jessica
-
Postów
4 099 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez jessica
-
-
Czy bitdefender ts to odpowiedni antywirus na win 10 ?
O tym trudno powiedzieć, bo na razie WIN 10 to nowy System,
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.
jessi
-
Shortcut.txt nie wniósł nic podejrzanego.
jessi
-
Tylko kosmetyka:
Otwórz Notatnik i wklej w nim:
CustomCLSID: HKU\S-1-5-21-3694247235-714563267-2262226866-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Dominik\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3694247235-714563267-2262226866-1001_Classes\CLSID\{24734139-2E14-88F8-FDDF-194FDB2B19C4}\InprocServer32 -> no filepath
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - \Microsoft\Windows\Live\Roaming\SynchronizeWithStorage -> No File <==== ATTENTION
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {A800277E-E202-4492-AD38-3312641CBC04} - \Microsoft\Windows\Live\Roaming\MaintenanceTask -> No File <==== ATTENTION
Task: {C84F8A44-9FD3-4273-930B-E488674D2812} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {D2BB9284-305F-4C38-AFD1-DC77EBF12928} - System32\Tasks\{01BB3D65-38FF-4609-A6D6-9B88DB6D6DB4} => pcalua.exe -a C:\Users\Dominik\Downloads\sylenth1_2.2.1.2_by_dembousarist___VITPENZ.exe -d C:\Users\Dominik\Downloads
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "mobilegeni daemon" /f
HKLM-x32\...\Run: [mbot_pl_014010028] => [X]
HKU\S-1-5-21-3694247235-714563267-2262226866-1001\...\Run: [AdobeBridge] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3694247235-714563267-2262226866-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll No File
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll" No File
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [No File]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3694247235-714563267-2262226866-1001: ubisoft.com/uplaypc -> A:\Program Files (x86)\Ubisoft\Trials Evolution Gold Edition\datapack\orbit\npuplaypc.dll No File
R2 tcsvc_1.10.0.21; C:\Program Files (x86)\TermCoach_1.10.0.21\Service\tcsvc.exe [300120 2015-07-28] (TermCoach)
C:\Program Files (x86)\TermCoach_1.10.0.21
S2 Stereo Service; "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.jessi
-
Otwórz Notatnik i wklej w nim:
C:\Program Files (x86)\Common Files\G Data
S4 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2527864 2015-03-04] (G Data Software AG)
DisableService: AVKService
DisableService: AVKWCtl
DisableService: GDScan
DisableService: HookCentre
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-04-07] (G Data Software AG)
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}" /f
S3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
Task: {18B256C1-C613-4758-BA45-CEFD1C4E83C1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {404110D2-E461-412A-BBA2-FB449A29F837} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4406AD5D-A59F-4C8A-9DA0-61D30B80501C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5D1C5D18-C64E-42D2-B55F-69858A3C1C2C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7E5E7E54-40A7-4252-AD94-CAD194DC833A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {956D0268-3628-4844-BB15-E42219C3FDA7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9DDC18BA-C35C-48BB-AB35-083F54FB05BC} - System32\Tasks\{02A1E7CC-9D90-4B94-8DA7-9972114C045C} => pcalua.exe -a "C:\ProgramData\G Data\Setups\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}\setup.exe" -c /InstallMode=Uninstall /_DoNotShowChange=true
C:\ProgramData\G Data
Task: {BB8DF4C3-1464-4698-9839-5C5BAC4C1431} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BF69446D-D979-4AC0-B4D4-DBF09E80E357} - System32\Tasks\{9B3A4D3C-C110-4A86-868B-E3D117E4CF7B} => pcalua.exe -a "D:\steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "D:\steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {D2375C42-621B-4816-B7AE-183E41BD17DB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DC92198A-BA02-4E38-AD0A-AB540DAA44B9} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E6A764C8-6993-4ACF-BAF4-54CC87E48799} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F236DC7C-F8A8-4192-979A-0219CD0FECCA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
C:\Program Files (x86)\G DATA
HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [124928 2015-06-11] (G Data Software AG)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Users\Karol\AppData\Roaming\gdfw.log
C:\Users\Karol\AppData\Roaming\gdscan.log
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY\G DATA INTERNET SECURITY.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G DATA INTERNET SECURITY\Utwórz nośnik startowy.lnk
C:\Users\Karol\programy\Device Doctor.lnk
C:\Users\Karol\programy\G DATA INTERNET SECURITY.lnk
C:\Users\Karol\programy\WTFast.lnk
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.jessi
-
Otwórz Notatnik i wklej w nim:
Task: {B0293A6E-BF85-43C0-AB85-A9715544394B} - System32\Tasks\PC Service Viewer => C:\Program Files (x86)\PC Service\PCService.exe [2015-07-30] (Secure Best Updater)
C:\Program Files (x86)\PC Service
Task: {F2E44A5D-1775-4B88-BAC4-138C4B1E3E22} - System32\Tasks\Security Software => C:\Users\sylwester\AppData\Roaming\Updater\winupd.exe [2015-07-22] () <==== ATTENTION
C:\Users\sylwester\AppData\Roaming\Updater
ProxyServer: [s-1-5-21-2770005542-1391010283-3734432884-1000] => 127.0.0.1:8118
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prot.xml [2015-08-02]
R2 PrivoxyService; C:\Program Files (x86)\IT Viewer\privoxy.exe [371200 2015-08-02] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
C:\Users\sylwester\AppData\Roaming\A90E.tmp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Zarządzanie kontem Battle.net.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Pomoc techniczna Blizzard.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 52%\Alcohol Command Launcher.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 52%\Data-Type Analyzer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 52%\Uninstall Alcohol 52%.lnk
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.Jeśli problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
jessi
-
C:\Program Files (x86)\AVG\AVG PC TuneUp
Na WIN 10 nie wolno mieć tego programu, powoduje ogromne problemy.
Poza tym:
https://www.fixitpc.pl/topic/8716-skuteczne-usuwanie-programow-antywirusowych/
nawet nie wiem, czy na WIN 10 działa "Gdata AvCleaner"
jessi
-
Sadząc po logach, to jest już OK.
Ale brakuje logów z FRST: Additional.txt oraz Shortcut.txt - uzupełnij to.
jessi
-
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
W takim razie odinstaluj ten program.
jessi
-
Otwórz Notatnik i wklej w nim:
Task: {FC41DC3D-FEBB-46C6-9B0C-5F3027478FAD} - System32\Tasks\{F109852A-BA8E-4B71-B982-6AF701C52ADE} => pcalua.exe -a "C:\Program Files (x86)\Lenovo\VeriFace\Uninstall.exe" -d "C:\Program Files (x86)\Lenovo\VeriFace"
Task: {B89700AB-0684-4AFF-815D-80AB21521E55} - System32\Tasks\{DC6005DA-A433-464A-A36F-9BAC90CFB3C1} => pcalua.exe -a C:\Users\Basia\Downloads\NetFx64.exe -d C:\Users\Basia\Downloads
Task: {5AE10761-E516-4DCB-9C67-B7D207C07A6A} - System32\Tasks\{17969053-0FC9-4910-8678-9EE7BAA7565E} => pcalua.exe -a C:\Users\Basia\Desktop\NetFx64.exe -d C:\Users\Basia\Desktop
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
jessi
-
R1 {fef7f75c-f985-4250-96f9-8183cd04238b}Gw64; C:\Windows\System32\drivers\{fef7f75c-f985-4250-96f9-8183cd04238b}Gw64.sys [48792 2014-10-03] (StdLib)
Jest ten szkodliwy śmieć, ale jego masz już id 10 miesięcy.
Są też jakieś nieznane mi strumienie ADS, podpięte pod foldery Systemowe.
Otwórz Notatnik i wklej w nim:
AlternateDataStreams: C:\ProgramData:BF3ED63AE4028B31AlternateDataStreams: C:\Users\All Users:BF3ED63AE4028B31
AlternateDataStreams: C:\ProgramData\Application Data:BF3ED63AE4028B31
AlternateDataStreams: C:\ProgramData\Dane aplikacji:BF3ED63AE4028B31
R1 {fef7f75c-f985-4250-96f9-8183cd04238b}Gw64; C:\Windows\System32\drivers\{fef7f75c-f985-4250-96f9-8183cd04238b}Gw64.sys [48792 2014-10-03] (StdLib)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X]
C:\Windows\System32\drivers\{fef7f75c-f985-4250-96f9-8183cd04238b}Gw64.sys
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.
2012-09-17 15:22 - 2015-01-18 01:19 - 0074080 _____ () C:\Program Files (x86)\Uninstall.exe2015-01-18 01:19 - 2015-01-18 01:19 - 0029031 _____ () C:\Program Files (x86)\Uninstall.ini
Znasz te programy?
Nie ma ich na liście Twoich zainstalowanych programów..
jessi
-
Ani na "F", ani na "G" nie ma infekcji.
jessi
-
KU\S-1-5-21-2256594746-1432280111-207961492-1000\...\Run: [AdobeBridge] => [X] => Error: No automatic fix found for this entry.
Z mojej winy poprawka:
Do Notatnika wklej:
Windows Registry Editor Version 5.00 [HKEY_USERS\S-1-5-21-2256594746-1432280111-207961492-1000\software\microsoft\windows\currentversion\run] "AdobeBridge"=-
Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>plik uruchom (dwuklik i OK).
Kończymy:
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST
jessi
-
Adw-Cleaner niewiele wykrył.
USBFix miało być z opcji LISTING, a nie RESEARCH.
RESEARCH pokazuje tylko znane od dawna infekcje, natomiast LISTING może pokazać jakieś nowe wersje infekcji.
Pradopodobnie jest już wszystko OK.
jessi
-
1) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt2) Otwórz Notatnik i wklej w nim:
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
KU\S-1-5-21-2256594746-1432280111-207961492-1000\...\Run: [AdobeBridge] => [X]
CustomCLSID: HKU\S-1-5-21-2256594746-1432280111-207961492-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Rymin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2256594746-1432280111-207961492-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Rymin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2256594746-1432280111-207961492-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Rymin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
Toolbar: HKU\S-1-5-21-2256594746-1432280111-207961492-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF SelectedSearchEngine: delta-homes
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
C:\windows\Minidump\*.dmp
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.3) Napisz, czy problem znikł?
jessi
-
USBFix - ściągnij i użyj w Trybie Awaryjnym (F8 przed startem Systemu)
Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txtjessi
-
Teraz po ponownym uruchomieniu systemu pojawiło się tylko jedno okienko z "moje dokumenty".
W takim razie:
Otwórz Notatnik i wklej w nim:
HKU\S-1-5-21-1645522239-1659004503-725345543-1004\...\Run: [EXPLORER.EXE] => E:\WINDOWS\EXPLORER.EXE [1035264 2008-04-14] (Microsoft Corporation)EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Nic innego podejrzanego w logach nie ma.
jessi
-
1) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt2) Otwórz Notatnik i wklej w nim:
StandardProfile\GloballyOpenPorts: [2900:TCP] => Enabled:ztdtqhnh
E:\Documents and Settings\All Users\Dane aplikacji\6WinManPro6
E:\Program Files\MiuiTab
HKLM\...\Winlogon: [userinit] E:\WINDOWS\system32\userinit.exe,EXPLORER.EXE
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> E:\Program Files\MiuiTab\SupTab.dll [2015-08-04] (Good Co. Limited)
Toolbar: HKU\S-1-5-21-1645522239-1659004503-725345543-1004 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1439036453&z=7d94f16b19b00e9ddd29621g3zfc4t9efccq9cdq4q&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1439036413&z=9ddf3937cf24a4f23520a42gez9c3t5e9caq1c9oeq&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1439036453&z=7d94f16b19b00e9ddd29621g3zfc4t9efccq9cdq4q&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1439036413&z=9ddf3937cf24a4f23520a42gez9c3t5e9caq1c9oeq&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P&q={searchTerms}
HKU\S-1-5-21-1645522239-1659004503-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1439036453&z=7d94f16b19b00e9ddd29621g3zfc4t9efccq9cdq4q&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P
HKU\S-1-5-21-1645522239-1659004503-725345543-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1439036453&z=7d94f16b19b00e9ddd29621g3zfc4t9efccq9cdq4q&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1439036453&z=7d94f16b19b00e9ddd29621g3zfc4t9efccq9cdq4q&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1439036453&z=7d94f16b19b00e9ddd29621g3zfc4t9efccq9cdq4q&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-1659004503-725345543-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1439036453&z=7d94f16b19b00e9ddd29621g3zfc4t9efccq9cdq4q&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-1659004503-725345543-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P&ts=1439036535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-1659004503-725345543-1004 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P&ts=1439036535&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-1659004503-725345543-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1439036453&z=7d94f16b19b00e9ddd29621g3zfc4t9efccq9cdq4q&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-1659004503-725345543-1004 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P&ts=1439036535&type=default&q={searchTerms}
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1439036453&z=7d94f16b19b00e9ddd29621g3zfc4t9efccq9cdq4q&from=cor&uid=ST9120822AS_5LZ8DH4PXXXX5LZ8DH4P
FF Extension: No Name - E:\Documents and Settings\A\Dane aplikacji\IDM\idmmzcc5 [not found]
FF Extension: No Name - E:\Documents and Settings\A\Dane aplikacji\Mozilla\Firefox\Profiles\a1yj8rz1.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - E:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
R2 IHProtect Service; E:\Program Files\MiuiTab\ProtectService.exe [125112 2015-08-04] (XTab system)
R2 WindowsMangerProtect; E:\Documents and Settings\All Users\Dane aplikacji\6WinManPro6\ProtectWindowsManager.exe [708264 2015-08-08] (DTools LIMITED) <==== ATTENTION
S2 fyzmyr; E:\WINDOWS\system32\yyllqvv.dll [X]
S3 AR5211; system32\DRIVERS\ar5211.sys [X]
S4 asc; no ImagePath
S4 asc3350p; no ImagePath
S4 asc3550; no ImagePath
S3 ASNDIS5; \??\E:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS [X]
S4 Atdisk; no ImagePath
S4 cd20xrnt; no ImagePath
S1 Changer; no ImagePath
S4 CmdIde; no ImagePath
S4 Cpqarray; no ImagePath
U4 dac2w2k; no ImagePath
S4 dac960nt; no ImagePath
S4 dpti2o; no ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S4 hpn; no ImagePath
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
E:\Documents and Settings\All Users\Dane aplikacji\IHProtectUpDate
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.
3) Zrób nowe logi FRST.
jessi
-
to ten "ktoś" nie zna się na logach.
jessi
-
Na pendrivie pojawiły się ukryte pliki "Desktop.ini " , "tiuopu.exe" , "tioupu.scr"
Zrób log z USBFix z opcji LISTING https://www.fixitpc.pl/topic/8-dezynfekcja-zbi%C3%B3r-narz%C4%99dzi-usuwaj%C4%85cych/?do=findComment&comment=74
W różnych folderach są ukryte pliki $RECYCLE.BIN , Desktop.ini , których wcześniej nie było i się nie pojawiały."desktop.ini" były cały czas, ale ukryte.
Natomiast "Recycle.Bin" (Kosz) nie powinny być w każdym folderze.
" O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) "
to normalne w logach, a nie żaden "syfek".
jessi
-
Po ponownym przeładowaniu komputera reklamy niestety wróciły. Zauważyłem też, że Chrome często wyświetla komunikat o wyłączeniu rozszerzeń typu programisty, pomimo tego, że lista rozszerzeń jest pusta. Po kliknięciu opcji wyłącz reklamy znikają do następnego uruchomienia przeglądarki.
zaczynaj od początku
-
Czy może to oznaczać infekcję?
taki komunikat nie ma nic wspólnego z infekcją.
Po prostu System nie chce współpracować z GMER'em.
-
W takim razie będziemy kończyć:
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).jessi
-
W logach wcale nie widzę tego "TremendousSale", więc takie rozszerzenie nie istnieje.
Otwórz Notatnik i wklej w nim:
Task: {02A7F9B3-3962-41EE-9693-2FA9414BDEC4} - System32\Tasks\SoundBoom => c:\programdata\{2a814667-1389-5f07-2a81-14667138199c}\2297785771801901994b.exe <==== ATTENTION
c:\programdata\{2a814667-1389-5f07-2a81-14667138199c}
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
HKU\S-1-5-21-1079949116-4080506166-1513378825-1001\...\Run: [AdobeBridge] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyScripts: Group Policy detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
2015-07-16 21:40 - 2015-08-02 21:11 - 00000009 _____ C:\Users\Konrad\AppData\Roaming\update.dat
2015-07-16 21:40 - 2015-07-17 11:39 - 00000000 _RSHD C:\Users\Konrad\AppData\Roaming\taskmgr
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.jessi
-
1)
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTIONOdinstaluj ten program.
2) Otwórz Notatnik i wklej w nim:
C:\Program Files\FFFFFFFF-1438788731-FFFF-FFFF-FFFFFFFFFFFF
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
FF Extension: No Name - C:\Documents and Settings\W [not found]
FF Extension: No Name - C:\Documents and Settings\W [not found]
R2 comyninu; C:\Program Files\FFFFFFFF-1438788731-FFFF-FFFF-FFFFFFFFFFFF\hnss88.tmp [161792 2015-08-05] () [File not signed]
R2 hyverumu; C:\Program Files\FFFFFFFF-1438788731-FFFF-FFFF-FFFFFFFFFFFF\jnsy7F.tmp [209920 2015-08-05] () [File not signed]
R2 xymunype; C:\Program Files\FFFFFFFF-1438788731-FFFF-FFFF-FFFFFFFFFFFF\knst70.tmpfs [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Documents and Settings\Właściciel\Dane aplikacji\gsgM2rKhmvUAvKNu6Pz
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Documents and Settings\Właściciel\Dane aplikacji\gsgM2rKhmvUAvKNu6Pz.exe
2015-08-05 17:37 - 2015-08-05 17:37 - 0333506 _____ (AnySend.com) C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\nsn3F.tmp
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-854245398-1454471165-682003330-1003_Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}\InprocServer32 -> no filepath
Task: C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job => C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\cis1D.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\gsgM2rKhmvUAvKNu6Pz.job => C:\Documents and Settings\Waciciel\Dane aplikacji\gsgM2rKhmvUAvKNu6Pz.exe
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.3) Zrób nowe logi FRST.
jessi
JS:Redirector-BXI [Trj] - Avast
w Dział pomocy doraźnej
Opublikowano
W logach nie ma niczego podejrzanego.
Kosmetyka:
Otwórz Notatnik i wklej w nim:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
jessi