Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Serwer proxy ustawia sie po restracie/zalogowniu komputera

dugazone 29 Cze 2018 07:17 636 7
  • #1 29 Cze 2018 07:17
    dugazone
    Poziom 3  

    Witam,

    Windows 7.
    Na komputerze znalazł się wirus, który został usunięty przez prog. antywir. Jednak komputer nadal zachowywał się podejrzanie i postanowiłem przeskanować go malwarebytes oraz adwcleaner. Ten ostatni znajduje wirusa PUP.Adware.Heuristic, którego nie potrafi usunąć. Dodatkowo zauważyłem, że serwer proxy ustawia się automatycznie po restarcie na 127.0.0.1:1080, co powoduje komplikacje w używaniu Internetu.

    Nie potrafię poradzić sobie z problemem i proszę o pomoc.
    Załączam logi z farbara.

    Wiem,że na forum są tematy podobne, jednak wirus wirusowi nie równy.

    0 7
  • Pomocny post
    #2 29 Cze 2018 08:36
    safbot1st
    Poziom 43  

    Otwórz notatnik i wklej:

    HKU\S-1-5-21-2707602798-4019446908-728709923-1002\...\MountPoints2: {09add30b-68f7-11e6-9d99-1cb72cef8c5d} - F:\AutoRun.exe /s
    HKU\S-1-5-21-2707602798-4019446908-728709923-1002\...\MountPoints2: {ab3445c2-cc7d-11e5-848a-1cb72cef8c5d} - F:\MicroLauncher.exe
    HKU\S-1-5-21-2707602798-4019446908-728709923-1002\...\MountPoints2: {c1af7178-4032-11e7-8e6c-1cb72cef8c5d} - F:\Startme.exe
    Startup: C:\Users\MBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-10-09]
    ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)
    RemoveProxy:
    Toolbar: HKLM-x32 - Brak nazwy - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - Brak pliku
    Toolbar: HKU\S-1-5-21-2707602798-4019446908-728709923-1002 -> Brak nazwy - {C66A678D-5E6C-4AF9-8F57-C6192F42CF74} - Brak pliku
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR HomePage: Default -> hxxp://poczta.hekko.pl/
    CHR StartupUrls: Default -> "hxxp://tunein.com/radio/Radio-Swiss-Pop-s25243/"
    CHR HKU\S-1-5-21-2707602798-4019446908-728709923-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    R2 HPSLPSVC; C:\Users\MBA\AppData\Local\Temp\7zS11BB\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [Brak podpisu cyfrowego] <==== UWAGA
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
    S3 massfilter_lte; \??\C:\Windows\system32\drivers\massfilter_lte.sys [X]
    S3 zgdcat; system32\DRIVERS\zgdcat.sys [X]
    S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [X]
    S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [X]
    S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [X]
    S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [X]
    2018-06-29 00:38 - 2016-04-21 12:29 - 000003092 _____ C:\Windows\System32\Tasks\{9066044D-3E0B-49E4-9BAD-D259B882D209}
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\bcryptprimitives.dll:$CmdTcID [64]




    AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fveapi.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\fveapibase.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\fxcompchannel_x64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\HPBMINI.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpcjpm.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpcpn093.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpcpn190.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpinkcoiE111.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpinkinsE111.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpinkstsE111LM.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpmco190.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpmja190.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpmlm190.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpmml190.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpmpm081.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpmprein.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpmpw081.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hpmtp190.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hppdcompio.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hppdew13_x64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\hppdpr13_x64.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\HPScanTRDrv_DJ2130.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\HPWia2_DJ2130.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\HPZ3LLHN.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\mtxoci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\polstore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\tbs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\winipsec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\ws2_32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\FwRemoteSvr.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\fxcompchannel.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\gpapi.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\hpcc3093.DLL:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\hpcc3190.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\hpcdmc32.DLL:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\hppccompio.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msorcl32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mswsock.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\mtxoci.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\polstore.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\tbs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\winipsec.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\ws2_32.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [130]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\athrx.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\athrx.sys:$CmdZnID [26]
    AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\hpfx64bulk.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\hpfx64gen.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\usbser.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\wdcsam64.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Windows\system32\Drivers\WSDPrint.sys:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Desktop\AcomNEX-Pakiet (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Desktop\ilosci napelnien klimaAC-2012_PL.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\10027 (1).jpg:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\10027.jpg:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\11742410_3938.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\11742410_3943.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\12743598_204103426610799_1494533844235206161_n.jpg:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\161010_e-preprint_M.42.1_org_obslugi_poj_sam.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\5980427_orig.jpg:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\7z1604-x64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\7z1604-x64.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\AcomNEX-Pakiet_m (1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\AcomNEX-Pakiet_m (1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Baza (1).xlsx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Baza.xlsx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\biegaj.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\cpu-z_1.76-en.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\cpu-z_1.76-en.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\DJ2130_Basicx64_61.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\DJ2130_Basicx64_61.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Driver_MF821.rar:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Druki-1.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\fwd-prezentacje-psychologia-jeszcze-raz.zip:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\HP Deskjet 5740 - sterownik [1].exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\hppiw.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\hppiw.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\httpwww_bg_utp_edu_plartarchiwum20motoryzacji2010kubas (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\httpwww_bg_utp_edu_plartarchiwum20motoryzacji2010kubas.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\InsERT_GT.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\InsERT_GT.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Lista_rachunkow.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\List_powitalny_przelew_2551 (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\List_powitalny_przelew_2551 (2).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\List_powitalny_przelew_2551.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\MBA drzwi przeszklone i okno.odt:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\MBA drzwi przeszklone i okno.odt:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\MBA_ulotka A5_v2.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Niepotwierdzony 817064.crdownload:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\Ogloszenie (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Ogloszenie.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\ojciec syn grudzien.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Organizowanie imprez artystycznych i rozrywkowych _008_001_84170.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\P2055_default_install_v6.1_ww (1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\P2055_default_install_v6.1_ww (1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Plus_Internet_ZTEMF821_poprawka.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\Plus_Internet_ZTEMF821_poprawka.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\potwierdzenie (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Printer-HP-HP-Deskjet-5700-Series-HPA.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\Printer-HP-HP-Deskjet-5700-Series-HPA.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\protokol.xlsx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Protokoły.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\putty-0.68-installer.msi:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Ramowa-umowa-o-współpracy-z-zapisami-własności.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\RAMOWY_WZOR_UMOWY_PARTNERSKIEJ (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\RAMOWY_WZOR_UMOWY_PARTNERSKIEJ.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Scan 11 (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Scan 11 (2).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Scan 11 (3).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Scan 11.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\setup.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\SIWZ_wraz_z_zalacznikami (1).doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\SIWZ_wraz_z_zalacznikami.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\SIWZ_wraz_z_zalacznikami.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\SoftwarePatch.pl-5700_plk_win2k_xp.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\SoftwarePatch.pl-5700_plk_win2k_xp.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\SO_5231.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\STATUT.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\TeamViewerQS_pl-idc7528m4c (1).exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\TeamViewerQS_pl-idc7528m4c (1).exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\TeamViewerQS_pl-idc7528m4c.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\TeamViewerQS_pl-idc7528m4c.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\test anatomia 2.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\test-anatomia-2.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\test-z-anatomii.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\transfer_20160223.pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\transfer_20160311.pdf:$CmdTcID [130]
    AlternateDataStreams: C:\Users\MBA\Downloads\uchwala184zal.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Uchwała KKR ws wzorów protokołów z dnia 12.11.2015 r. (1).doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Uchwała KKR ws wzorów protokołów z dnia 12.11.2015 r..doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\umowa-partnerska.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\upd-pcl6-x64-6.2.1.20636.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\upd-pcl6-x64-6.2.1.20636.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\upd-pcl6-x64-6.3.0.21178.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\upd-pcl6-x64-6.3.0.21178.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\UPGO.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\UPGO.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Windows6.1-KB947821-v34-x64.msu:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\WindowsUpdateAgent30-x64.exe:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Downloads\WindowsUpdateAgent30-x64.exe:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Wniosek PJ_3.0 - bez oplaty.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Wyciag (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Wyciag (2).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Wyciag (3).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Wyciag (4).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Wyciag.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\WYTYCZNE 2016.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\wzory-druków-(2) (1).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\wzory-druków-(2).docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\wzory_druków_obowiązkowe (1).doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\wzory_druków_obowiązkowe.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\wzór nr 3.docx:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Zal. nr 2.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Zal._nr_6_do_Protokolu_Uchwala_nr_1_z_walnego_zebrania_sprawoadawczego_OSP.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\Zalacznik nr 7 - Szczegolowy opis czynnosci serwisowych.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\zgloszenie_impreza_sportowo-rekreacyjna.doc:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\zlecenie-serwisowe (1).pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Downloads\zlecenie-serwisowe.pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Documents\O16000907 Malowanie bramy segmentowej .pdf:$CmdTcID [64]
    AlternateDataStreams: C:\Users\MBA\Documents\O16000907 Malowanie bramy segmentowej .pdf:$CmdZnID [26]
    AlternateDataStreams: C:\Users\MBA\Documents\transfer_20160223.pdf:$CmdZnID [26]
    EmptyTemp:

    Zapisz jako fixlist.txt obok FRST.exe i w FRST wybierz "Napraw".
    Po naprawie usuń C:\FRST i to wszystko.

    0
  • Pomocny post
    #3 29 Cze 2018 08:43
    Kolobos
    Spec od komputerów

    Odinstaluj: CPUID CPU-Z 1.76

    Wykonaj Fixlist.txt:
    CloseProcesses:
    Task: {7AE56B48-D48A-4E5C-BBF8-33C2CD1CB0DA} - System32\Tasks\{9066044D-3E0B-49E4-9BAD-D259B882D209} => C:\Windows\system32\pcalua.exe -a E:\integra_1_2016\setup.exe -d E:\integra_1_2016
    ProxyServer: [S-1-5-21-2707602798-4019446908-728709923-1002] => 127.0.0.1:1080
    CHR HKU\S-1-5-21-2707602798-4019446908-728709923-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    R2 A0F720AF; C:\ProgramData\A0F720AF\A0F72064.dll [2682896 2018-06-28] () [Brak podpisu cyfrowego]
    2018-06-29 01:30 - 2018-06-29 01:31 - 000000000 ____D C:\AdwCleaner
    C:\ProgramData\A0F720AF\
    RemoveProxy:


    @safbot1st trzeba jeszcze usunac infekcje, ktora ustawia to proxy!
    R2 A0F720AF; C:\ProgramData\A0F720AF\A0F72064.dll [2682896 2018-06-28] () [Brak podpisu cyfrowego]
    C:\ProgramData\A0F720AF\

    0
  • Pomocny post
    #5 29 Cze 2018 08:54
    safbot1st
    Poziom 43  

    @dugazone Wykonaj jeszcze fixlist.txt od @Kolobos z posta #3!

    Kolobos napisał:
    @safbot1st trzeba jeszcze usunac infekcje, ktora ustawia to proxy!
    R2 A0F720AF; C:\ProgramData\A0F720AF\A0F72064.dll [2682896 2018-06-28] () [Brak podpisu cyfrowego]
    C:\ProgramData\A0F720AF\

    Widać potrzeba lepszego "speca" na to. Ja tej linijki nie dostrzegłem. Dzięki za wsparcie i Pozdrawiam.

    0
  • Pomocny post
    #6 29 Cze 2018 09:18
    Kolobos
    Spec od komputerów

    @dugazone wykonaj jeszcze to co podalem.

    0
  • #7 29 Cze 2018 09:24
    dugazone
    Poziom 3  

    Mistrz!!

    Wszystko wróciło do normy!

    Dzięki wielkie za wsparcie.

    0
  • #8 29 Cze 2018 09:37
    dugazone
    Poziom 3  

    Mistrz!!

    Wszystko wróciło do normy!

    Dzięki wielkie za wsparcie.

    Dodano po 12 [minuty]:

    Rozwiązanie otrzymałem od użytkowników @Kolobos i @saftbot1st.

    Komputer został przeskanowany programem Farbar, z którego logi podesłałem na forum do analizy. Natychmiast otrzymałem wskazówki, co należy wykonać i problem znikł.

    0