Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
Zmulony komp, spozniona reakacja na klikniecie myszka
25 Wrz 2012, 09:14
Witam
prawoklik myszki dziala za 5-6 razem, ogolnie komp zmulony.
Log OTL:
http://www.wklej.org/id/836042/
Log Extras:
http://www.wklej.org/id/836047/
Z góry dzięki za pomoc.
prawoklik myszki dziala za 5-6 razem, ogolnie komp zmulony.
Log OTL:
http://www.wklej.org/id/836042/
Log Extras:
http://www.wklej.org/id/836047/
Z góry dzięki za pomoc.
Re: Zmulony komp, spozniona reakacja na klikniecie myszka
25 Wrz 2012, 21:39
"SkanerOnline" = Skaner on-line mks_vir
Odinstaluj to oprogramowanie, oraz inne ewentualnie zbędne Ci.
Error - 2012-09-23 05:55:22 | Computer Name = Andrzeja | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.
Wejdź w Menedżer Urządzeń
Kontrolery IDE ATA/ATAPI Podstawowy kanał IDE Ustawienia zaawansowane Sprawdź, jak jest ustawiony Bieżący tryb transferu. To samo robisz dla Pomocniczego kanału IDE.Logi.
Uruchom OTL
w oknie Własne opcje skanowania/skrypt wklej:- Kod:
:OTL
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-573470716-2159191918-2876217961-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-573470716-2159191918-2876217961-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-573470716-2159191918-2876217961-1001\..\SearchScopes,DefaultScope = {7C275E4E-BF3A-417E-84AF-B9459F2C9F8E}
IE - HKU\S-1-5-21-573470716-2159191918-2876217961-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-573470716-2159191918-2876217961-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-573470716-2159191918-2876217961-1001\..\SearchScopes\{7C275E4E-BF3A-417E-84AF-B9459F2C9F8E}: "URL" = http://www.google.com/search?hl=pl&q={searchTerms}&rlz=1I7ADFA_pl
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
[2012-09-16 07:06:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Andrzej\AppData\Roaming\mozilla\Firefox\Profiles\cfttm4ui.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-04-07 17:31:34 | 000,000,000 | ---D | M] (Iplex to ALLPlayer) -- C:\Users\Andrzej\AppData\Roaming\mozilla\Firefox\Profiles\cfttm4ui.default\extensions\[email protected]
[2012-04-07 17:32:01 | 000,000,000 | ---D | M] (YouTube to ALLPlayer) -- C:\Users\Andrzej\AppData\Roaming\mozilla\Firefox\Profiles\cfttm4ui.default\extensions\[email protected]
[2012-03-12 15:12:25 | 000,010,043 | ---- | M] () (No name found) -- C:\Users\Andrzej\AppData\Roaming\mozilla\firefox\profiles\cfttm4ui.default\extensions\[email protected]
[2012-07-26 23:07:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Andrzej\AppData\Roaming\mozilla\firefox\profiles\cfttm4ui.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010-06-20 22:23:04 | 000,001,819 | ---- | M] () -- C:\Users\Andrzej\AppData\Roaming\mozilla\firefox\profiles\cfttm4ui.default\searchplugins\bing.xml
[2012-09-08 02:12:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-09-08 02:12:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
CHR - Extension: Skype Click to Call = C:\Users\Andrzej\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
[2012-09-24 00:15:15 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{16C31FF7-8C9D-481D-BACD-C2E263199BCF}
[2012-09-23 12:15:01 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{BEBCE76F-60EB-40E6-BB2C-2B17195A4486}
[2012-09-23 00:14:35 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{07F272F9-1F47-454D-B703-7F01CDC2F84A}
[2012-09-22 12:14:09 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{CC52ABEF-F9BF-4D99-B578-2443CF646BE1}
[2012-09-21 17:57:09 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{4C012E55-AE9A-4FC4-8E61-508969CBF5EA}
[2012-09-20 18:50:07 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{162EBDCA-DB3B-4F5A-9EBB-E1ADE903B313}
[2012-09-20 06:49:39 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{F6498D4B-6021-456B-BE82-7BC100CFF798}
[2012-09-19 18:49:13 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{864288F4-6F38-4B2C-B75C-730DFA218161}
[2012-09-18 18:26:53 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{53BB2AA6-04CC-4137-B203-C5A4D9F73B10}
[2012-09-18 06:26:28 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{E986FE7C-3ABD-4ED4-8820-CE9EDBBC881C}
[2012-09-17 15:24:00 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{DAC7DA8D-C330-4708-AA96-4F338C6C37EF}
[2012-09-16 20:22:17 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{063C2D80-4DBE-4D1F-900F-95CFD9A5F5A7}
[2012-09-16 01:54:36 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{26052F3D-0551-459D-B39C-360D31C0BE6D}
[2012-09-15 13:54:17 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{ED0F04B4-E1B9-41A1-A458-9D9B1C608203}
[2012-09-14 16:57:43 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{1994C9F4-E8B8-49B9-B6B1-599C1EE4F184}
[2012-09-13 19:19:29 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{E8258E7B-4492-4091-9258-9328AFAD7B17}
[2012-09-13 06:59:28 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{721ED8DA-1E2B-4DDC-A220-1338F3EE5CE6}
[2012-09-12 07:04:13 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{20D053EB-512C-44A8-9A0A-EDD5C15098B3}
[2012-09-11 06:59:51 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{7D897771-956E-48B7-993E-1031484B9D72}
[2012-09-10 18:59:24 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{AD272804-C9AB-4A6E-BBF8-0F48CD9D21F5}
[2012-09-10 06:58:59 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{C1267894-0E72-48C4-B718-2615CEFABEE1}
[2012-09-09 12:45:02 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{73962E73-1A17-48F3-B2B6-7562F1179222}
[2012-09-09 00:44:29 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{4D5AFC6D-D9A2-461E-9694-EF84C76BA3C2}
[2012-09-08 12:44:16 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{DDBD68E6-55BF-449B-8049-7028C9AE6481}
[2012-09-07 23:14:23 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{ADE202A0-8BA1-4344-97F7-3974FAC08B93}
[2012-09-07 06:50:42 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{8D98EEA4-598C-4F35-A02E-A48A1FCC060F}
[2012-09-06 18:50:16 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{CB748A34-4C72-47EF-8410-A24815A0F92E}
[2012-09-05 20:51:33 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{97A44254-D387-4DC9-8203-B61B45E14C27}
[2012-09-05 06:28:49 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{766BE361-BFD0-49B3-A81C-74783A18B11E}
[2012-09-04 18:28:24 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{EBE2A1AF-3FCB-4A08-88A9-6F9D680E29A0}
[2012-09-04 06:28:11 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{0CD68635-D17C-4835-90A8-D222E92E83FC}
[2012-09-03 15:59:26 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{9BDEBDC1-31B1-4FDC-8D1E-76B81F8EE10D}
[2012-09-02 21:39:53 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{1B6392E1-76CC-4050-A2B0-B776191CEC08}
[2012-09-02 09:34:56 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{ACC0334E-8C1E-4A3D-8D25-2AA0651F6B70}
[2012-09-01 17:22:19 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{22EC9705-B41E-4AB4-98FD-0795B75F8D33}
[2012-09-01 05:21:53 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{43BFDA57-4F25-4476-AAED-FB8C95CFE773}
[2012-08-31 17:21:41 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{5FBD3375-A633-40A4-B5B9-E0D514C494E4}
[2012-08-30 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{E70C1E68-F3D7-4D71-83E4-D610B54214E0}
[2012-08-30 07:09:29 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{951869B9-7E58-4114-BEEE-E054CBA5C859}
[2012-08-28 20:28:33 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{7DFACF70-F58E-494B-B253-841112B2F6CD}
[2012-08-28 06:48:45 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{27CB3548-582A-4EEB-96A9-8AE3F4A771EA}
[2012-08-27 17:04:49 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{E9401EAF-50A2-4F93-8BD2-7239F0E65393}
[2012-08-26 22:33:45 | 000,000,000 | ---D | C] -- C:\Users\Andrzej\AppData\Local\{776CE397-F4E6-4766-8FAA-4385702ED97B}
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:D9592966
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:DB7FB6BE
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1
:Files
C:\Program Files (x86)\Google\Update
C:\Windows\tasks\*.*
C:\Users\Andrzej\Desktop\skaner.exe
:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]
Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podaj log z ADWCleaner (z opcji Delete)
otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p139531 + log z TDSSKiller otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p120292 + nowe logi z OTL + log z Autoruns otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p138589.
Re: Zmulony komp, spozniona reakacja na klikniecie myszka
27 Wrz 2012, 01:43
Witam
Logi:
OTL z usuwania: http://www.wklej.org/id/837596/
AdwCleaner: http://www.wklej.org/id/837597/
Tdsskiller: http://www.wklej.org/id/837598/
Nowy OTL: http://www.wklej.org/id/837599/
Link do autorun: http://www18.zippyshare.com/v/80300082/file.html
Logi:
OTL z usuwania: http://www.wklej.org/id/837596/
AdwCleaner: http://www.wklej.org/id/837597/
Tdsskiller: http://www.wklej.org/id/837598/
Nowy OTL: http://www.wklej.org/id/837599/
Link do autorun: http://www18.zippyshare.com/v/80300082/file.html