Zawalony system - logi


(Hrustus) #1

Siema

 

Posiadam masakrycznie zawalony laptop, nie wyrabiam MBAM-em i AdwCleanerem… Standardowo omiga.plus + masa innego syfu…

 

Obowiązkowe logi FRST:

FRST:

http://wklej.org/id/1633425/

 

Addition:

http://wklej.org/id/1633424/

 

Pozdrawiam :slight_smile:


(Acorus) #2

Odinstaluj McAfee Internet Security,omiga-plus uninstall,PriceFountain (remove only),Update for PriceFountain.Otwórz notatnik systemowy i wklej:

Task: {61F0E4DF-C42F-4E0F-B7C7-DCC3B50DB5F7} - System32\Tasks\Price Fountain = C:\Users\Kamila\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2015-01-01] () ==== ATTENTION
Task: {64CF615C-16E0-4411-B13A-E0CB59D4E858} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-48687784-3848476946-1000321245-1002UA = C:\Users\Kamila\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-26] (Facebook Inc.)
Task: {B1766E2A-AFBF-417B-BA93-51C1C9A0D354} - System32\Tasks\{82866344-A5E6-497D-97F4-CF720A8AAC67} = pcalua.exe -a "C:\Program Files (x86)\Delta\delta\1.8.24.6\GUninstaller.exe" -c -uprtc -ask -rmbus "Delta toolbar" -nontfy -bname=dlt -key "delta"
Task: {EA0B3452-4420-49D5-B3C1-B60E49A93D8A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-48687784-3848476946-1000321245-1002Core = C:\Users\Kamila\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-26] (Facebook Inc.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-48687784-3848476946-1000321245-1002Core.job = C:\Users\Kamila\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-48687784-3848476946-1000321245-1002UA.job = C:\Users\Kamila\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\Price Fountain.job = C:\Users\Kamila\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-48687784-3848476946-1000321245-1002\...\Run: [Yahoo! Search] = C:\Users\Kamila\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe
HKU\S-1-5-21-48687784-3848476946-1000321245-1002\...\Run: [Facebook Update] = C:\Users\Kamila\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-26] (Facebook Inc.)
HKU\S-1-5-21-48687784-3848476946-1000321245-1002\...\Run: [pricefountainw.exe] = C:\Users\Kamila\AppData\Local\PriceFountain\pricefountainw.exe [461824 2014-12-07] (Price Fountain)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107q={searchTerms}
HKU\S-1-5-21-48687784-3848476946-1000321245-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107
HKU\S-1-5-21-48687784-3848476946-1000321245-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107q={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-48687784-3848476946-1000321245-1002 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107q={searchTerms}
SearchScopes: HKU\S-1-5-21-48687784-3848476946-1000321245-1002 - {112B9B8D-4D28-4BB8-B5D4-E46ADE415CCD} URL = http://www.dogpile.com/search/web?fcoid=417fcop=topnavfpid=27ql=q={searchTerms}
SearchScopes: HKU\S-1-5-21-48687784-3848476946-1000321245-1002 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107q={searchTerms}
BHO-x32: Dynamo Combo 1.0.0.7 - {986c37a1-7b65-476f-80dc-54f80bd4b0d6} - C:\Program Files (x86)\Dynamo Combo\DynamoComboBHO.dll (Dynamo Combo)
BHO-x32: PriceFountain - {b608cc98-54de-4775-96c9-097de398500c} - C:\Users\Kamila\AppData\Local\PriceFountain\PriceFountainIE.dll ()
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=scts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107
FF Extension: No Name - C:\Program Files\McAfee\MSK [2013-03-19]
CHR HomePage: Default - hxxp://search.ividi.org/?src=tbhpid=700027f30000000000002cd05aa4e489affilt=3
CHR StartupUrls: Default - "hxxp://search.ividi.org/?src=tbhpid=700027f30000000000002cd05aa4e489affilt=3", "hxxp://rts.dsrlte.com", "hxxp://isearch.omiga-plus.com/?type=hpts=1420132332from=coruid=ST1000LM024XHN-M101MBB_S2SMJ9ED216107"
CHR DefaultSearchKeyword: Default - search.tb.ask.com
CHR DefaultSearchURL: Default - http://search.tb.ask.com/search/GGmain.jhtml?st=kwdptb=28F08D12-71DD-471F-82B4-A7FF65E99743n=77fda151ind=2013110609p2=^ZC^xpt311^YYA^plsearchfor={searchTerms}
CHR DefaultSuggestURL: Default - http://ssmsp.ask.com/query?q={searchTerms}li=ffsstype=prefix
CHR Extension: (Dynamo Combo) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Default\Extensions\eheacoflpaonnngbihgdjcgjlhbfhcpe [2015-01-22]
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe -service [X]
R1 {16a92140-918d-4afb-9edb-46f22437bb10}Gw64; C:\Windows\System32\drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw64.sys [48792 2015-01-25] (StdLib)
R1 {3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}Gw64; C:\Windows\System32\drivers\{3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}Gw64.sys [48792 2015-01-28] (StdLib)
R1 {641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64; C:\Windows\System32\drivers\{641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64.sys [48792 2015-01-19] (StdLib)
R1 {8d9208df-94f9-4c96-a224-97b37b0df94e}Gw64; C:\Windows\System32\drivers\{8d9208df-94f9-4c96-a224-97b37b0df94e}Gw64.sys [48792 2015-01-04] (StdLib)
R1 {915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw64; C:\Windows\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw64.sys [48792 2015-01-22] (StdLib)
R1 {bf5001a3-ae7a-4910-925a-5060ef2c0508}Gw64; C:\Windows\System32\drivers\{bf5001a3-ae7a-4910-925a-5060ef2c0508}Gw64.sys [48792 2015-01-06] (StdLib)
R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64; C:\Windows\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys [48792 2015-01-13] (StdLib)
R1 {ecd6aae4-019c-44b2-a0e5-570904275d66}Gw64; C:\Windows\System32\drivers\{ecd6aae4-019c-44b2-a0e5-570904275d66}Gw64.sys [48792 2015-01-16] (StdLib)
R1 {ef3f84a6-599c-4148-a8eb-9aa938299b3e}Gw64; C:\Windows\System32\drivers\{ef3f84a6-599c-4148-a8eb-9aa938299b3e}Gw64.sys [48792 2014-12-31] (StdLib)
R1 {f81878fa-25e9-442d-8ada-79658b6520f2}Gw64; C:\Windows\System32\drivers\{f81878fa-25e9-442d-8ada-79658b6520f2}Gw64.sys [48792 2015-01-10] (StdLib)
2015-01-29 00:08 - 2015-01-28 12:34 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{3bcf4f2c-0bbb-4d4c-bf1f-11bbe6d501ea}Gw64.sys
2015-01-25 22:02 - 2015-01-25 05:44 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{16a92140-918d-4afb-9edb-46f22437bb10}Gw64.sys
2015-01-22 23:57 - 2015-01-22 12:54 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gw64.sys
2015-01-19 22:46 - 2015-01-19 06:41 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{641e52b1-3179-43ed-8bcb-f688871e52b0}Gw64.sys
2015-01-16 15:55 - 2015-01-16 00:43 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{ecd6aae4-019c-44b2-a0e5-570904275d66}Gw64.sys
2015-01-13 20:45 - 2015-01-13 07:41 - 00048792 _____ (StdLib) C:\WINDOWS\system32\Drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gw64.sys
2015-02-12 17:08 - 2015-01-01 18:13 - 00000000 ____ D () C:\Program Files (x86)\Dynamo Combo
2015-01-22 15:51 - 2015-01-01 18:13 - 00000000 ____ D () C:\ProgramData\IePluginServices
2015-01-22 15:51 - 2015-01-01 18:13 - 00000000 ____ D () C:\Program Files (x86)\SupTab
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.