search/?type=ds&am...amp;uid=SAMSUNGXHM641JI_S26XJ9BB106291&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3208515226-2010266281-175035788-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    HKU\S-1-5-21-3208515226-2010266281-175035788-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
    HKU\S-1-5-21-3208515226-2010266281-175035788-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?bcutc=sp-006
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3208515226-2010266281-175035788-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3208515226-2010266281-175035788-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...amp;uid=SAMSUNGXHM641JI_S26XJ9BB106291&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3208515226-2010266281-175035788-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"1045" /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /wow /dir:"D:\# PROGRAMY\Avast"
    HKU\S-1-5-21-3208515226-2010266281-175035788-1002\...\Run: [AdobeBridge] => [X]
    HKLM\...\Run: [hshhsaaaws] => [X]
    2016-08-04 13:23 - 2016-08-04 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    2016-08-04 13:23 - 2016-08-04 13:23 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-08-04 13:22 - 2016-08-04 13:24 - 00000000 ____D C:\Program Files (x86)\SFK
    2016-08-04 13:23 - 2016-08-04 13:23 - 00000000 ____D C:\Users\Damian\AppData\Roaming\eCyber
    2016-08-04 13:22 - 2016-08-04 13:22 - 00000000 ____D C:\Users\Damian\AppData\Roaming\TSv
    2016-08-04 13:22 - 2016-08-04 13:22 - 00000000 ____D C:\ProgramData\1winp1
    2016-08-04 13:22 - 2016-08-04 13:22 - 00000000 ____D C:\Program Files (x86)\WinSaber
    2016-08-04 13:22 - 2016-08-04 13:22 - 00000000 ____D C:\Program Files (x86)\483439ee973f587d9bb1ffe33f27b80f
    2016-08-04 13:21 - 2016-08-04 13:22 - 00000000 ____D C:\Windows\SysWOW64\_SSpm
    C:\ProgramData\vwinpv
    C:\Windows\SysWOW64\*.html
    2016-07-10 14:41 - 2016-06-20 12:08 - 00000000 ____D C:\ProgramData\owinpo
    2016-07-10 14:41 - 2016-05-25 08:59 - 00000000 ____D C:\ProgramData\WwinpW
    2016-07-10 14:41 - 2016-05-03 14:43 - 00000000 ____D C:\Users\Damian\AppData\Roaming\ASPackage
    2016-07-09 20:43 - 2016-06-04 13:47 - 428396721 _____ C:\Windows\MEMORY.DMP
    2010-12-29 00:14 - 2010-12-29 00:15 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-12-29 00:08 - 2010-12-29 00:09 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
    2010-12-29 00:12 - 2010-12-29 00:12 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-12-29 00:09 - 2010-12-29 00:11 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
    2010-12-29 00:12 - 2010-12-29 00:14 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    Task: {FED830B1-D85E-47CD-B1BC-A86363D09A7B} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\16BA11B1A39621DA64CCF745077D1B53\Update\BrowserUpdate.exe <==== UWAGA
    C:\Program Files (x86)\QQBrowser
    ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1467...pm0616&uid=SAMSUNGXHM641JI_S26XJ9BB106291
    ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=1467...pm0616&uid=SAMSUNGXHM641JI_S26XJ9BB106291
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.nuesearch.com/?type=sc&ts=1467...pm0616&uid=SAMSUNGXHM641JI_S26XJ9BB106291
    CMD: netsh firewall reset
    EmptyTemp:

    Plik fixlist.txt umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

    2. Użyj >Adw-cleaner
    najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
    Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt

    3. Uruchom JRT. Wciśnij dowolny klawisz i czekaj, aż skończy się operacja. (UWAGA: podczas pobierania, programy mogą wskazywać, że to jest zagrożenie, proszę to zignorować). Pokaż raport.

    4. Po tych wszystkich operacjach nowy komplet logów z FRST do kontroli. Podczas uruchamiania FRST ustaw żeby ponownie wykonały się Addition.txt oraz Shourtcupy.

    0
  • CControls
  • Pomocny post
    #4 05 Sie 2016 15:11
    Domino_2
    Pomocny dla użytkowników

    Usuń wszystkie Adblocki i zainstaluj jeden porządny uBlock Origin. Logi wyglądają czysto.

    0
  • #5 05 Sie 2016 16:51
    Damonn
    Poziom 4  

    Świetnie, dziękuję za pomoc. Pozdrawiam!

    0