Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Logi FRST. Firefox. - Wirus blokuje Adwcleanera.

naramsuen 01 Kwi 2016 18:57 1077 8
  • #1 01 Kwi 2016 18:57
    naramsuen
    Poziom 4  

    Cześć, przez przypadek zainstalowałem niechciane oprogramowanie. Poinstalowały mi się różne syfy, a na dodatek wirus blokuje mi Adwcleanera. Przeskanowałem ComboFix-em. Proszę o pomoc.

    0 8
  • #2 01 Kwi 2016 19:11
    junior84
    Poziom 22  

    Uruchom komputer w Trybie Awaryjnym. Wtedy Adwcleaner powinien wystartować poprawnie lub uruchom system live i skanowanie np. Online Eset.

    0
  • #4 02 Kwi 2016 07:36
    krzychupar
    Poziom 40  

    Odinstaluj:
    MobilePCStarterKit 000.005030285 (HKLM-x32\...\mpck_en_005030285_is1) (Version: - MOBILEPCSTARTERKIT) <==== UWAGA
    MobilePCStarterKit Maintenance 008.238 (HKLM-x32\...\rec_pl_238_is1) (Version: - MOBILEPCSTARTERKIT) <==== UWAGA
    SafeFinder (HKLM-x32\...\{C1C9B65D-0656-42BA-8D28-B333C6A9C87A}) (Version: 1.0.0.0 - Linkury) <==== UWAGA
    WizzWifiHotspot version 1.0 (HKLM-x32\...\Wizzwifihotspot_is1) (Version: 1.0 - Wizzlabs)
    comoBoss version 1.1 (HKLM-x32\...\comoBoss_is1) (Version: 1.1 - aze)

    Otwórz notatnik systemowy i wklej:
    Task: {27F13A9D-E885-4377-ADC6-D0FA44EBC50F} - System32\Tasks\{54CF9608-BBC7-4573-8A65-C07C282A690C} => pcalua.exe -a "C:\Users\Dell Latitude E6540\Downloads\fm2007_702\fm2007_702.exe" -d "C:\Users\Dell Latitude E6540\Downloads\fm2007_702"
    Task: {551F59ED-344A-43C1-BDD8-0A66ABC5F03B} - System32\Tasks\Iumota => C:\Program Files\Nhfiqhiuf\Nhubatp.bat [2016-04-01] ()
    Task: {5E9A36E9-9CDC-4306-A997-8E44814DB61F} - System32\Tasks\{09ED0A3A-97C9-4EF9-B39B-F8ACE83028BC} => pcalua.exe -a "C:\Users\Dell Latitude E6540\Downloads\Mahjong Titans game for XP\Mahjong Titans game for XP\MahjongInstall.exe" -d "C:\Users\Dell Latitude E6540\Downloads\Mahjong Titans game for XP\Mahjong Titans game for XP"
    Task: {D6C6306C-64AE-4443-9737-F0CDEF4A295F} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Dell Latitude E6540\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s...l8323bf,788e8fcc-5abd-4990-a109-692be444c271,,
    ShortcutWithArgument: C:\Users\Dell Latitude E6540\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s...l8323bf,788e8fcc-5abd-4990-a109-692be444c271,,
    ShortcutWithArgument: C:\Users\Dell Latitude E6540\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s...l8323bf,788e8fcc-5abd-4990-a109-692be444c271,,
    () C:\Program Files\Nhfiqhiuf\Wiwwal.exe
    () C:\Program Files (x86)\comoBoss\comowin.exe




    HKLM\...\Run: [IDSCCOMJZZ] => "C:\Program Files\SpaceSoundPro\idsccom_JZZ.exe"
    HKLM\...\Run: [IDSCCOM03E] => "C:\Program Files (x86)\Hostify\idsccom_03E.exe"
    HKLM-x32\...\Run: [comoBoss] => C:\Program Files (x86)\comoBoss\comowin.exe [4050432 2016-03-30] ()
    HKLM-x32\...\Run: [WizzWifiHotspot] => C:\Program Files (x86)\WizzWifiHotspot\WizzWifiHotspot.exe [2814464 2016-03-31] (Wizzlabs)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1248473928-1940877605-2906633192-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1248473928-1940877605-2906633192-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1248473928-1940877605-2906633192-1000\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO: Nhfiqhiuf -> {32947680-B9CF-4D89-8A2D-FF99EE914B2C} -> C:\Program Files\Nhfiqhiuf\Eemumkuu64.dll [2016-04-01] ()
    BHO-x32: Nhfiqhiuf -> {32947680-B9CF-4D89-8A2D-FF99EE914B2C} -> C:\Program Files\Nhfiqhiuf\Eemumkuu.dll [2016-04-01] ()
    DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
    DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    FF NewTab: C:\ProgramData\Konksolexs\ff.NT
    FF Homepage: C:\ProgramData\Konksolexs\ff.HP
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Extension: Brak nazwy - C:\Users\Dell Latitude E6540\AppData\Roaming\Mozilla\Firefox\Profiles\pc8rbnan.default\Extensions\deskCutv2@gmail.com [2016-04-01] [Brak podpisu cyfrowego]
    S2 Konksolex; C:\ProgramData\\Konksolex\\Konksolex.exe shuz -f "C:\ProgramData\\Konksolex\\Konksolex.dat" -l -a
    S2 ktip; "C:\Program Files\ktip\ktip.exe" /s iid=6052417 did=APSFTuto4PC sid=11 ref=b049fe7f-21f6-3e09-406f-1be4fb638c68-PolicyMac id=c832cd31d04f344ff2e8d5815c198a834639459176451eb5faeae302f0cdcad5 [X]
    S2 Nulsui; "C:\Users\Dell Latitude E6540\AppData\Roaming\PhpotEipic\Vhjirug.exe" -cms [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2016-04-01 18:44 - 2016-04-01 18:44 - 00032257 _____ C:\ComboFix.txt
    2016-04-01 18:04 - 2016-04-01 18:44 - 00000000 ____D C:\Qoobox
    2016-04-01 18:04 - 2016-04-01 18:43 - 00000000 ____D C:\Windows\erdnt
    2016-04-01 18:04 - 2016-04-01 18:03 - 05658312 ____R (Swearware) C:\Users\Dell Latitude E6540\Downloads\ComboFix.exe
    2016-04-01 18:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-04-01 18:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-04-01 18:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-04-01 18:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-04-01 18:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-04-01 18:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
    2016-04-01 18:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
    2016-04-01 18:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
    2016-04-01 17:45 - 2016-04-01 18:48 - 00000000 ____D C:\AdwCleaner
    2016-04-01 17:45 - 2016-04-01 17:33 - 03102720 _____ C:\Users\Dell Latitude E6540\Downloads\122kl.exe
    2016-04-01 17:27 - 2016-04-01 17:27 - 06504960 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\agent.dat
    2016-04-01 17:27 - 2016-04-01 17:27 - 01626416 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\VoyaApity.tst
    2016-04-01 17:27 - 2016-04-01 17:27 - 01626416 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\Tinhome.tst
    2016-04-01 17:27 - 2016-04-01 17:27 - 00126464 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\noah.dat
    2016-04-01 17:27 - 2016-04-01 17:27 - 00126464 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\lobby.dat
    2016-04-01 17:27 - 2016-04-01 17:27 - 00072699 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\Tamp-Light.tst
    2016-04-01 17:27 - 2016-04-01 17:27 - 00072699 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\Alphazap.tst
    2016-04-01 17:27 - 2016-04-01 17:27 - 00065424 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\Config.xml
    2016-04-01 17:27 - 2016-04-01 17:27 - 00054272 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\ApplicationHosting.dat
    2016-04-01 17:27 - 2016-04-01 17:27 - 00018432 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\Main.dat
    2016-04-01 17:27 - 2016-04-01 17:27 - 00005568 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\md.xml
    2016-04-01 17:27 - 2016-04-01 17:27 - 00000000 ____D C:\Users\Dell Latitude E6540\AppData\Roaming\MCorp
    2016-04-01 17:27 - 2016-04-01 17:27 - 00000000 ____D C:\ProgramData\Konksolexs
    2016-04-01 17:16 - 2016-04-01 17:16 - 00001095 _____ C:\Users\Dell Latitude E6540\Desktop\WizzWifiHotspot.lnk
    2016-04-01 17:16 - 2016-04-01 17:16 - 00000000 ____D C:\Program Files (x86)\WizzWifiHotspot
    2016-04-01 17:15 - 2016-04-01 17:26 - 00000000 ____D C:\Program Files (x86)\comoBoss
    2016-04-01 17:15 - 2016-04-01 17:25 - 00127488 _____ C:\Users\Dell Latitude E6540\AppData\Roaming\Installer.dat
    2016-04-01 17:15 - 2016-04-01 17:15 - 00000000 ____D C:\uninst
    2016-04-01 17:14 - 2016-04-01 17:15 - 00000000 ____D C:\Program Files\Nhfiqhiuf
    2016-04-01 17:14 - 2016-04-01 17:14 - 00000000 ____D C:\Users\Dell Latitude E6540\AppData\Roaming\Zhtodk
    2016-04-01 17:14 - 2016-04-01 17:14 - 00000000 ____D C:\Users\Dell Latitude E6540\AppData\Local\Tempfolder
    2016-04-01 17:13 - 2016-04-01 17:19 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-04-01 17:13 - 2016-04-01 17:13 - 00060136 ____N (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-04-01 17:12 - 2016-04-01 17:12 - 00000000 ____D C:\Users\Dell Latitude E6540\AppData\Roaming\gplyra
    2016-04-01 17:11 - 2016-04-01 17:11 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    2016-04-01 18:49 - 2013-12-20 11:43 - 00000398 __RSH C:\ProgramData\ntuser.pol
    2016-04-01 17:27 - 2016-04-01 17:27 - 0072699 _____ () C:\Users\Dell Latitude E6540\AppData\Roaming\Alphazap.tst
    2016-04-01 17:15 - 2016-04-01 17:26 - 0150967 _____ () C:\Users\Dell Latitude E6540\AppData\Roaming\inst.lat
    2016-04-01 17:15 - 2016-04-01 17:26 - 0017760 _____ () C:\Users\Dell Latitude E6540\AppData\Roaming\InstallationConfiguration.xml
    2016-04-01 17:15 - 2016-04-01 17:25 - 0127488 _____ () C:\Users\Dell Latitude E6540\AppData\Roaming\Installer.dat
    2016-04-01 17:27 - 2016-04-01 17:27 - 0072699 _____ () C:\Users\Dell Latitude E6540\AppData\Roaming\Tamp-Light.tst
    2016-04-01 17:27 - 2016-04-01 17:27 - 1626416 _____ () C:\Users\Dell Latitude E6540\AppData\Roaming\Tinhome.tst
    2016-04-01 17:27 - 2016-04-01 17:27 - 0032038 _____ () C:\Users\Dell Latitude E6540\AppData\Roaming\uninstall_temp.ico
    2016-04-01 17:27 - 2016-04-01 17:27 - 1626416 _____ () C:\Users\Dell Latitude E6540\AppData\Roaming\VoyaApity.tst
    13-12-20 11:52 - 2013-12-20 11:52 - 0011194 _____ () C:\Users\Dell Latitude E6540\AppData\Local\WiDiSetupLog.20131220.105232.wdl
    2013-12-20 11:53 - 2013-12-20 11:53 - 0013260 _____ () C:\Users\Dell Latitude E6540\AppData\Local\WiDiSetupLog.20131220.105307.wdl
    2013-12-20 12:13 - 2013-12-20 12:13 - 0011662 _____ () C:\Users\Dell Latitude E6540\AppData\Local\WiDiSetupLog.20131220.111317.wdl
    2014-03-31 13:50 - 2014-03-31 14:07 - 0002850 _____ () C:\ProgramData\hpzinstall.log
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\Dell Latitude E6540\Downloads
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #5 02 Kwi 2016 11:50
    naramsuen
    Poziom 4  

    Dzięki, ale nie pomogło na safe finder i mpc cleaner. Reszta ok.

    0
  • #7 02 Kwi 2016 13:21
    naramsuen
    Poziom 4  

    Ok, lepiej. Domyślną przeglądarkę przywróciłem (google), ale mpc i safe findera nadal mam na dysku i nie potrafię usunąć. Jeszcze raz FRST i logi podać?

    0
  • #8 02 Kwi 2016 14:57
    krzychupar
    Poziom 40  

    W programy i funkcje tych programów nie ma ?.
    Wykonaj to.
    Otwórz notatnik systemowy i wklej:
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
    HKU\S-1-5-21-1248473928-1940877605-2906633192-1000\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-01] (DotC United Inc)
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-01] (DotC United Inc)
    2016-04-01 18:49 - 2016-04-01 18:49 - 00001729 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-04-01 18:49 - 2016-04-01 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-04-01 17:13 - 2016-04-01 17:19 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-04-01 17:13 - 2016-04-01 17:13 - 00060136 ____N (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0