Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Laptop - Uciążliwy wirus jak się go pozbyć?

kierowcakumbajna 16 Maj 2016 20:12 1164 6
  • #1 16 Maj 2016 20:12
    kierowcakumbajna
    Poziom 2  

    Witam, od wczoraj mam poważny problem z komputerem, otóż nieuważnie ściągnąłem pewien plik i z komputera stała się choinka, wyskakują okna w przeglądarce, instalują się jakieś chińskie programy, no po prostu dramat. Używałem różnych programów, od combo fixa do adwcleanera, jednak bez rezultatu. Przesyłam logi z FRST, może uda mi się pomóc.

    0 6
  • #2 16 Maj 2016 20:42
    Acorus 20
    Spec od komputerów

    Wykonaj w trybie awaryjnym. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {00B9B800-B345-47CE-B58D-F83949772335} - System32\Tasks\Vwpystzach Debuger => C:\Program Files (x86)\Vwpystzach\VwpystzachDbgtask.exe <==== UWAGA
    Task: {0644F9B8-1A6A-4E78-A83E-DAF352E1DFD4} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-6 -> Brak pliku <==== UWAGA
    Task: {065EAAC1-9741-4FA3-A1FE-CF7C7CCF019B} - System32\Tasks\TaoTongKuanUpdateTask => C:\Users\Damian\AppData\Local\TaoTaoSou\TTK\TTKMonitor.exe [2015-07-30] ()
    Task: {1E86C343-1D00-4A22-B4FA-909E7D31F3B6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
    Task: {1E898A21-1F74-4EBA-8813-351AED5C2E13} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-1 -> Brak pliku <==== UWAGA
    Task: {28AB73DB-64D3-4847-8C47-B39CD2F33FEE} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-5 -> Brak pliku <==== UWAGA
    Task: {5B011F5B-0AE4-4F27-9E61-24B0595EA436} - System32\Tasks\BaiduPinyinUpdate => C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\bdupdate.exe
    Task: {9199C04E-A7B4-430D-8FCF-56DAF649BBE8} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-4 -> Brak pliku <==== UWAGA
    Task: {B4B57419-11EE-4B5B-9D82-D7480CAD3871} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-2 -> Brak pliku <==== UWAGA
    Task: {B9BCEB96-6B16-4F5A-901F-211295FA1A8E} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-7 -> Brak pliku <==== UWAGA
    Task: {E0348D40-E610-4EA2-A9E6-98653E0E27DC} - System32\Tasks\osTip => Rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
    Task: C:\Windows\Tasks\TaoTongKuanUpdateTask.job => C:\Users\Damian\AppData\Local\TaoTaoSou\TTK\TTKMonitor.exe
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA (yeabests)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    Hosts:
    HKLM\...\Run: [WINCOMHU3] => C:\Program Files (x86)\mobilepcstarterkit\wincom_HU3.exe [3996672 2016-05-15] ()
    HKLM\...\Run: [IDSCCOMZKN] => "C:\Program Files (x86)\EasyHotspot\idsccom_ZKN.exe"
    HKLM\...\Run: [WINCOMG9R] => C:\Program Files (x86)\sunnyday\wincom_G9R.exe [3996672 2016-05-15] ()
    HKLM\...\Run: [WINCOMLND] => C:\Program Files (x86)\sunnyday\wincom_LND.exe [3996672 2016-05-15] ()
    HKLM\...\Run: [WINCOMSCM] => C:\Program Files (x86)\sunnyday\wincom_SCM.exe [3996672 2016-05-15] ()
    HKLM\...\Run: [IDSCCOMXFH] => C:\Program Files (x86)\Hostify\idsccom_XFH.exe [3996672 2016-05-15] ()
    HKLM\...\Run: [WINCOMK99] => C:\Program Files (x86)\sunnyday\wincom_K99.exe [3996672 2016-05-15] ()
    HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\ba3du\uc.exe [266854 2016-05-14] ( )
    HKLM-x32\...\Run: [sun21] => [X]
    HKLM-x32\...\Run: [conhost.exe -start] => C:\Users\Damian\AppData\Local\Temp\30843\conhost.exe -start <===== UWAGA




    HKLM-x32\...\Run: [tasklist.exe -start] => c:\users\damian\appdata\roaming\tasklist.exe [2321920 2016-05-15] (TODO: <公司名>)
    HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTRAY.EXE" /regrun /qqrepair
    HKLM-x32\...\Run: [3] => C:\Users\Damian\AppData\Local\Temp\3.exe [3076608 2016-05-16] () <===== UWAGA
    HKLM-x32\...\Run: [BaiduPinyin] => "C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\baidupinyin.exe" --autorun
    HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\...\Run: [msiql] => C:\ProgramData\msiql.exe /RUNNING
    HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe /AUTORUN
    HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
    HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\...\Run: [Installer] => C:\Users\Damian\AppData\Local\Temp\nstC827.tmp /autorun <===== UWAGA
    HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\...\Run: [aa] => C:\Program Files (x86)\ms\launch.exe [370176 2016-05-11] ()
    HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\...\Run: [ComputerZ-Tray] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe [2912168 2016-05-03] ()
    HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\...\Policies\Explorer: []
    AppInit_DLLs: C:\ProgramData\Ronzap\Flex-Tech.dll => C:\ProgramData\Ronzap\Flex-Tech.dll [361984 2016-05-15] ()
    AppInit_DLLs-x32: C:\ProgramData\Ronzap\Voyazimtech.dll => C:\ProgramData\Ronzap\Voyazimtech.dll [257536 2016-05-15] ()
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...pkm_DYiTEPV-FjU7dr9RuVgQWWrIkPiTG3SLGG&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3135873756-1747778033-1847798441-1000 -> {93542B81-6C89-4698-AE99-7578EDED44F3} URL = hxxp://www.bing.com/search?FORM=SMSTDF&PC=MASM&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3135873756-1747778033-1847798441-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...pkm_DYiTEPV-FjU7dr9RuVgQWWrIkPiTG3SLGG&q={searchTerms}
    BHO: ĚÔĚÔËѱȼŰ(ĚÔͬżî) -> {E1022531-9301-4071-A07A-F7237D0DE741} -> C:\Users\Damian\AppData\Local\TaoTaoSou\TTK\TTSIEPlugin_64.dll [2015-08-19] (杭州淘淘搜科技有限公司)
    BHO-x32: ĚÔĚÔËѱȼŰ(ĚÔͬżî) -> {E1022531-9301-4071-A07A-F7237D0DE741} -> C:\Users\Damian\AppData\Local\TaoTaoSou\TTK\TTSIEPlugin.dll [2015-08-19] (杭州淘淘搜科技有限公司)
    FF NewTab: C:\ProgramData\Ronzaps\ff.NT
    FF DefaultSearchEngine: hohosearch
    FF SelectedSearchEngine: hohosearch
    FF Homepage: C:\ProgramData\Ronzaps\ff.HP
    FF Extension: GoSavue - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\fe2800uw.default\Extensions\2@nDxiNeL0.com [2015-02-23] [Brak podpisu cyfrowego]
    FF Extension: YouattubEAidBlocke - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\fe2800uw.default\Extensions\Yo@SC3dYRg.org [2015-02-23] [Brak podpisu cyfrowego]
    FF Extension: GoSavue - C:\Users\Damian\AppData\Roaming\Profiles\lrqmqlpx.default\Extensions\2@nDxiNeL0.com [2016-05-15] [Brak podpisu cyfrowego]
    FF Extension: GsearchFinder - C:\Users\Damian\AppData\Roaming\Profiles\lrqmqlpx.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-05-13]
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...dDfOrZP_ZxYPKfQiYBvQKgSNHWt7cMjpwjZeNbyILTjF5
    CHR StartupUrls: Default -> "hxxp://facebook.pl/","hxxp://youtube.com/","hxxp://www.hohosearch.com/?mode=nnnb&ptid=ftp&uid=FF6082C5DFB5005A0FB87390B34D21E1&v=20160512&ts=AHEqAnAmAnQqBE..","search.mpc.am"
    OPR Extension: (淘淘搜比价(淘同款)) - C:\Users\Damian\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgjdldamaclconkgicdehfijmmkplcih [2016-05-16]
    StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe hxxp://start.qone8.com/?type=sc&ts=138096...om=amt&uid=SAMSUNGXHM321HI_S26VJ9AB422386
    R2 Bissafgi; C:\Users\Damian\AppData\Roaming\Adesxi\Adesxi.exe [174928 2016-05-15] ()
    R2 noteupdateservice; C:\Program Files (x86)\anote\anote.exe [1332072 2015-12-04] (Beijing Hongda Wanfang Technology Co.,Ltd.)
    R2 Ronzap; C:\ProgramData\\Ronzap\\Ronzap.exe [943104 2016-05-15] () [Brak podpisu cyfrowego]
    R2 TtsSvczzl; C:\Users\Damian\AppData\Local\TaoTaoSou\TTK\TTSService.exe [165840 2015-07-01] ()
    S2 4d349a54; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs_boo~1\AssistantSvc.dll",service
    S3 BaiduPinyinUpdater; "C:\Program Files (x86)\Baidu\BaiduPinyinUpdate\bdupdate.exe" [X]
    S2 dowidoly; C:\Program Files (x86)\2D5E09E0-1463319074-11B2-8000-D22FB717D6AE\jnsl5909.tmp [X]
    S2 Fexti; "C:\Users\Damian\AppData\Roaming\LynkoBedmhbu\Zusmeb.exe" -cms [X]
    S2 HpSvc; C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll [X]
    S2 pypycecozbt; C:\Program Files (x86)\2D5E09E0-1463319074-11B2-8000-D22FB717D6AE\knsl3F1D.tmpfs [X]
    S2 QQRepair1658; "C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair1658" [X]
    S2 QQRepair16fc; "C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair16fc" [X]
    S2 rijufoze; C:\Program Files (x86)\2D5E09E0-1463319074-11B2-8000-D22FB717D6AE\hnsq6F68.tmp [X]
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
    S2 VwpystzachDbgservice; "C:\Program Files (x86)\Vwpystzach\VwpystzachDbgservice.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
    R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82240 2016-05-15] (Cherimoya Ltd)
    S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-15] ()
    U3 ad2pcy73; C:\Windows\System32\Drivers\ad2pcy73.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S1 BdfNdisf; \??\c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [X]
    S1 bdfwfpf; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [X]
    S3 blNetFilter; \??\C:\Windows\system32\drivers\blNetFilter.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 ComputerZLock; \??\C:\Program Files (x86)\LuDaShi\ComputerZLock_x64.sys [X]
    S3 ComputerZ_x64; \??\C:\Program Files (x86)\LuDaShi\ComputerZ_x64.sys [X]
    S3 cpuz138; \??\C:\Users\Damian\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [X]
    S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [X]
    S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
    S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [X]
    2016-05-16 19:38 - 2016-05-16 19:38 - 00000000 ___SH C:\Program Files (x86)\8AYILJNQI2
    2016-05-16 19:31 - 2016-05-16 19:31 - 00003034 _____ C:\Windows\System32\Tasks\BaiduPinyinUpdate
    2016-05-16 19:31 - 2016-05-16 19:31 - 00000000 ____D C:\Program Files\Common Files\Baidu
    2016-05-16 19:31 - 2016-05-03 20:08 - 00480864 _____ (Baidu, Inc.) C:\Windows\system32\baiducn.ime
    2016-05-16 19:31 - 2016-05-03 20:08 - 00409184 _____ (Baidu, Inc.) C:\Windows\SysWOW64\baiducn.ime
    2016-05-16 19:21 - 2016-05-16 19:36 - 00000000 ____D C:\Users\Damian\AppData\Roaming\ADSKIP
    2016-05-16 19:21 - 2016-05-16 19:21 - 00000000 ____D C:\Program Files (x86)\ADSKIP
    2016-05-16 19:21 - 2016-05-11 07:31 - 00208776 _____ C:\Windows\system32\Drivers\askProtect64.sys
    2016-05-16 05:15 - 2016-05-16 19:35 - 00000446 _____ C:\Windows\Tasks\TaoTongKuanUpdateTask.job
    2016-05-16 05:15 - 2016-05-16 19:27 - 00003462 _____ C:\Windows\System32\Tasks\TaoTongKuanUpdateTask
    2016-05-16 05:15 - 2016-05-16 05:15 - 00000000 ____D C:\Users\Damian\AppData\Roaming\TaotaoSou
    2016-05-16 05:15 - 2016-05-16 05:15 - 00000000 ____D C:\Users\Damian\AppData\Local\TaoTaoSou
    2016-05-16 05:15 - 2016-05-16 05:15 - 00000000 ____D C:\ProgramData\Taotaosou
    2016-05-15 21:56 - 2016-05-15 21:56 - 00000000 _____ C:\autoexec.bat
    2016-05-15 21:55 - 2016-05-15 21:55 - 00003344 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2016-05-15 21:55 - 2016-05-15 21:55 - 00000000 ____D C:\Users\Damian\AppData\Roaming\Enigma Software Group
    2016-05-15 21:54 - 2016-05-15 21:55 - 00000000 ____D C:\Users\Damian\AppData\Roaming\lockhomepage
    2016-05-15 21:54 - 2016-05-15 21:55 - 00000000 ____D C:\sh4ldr
    2016-05-15 21:53 - 2016-05-16 19:36 - 00000000 ____D C:\Users\Damian\AppData\Roaming\Ludashi
    2016-05-15 21:53 - 2016-05-16 05:28 - 00000000 ____D C:\Program Files (x86)\LuDaShi
    2016-05-15 21:53 - 2016-05-15 21:53 - 00000000 ____D C:\Users\Damian\AppData\Roaming\LDSGameAssistant
    2016-05-15 21:44 - 2016-05-15 21:44 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-05-15 21:41 - 2016-05-15 23:37 - 00000000 ____D C:\Program Files (x86)\anote
    2016-05-15 16:50 - 2016-05-16 05:25 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-05-15 16:50 - 2016-05-15 16:50 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-05-15 16:47 - 2016-05-03 10:40 - 01443152 _____ ( ) C:\Users\Damian\AppData\Roaming\AutoTime_51477.exe
    2016-05-15 15:39 - 2016-05-15 15:41 - 6494208 _____ () C:\Users\Damian\AppData\Roaming\agent.dat
    2016-05-15 15:39 - 2016-05-15 15:40 - 0054272 _____ () C:\Users\Damian\AppData\Roaming\ApplicationHosting.dat
    2016-05-15 16:47 - 2016-05-03 10:40 - 1443152 _____ ( ) C:\Users\Damian\AppData\Roaming\AutoTime_51477.exe
    2016-05-15 15:39 - 2016-05-15 15:41 - 0065568 _____ () C:\Users\Damian\AppData\Roaming\Config.xml
    2016-05-15 15:40 - 2016-05-15 15:40 - 0072717 _____ () C:\Users\Damian\AppData\Roaming\Goldenplus.tst
    2016-05-15 15:39 - 2016-05-15 15:39 - 1626777 _____ () C:\Users\Damian\AppData\Roaming\Goldflex.tst
    2016-05-15 15:39 - 2016-05-15 15:39 - 0072717 _____ () C:\Users\Damian\AppData\Roaming\Greenjob.tst
    2016-05-15 15:38 - 2016-05-15 15:39 - 0016992 _____ () C:\Users\Damian\AppData\Roaming\InstallationConfiguration.xml
    2016-05-15 15:38 - 2016-05-15 15:38 - 0127488 _____ () C:\Users\Damian\AppData\Roaming\Installer.dat
    2016-05-15 15:41 - 2016-05-15 15:41 - 1626777 _____ () C:\Users\Damian\AppData\Roaming\KanIs.tst
    2016-05-15 15:39 - 2016-05-15 15:40 - 0126464 _____ () C:\Users\Damian\AppData\Roaming\lobby.dat
    2016-05-15 15:39 - 2016-05-15 15:41 - 0018432 _____ () C:\Users\Damian\AppData\Roaming\Main.dat
    2016-05-15 15:39 - 2016-05-15 15:41 - 0005568 _____ () C:\Users\Damian\AppData\Roaming\md.xml
    2016-05-15 15:39 - 2016-05-15 15:41 - 0126464 _____ () C:\Users\Damian\AppData\Roaming\noah.dat
    2016-05-15 16:44 - 2016-05-13 10:35 - 1606656 _____ () C:\Users\Damian\AppData\Roaming\ppzipdlr.exe
    2016-05-15 16:43 - 2016-04-27 08:51 - 1755136 _____ () C:\Users\Damian\AppData\Roaming\service.exe
    C:\Users\Damian\AppData\Local\Temp\3.exe
    C:\ProgramData\conhost51500.exe
    C:\ProgramData\service.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pokaż nowe logi z FRST.

    0
  • #5 16 Maj 2016 23:30
    kierowcakumbajna
    Poziom 2  

    Niestety, wciąż przy uruchomieniu wyskakuje jakiś program z krzaczkami zamiast liter, więc całkowite usunięcie chyba się nie powiodło. Brak za to wyskakujących okien w przeglądarce, więc jesteśmy blisko. W załączniku screen tego wyskakującego cuda.

    0
  • #6 16 Maj 2016 23:34
    Kolobos
    Spec od komputerów

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • #7 21 Kwi 2017 05:33
    kierowcakumbajna
    Poziom 2  

    Problem rozwiązany,

    0