Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

logi frst - prośba o sprawdzenie

nemans 17 Maj 2016 20:43 348 1
  • Pomocny post
    #2 17 Maj 2016 20:53
    Kolobos
    Spec od komputerów

    Uruchom z prawami administratora C:\Program Files\MPC Cleaner\uninstall.exe

    Uruchom system w trybie awaryjnym.
    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    () C:\ProgramData\Logic Handler\set.exe
    (DotC United Inc) C:\Program Files\MPC Cleaner\MPCProtectService.exe
    (DotC United Inc) C:\Program Files\MPC Cleaner\MPCTray.exe
    (© 2015 Microsoft Corporation) C:\Users\Młody\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\...\Run: [BingSvc] => C:\Users\Młody\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\...\Run: [Pritc] => C:\Users\Młody\AppData\Local\Temp\00011565\casrss.exe [2958848 2016-05-17] (VLOME) <===== UWAGA
    HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
    HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\...\Run: [aa] => C:\Program Files\ms\launch.exe -mini
    HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\...\MountPoints2: {3d5d95a5-ae30-11e4-b33c-806e6f6e6963} - E:\Autorun.exe
    HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\...\MountPoints2: {ea6e734e-5965-11e5-945f-00241d50961b} - G:\Install.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-02-06] (Microsoft Corporation)
    AppInit_DLLs: C:\ProgramData\Quoteex\Goldenfind.dll => Brak pliku
    Task: {3D24CD50-FAA2-4CE4-8B7A-C9E85FA07805} - System32\Tasks\PPTAssistantNotifyTask_Młody => C:\Users\Młody\AppData\Local\PPTAssist\notify.exe
    Task: {E918DC60-7EB2-49FE-BB74-71506EFF9FF8} - System32\Tasks\PPTAssistantUpdateTask_Młody => C:\Users\Młody\AppData\Local\PPTAssist\assistupdate.exe
    CustomCLSID: HKU\S-1-5-21-1288572971-2880764151-1531588792-1001_Classes\CLSID\{C4917602-2AC8-4ECE-8E5D-390C3871ABB3}\InprocServer32 -> C:\Users\Młody\AppData\Local\PPTAssist\tabassist.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1288572971-2880764151-1531588792-1001_Classes\CLSID\{E00310B2-F036-4771-9347-C131257D990F}\InprocServer32 -> C:\Users\Młody\AppData\Local\PPTAssist\tabassist.dll => Brak pliku
    Task: {1BF8D4B6-995A-467F-ABC2-56AFEAF7BD11} - System32\Tasks\Pritc => C:\Users\Młody\AppData\Local\Temp\00011565\casrss.exe [2016-05-17] (VLOME) <==== UWAGA
    Task: {6DFE8491-6C22-4EAA-9030-9B3F0C30E0EA} - System32\Tasks\{03D88D3F-4C1F-E8F7-7EB5-7DA3058D3EF8} => C:\Users\MODY~1\AppData\Roaming\{03D88~1\UPDATE~1.EXE
    Task: {8D45AADB-86FF-4354-89BA-C3F70E7F8EF6} - System32\Tasks\Opera scheduled Autoupdate 1423257633 => C:\Program Files\Opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {E918DC60-7EB2-49FE-BB74-71506EFF9FF8} - System32\Tasks\PPTAssistantUpdateTask_Młody => C:\Users\Młody\AppData\Local\PPTAssist\assistupdate.exe
    Task: {F0BAD3B5-A7C0-47A1-B5B0-9AECFCE62C00} - System32\Tasks\MłodyCooeeingShopgirlV2 => Rundll32.exe ValoremNeutralistic.dll,main 7 1 <==== UWAGA




    Task: {FDC55218-41DD-4A1B-88CB-A6DAD5FD342F} - System32\Tasks\{9FD07AE4-A6FE-491D-921C-47EE16F55D3C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.5.64.102/pl/abandoninstall?page=tsProgressBar
    Task: C:\Windows\Tasks\PPTAssistantNotifyTask_Młody.job => C:\Users\Młody\AppData\Local\PPTAssist\notify.exe
    Task: C:\Windows\Tasks\PPTAssistantUpdateTask_Młody.job => C:\Users\Młody\AppData\Local\PPTAssist\assistupdate.exe
    Task: C:\Windows\Tasks\{03D88D3F-4C1F-E8F7-7EB5-7DA3058D3EF8}.job => C:\Users\MODY~1\AppData\Roaming\{03D88~1\UPDATE~1.EXE
    ShortcutWithArgument: C:\Users\Młody\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Młody\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Młody\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Młody\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Młody\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Młody\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Maxthon Cloud Browser.lnk -> C:\Program Files\Maxthon\Bin\Maxthon.exe (Maxthon International ltd.) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Młody\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
    AlternateDataStreams: C:\ProgramData\.rdata:X [526]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [346]
    AlternateDataStreams: C:\Users\Młody\Dane aplikacji:NT [40]
    AlternateDataStreams: C:\Users\Młody\Dane aplikacji:NT2 [346]
    AlternateDataStreams: C:\Users\Młody\AppData\Roaming:NT [40]
    AlternateDataStreams: C:\Users\Młody\AppData\Roaming:NT2 [346]
    IE trusted site: HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\...\webcompanion.com -> hxxp://webcompanion.com
    Hosts:
    HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wDzurbdAVIzW1G06M2X1Eo77_9GMpyRUHQfOoR&q={searchTerms}
    HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...pbxPROM-feiyirdtiTVtHDNPaMYfmUUa8NCM7LntcMKS2
    HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wDzurbdAVIzW1G06M2X1Eo77_9GMpyRUHQfOoR&q={searchTerms}
    HKU\S-1-5-21-1288572971-2880764151-1531588792-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...wDzurbdAVIzW1G06M2X1Eo77_9GMpyRUHQfOoR&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-1288572971-2880764151-1531588792-1001 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-1288572971-2880764151-1531588792-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D...&form=CONBDF&conlogo=CT3334511&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1288572971-2880764151-1531588792-1001 -> {83A0037C-A45E-4B21-B8E3-EC09178A20FB} URL = hxxps://search.yahoo.com/search?fr=chr-greent...mp;ei=utf-8&ilc=12&type=435371&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1288572971-2880764151-1531588792-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/search?fr=vmn&..._WCYID10195_swoc_campaign_160316__yaie&p={searchTerms}
    FF NewTab: C:\\ProgramData\\Quoteexs\\ff.NT
    FF SearchEngineOrder.3: Bing
    FF SelectedSearchEngine: Yahoo®
    FF Homepage: C:\\ProgramData\\Quoteexs\\ff.HP
    FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_...mp;ei=utf-8&ilc=12&type=435371&p=
    FF Extension: Bing Search - C:\Users\Młody\AppData\Roaming\Mozilla\Firefox\Profiles\g05y2bic.default\Extensions\bingsearch.full@microsoft.com [2015-09-21] [Brak podpisu cyfrowego]
    FF Extension: GsearchFinder - C:\Users\Młody\AppData\Roaming\Profiles\d6wn7rmo.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-05-16]
    FF Extension: Bing Search - C:\Users\Młody\AppData\Roaming\Profiles\d6wn7rmo.default\Extensions\bingsearch.full@microsoft.com [2016-05-17] [Brak podpisu cyfrowego]
    FF Extension: FoxyDeal - C:\Users\Młody\AppData\Roaming\Profiles\d6wn7rmo.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} [2016-05-17]
    CHR Extension: (Weryfikacja użytkownika) - C:\Users\Młody\AppData\Local\Google\Chrome\User Data\Default\Extensions\apaipmohidkhacbmiehjipfdapengnmk [2016-02-28]
    R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [Brak podpisu cyfrowego]
    R2 MPCProtectService; C:\Program Files\MPC Cleaner\MPCProtectService.exe [350688 2016-05-17] (DotC United Inc)
    S2 muftionSysSrv; "C:\Program Files\Muftion\muftionSysSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
    S2 QQRepair45c; "C:\Program Files\Tencent\QQPCMGR\QQRepair45c" [X]
    R0 MPCBase; C:\Windows\System32\drivers\MPCBase.sys [29032 2016-05-17] (DotC United Inc)
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [52968 2016-05-17] (DotC United Inc)
    S3 blNetFilter; \??\C:\Windows\system32\drivers\blNetFilter.sys [X]
    S3 dwifihelp; \??\C:\Program Files\Wifisrv\dwifihelp.sys [X]
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    2016-05-17 19:53 - 2016-05-17 19:53 - 00001687 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-05-17 19:53 - 2016-05-17 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-05-17 19:29 - 2016-05-17 19:29 - 00250912 _____ C:\Windows\system32\kz.exe
    2016-05-17 19:00 - 2016-05-17 19:43 - 00000000 ____D C:\AdwCleaner
    2016-05-17 18:51 - 2016-05-17 18:51 - 00000000 ____D C:\Users\M硂dy\AppData\Roaming\Tencent
    2016-05-17 18:48 - 2016-05-17 18:54 - 00000000 ____D C:\Program Files\ms
    2016-05-17 18:48 - 2016-05-17 18:48 - 01667617 _____ (Oleg N. Scherbakov) C:\Users\Młody\AppData\Roaming\tasklist.exe.1
    2016-05-17 18:48 - 2016-05-17 18:48 - 00001093 _____ C:\Users\Młody\Desktop\AutoTime.lnk
    2016-05-17 18:48 - 2016-05-17 18:48 - 00000000 ____D C:\ProgramData\160WiFi
    2016-05-17 18:48 - 2016-05-16 18:22 - 01443152 _____ ( ) C:\Users\Młody\AppData\Roaming\AutoTime_51477.exe
    2016-05-17 18:47 - 2016-05-17 19:52 - 00000000 ____D C:\ProgramData\Tencent
    2016-05-17 18:47 - 2016-05-17 19:29 - 00000000 ____D C:\Program Files\żěŃą
    2016-05-17 18:47 - 2016-05-17 19:02 - 00000000 ____D C:\Users\Młody\AppData\Roaming\Kuaizip
    2016-05-17 18:47 - 2016-05-17 18:47 - 00000000 ____D C:\Users\Młody\AppData\Roaming\Softlink
    2016-05-17 18:47 - 2016-05-17 18:47 - 00000000 ____D C:\Program Files\Tencent
    2016-05-17 18:47 - 2016-02-18 03:56 - 07318464 _____ C:\Users\Młody\AppData\Roaming\KuaiZip_Setup_1875570831_jiuzhuan_001.exe
    2016-05-17 18:46 - 2016-05-17 18:46 - 00000000 ____D C:\Users\Public\Thunder Network
    2016-05-17 18:46 - 2016-05-17 18:46 - 00000000 ____D C:\Users\Młody\AppData\Roaming\download
    2016-05-17 18:46 - 2016-05-17 18:46 - 00000000 ____D C:\ProgramData\Thunder Network
    2016-05-17 18:46 - 2016-05-17 18:46 - 00000000 ____D C:\ProgramData\download
    2016-05-17 18:46 - 2016-05-16 18:21 - 03022848 _____ (UPCleaner) C:\Users\Młody\AppData\Roaming\ADS.exe
    2016-05-17 18:46 - 2016-05-16 17:09 - 05714944 _____ (Skype Technologies) C:\ProgramData\tasklist.exe
    2016-05-17 18:45 - 2016-05-17 19:52 - 00000330 _____ C:\Windows\Tasks\PPTAssistantNotifyTask_Młody.job
    2016-05-17 18:45 - 2016-05-17 18:45 - 00000000 ____D C:\ProgramData\Windows Update
    2016-05-17 18:45 - 2016-05-17 18:45 - 00000000 ____D C:\Program Files\osTip
    2016-05-17 18:45 - 2016-05-16 18:18 - 01607168 _____ C:\ProgramData\conhost51500.exe
    2016-05-17 18:45 - 2016-03-04 05:00 - 10167000 _____ (深圳市驱动人生软件技术有限公司) C:\Users\Młody\AppData\Roaming\160wifi_wcid-6085.exe
    2016-05-17 18:45 - 2016-02-18 10:10 - 05267952 _____ () C:\Users\Młody\AppData\Roaming\ziptool_wc-9015_setup.exe
    2016-05-17 18:44 - 2016-05-17 19:23 - 00000600 _____ C:\Windows\Tasks\PPTAssistantUpdateTask_Młody.job
    2016-05-17 18:44 - 2016-05-17 18:45 - 02783744 _____ (TODO: ) C:\Users\Młody\AppData\Roaming\svrupg.exe
    2016-05-17 18:44 - 2016-05-17 18:44 - 00000000 ____D C:\ProgramData\kingsoft
    2016-05-17 18:44 - 2016-05-04 10:44 - 04232400 _____ (Kingsoft Corp. Ltd.) C:\Users\Młody\AppData\Roaming\OfficeAssist.0172.80.1384.exe
    2016-05-17 18:16 - 2016-05-17 18:16 - 00000000 ____D C:\Users\Młody\AppData\Roaming\MCorp
    2016-05-17 16:13 - 2016-05-17 16:13 - 00000276 _____ C:\Windows\Tasks\{03D88D3F-4C1F-E8F7-7EB5-7DA3058D3EF8}.job
    2016-05-17 16:03 - 2016-05-17 16:21 - 00000000 ____D C:\Users\Młody\AppData\Local\app
    2016-05-17 15:58 - 2016-05-17 16:20 - 00000000 ____D C:\Program Files\Atapacult
    2016-05-17 15:58 - 2016-05-17 16:01 - 00000000 ____D C:\Program Files\Preghpluaph
    2016-05-17 15:49 - 2016-05-17 15:46 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2016-05-17 15:47 - 2016-05-17 15:59 - 00052968 ____N (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-05-17 15:47 - 2016-05-17 15:59 - 00029032 ____N (DotC United Inc) C:\Windows\system32\Drivers\MPCBase.sys
    2016-05-17 15:46 - 2016-05-17 18:11 - 00000000 ____D C:\Program Files\MPC Cleaner
    2016-05-17 15:46 - 2016-05-17 15:47 - 00000000 ____D C:\ProgramData\Quoteexs
    2016-05-17 15:46 - 2016-05-17 15:46 - 02279413 _____ C:\Users\Młody\AppData\Roaming\ZumString.bin
    2016-05-17 15:46 - 2016-05-17 15:46 - 00000000 ____D C:\ProgramData\Logic Handler
    2016-05-17 15:45 - 2016-05-17 16:21 - 00000000 ____D C:\ProgramData\Quoteex
    2016-05-17 15:45 - 2016-05-17 15:45 - 06814720 _____ C:\Users\Młody\AppData\Roaming\agent.dat
    2016-05-17 15:45 - 2016-05-17 15:45 - 01742640 _____ C:\Users\Młody\AppData\Roaming\Toughlux.tst
    2016-05-17 15:45 - 2016-05-17 15:45 - 00957440 _____ C:\Users\Młody\AppData\Roaming\Toughlux.exe
    2016-05-17 15:45 - 2016-05-17 15:45 - 00957440 _____ C:\Users\Młody\AppData\Roaming\Stimlam.exe
    2016-05-17 15:45 - 2016-05-17 15:45 - 00848437 _____ C:\Users\Młody\AppData\Roaming\Zamtip.bin
    2016-05-17 15:45 - 2016-05-17 15:45 - 00127488 _____ C:\Users\Młody\AppData\Roaming\Installer.dat
    2016-05-17 15:45 - 2016-05-17 15:45 - 00126464 _____ C:\Users\Młody\AppData\Roaming\noah.dat
    2016-05-17 15:45 - 2016-05-17 15:45 - 00126464 _____ C:\Users\Młody\AppData\Roaming\lobby.dat
    2016-05-17 15:45 - 2016-05-17 15:45 - 00072707 _____ C:\Users\Młody\AppData\Roaming\Stimlam.tst
    2016-05-17 15:45 - 2016-05-17 15:45 - 00065952 _____ C:\Users\Młody\AppData\Roaming\Config.xml
    2016-05-17 15:45 - 2016-05-17 15:45 - 00054272 _____ C:\Users\Młody\AppData\Roaming\ApplicationHosting.dat
    2016-05-17 15:45 - 2016-05-17 15:45 - 00018432 _____ C:\Users\Młody\AppData\Roaming\Main.dat
    2016-05-17 15:45 - 2016-05-17 15:45 - 00018432 _____ C:\Users\Młody\AppData\Roaming\InstallationConfiguration.xml
    2016-05-17 15:45 - 2016-05-17 15:45 - 00005568 _____ C:\Users\Młody\AppData\Roaming\md.xml
    2016-05-17 18:45 - 2016-03-04 05:00 - 10167000 _____ (深圳市驱动人生软件技术有限公司) C:\Users\Młody\AppData\Roaming\160wifi_wcid-6085.exe
    2016-05-17 18:46 - 2016-05-16 18:21 - 3022848 _____ (UPCleaner) C:\Users\Młody\AppData\Roaming\ADS.exe
    2016-05-17 18:45 - 2016-05-16 18:18 - 1607168 _____ () C:\ProgramData\conhost51500.exe
    2016-05-17 18:46 - 2016-05-16 17:09 - 5714944 _____ (Skype Technologies) C:\ProgramData\tasklist.exe
    EmptyTemp:


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu zamiesc nowe logi z FRST, z trybu normalnego.

    0