Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Ads by Albireo - Win 7 - logi FRST

lewis949894 09 Kwi 2016 14:53 336 1
  • #2 09 Kwi 2016 14:59
    Kolobos
    Spec od komputerów

    Na przyszlosc nie sciagaj zainfekowanych aktywatorow, mam nadzieje, ze ten, ktorym zainfekowales system juz usunales.

    Pod windows nie usuniesz tej infekcji.
    Uruchom WinRe i tam wykonaj Fixlist.txt dla FRST:
    http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujących-windows/#entry32551

    Fixlist.txt dla FRST:
    Task: {17520FCC-E4EF-4BC4-844F-5D8FE9968473} - System32\Tasks\Opera scheduled Autoupdate 1453573792 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-24] (Opera Software)
    Task: {B19F3E41-9EBD-4F98-9441-B06CB67458FD} - System32\Tasks\{A96F2613-917E-4F8D-8533-DAC0E614B72C} => pcalua.exe -a C:\Users\Andershell\Desktop\ExtendedTimeline_installer.exe -d C:\Users\Andershell\Desktop
    Task: {CA8169D2-C1CF-4E0E-BCF4-E41E5A53FFDE} - System32\Tasks\Ilupgiof => C:\PROGRA~1\YNURPO~1\Zuedn.bat
    2016-03-27 18:18 - 2016-03-27 18:18 - 00670584 _____ () C:\Users\Andershell\AppData\Roaming\Mhmint\Coqra.dll
    2016-03-27 18:18 - 2016-03-27 18:18 - 00174456 _____ () C:\Users\Andershell\AppData\Roaming\Mhmint\Mhmint.exe
    2016-03-27 18:18 - 2016-03-27 18:18 - 00115576 _____ () C:\Users\Andershell\AppData\Roaming\Mhmint\Kuotri.exe
    2016-03-27 18:18 - 2016-03-27 18:18 - 00146296 _____ () C:\Users\Andershell\AppData\Roaming\Mhmint\Coqra.exe
    2016-03-27 18:18 - 2016-03-27 18:18 - 00262008 _____ () C:\Users\Andershell\AppData\Roaming\Mhmint\Kuotri.dll
    Hosts:
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
    () C:\Users\Andershell\AppData\Roaming\Mhmint\Mhmint.exe
    () C:\Users\Andershell\AppData\Roaming\Mhmint\Kuotri.exe
    () C:\Users\Andershell\AppData\Roaming\Mhmint\Coqra.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKLM-x32\...\Winlogon: [Userinit] , [X]
    HKU\S-1-5-21-576706772-3463408924-1858643685-1000\...\MountPoints2: G - G:\setup.exe
    HKU\S-1-5-21-576706772-3463408924-1858643685-1000\...\MountPoints2: {0f100bde-c16a-11e5-8fa8-6cf04979505c} - F:\AutoRun.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-01-25] (Microsoft Corporation)
    Tcpip\..\Interfaces\{0B52F335-48C3-4E6F-8D5F-0A87CF86BB2D}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{58C42C9A-D564-429A-B3A2-0E640057A162}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{D67092D9-6632-420F-B34B-E7F4A60A4959}: [NameServer] 104.197.191.4
    FF Extension: Stop Ads - C:\Users\Andershell\AppData\Roaming\Mozilla\Firefox\Profiles\lqzz5jh7.default\Extensions\@stopads.xpi [2016-04-09]
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-03-27] (DotC United Inc)




    R2 Rutbofci; C:\Users\Andershell\AppData\Roaming\Mhmint\Mhmint.exe [174456 2016-03-27] ()
    S2 Jejgubro; "C:\Users\Andershell\AppData\Roaming\WagsulJhhumpo\Rivsa.exe" -cms [X]
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-03-27] (DotC United Inc)
    R1 {44543b60-e1c1-4173-be0b-81c96bac3d41}Gw64; C:\Windows\System32\drivers\{44543b60-e1c1-4173-be0b-81c96bac3d41}Gw64.sys [48752 2016-03-27] (StdLib)
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-03-27 19:24 - 2016-04-08 08:08 - 00001729 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-03-27 19:22 - 2016-03-27 19:22 - 00000000 ____D C:\Windows\system32\ego
    2016-03-27 19:20 - 2016-03-27 19:20 - 00000000 ____D C:\Users\Andershell\AppData\Roaming\MCorp
    2016-03-27 19:18 - 2016-03-27 19:21 - 00000000 ____D C:\AdwCleaner
    2016-03-27 18:57 - 2016-03-27 18:56 - 00060136 ____N (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-03-27 18:56 - 2016-03-27 19:08 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-03-27 18:56 - 2016-03-27 18:56 - 00003346 _____ C:\Windows\System32\Tasks\Ilupgiof
    2016-03-27 18:56 - 2016-03-27 18:56 - 00000000 ____D C:\Users\Andershell\AppData\Roaming\Mhmint
    2016-03-27 18:56 - 2016-03-27 18:56 - 00000000 ____D C:\Users\Andershell\AppData\LocalLow\Company
    2016-03-27 18:56 - 2016-03-27 18:56 - 00000000 ____D C:\Users\Andershell\AppData\Local\Tempfolder
    2016-03-27 18:56 - 2016-03-27 18:56 - 00000000 ____D C:\uninst
    2016-03-27 18:55 - 2016-03-27 18:55 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    2016-03-27 18:25 - 2016-03-27 18:25 - 00000000 ____D C:\extensions
    2016-03-27 18:24 - 2016-03-27 18:25 - 00000000 ____D C:\Users\Public\Documents\dmp
    2016-03-27 18:24 - 2016-03-27 05:08 - 00048752 _____ (StdLib) C:\Windows\system32\Drivers\{44543b60-e1c1-4173-be0b-81c96bac3d41}Gw64.sys
    2016-03-27 18:19 - 2016-03-27 18:56 - 00082752 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
    EmptyTemp:

    Po wykonaniu wykonaj ten sam fixlist.txt juz pod Windows i zamiesc nowe logi z FRST, ze skanowania (pod windows).

    0