jessica
-
Postów
4 099 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez jessica
-
-
Skoro nic się nie dzieje, to chyba możemy kończyć:
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST
jessi
-
Adw-Cleaner:
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
TDSSKiler nie wykrył żadnych nieprawidłowości.
jessi
-
Czy po użyciu Adw-Cleaner'a problem jest dalej aktualny?
W logach nie widzę niczego podejrzanego.
Kosmetyka:
Otwórz Notatnik i wklej w nim:
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Task: {DC9464FA-8BB5-4552-A07F-E107B0BB239D} - System32\Tasks\{81F8EAD5-C551-4E40-B154-576D8D7BCCBF} => pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_Plugin.exe -c -maintain plugin
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.jessi
-
1) Odinstaluj
SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== ATTENTION
(jeśli pojawi się pytanie, czy tylko usunąć z listy - to zgódź się)
2) Otwórz Notatnik i wklej w nim:
Task: {5DE3451F-7FE6-4DD6-A1A6-CED5BA2E2C5E} - System32\Tasks\{74510947-0BD2-4A19-BE4A-6FD6CD48DE17} => pcalua.exe -a C:\Users\Kuba\Desktop\\HAC\setup.exe -d C:\Users\Kuba\Desktop\\HAC
Task: {C38C8713-6FC8-44D9-8DF5-BA81C879A347} - System32\Tasks\{CE30E140-EF1F-48F3-A446-84A1B8B3F896} => pcalua.exe -a D:\cda_menu.exe -d D:\
FF Plugin HKU\S-1-5-21-4210197690-3277502692-2936419266-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
C:\ProgramData\boost_interprocess
C:\Windows\Minidump\070815-19921-01.dmp
C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR
C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.-------------------------
2009-09-04 18:00 - 2009-09-04 18:00 - 1347354 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1078954 _____ () C:\Program Files (x86)\Apr2005_d3dx9_25_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1397822 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1115221 _____ () C:\Program Files (x86)\Apr2006_d3dx9_30_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0916430 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 4162630 _____ () C:\Program Files (x86)\Apr2006_MDX1_x86_Archive.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0179125 _____ () C:\Program Files (x86)\Apr2006_XACT_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0133095 _____ () C:\Program Files (x86)\Apr2006_XACT_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0087101 _____ () C:\Program Files (x86)\Apr2006_xinput_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0046002 _____ () C:\Program Files (x86)\Apr2006_xinput_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0698612 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0695857 _____ () C:\Program Files (x86)\APR2007_d3dx10_33_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1607358 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x64.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 1606031 _____ () C:\Program Files (x86)\APR2007_d3dx9_33_x86.cab
2009-09-04 18:00 - 2009-09-04 18:00 - 0195758 _____ () C:\Program Files (x86)\APR2007_XACT_x64.cabDziwne programy.
Ale nie ruszam ich, bo nie wiem, czy są potrzebne, czy nie.
jessi
-
to jest jakaś kpina aby ściągać od nich antywirus,
Zgadzam się z tym całkowicie.
Na szczęście Facebook w ogóle nie jest potrzebny do prawidłowego działania komputera.
Spróbuj przeinstalować przeglądarkę, na której pojawia się ten komunikat.
jessi
-
Problem nie ustąpił.
Sadząc po logach, to jest już OK.
Z wyjątkiem brakujących plików Antywirusa.
Spróbuj go przeinstalować.
jessi
-
W logach nie widzę żadnej infekcji.
Kosmetyka:
Otwórz Notatnik i wklej w nim:
HKU\S-1-5-19\...\Winlogon: [shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2674993562-3757165582-3732150407-1000\...\Winlogon: [shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.jessi
-
Otwórz Notatnik i wklej w nim:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Jeśli to poprawiło sytuację, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
jessi
-
W logach nie widzę niczego podejrzanego.
Kosmetyka:
Otwórz Notatnik i wklej w nim:
AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL File not found
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => "C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL" File not found
C:\WINDOWS\Minidump\0*.dmp
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.jessi
-
Az mi się wierzyć nie chce, że te logi były robione po użyciu Adw-Cleaner'a!
1) Odinstaluj:
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.4 - CMI Limited) <==== ATTENTION
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION
2) Otwórz Notatnik i wklej w nim:
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kuba\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0EB45812-50FB-4FFC-8854-1CB507722678} - System32\Tasks\{342D25EC-1B49-42FD-B7E9-7145692D888D} => pcalua.exe -a "C:\Users\Kuba\Desktop\\HAC\Advanced RAR Password Recovery.exe" -d C:\Users\Kuba\Desktop\\HAC
Task: {1D9B0FD1-BBA3-4994-950F-9E0766DA6A3E} - System32\Tasks\{60938517-7198-4632-B31E-627AFFB697CF} => pcalua.exe -a "C:\Users\Kuba\AppData\Roaming\.minecraft\mods\Millienarie\Millenaire Installer\Millenaire Installer\Millenaire Installer.exe" -d "C:\Users\Kuba\AppData\Roaming\.minecraft\mods\Millienarie\Millenaire Installer\Millenaire Installer"
Task: {30082EF5-A046-469C-BE97-47E3B72950FA} - System32\Tasks\Z9e8sf5IR => C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR.exe [2015-04-20] () <==== ATTENTION
Task: {7D2CD53F-E29D-4DA3-B6ED-CFBE3A304B54} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-08] (AnyProtect.com) <==== ATTENTION
Task: {84CDA21A-FC4D-4D67-BD6E-9FB819A12ECE} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{8ED5B068-5C53-4271-BEAA-65F32721B994}.exe
Task: {97E3A1E2-848B-4157-9FB3-AE1E3FE0AAD5} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-08] (AnyProtect.com) <==== ATTENTION
Task: {B6C853E8-B6AE-4AB9-BAE4-47F39EBA84B5} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-08] (AnyProtect.com) <==== ATTENTION
Task: {CFD06470-0D42-4E4E-B747-6796C31C59F9} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{0B4E20CD-8DA2-4539-AED8-16094F3580DE}.exe
Task: {E79B7989-60E0-46CA-9C28-B17F2801289C} - System32\Tasks\veVNOUyn6maUmgP => C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP.exe [2015-04-20] () <==== ATTENTION
Task: {F63B190E-97D4-40AA-83C1-B28C10BFE297} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Kuba\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {FD4D1BEE-24EA-48DA-9D6B-3A7B7CE13F07} - System32\Tasks\{C299A6C4-78B5-442E-BEF8-B6456F21055D} => pcalua.exe -a C:\Users\Kuba\Desktop\Ikony\Gry\Minecraft\Minecraft_Beta_Cracked_v1.7.3.exe -d C:\Users\Kuba\Desktop\Ikony\Gry\Minecraft
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{8ED5B068-5C53-4271-BEAA-65F32721B994}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{0B4E20CD-8DA2-4539-AED8-16094F3580DE}.exe <==== ATTENTION
Task: C:\Windows\Tasks\veVNOUyn6maUmgP.job => C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP.exe <==== ATTENTION
Task: C:\Windows\Tasks\Z9e8sf5IR.job => C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR.exe <==== ATTENTION
C:\Users\Kuba\AppData\Roaming\veVNOUyn6maUmgP.exe
C:\Users\Kuba\AppData\Roaming\Z9e8sf5IR.exe
C:\Program Files (x86)\AnyProtectEx
C:\Users\Kuba\AppData\Local\SmartWeb
2015-07-06 16:05 - 2015-07-06 16:05 - 00591360 _____ () C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\knsr67D0.tmpfs
2015-07-06 16:46 - 2015-07-06 16:46 - 00165376 _____ () C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\hnsr9E62.tmp
2015-07-08 21:42 - 2015-07-08 11:03 - 03287696 _____ () C:\Users\Kuba\AppData\Local\gmsd_pl_005010025\upgmsd_pl_005010025.exe
C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876
C:\Program Files (x86)\gmsd_pl_005010025
C:\Program Files (x86)\MiuiTab
HKLM-x32\...\Run: [mbot_pl_11] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010023] => [X]
HKLM-x32\...\Run: [smartWeb] => C:\Users\Kuba\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_pl_005010025] => C:\Program Files (x86)\gmsd_pl_005010025\gmsd_pl_005010025.exe [3988112 2015-07-08] ()
HKLM-x32\...\RunOnce: [upgmsd_pl_005010025.exe] => C:\Users\Kuba\AppData\Local\gmsd_pl_005010025\upgmsd_pl_005010025.exe [3287696 2015-07-08] ()
Startup: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-08]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Kuba\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
HKU\S-1-5-21-4210197690-3277502692-2936419266-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&ts=1436384565&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&ts=1436384565&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dspp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4210197690-3277502692-2936419266-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521&ts=1436384565&type=default&q={searchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=nt&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1436384551&z=d5c18b9c6a24772fde55f76g1z5c8q5c3bez8w2z3q&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\istartsurf.xml [2015-07-08]
FF Extension: QuickSearch - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\8veoe5rg.default\Extensions\searchffv2@gmail.com [2015-07-08]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Kuba\AppData\Roaming\Mozilla\Firefox\Profiles\8veoe5rg.default\extensions\searchffv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.istartsurf.com/?type=sc&ts=1436384516&z=49c4f797b72c67a1666d18bg9z3c6q1c3b6z2w7gcg&from=face&uid=WDCXWD6400BPVT-22HXZT1_WD-WXU1C607352173521
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
R2 vicoqudu; C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\hnsr9E62.tmp [165376 2015-07-06] () [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-08] (DTools LIMITED) <==== ATTENTION
R2 tohohyko; C:\Users\Kuba\AppData\Roaming\B661E556-1436193973-E011-AB32-B870F48BF876\knsr67D0.tmpfs [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
2015-07-08 21:44 - 2015-07-08 22:16 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-07-08 21:44 - 2015-07-08 22:16 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-07-08 21:44 - 2015-07-08 22:05 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-07-08 21:44 - 2015-07-08 21:45 - 00002826 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-07-08 21:44 - 2015-07-08 21:45 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-07-08 21:44 - 2015-07-08 21:45 - 00002824 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-07-08 21:44 - 2015-07-08 21:44 - 00001013 _____ C:\Users\Kuba\Desktop\AnyProtect.lnk
2015-07-08 21:44 - 2015-07-08 21:44 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-07-08 21:43 - 2015-07-08 21:44 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-07-08 21:43 - 2015-07-08 21:43 - 00613255 _____ (CMI Limited) C:\Users\Kuba\AppData\Local\nsnCDB.tmp
2015-07-08 21:43 - 2015-07-08 21:43 - 00000000 __SHD C:\Users\Kuba\AppData\Roaming\AnyProtectEx
2015-07-08 21:42 - 2015-07-08 22:20 - 00000000 ____D C:\Users\Kuba\AppData\Local\gmsd_pl_005010025
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\istartsurf
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-07-08 21:42 - 2015-07-08 21:42 - 00000000 ____D C:\Program Files (x86)\gmsd_pl_005010025
2015-07-08 21:41 - 2015-07-08 21:41 - 00004040 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-07-08 21:41 - 2015-07-08 21:41 - 00000000 ____D C:\Users\Kuba\AppData\Local\SmartWeb
2015-07-07 17:44 - 2015-07-07 17:44 - 00613255 _____ (CMI Limited) C:\Users\Kuba\AppData\Local\nsc814E.tmp
2015-07-07 16:52 - 2015-07-07 16:52 - 00613255 _____ (CMI Limited) C:\Users\Kuba\AppData\Local\nss99FF.tmp
2015-07-07 16:50 - 2015-07-07 16:50 - 00000000 _____ C:\Windows\prleth.sys
2015-07-07 16:50 - 2015-07-07 16:50 - 00000000 _____ C:\Windows\hgfs.sys
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\ProgramData\boost_interprocess
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.3) Zrób nowe logi FRST.
jessi
-
Otwórz Notatnik i wklej w nim:
C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9
C:\Program Files\WordAnchor_1.10.0.19
HKLM\...\Run: [MSConfig] => C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [159744 2004-08-03] (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
R2 Update Mgr InternetProgram; C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.exe [350456 2015-01-08] ()
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
R2 wasvc_1.10.0.19; C:\Program Files\WordAnchor_1.10.0.19\Service\wasvc.exe [299096 2015-06-16] (WA)
S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X]
S3 sbusb; system32\DRIVERS\sbusb.sys [X]
C:\WINDOWS\system32\Drivers\wafd_1_10_0_19.sys
C:\Documents and Settings\All Users\Dane aplikacji\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.
Zrób nowe logi FRST.
jessi
-
Znałam ten opis "Spyrov.a", ale w Twoich logach nie było oznak tej infekcji.
jessi
-
plik " aiasfacoiaksf.vbss " dalej istnieje na urządzeniach podpiętych usb
to niedobrze
USBFix: Kliknij w nim na: CLEAN.
Daj raport z tego usuwania.
jessi
-
Process C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe (*** suspicious ***) @ C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [2616] (Microsoft® Volume Shadow Copy Service/Microsoft Corporation)(2015-06-23 12:48:18) 0000000000400000
Jest winowajca
1) Wejdź w Tryb Awaryjny (F8 przed startem Systemu).
2) Otwórz Notatnik i wklej w nim:
R2 VSSS; C:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [104751744 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTIONC:\Users\Mateusz\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CustomCLSID: HKU\S-1-5-21-4109652526-3747850710-83083684-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4109652526-3747850710-83083684-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4109652526-3747850710-83083684-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CCustomCLSID: HKU\S-1-5-21-4109652526-3747850710-83083684-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4109652526-3747850710-83083684-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mateusz\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0E0D1772-56FF-4B9A-B9FF-19897CB630C4} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {C5DE164D-F51D-441F-ABE5-997209D99D6A} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {C9021965-F56E-4584-86B4-9755381A72E8} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {E49FBE4E-9127-485A-AC9C-75F140F917CD} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
HKU\S-1-5-21-4109652526-3747850710-83083684-1002\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\S-1-5-21-4109652526-3747850710-83083684-1002\Software\Classes\exefile: <===== ATTENTION!
HKLM\...\Policies\Explorer\Run: [564675125] => C:\ProgramData\msnckgfm.exe [102346752 2014-11-21] ()
HKLM\...\Policies\Explorer\Run: [1885449592] => C:\ProgramData\msogmzjr.exe [93585408 2014-11-21] ()
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4109652526-3747850710-83083684-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4109652526-3747850710-83083684-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hp&ts=1383208129&from=cor&uid=ST1000LM024XHN-M101MBB_S2RQJ9EC924237
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> DefaultScope {A18BA569-169B-4C1D-828A-8DC7E616026C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=7e9fe951000000000000c68508e575ff
SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> {A18BA569-169B-4C1D-828A-8DC7E616026C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8P0bU1QC&i=26
SearchScopes: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> {F663D89E-C743-42FC-B8D2-C301C321BB54} URL =
BHO-x32: SweetPacks Browser Helper -> {EEE6C35C-6118-11DC-9C72-001320C79847} -> C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04] (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2012-07-04] (SweetIM Technologies Ltd.)
Toolbar: HKU\S-1-5-21-4109652526-3747850710-83083684-1002 -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [cekcjpgehmohobmdiikfnopibipmgnml] - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Mateusz\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-12-22]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [Not Found]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
C:\Program Files\9EJ6JLND.exe
C:\Program Files\MCEJCBD6.exe
C:\Program Files\Z3KJ9J95.exe
2015-07-05 16:27 - 2015-07-05 16:27 - 01415680 _____ (wj32) C:\Program Files\V2P3A0TD.exe
2015-07-05 16:27 - 2015-07-05 16:27 - 01415680 _____ (wj32) C:\Program Files\70D6K7KV.exe
2015-07-05 16:27 - 2015-07-05 16:27 - 01415680 _____ (wj32) C:\Program Files\3BM819EP.exe
2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\WM9ESOZP.exe
2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\NJ0T6TP9.exe
2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\KY6CKSKY.exe
2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\KVXMUE35.exe
2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\BJXT16H3.exe
2015-07-05 16:26 - 2015-07-05 16:26 - 01415680 _____ (wj32) C:\Program Files\9WY02FE4.exe
2015-07-05 16:25 - 2015-07-05 16:25 - 01415680 _____ (wj32) C:\Program Files\PRZPC10T.exe
2015-07-05 16:25 - 2015-07-05 16:25 - 01415680 _____ (wj32) C:\Program Files\LKSIKMOK.exe
2015-07-05 16:25 - 2015-07-05 16:25 - 01415680 _____ (wj32) C:\Program Files\LAILN9ED.exe
2015-07-05 16:25 - 2015-07-05 16:25 - 01415680 _____ (wj32) C:\Program Files\KMRTV27X.exe
2015-07-05 16:25 - 2015-07-05 16:25 - 01415680 _____ (wj32) C:\Program Files\69BG6GKS.exe
2015-07-05 16:24 - 2015-07-05 16:24 - 01415680 _____ (wj32) C:\Program Files\8GLHPX5R.exe
2015-07-05 16:24 - 2015-07-05 16:24 - 01415680 _____ (wj32) C:\Program Files\3WM6JU89.exe
2015-07-05 11:47 - 2015-07-05 11:47 - 01415680 _____ (wj32) C:\Program Files\7W7W4KYT.exe
2015-07-03 18:18 - 2015-07-03 18:18 - 01415680 _____ (wj32) C:\Program Files\TV0TSUWL.exe
2015-07-02 14:06 - 2015-07-02 14:06 - 01415680 _____ (wj32) C:\Program Files\KDIKMTYX.exe
2015-07-02 12:18 - 2015-07-02 12:18 - 01415680 _____ (wj32) C:\Program Files\TSUHJKSF.exe
2015-07-02 10:44 - 2015-07-02 10:44 - 01415680 _____ (wj32) C:\Program Files\9Y08YON0.exe
2015-06-26 19:57 - 2015-06-26 19:57 - 01415680 _____ (wj32) C:\Program Files\TY36GIKA.exe
2015-06-26 19:57 - 2015-06-26 19:57 - 01415680 _____ (wj32) C:\Program Files\E76E4RTF.exe
2015-06-26 19:57 - 2015-06-26 19:57 - 01415680 _____ (wj32) C:\Program Files\49Z43T68.exe
2015-06-26 19:56 - 2015-06-26 19:56 - 01415680 _____ (wj32) C:\Program Files\LTJLNFP9.exe
2015-06-26 19:56 - 2015-06-26 19:56 - 01415680 _____ (wj32) C:\Program Files\KSUW1R13.exe
2015-06-26 19:56 - 2015-06-26 19:56 - 01415680 _____ (wj32) C:\Program Files\JXT16HM8.exe
2015-06-26 19:56 - 2015-06-26 19:56 - 01415680 _____ (wj32) C:\Program Files\FHJLKCB4.exe
2015-06-26 19:56 - 2015-06-26 19:56 - 01415680 _____ (wj32) C:\Program Files\CBJ9EG5U.exe
2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\HNMUKUWM.exe
2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\EPOW49H3.exe
2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\E7U2A3BX.exe
2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\CHJ8VHJ5.exe
2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\98YX2RWV.exe
2015-06-26 19:55 - 2015-06-26 19:55 - 01415680 _____ (wj32) C:\Program Files\35AG5768.exe
2015-06-25 16:21 - 2015-06-25 16:21 - 01415680 _____ (wj32) C:\Program Files\D65AZMO1.exe
2015-06-24 10:04 - 2015-06-24 10:04 - 01415680 _____ (wj32) C:\Program Files\6NUEYZM6.exe
2015-06-24 10:04 - 2015-06-24 10:04 - 01415680 _____ (wj32) C:\Program Files\1OKSHMLB.exe
2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\OE13SUM5.exe
2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\JRHJOEDN.exe
2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\FKDFH46G.exe
2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\92468IKJ.exe
2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\80Z7XNPF.exe
2015-06-24 10:03 - 2015-06-24 10:03 - 01415680 _____ (wj32) C:\Program Files\4L2JEVC7.exe
2015-06-24 10:02 - 2015-06-24 10:02 - 01415680 _____ (wj32) C:\Program Files\LKTVKMOV.exe
2015-06-24 10:02 - 2015-06-24 10:02 - 01415680 _____ (wj32) C:\Program Files\KGLKD35F.exe
2015-06-24 10:02 - 2015-06-24 10:02 - 01415680 _____ (wj32) C:\Program Files\GUKY9FK3.exe
2015-06-23 14:49 - 2015-06-23 14:49 - 01415680 _____ (wj32) C:\Program Files\S346SGKE.exe
C:\ProgramData\MakeMarkerFile.exe
C:\ProgramData\msnckgfm.exe
C:\ProgramData\msogmzjr.exe
C:\Users\EasySurvey\EasySurvey.exe
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.
3) Zrób nowe logi z FRST.
4) Zrób log z Farbar Service Scanner >http://download.bleepingcomputer.com/farbar/FSS.exe (do skanowania zaznacz wszystko).
jessi
-
nie odpowiedziałeś na pytanie - gdzie NOD to wykrywa?
jessi
-
dalej nie moge dodac centrum akcji
Otwórz Notatnik i wklej w nim:
Reg: reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{FD6905CE-952F-41F1-9A6F-135D9C6622CC} /v AutoStart /t REG_SZ /d "" /fHKLM-x32\...\Run: [Adobe] => C:\ProgramData\Adobe\28BA2003.vbe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1946104158-849987808-3721883152-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Gr\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1946104158-849987808-3721883152-1001\...\Policies\Explorer: []
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
EDIT:
Edycja działa nieprawidłowo.
W w tej powyższej "fixlist" powinna być jeszcze jedna linijka:
C:\ProgramData\Adobe\28BA2003.vbe
ale nie da się jej tam dodać - forum źle działa,
jessi
-
Niestety nic z tego nie rozumiem. Po kolei co mam zrobic,ć co otworzyc na co kliknąć , ja na prawdę jestem tępa w sprawie kompa i to bardzo, proszę tak w punktach i co to te sprzetowe problemy?
Ad.1: programy chyba umiesz odinstalowywać?
Ad.2: ściągnij Adw-Cleaner z podanego linka
uruchom go, kliknij na przycisk SZUKAJ (SCAN), poczekaj chwilę, aż uaktywni się przycisk USUŃ (CLEANING) - wtedy kliknij na niego.
Temat napisany w dziale WINDOWS 8, więc Moderator tego działu @mgrzeg (https://www.fixitpc.pl/user/4727-mgrzeg/), po przejrzeniu Twego tematu i ewentualnych zaleceniach, powinien przesunąć temat do działu Hardware https://www.fixitpc.pl/forum/43-hardware/
Czy przesunie - tego nie wiem, to nie zależy ode mnie.
jessi
-
co do logów:
1) Odinstaluj
do-search uninstall (HKLM-x32\...\do-search uninstall) (Version: - do-search) <==== ATTENTION!
2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.Nic więcej podejrzanego w logach nie widzę.
Oprócz problemu sprzętowego:
Error: (07/09/2015 08:29:13 AM) (Source: disk) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR467Error: (07/08/2015 05:46:28 PM) (Source: disk) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR465.
Error: (07/08/2015 05:46:28 PM) (Source: disk) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.https://www.fixitpc.pl/topic/5553-blad-sterownik-wykryl-blad-kontrolera-na-deviceharddiskxdrx-i-jego-interpretacja/
https://www.fixitpc.pl/forum/43-hardware/jessi
-
W logach nie ma niczego podejrzanego.
Kosmetyka:
Otwórz Notatnik i wklej w nim:
CustomCLSID: HKU\S-1-5-21-790525478-1677128483-839522115-1004_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\DOCUME~1\NTT\MOJEDO~1\POBIER~1\BESTPL~1.EXE No File
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-790525478-1677128483-839522115-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [X]
S3 WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [X]
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 esihdrv; \??\C:\DOCUME~1\NTT\USTAWI~1\Temp\esihdrv.sys [X]
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.jessi
-
Logi FRST są nieaktualne po nich był użyty Adw-Cleaner.
Odinstaluj SpyHunter, ale w ten sposób:
kliknij na tę ikonkę C:\Users\nazwa Użytkownika\Start Menu\Programs\SpyHunter\Uninstall.lnk (czyli >>START >>Programy>>Spy Hunter>>Unnistal)
wyskoczy okienko, ale zamiast klikać wielki zielony guzik "continue" kliknij "no, thanks". To drugie odinstalowuje.Potem zrób nowe logi FRST
Przed skanem zaznacz "Additional" oraz "Shortcut".
jessi
-
nod32 znajduje trojana spyrov.a.
Gdzie (ścieżka, nazwa pliku)?
Kosmetyka:
Otwórz Notatnik i wklej w nim:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1614895754-1606980848-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\WINDOWS\Minidump\Mini*.dmp
C:\Documents and Settings\ami\Dane aplikacji\603CB485
C:\Documents and Settings\All Users\Dane aplikacji\{895B5EDC-F84C-4A82-9575-9E50396F6B01}
CustomCLSID: HKU\S-1-5-21-1614895754-1606980848-839522115-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1614895754-1606980848-839522115-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1614895754-1606980848-839522115-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.
jessi
-
z dysków zewnętrznych wszystko zniknęło?
Wejdź po kolei na dyski H, J, L. Na nich są foldery "bez nazwy" do których infekcja przesunęła wszystkie dane.
Przenieś z tych folderów pliki poziom wyżej, a foldery "bez nazwy" przez SHIFT+DEL skasuj.Otwórz Notatnik i wklej w nim:
HKLM\...\Run: [asodakaossd] => D:\WINDOWS\system32\cmd.exe /c start D:\Documents" "and" "Settings\laptop\Dane" "aplikacji\aiasfacoiaksf.vbs exit
HKLM\...\RunOnce: [] => [X]
HKU\S-1-5-21-1993962763-573735546-839522115-1003\...\Run: [asodakaossd] => D:\WINDOWS\system32\cmd.exe /c start D:\Documents" "and" "Settings\laptop\Dane" "aplikacji\aiasfacoiaksf.vbs exit
Startup: D:\Documents and Settings\laptop\Menu Start\Programy\Autostart\asodakaossd.lnk [2015-07-01]
ShortcutTarget: asodakaossd.lnk -> (No File)
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UserFaultCheck" /f
D:\Documents and Settings\laptop\Dane aplikacji\afweorgqweasf.exe
EmptyTemp:Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.jessi
-
Witam ponownie,
czy ktoś ma jakiś pomysł?
Jak sam widzisz - nikt nie ma pomysłu.
W logach - nic podejrzanego.
jessi
-
SRV - [2015-01-08 13:39:54 | 000,350,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\Updater.exe -- (Update Mgr InternetProgram)
1. Użyj AdwCleaner. Najpierw kliknij na Skanuj, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk Usuń, to kliknij na niego. Pokaż raport z czyszczenia.
2. Zrób logi z FRST.
jessi
Zamulenie kompa: Firefox, shockwave flash i ogólne zamulenie całości
w Dział pomocy doraźnej
Opublikowano
Niestety, @Picasso jest nadal chora.
A takich sprawach jak Twoja Ona jest niezastąpiona.
Gdyby była jakaś infekcja, to może ja potrafiłabym pomóc, ale w logach nie widzę niczego podejrzanego.
Odinstaluj:
Kosmetyka:
Otwórz Notatnik i wklej w nim:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Na wszelki wypadek zrób nowe logi - jeśli @Picasso tu kiedyś zajrzy, to będzie miała aktualne logi.
jessi