Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

mystart4.dealwifi, ourluckysites LOGI FRST

wiesix1 09 Maj 2017 15:49 330 4
  • CControls
  • Pomocny post
    #2 09 Maj 2017 16:20
    krzychupar
    Poziom 41  

    Odinstaluj:
    WINSNARE (HKLM-x32\...\{56D19032-B59F-4020-994B-15912A49CD96}) (Version: 4.4.6 - WINSNARE) <==== UWAGA

    Otwórz notatnik systemowy i wklej:

    Task: {01EC16ED-900A-4A1F-B64E-E87EE9D3B9D9} - System32\Tasks\{B446EEEA-BE07-4519-AF7D-B0D740FD77AF} => pcalua.exe -a C:\Users\User\Desktop\doris\ProSimTernaryDiagramInstall.exe -d C:\Users\User\Desktop\doris
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA
    Task: {5621C918-51D8-459B-8235-54E20B07CA24} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Brak pliku <==== UWAGA
    Task: {8675EE0E-7A82-4507-B066-6F9A2ED77368} - System32\Tasks\Windows-PG => powershell.exe C:\Update\psgo\psgo.ps1 <==== UWAGA
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA
    Task: {B1F94F9E-A80C-41EA-B04D-ECDA3510469B} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Brak pliku <==== UWAGA
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA
    Task: {E4ABC10F-44C4-4308-9598-E52901B43B40} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-30] (AVAST Software)
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...mp;uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...mp;uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...mp;uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM




    ShellExecuteHooks: Brak nazwy - {7261E794-12E8-11E7-A249-64006A5CFC23} - C:\Users\User\AppData\Roaming\Fioseprerlerk\Stertiyghpagh.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    GroupPolicy: Ograniczenia <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3045131227-898844521-3608470624-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM&q={searchTerms}
    HKU\S-1-5-21-3045131227-898844521-3608470624-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3045131227-898844521-3608470624-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Brak pliku
    Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=...mp;uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM
    FF Homepage: Mozilla\Firefox\Profiles\17juf4yb.default -> hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.ourluckysites.com/?type=sc&ts=...mp;uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM
    CHR HomePage: ChromeDefaultData -> hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.ourluckysites.com/?type=hp&ts=1491380642&z=3bab3404d46aed1a1482a67g4z7t2g6c2b3e1zeq6m&from=che0812&uid=ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM"
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?type=ds&...ST500DM002-1BD142_S2ACZCBMXXXXS2ACZCBM&q={searchTerms}
    CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-09] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
    U3 aqrmn1dh; C:\Windows\System32\Drivers\aqrmn1dh.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    S3 aswHdsKe; \??\C:\Windows\system32\drivers\aswHdsKe.sys [X]
    U0 aswVmm; Brak ImagePath
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    2017-04-26 16:15 - 2017-04-26 16:40 - 00000000 ____D C:\Users\User\Doctor Web
    2017-04-26 17:27 - 2017-03-30 16:23 - 00000000 ____D C:\AdwCleaner
    2017-04-26 15:59 - 2013-05-14 09:53 - 00000000 ___HD C:\Program Files (x86)\Temp
    C:\Windows\SysWOW64\tmpPrst.dll
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 09 Maj 2017 16:57
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #5 09 Maj 2017 19:20
    Kolobos
    Spec od komputerów

    Zgraj zakladki z Chrome. W Chrome zmien profil na Default, drugi utworzony przez infekcje usun.

    Odinstaluj: simpliclean

    Wykonaj Fixlist.txt dla FRST:
    Task: {0B696FAB-87B7-4FC7-9866-BDF8C711D9EF} - \Clean desktop -> Brak pliku <==== UWAGA
    Task: {0E95CDFA-2FB8-449C-9AC6-8191DE208D77} - System32\Tasks\simplitec Power Suite (Tray) => C:\Program Files (x86)\simplitec\simplitec\simpliclean\ServiceProvider.exe [2016-04-04] (simplitec GmbH)
    Task: {92601E25-99E3-4E0B-8275-01D13F4B1660} - System32\Tasks\simplitec Power Suite => C:\Program Files (x86)\simplitec\simplitec\simpliclean\PowerSuite.exe [2016-04-04] (simplitec GmbH)
    Task: {A8E62E81-ADAE-438C-87FF-624DF6D7FD32} - System32\Tasks\Cogespghoqik Reports => C:\Program Files (x86)\Serentarepisp\xgriqaty.exe [2017-03-30] (Glarysoft Ltd)
    Task: C:\Windows\Tasks\simplitec Power Suite.job => C:\Program Files (x86)\simplitec\simplitec\simpliclean\PowerSuite.exe
    Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Moncar\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Moncar\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Moncar\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Moncar\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Moncar\Application\chrome.exe (Google Inc.)
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e28cdf0171ca7b3c\Google Chrome.lnk -> C:\Program Files (x86)\Moncar\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e0f45975430063bc\Google Chrome.lnk -> C:\Program Files (x86)\Moncar\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
    CHR DefaultProfile: ChromeDefaultData
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-09] <==== UWAGA
    C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    S2 3DM; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
    S2 3DM; C:\windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
    U3 afezvqjm; C:\Windows\System32\Drivers\afezvqjm.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    2017-04-25 08:55 - 2017-04-25 08:55 - 00000000 ____D C:\Windows\psgo
    2017-04-25 08:55 - 2017-04-25 08:55 - 00000000 ____D C:\Users\User\AppData\Local\Kitty
    2017-04-20 10:36 - 2017-04-20 10:36 - 00000000 _____ C:\Windows\SysWOW64\33
    2017-04-20 10:35 - 2017-04-20 10:35 - 00000000 _____ C:\Windows\SysWOW64\11
    2017-04-19 14:21 - 2017-04-19 14:21 - 00000000 ____D C:\Users\User\AppData\Local\3DM
    2017-04-19 14:20 - 2017-04-25 08:54 - 00000000 ____D C:\Users\User\AppData\Local\SNARE
    2017-04-19 14:20 - 2017-04-19 14:20 - 00000000 ____D C:\Windows\Update
    2017-04-10 09:21 - 2017-04-25 08:54 - 00000000 ____D C:\Program Files (x86)\mcvtz4ms
    2017-05-04 10:08 - 2017-05-04 10:08 - 7649280 _____ () C:\Program Files (x86)\GUT405.tmp
    C:\Program Files (x86)\Serentarepisp
    C:\Program Files (x86)\Moncar\

    Usun katalog C:\FRST po wykonaniu i to wszystko.

    0