Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

FRST - proszę o sprawdzenie logów

czarksto 26 Sie 2016 12:49 513 4
  • Pomocny post
    #2 26 Sie 2016 13:11
    krzychupar
    Poziom 40  

    Otwórz notatnik i wklej:

    Task: {B18C3B90-3162-4C0A-AF03-A7BCE7CBF546} - System32\Tasks\Opera scheduled Autoupdate 1471461382 => D:\Program Files (x86)\Opera\launcher.exe [2016-08-03] (Opera Software)
    Task: {B82E4A13-40B1-40DD-BA4C-D3064ECCEC50} - System32\Tasks\{D26D0880-5D75-4AAE-8164-A2EFDEC3F7D9} => pcalua.exe -a C:\Users\sebastian\AppData\Roaming\Nox\bin\Nox_unload.exe
    Task: {BFEB4BB8-BD60-4BED-8977-0D2D3559679C} - System32\Tasks\KuaiZip_Update => C:\Program Files\żěŃą\X86\Update.exe [2016-08-24] (Shanghai Guangle Network Technology Ltd
    ) <==== UWAGA
    ShortcutWithArgument: C:\Users\sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\SEBAST~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\sebastian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc
    Hosts:
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll Brak pliku
    ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll Brak pliku
    CHR HomePage: arriculthesghplowerght -> hxxp://www.trotux.com/?z=1d2df3be2ad8ee5fffdb...DM002-1BD142_Z2A90WBFXXXXZ2A90WBF&type=hp
    CHR StartupUrls: arriculthesghplowerght -> "hxxp://www.trotux.com/?z=1d2df3be2ad8ee5fffdbf2ag5zem4o9e3q6w7qbm1o&from=ftp&uid=ST500DM002-1BD142_Z2A90WBFXXXXZ2A90WBF&type=hp"
    CHR DefaultSearchURL: arriculthesghplowerght -> hxxp://www.trotux.com/search/?q={searchTerms}&z=1d2df3be2ad8ee5fffdbf2ag5zem4o9e3q6w7qbm1o&from=ftp&uid=ST500DM002-1BD142_Z2A90WBFXXXXZ2A90WBF&type=sp




    CHR DefaultSearchKeyword: arriculthesghplowerght -> trotux
    R2 HpSvc; C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll [239016 2016-07-21] () <==== UWAGA
    R2 SoEasyHelper; C:\ProgramData\SoeasyHelper\Helper.exe [182424 2016-08-24] (TODO: <Company name>)
    S2 ziphost; c:\program files\ziptool\ziphost.dll [X] <==== UWAGA
    R2 ComputerZLock; C:\Program Files (x86)\LuDaShi\ComputerZLock_x64.sys [44264 2016-05-19] (www.ludashi.com) <==== UWAGA
    R3 ComputerZ_x64; C:\Program Files (x86)\LuDaShi\ComputerZ_x64.sys [49152 2016-06-27] (ludashi.com) <==== UWAGA
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    S4 NVHDA; system32\drivers\nvhda64v.sys [X]
    S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    2016-08-24 22:26 - 2016-08-24 22:28 - 00000000 ____D C:\AdwCleaner
    2016-08-24 21:40 - 2016-08-23 08:41 - 06765520 _____ (上饶市康格信息技术有限公司 ) C:\Users\sebastian\AppData\Roaming\AdAnti20.exe
    2016-08-24 21:40 - 2016-08-19 09:46 - 06765520 _____ (上饶市康格信息技术有限公司 ) C:\Users\sebastian\AppData\Roaming\AdAnti13.exe
    2016-08-24 21:19 - 2016-08-25 19:49 - 00000000 ____D C:\Program Files (x86)\LuDaShi
    2016-08-24 21:19 - 2016-08-25 18:33 - 00000000 ____D C:\Program Files (x86)\LDSGameCenter
    2016-08-24 21:19 - 2016-08-24 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\净广大师
    2016-08-24 21:19 - 2016-08-24 21:42 - 00000000 ____D C:\Program Files (x86)\AdAnti
    2016-08-24 21:19 - 2016-08-24 21:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
    2016-08-24 21:19 - 2016-08-24 21:20 - 00000000 ____D C:\ProgramData\{5FA389CE-5459-48c5-89B6-FBC698C826F7}.tmp
    2016-08-24 21:19 - 2016-08-24 21:19 - 00000000 ____D C:\ProgramData\{E9FF953B-C72F-4425-A10C-C0BE84AD1E3B}.tmp
    2016-08-24 21:14 - 2016-08-24 22:19 - 00000000 ____D C:\Users\sebastian\AppData\Roaming\Hemkajdoa
    2016-08-24 21:14 - 2016-08-24 22:19 - 00000000 ____D C:\Users\sebastian\AppData\Roaming\AzigcWig
    2016-08-24 21:14 - 2016-08-24 22:19 - 00000000 ____D C:\Users\sebastian\AppData\LocalLow\Company
    2016-08-24 21:14 - 2016-08-24 22:16 - 00000000 ____D C:\Program Files\AiduwbUn
    2016-08-24 21:14 - 2016-08-24 21:26 - 00000000 ____D C:\Users\sebastian\AppData\Local\app
    2016-08-24 21:14 - 2016-08-24 21:14 - 00000000 ____D C:\Users\sebastian\AppData\Local\UCBrowser
    2016-08-24 21:14 - 2016-08-24 21:14 - 00000000 ____D C:\Users\sebastian\AppData\Local\Tempfolder
    2016-08-24 21:14 - 2016-08-24 21:14 - 00000000 ____D C:\uninst
    2016-08-24 21:13 - 2016-08-24 21:24 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2016-08-24 21:12 - 2016-08-24 21:12 - 00003374 _____ C:\Windows\System32\Tasks\KuaiZip_Update
    2016-08-24 21:11 - 2016-08-24 23:20 - 00000080 _____ C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2016-08-24 21:11 - 2016-08-24 21:27 - 00000000 ____D C:\Users\sebastian\AppData\Roaming\Kuaizip
    2016-08-24 21:11 - 2016-08-24 21:11 - 00092872 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2016-08-24 21:11 - 2016-08-24 21:11 - 00000000 ____D C:\Users\sebastian\AppData\Roaming\Softlink
    2016-08-24 21:11 - 2016-08-24 21:11 - 00000000 ____D C:\Program Files\żěŃą
    2016-08-24 21:08 - 2016-08-24 22:19 - 00000000 ____D C:\Program Files (x86)\SoSoEasy
    2016-08-24 21:08 - 2016-08-24 22:19 - 00000000 ____D C:\Program Files (x86)\mpck
    2016-08-17 22:55 - 2016-08-17 23:04 - 50063360 _____ () C:\Program Files (x86)\GUT8D61.tmp
    2016-04-26 14:24 - 2016-04-26 14:24 - 0000009 ____N () C:\Users\sebastian\AppData\Roaming\a.bat
    2016-08-24 21:40 - 2016-08-19 09:46 - 6765520 _____ (上饶市康格信息技术有限公司 ) C:\Users\sebastian\AppData\Roaming\AdAnti13.exe
    2016-08-24 21:40 - 2016-08-23 08:41 - 6765520 _____ (上饶市康格信息技术有限公司 ) C:\Users\sebastian\AppData\Roaming\AdAnti20.exe
    2016-08-24 21:09 - 2016-08-24 21:09 - 7118336 _____ () C:\Users\sebastian\AppData\Roaming\agent.dat
    2010-08-28 22:43 - 2010-08-28 22:43 - 0356009 ____N () C:\Users\sebastian\AppData\Roaming\fastboot.exe
    2016-08-24 21:08 - 2016-08-24 21:07 - 0704000 _____ () C:\Users\sebastian\AppData\Roaming\FunHatfresh.exe
    2016-08-24 21:07 - 2016-08-24 21:07 - 0138240 _____ () C:\Users\sebastian\AppData\Roaming\Installer.dat
    2016-08-24 21:09 - 2016-08-24 21:09 - 0018432 _____ () C:\Users\sebastian\AppData\Roaming\Main.dat
    2016-08-24 21:08 - 2016-08-24 21:07 - 0704000 _____ () C:\Users\sebastian\AppData\Roaming\ScotTinplus.exe
    2016-08-24 21:29 - 2016-08-24 21:42 - 7616340 _____ () C:\Users\sebastian\AppData\Roaming\setup.apk
    2016-08-24 21:29 - 2016-08-24 21:42 - 0732869 _____ () C:\Users\sebastian\AppData\Roaming\xdo.zip
    2016-08-24 21:09 - 2016-02-18 10:10 - 5267952 _____ () C:\Users\sebastian\AppData\Roaming\ziptool_wc-9015_setup.exe
    2016-08-24 21:09 - 2016-06-30 09:59 - 5267952 _____ () C:\Users\sebastian\AppData\Roaming\ziptool_wc-9025_setup.exe
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw

    0
  • Pomocny post
    #3 26 Sie 2016 14:10
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 26 Sie 2016 18:33
    czarksto
    Poziom 2  

    Kolobos napisał:
    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.


    Już jest raczej all ok, ale w razie czego proszę.

    0
  • #5 26 Sie 2016 19:06
    Kolobos
    Spec od komputerów

    Nie jest ok.

    Nie pobieraj programow z dorbrychprogramow przy pomocy ich menadzera pobierania, ktory instaluje szkodliwe dodatki.

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Nowy Fixlist.txt dla FRST:
    Task: {2A4B42C4-1C43-477B-9059-39FC521A2255} - System32\Tasks\{7AD81FAF-953E-407B-81A0-548BA7394A99} => C:\Program Files\AMI\DuOS\DuOS.exe
    Task: {2B395F51-02C6-465E-9789-D1ECAE84EB7C} - System32\Tasks\Kelerlyreataing Helper => C:\Program Files (x86)\Atilecobutain\kelerlyreatainghelperCltain.exe
    Task: {945B656B-8F9E-48AD-A675-729A01AE246A} - System32\Tasks\{AB50B7C5-7DBE-4906-B360-E26765BF4AAF} => C:\Users\sebastian\Desktop\Catchem\Catchem.exe
    Task: {DF131255-B9F6-48E8-82E3-C1C243BBA99E} - System32\Tasks\{8D42F0C4-62DB-4D14-9481-2062E8A957CF} => C:\Program Files\AMI\DuOS\DuOS.exe
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    HKLM-x32\...\Run: [AdAnti] => C:\Program Files (x86)\AdAnti\AdAnti.exe /S
    HKU\S-1-5-21-207341608-2769595535-3884775656-1001\...\Run: [Seviler] => "C:\Users\sebastian\AppData\Roaming\GameLauncher\Seviler\Seviler.exe"
    HKU\S-1-5-21-207341608-2769595535-3884775656-1001\...\Run: [ComputerZ-Tray] => "C:\Program Files (x86)\LuDaShi\ComputerZTray.exe" /autorun
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll Brak pliku
    Tcpip\..\Interfaces\{3E183F0D-5BBF-42B8-A8EE-6072D7B61C4C}: [NameServer] 188.120.239.115,8.8.8.8
    S2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [X]
    S2 KuaiZipDrive; \??\C:\Windows\system32\drivers\KuaiZipDrive.sys [X]
    NETSVCx32: HpSvc -> Brak ścieżki do pliku.
    2016-08-26 02:28 - 2016-08-26 02:28 - 00000000 ____D C:\Users\sebastian\AppData\Local\Master
    2016-08-26 01:44 - 2016-08-26 01:44 - 00000000 ___HD C:\Users\sebastian\AppData\Roaming\GoldenGate
    2016-08-26 01:44 - 2016-08-26 01:44 - 00000000 ___HD C:\Users\sebastian\AppData\Roaming\Booking_helper
    2016-08-26 01:42 - 2016-08-26 01:42 - 00000000 ____D C:\Program Files (x86)\Master
    2016-08-26 01:40 - 2016-08-26 01:41 - 00997048 _____ (Ricitekape ) C:\Users\sebastian\Downloads\EasyClicker-Pro-61870-dp.exe
    2016-08-25 18:33 - 2016-08-25 18:33 - 00000000 ____D C:\Users\sebastian\AppData\Roaming\LDSGameCenter
    2016-08-25 18:31 - 2016-08-25 18:31 - 00000000 ____D C:\Users\sebastian\AppData\Roaming\DrvMgr
    2016-08-25 17:45 - 2016-08-26 07:00 - 00000000 ____D C:\Users\sebastian\AppData\Roaming\lockhomepage
    2016-08-24 21:23 - 2016-08-26 07:00 - 00000000 ____D C:\Users\sebastian\AppData\Roaming\Ludashi
    2016-08-24 21:22 - 2016-08-24 22:24 - 00000000 ____D C:\Program Files (x86)\host
    2016-08-24 21:10 - 2016-08-24 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compress
    2016-08-24 21:08 - 2016-08-24 22:53 - 00000000 ____D C:\Users\sebastian\AppData\Local\Apps\2.0
    2016-08-24 21:08 - 2016-08-24 21:08 - 00009030 _____ C:\Windows\System32\Tasks\Kelerlyreataing Helper
    2016-08-24 21:08 - 2016-08-24 21:08 - 00000000 ___HD C:\Program Files (x86)\wl1964B
    2016-08-24 21:08 - 2016-08-24 21:08 - 00000000 ____D C:\Users\sebastian\AppData\Local\anotergeckekaphanelet
    2016-08-24 21:08 - 2016-08-24 21:08 - 00000000 ____D C:\ProgramData\SoeasyHelper
    2016-08-24 21:08 - 2016-08-24 21:08 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-08-24 21:07 - 2016-08-24 22:16 - 00000000 ____D C:\Program Files (x86)\Atilecobutain
    2016-08-24 21:05 - 2016-08-24 22:19 - 00000000 ____D C:\Program Files (x86)\WebShield
    2016-08-24 21:01 - 2016-08-24 22:25 - 00000000 ____D C:\Users\sebastian\AppData\Roaming\GameLauncher
    2016-08-24 19:06 - 2016-08-24 19:06 - 00002934 _____ C:\Windows\System32\Tasks\{8D42F0C4-62DB-4D14-9481-2062E8A957CF}
    2016-08-24 19:06 - 2016-08-24 19:06 - 00002934 _____ C:\Windows\System32\Tasks\{7AD81FAF-953E-407B-81A0-548BA7394A99}
    2016-08-23 23:05 - 2016-08-24 01:40 - 00000000 ____D C:\Users\sebastian\AppData\Roaming\Kaguya
    2016-08-22 19:02 - 2016-08-22 19:04 - 00000000 ____D C:\Users\sebastian\AppData\Roaming\Corner Sunshine
    2016-08-22 19:02 - 2016-08-22 19:02 - 00000000 ____D C:\ProgramData\sozy
    2010-08-28 22:43 - 2010-08-28 22:43 - 0577335 ____N () C:\Users\sebastian\AppData\Roaming\adb.exe
    2010-08-28 22:43 - 2010-08-28 22:43 - 0096256 ____N (Google, inc) C:\Users\sebastian\AppData\Roaming\AdbWinApi.dll
    2010-08-28 22:43 - 2010-08-28 22:43 - 0060928 ____N (Google, inc) C:\Users\sebastian\AppData\Roaming\AdbWinUsbApi.dll


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0