Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

PriceFountain - Prośba o logi - Prośba o sprawdzenie logów.

Makar00 10 Mar 2016 11:59 708 3
  • #1 10 Mar 2016 11:59
    Makar00
    Poziom 2  

    Witam,

    W ostatnim czasie przez przypadek ściągnąłem ustrojstwo pod tytułem "pricefountain" i za cholerę nie mogę się go pozbyć.

    Załączam logi z FRST.

    Z góry bardzo dziękuję,
    Marcin

    0 3
  • Pomocny post
    #2 10 Mar 2016 12:18
    Domino_2
    Pomocny dla użytkowników

    Cytat:

    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.21.135\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.21.99\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.25.5\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.27.5\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.23.9\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.28.1\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.21.145\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.21.123\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.21.153\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.28.13\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.24.15\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.21.149\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.22.3\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.21.165\psuser.dll => Brak pliku




    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.26.9\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.21.115\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.29.1\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.25.11\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.28.15\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.22.5\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.21.111\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-623418548-3841204533-519962423-1147_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\mma\AppData\Local\Google\Update\1.3.24.7\psuser.dll => Brak pliku
    Task: {04152A1F-A689-47CE-B39C-230AED3F2D61} - System32\Tasks\{5321BE8C-E42D-46EF-9B05-5D51940F6CAE} => pcalua.exe -a C:\Users\mma\Desktop\pen\SFBot_v2.1.0(1)\sfBot.exe -d C:\Users\mma\Desktop\pen\SFBot_v2.1.0(1)
    Task: {07FE42A3-1F41-4DB0-8EB5-615C7E5ED104} - System32\Tasks\{73186EC7-409D-417A-845E-C4A4153915EB} => pcalua.exe -a "C:\Comarch ERP XL 2015.2\CDNXL.EXE" -d "C:\Comarch ERP XL 2015.2"
    Task: {08893DFB-64BA-4601-8B7B-3DE3273AE057} - System32\Tasks\{123A659F-36DE-483F-A98A-9A9B5EB6F8E9} => pcalua.exe -a "C:\Comarch ERP XL 2014.1\CDNXL.EXE" -d "C:\Comarch ERP XL 2014.1"
    Task: {0C650BC6-F15C-4445-9995-89D8416EBB95} - \a2zLyrics-1-codedownloader -> Brak pliku <==== UWAGA
    Task: {167AA4AC-2E38-4632-A892-38127281F401} - \a2zLyrics-1-firefoxinstaller -> Brak pliku <==== UWAGA
    Task: {45535061-41CD-4AC1-A36C-6B5CAAC6950F} - System32\Tasks\{AA818E2C-A6A7-4C49-9702-0347BF78D8F0} => pcalua.exe -a C:\Users\mma\Desktop\pen\SFBot_v2.1.0\sfBot.exe -d C:\Users\mma\Desktop\pen\SFBot_v2.1.0
    Task: {761A3E99-D6F5-4504-B198-FDDFB7312D5F} - System32\Tasks\PriceFountainUpdateVer => C:\Users\mma\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: {8B47A786-27F7-4B92-8386-2B50540F244D} - \Advanced System~Protector -> Brak pliku <==== UWAGA
    Task: {9D32A886-3ECF-40AF-999E-658C36D1DAC9} - System32\Tasks\{C5C6339E-9CC3-4193-8CF6-A79EF43C63B3} => pcalua.exe -a C:\Users\mma\Desktop\SFBot_v2.1.0(1)\SFBot_v2.1.0(1)\sfBot.exe -d C:\Users\mma\Desktop\SFBot_v2.1.0(1)\SFBot_v2.1.0(1)
    Task: {AEDA7CFB-555A-4E47-9578-3DC47E17B99D} - \temp_a2zLyrics-1-enabler -> Brak pliku <==== UWAGA
    Task: {BB82527F-F9C7-4942-9048-55E2CF66953C} - System32\Tasks\mmaOhoSteakV2 => Rundll32.exe PhoneyLeeriness.dll,main 7 1 <==== UWAGA
    Task: {CF2A1391-5488-4C8C-A7ED-9FD1C659E9B6} - System32\Tasks\{9039151D-A180-4332-9368-F8E1F4112A7E} => pcalua.exe -a "C:\Users\mma\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /affid uninstall /id uninstall /name "Bundled software uninstaller"
    Task: {D81F95D8-2C1C-4367-BB78-A183831174C0} - \Advanced System~Protector_startup -> Brak pliku <==== UWAGA
    Task: {EF32CDB9-A247-439D-AD87-5A0058C1DE04} - System32\Tasks\{00E94A21-8967-45F6-B9C3-63CA23BB23B5} => pcalua.exe -a "C:\Comarch ERP XL 2013.4\CDNSPR.EXE" -d "C:\Comarch ERP XL 2013.4"
    Task: {FC584CE6-5426-48D6-A1D6-C5D289C91B5A} - System32\Tasks\{B1F3A818-53E8-4374-969A-09EE8EF40A02} => pcalua.exe -a C:\Users\mma\Desktop\pen\SFBot_v2.0.1_win\sfBot.exe -d C:\Users\mma\Desktop\pen\SFBot_v2.0.1_win
    Task: C:\Windows\Tasks\PriceFountainUpdateVer.job => C:\Users\mma\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    HKU\S-1-5-21-623418548-3841204533-519962423-1147\Software\Classes\.exe: exefile => <===== UWAGA
    HKU\S-1-5-21-623418548-3841204533-519962423-1147\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    BootExecute: autocheck autochk * sh4native Sh4Removal
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-623418548-3841204533-519962423-1147 -> {FC32473B-F2E3-4D1E-9F95-1252CE186186} URL =
    FF DefaultSearchUrl: hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF NetworkProxy: "type", 0
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF user.js: detected! => C:\Users\mma\AppData\Roaming\Mozilla\Firefox\Profiles\q8ey9573.default\user.js [2016-03-09]
    StartMenuInternet: Google Chrome.BDJFU3YVYOC5GJUKCMDXIAYFPY - C:\Users\mma\AppData\Local\Google\Chrome\Application\chrome.exe
    S3 FscBapi; system32\DRIVERS\FscBapi.sys [X]
    S3 FscCmos; system32\DRIVERS\FscCmos.sys [X]
    S3 FscCpuid; system32\DRIVERS\FscCpuid.sys [X]
    S3 FscEfDmi; system32\DRIVERS\FscEfDmi.sys [X]
    2016-03-10 11:00 - 2016-03-10 11:07 - 00138076 _____ C:\spyhunter.fix
    2016-03-10 10:09 - 2016-03-10 11:35 - 00000000 ____D C:\Users\mma\Downloads\SpyHunter 4.21.10.4585 Portable by wood
    2016-03-09 14:47 - 2016-03-09 14:47 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\mma\Downloads\sh-remover.exe
    2016-03-09 13:16 - 2016-03-09 14:43 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
    2016-03-09 13:16 - 2016-03-09 14:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-03-09 12:27 - 2016-03-09 12:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\mma\Downloads\spybot-2.4.exe
    2016-03-03 14:39 - 2016-03-09 14:40 - 00000284 _____ C:\Windows\Tasks\PriceFountainUpdateVer.job
    2016-03-03 14:39 - 2016-03-03 14:39 - 00000000 ____D C:\Users\mma\AppData\Roaming\PriceFountainUpdateVer
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    Przeskanuj komputer programem ADWCleaner i usuń wszystko co znalazł.

    0
  • #3 10 Mar 2016 12:51
    Makar00
    Poziom 2  

    Dzięki za tak szybką pomoc. Problem rozwiązany.

    Pozdrawiam

    0
  • #4 10 Mar 2016 13:23
    Domino_2
    Pomocny dla użytkowników

    Możesz skasować folder C:\FRST.

    PriceFountain - Prośba o logi - Prośba o sprawdzenie logów.

    0