Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] prośba o analizę FRST, jakiś uciążliwy proces DLL

majk636363 07 Wrz 2018 17:10 87 2
  • Pomocny post
    #2 07 Wrz 2018 17:22
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt z zawartoscia:
    Itibiti RTC (HKLM\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden <==== UWAGA

    Nastepnie odinstaluj:
    Bubble Browser
    DNS Unlocker version 1.4
    Itibiti RTC

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj kolejny Fixlist.txt:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-3402518616-1825306349-2235242046-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Arek\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => Brak pliku
    Task: {0B38BDCE-DF73-4CE2-8B99-DC5C1F5A4641} - \Bubble Browser -> Brak pliku <==== UWAGA
    Task: {1697250D-AA9D-43E0-A654-C59337F3AF45} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {17712773-09DF-4709-8E1D-DFA5FDA8B46F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {2B4D6F42-8A61-416E-8705-21B56048283E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {4132F0E7-B205-4466-9C51-37EB07934D4F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: {42CB6A6E-5A3D-49D0-B231-FF52E7120A2E} - \Bubble Browser2 -> Brak pliku <==== UWAGA
    Task: {4C204D33-2A2B-4C18-95E5-F4A5C737C8E5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {61FFAE77-D4E2-4E76-8E0A-035BF7060803} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
    Task: {6F224301-1187-44BA-B413-D9840132E150} - \{4804D758-7F2B-B4A1-7425-8B5152D39E01} -> Brak pliku <==== UWAGA
    Task: {903B2C91-3710-4D89-A701-F1370FD95EB4} - \Wopuxaumak -> Brak pliku <==== UWAGA
    Task: {A52C1D53-46F9-4C55-B3A6-3D70CEF3894F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {ADBF0478-85EA-49DF-A5BD-1DFDC99EFFD5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {B687B39A-C54D-4234-8843-7D872C4B8B8B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {C39DE5E4-678E-46D8-93C6-1163974D5F65} - System32\Tasks\{69F904BF-60EE-4A27-9C95-0CAA83641F76} => C:\Windows\system32\pcalua.exe -a C:\v1.35\Winflash32\CLB-135.EXE -d C:\v1.35\Winflash32
    Task: {C83263E3-8940-4CA0-BF26-E442C00D49D5} - System32\Tasks\{78CB4FB7-59FF-4465-B9E3-66B87E1FC43C} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\TVTime\uninstall.exe -c /kb=y /ic=1
    Task: {D08DBAE6-7C13-43C6-96EB-CEA452BF86E4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {D4D57A1A-A6C3-4961-B7AC-C8523882C9E9} - System32\Tasks\{C59FF22F-38BE-413F-9E29-E4A2DB883AD8} => C:\Windows\system32\pcalua.exe -a "G:\PLAY ONLINE\Setup.exe" -d "G:\PLAY ONLINE"




    Task: {DCFCD914-8893-4A49-BB16-DFFD1C28A48B} - System32\Tasks\Sictekco => C:\PROGRA~1\SHOPPE~2\Icyiea.bat <==== UWAGA
    Task: {DE1E5552-BD59-4419-ABD2-251F56BB76D6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {EFD1EC8C-7178-4CAA-9FFE-03F30981B979} - System32\Tasks\{0E050547-047A-7E09-7811-7D0F7F0C1179} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand
    Task: {F332E383-6796-4D38-8C0B-F3E2997F5177} - System32\Tasks\DNSKALAMAZOO => dnskalamazoo.exe <==== UWAGAHosts:
    HKU\S-1-5-21-3402518616-1825306349-2235242046-1000\...\Run: [GoogleChromeAutoLaunch_CF8087D391BF9923F210702354BF6ED6] => C:\Users\Arek\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
    HKU\S-1-5-21-3402518616-1825306349-2235242046-1000\...\MountPoints2: {0bb072a1-b2b0-11e8-ab7e-001c26c3e613} - "F:\LaunchU3.exe" -a
    Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{8be4fd0f-7a1b-41e3-98ad-5b6606fe28fe}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{8be4fd0f-7a1b-41e3-98ad-5b6606fe28fe}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{d0eea6f5-f7a7-4aed-bc23-e10f1037c490}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{fd4a322f-59de-4edd-a7ba-1c60ce8a93be}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{fd4a322f-59de-4edd-a7ba-1c60ce8a93be}: [DhcpNameServer] 82.163.142.7
    Toolbar: HKU\S-1-5-21-3402518616-1825306349-2235242046-1000 -> Brak nazwy - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - Brak pliku
    C:\Users\Arek\AppData\Roaming\Mozilla\Firefox\Profiles\xxf3r1o1.default\Extensions\@FCEC022C4DA9D4C0C7AAA4688981686AFCEC.xpi
    FF Extension: ("Bubble Browser) - C:\Users\Arek\AppData\Roaming\Mozilla\Firefox\Profiles\xxf3r1o1.default\Extensions\@FCEC022C4DA9D4C0C7AAA4688981686AFCEC.xpi [2015-12-17] [Przestarzałe] [Brak podpisu cyfrowego]
    C:\Users\Arek\AppData\Roaming\Mozilla\Firefox\Profiles\xxf3r1o1.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi
    FF Extension: (LeechBlock) - C:\Users\Arek\AppData\Roaming\Mozilla\Firefox\Profiles\xxf3r1o1.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2015-12-07] [Przestarzałe]
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\!FCEC022C4DA9D4C0C7AAA4688981686AFCEC.js [2015-12-16] <==== UWAGA
    FF ExtraCheck: C:\Program Files\mozilla firefox\FCEC022C4DA9D4C0C7AAA4688981686AFCEC [2015-12-16] <==== UWAGA
    C:\Users\Arek\AppData\Local\Bubble Browser\Component
    C:\Users\Arek\AppData\Local\Bubble Browser\
    CHR Extension: (Bubble Browser) - C:\Users\Arek\AppData\Local\Bubble Browser\Component [2015-12-22]
    CHR HKLM\...\Chrome\Extension: [epchdkphlhhkhjndlcjhoefomdhhkbgc] - C:\Program Files\Red Sky\BartVPN\bartvpn-button-chrome.crx <nie znaleziono>
    CHR HKU\S-1-5-21-3402518616-1825306349-2235242046-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
    2018-09-07 11:07 - 2016-08-26 22:04 - 000000000 ____D C:\ProgramData\518b2575-3ab3-1
    2018-09-07 11:07 - 2016-08-26 22:04 - 000000000 ____D C:\ProgramData\518b2575-10c5-0
    2015-08-31 01:47 - 2015-08-31 01:47 - 006420480 ____C () C:\Program Files\GUTFCEE.tmp
    2014-09-01 04:18 - 2015-12-18 18:12 - 000000365 ____C () C:\Users\Arek\AppData\Roaming\BBHJ
    2014-09-01 04:18 - 2015-12-18 18:11 - 000001171 ____C () C:\Users\Arek\AppData\Roaming\SCOWI
    2014-09-01 04:18 - 2015-12-18 18:11 - 000001171 ____C () C:\Users\Arek\AppData\Roaming\TGFW
    2014-09-01 04:18 - 2015-12-18 18:11 - 000000365 ____C () C:\Users\Arek\AppData\Roaming\WFEC
    2012-12-11 11:29 - 2012-12-11 11:29 - 000003584 ____C () C:\Users\Arek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-01-01 06:47 - 2015-01-01 14:43 - 000000003 ____C () C:\Users\Arek\AppData\Local\proxy.log

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #3 07 Wrz 2018 19:50
    majk636363
    Poziom 3  

    dzięki mistrzu

    0