Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Logi FRST - proszę o ich sprawdzenie

petiqus 30 Sie 2016 19:46 471 4
  • #1 30 Sie 2016 19:46
    petiqus
    Poziom 2  

    Witam. 3 dni temu udało mi się przy okazji zainstalować jakieś programy, m.in. MPC cleaner i inne chinśkie świństwa z którymi nie dam rady sobie teraz poradzić.
    Nie pomaga mi antywirus firmy ESET oraz Adwcleaner. Proszę osprawdzenie logów FRST i może komuś uda sie rozwiazac moj problem.

    0 4
  • Pomocny post
    #2 30 Sie 2016 20:34
    krzychupar
    Poziom 41  

    Odinstaluj:
    SafeFinder (HKLM-x32\...\{98C8CCCC-1EA5-4F11-9C35-1A373BB0D8AD}) (Version: 1.0.0.0 - Linkury)
    SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.23.2.4686 - Enigma Software Group, LLC)
    Uruchom z prawami administratora C:\Program Files (x86)\MPC Cleaner\uninstall.exe i odinstaluj program.

    Otwórz notatnik i wklej:
    Task: {44D1AA9D-8C4C-4AB7-B9C9-7113A171F6E6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-08-30] (Enigma Software Group USA, LLC.)
    Task: {684B89D0-A775-4655-9CAD-9904C9236E00} - System32\Tasks\{8C876CF0-89B7-448D-9DCF-86864D59C9C6} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Zoofind\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Zoofind\uninstall.dat" -a uninstallme 9D9C08C7-5C2C-482E-947B-9FF508DC8523 DeviceId=3be63f13-e5ab-a404-3d68-9d2b3bdd39b8 BarcodeId=51113011 ChannelId=11 DistributerName=APSFTuto4PC
    Task: {854859E8-0BF5-46C8-84AF-31026B3D1B06} - System32\Tasks\{861CC4D1-8C20-45B1-A2D5-267F7335133C} => pcalua.exe -a "C:\Program Files (x86)\Common Files\San-Is\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\San-Is\uninstall.dat" -a uninstallme 98C8CCCC-1EA5-4F11-9C35-1A373BB0D8AD DeviceId=3be63f13-e5ab-a404-3d68-9d2b3bdd39b8 BarcodeId=51113011 ChannelId=11 DistributerName=APSFTuto4PC
    Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
    HKU\S-1-5-21-3927561016-2938891820-2149069135-1001\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
    HKU\S-1-5-21-3927561016-2938891820-2149069135-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-3927561016-2938891820-2149069135-1001\...\MountPoints2: {5a3a4755-6e88-11e6-b0e5-0c8bfd3ef8fe} - "G:\AutoRun.exe"
    HKU\S-1-5-21-3927561016-2938891820-2149069135-1001\...\MountPoints2: {5a98e9fc-6c42-11e6-b0e4-0c8bfd3ef8fe} - "F:\AS_OMSI_V100.exe"
    HKU\S-1-5-21-3927561016-2938891820-2149069135-1001\...\MountPoints2: {e7f1b545-670d-11e6-b0d6-74867a5f0d16} - "H:\Setup.exe"
    AppInit_DLLs: C:\ProgramData\Konksolex\Itdinlax.dll => C:\ProgramData\Konksolex\Itdinlax.dll File Not Found
    AppInit_DLLs-x32: C:\ProgramData\Konksolex\Yearnix.dll => "C:\ProgramData\Konksolex\Yearnix.dll" File Not Found
    ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => No File
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => No File
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    HKU\S-1-5-21-3927561016-2938891820-2149069135-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    HKU\S-1-5-21-3927561016-2938891820-2149069135-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...x1Ayt093Cstl9PjMWdF0KXxcKHleVOtdj_JylpA5Q,&q={searchTerms}




    HKU\S-1-5-21-3927561016-2938891820-2149069135-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://%66%65%65%64.%68%65%6C%70%65%72%62%61%...lOlBAdzqAy0aYg0FYBQ_4Ixbfixez4Jh3QABd7flL2n0,,
    HKU\S-1-5-21-3927561016-2938891820-2149069135-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...x1Ayt093Cstl9PjMWdF0KXxcKHleVOtdj_JylpA5Q,&q={searchTerms}
    HKU\S-1-5-21-3927561016-2938891820-2149069135-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...x1Ayt093Cstl9PjMWdF0KXxcKHleVOtdj_JylpA5Q,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-3927561016-2938891820-2149069135-1001 -> DefaultScope {ielnksrch} URL =
    ShellExecuteHooks: - {6710C780-E20E-4C49-A87D-321850ED3D7C} - No File [ ]
    Tcpip\Parameters: [DhcpNameServer] 62.179.1.63 62.179.1.62
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1072296 2016-08-30] (Enigma Software Group USA, LLC.)
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [931160 2016-08-30] ()
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S2 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X]
    S3 MessagingService; No ImagePath
    U3 MessagingService_1da1fa4; No ImagePath
    U3 MessagingService_21af064; No ImagePath
    S3 MessagingService_240cb5c; No ImagePath
    U3 MessagingService_4615b; No ImagePath
    U3 MessagingService_4fb42; No ImagePath
    U3 MessagingService_56762; No ImagePath
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-08-27] () [File not signed]
    S2 OneSyncSvc; No ImagePath
    U2 OneSyncSvc_1da1fa4; No ImagePath
    U2 OneSyncSvc_21af064; No ImagePath
    R2 OneSyncSvc_240cb5c; No ImagePath
    U2 OneSyncSvc_4615b; No ImagePath
    U2 OneSyncSvc_4c00e; No ImagePath
    U2 OneSyncSvc_4fb42; No ImagePath
    U2 OneSyncSvc_56762; No ImagePath
    S3 PimIndexMaintenanceSvc; No ImagePath
    U3 PimIndexMaintenanceSvc_1da1fa4; No ImagePath
    U3 PimIndexMaintenanceSvc_21af064; No ImagePath
    R3 PimIndexMaintenanceSvc_240cb5c; No ImagePath
    U3 PimIndexMaintenanceSvc_4615b; No ImagePath
    U3 PimIndexMaintenanceSvc_4fb42; No ImagePath
    U3 PimIndexMaintenanceSvc_56762; No ImagePath
    S3 UnistoreSvc; No ImagePath
    U3 UnistoreSvc_1da1fa4; No ImagePath
    U3 UnistoreSvc_21af064; No ImagePath
    R3 UnistoreSvc_240cb5c; No ImagePath
    U3 UnistoreSvc_4615b; No ImagePath
    U3 UnistoreSvc_4fb42; No ImagePath
    U3 UnistoreSvc_56762; No ImagePath
    S3 UserDataSvc; No ImagePath
    U3 UserDataSvc_1da1fa4; No ImagePath
    U3 UserDataSvc_21af064; No ImagePath
    R3 UserDataSvc_240cb5c; No ImagePath
    U3 UserDataSvc_4615b; No ImagePath
    U3 UserDataSvc_4fb42; No ImagePath
    U3 UserDataSvc_56762; No ImagePath
    NETSVC: dosvc -> No ServiceDLL Path.
    NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File.
    NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File.
    NETSVCx32: HpSvc -> No ServiceDLL Path.
    2016-08-30 16:56 - 2016-08-30 16:56 - 00001586 _____ () C:\Users\Public\Desktop\UC超级返.lnk
    2016-08-30 11:46 - 2016-08-30 11:46 - 00003446 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
    2016-08-30 11:46 - 2016-08-30 11:46 - 00001134 _____ () C:\Users\Wiwent\Desktop\SpyHunter.lnk
    2016-08-30 11:46 - 2016-08-30 11:46 - 00000000 ____D () C:\Users\Wiwent\AppData\Roaming\Enigma Software Group
    2016-08-30 11:46 - 2016-08-30 11:46 - 00000000 ____D () C:\sh4ldr
    2016-08-30 11:46 - 2016-08-30 11:46 - 00000000 _____ () C:\autoexec.bat
    2016-08-30 11:44 - 2016-08-30 11:44 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Wiwent\Downloads\SpyHunter-Installer.exe
    2016-08-30 11:44 - 2016-08-30 11:44 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
    2016-08-30 11:44 - 2016-08-30 11:44 - 00000000 ____D () C:\Program Files\Enigma Software Group
    2016-08-30 10:50 - 2016-08-30 18:51 - 00002680 _____ () C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
    2016-08-27 10:24 - 2016-08-27 10:36 - 00001619 _____ () C:\Users\Wiwent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2016-08-27 10:24 - 2016-08-27 10:36 - 00000000 ____D () C:\Users\Wiwent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-08-27 10:23 - 2016-08-29 20:55 - 00000000 ____D () C:\AdwCleaner
    2016-08-27 10:14 - 2016-08-30 18:50 - 00000490 _____ () C:\WINDOWS\Tasks\UCBrowserUpdater.job
    2016-08-27 10:14 - 2016-08-27 10:14 - 07118336 _____ () C:\Users\Wiwent\AppData\Roaming\agent.dat
    2016-08-27 10:14 - 2016-08-27 10:14 - 02279413 _____ () C:\Users\Wiwent\AppData\Roaming\Lablight.bin
    2016-08-27 10:14 - 2016-08-27 10:14 - 01901886 _____ () C:\Users\Wiwent\AppData\Roaming\Refan.tst
    2016-08-27 10:14 - 2016-08-27 10:14 - 01901886 _____ () C:\Users\Wiwent\AppData\Roaming\DuoLax.tst
    2016-08-27 10:14 - 2016-08-27 10:14 - 00188578 _____ () C:\Users\Wiwent\AppData\Roaming\Zoohold.bin
    2016-08-27 10:14 - 2016-08-27 10:14 - 00188578 _____ () C:\Users\Wiwent\AppData\Roaming\Saltlight.bin
    2016-08-27 10:14 - 2016-08-27 10:14 - 00126464 _____ () C:\Users\Wiwent\AppData\Roaming\noah.dat
    2016-08-27 10:14 - 2016-08-27 10:14 - 00126464 _____ () C:\Users\Wiwent\AppData\Roaming\lobby.dat
    2016-08-27 10:14 - 2016-08-27 10:14 - 00072709 _____ () C:\Users\Wiwent\AppData\Roaming\Strongquadtex.tst
    2016-08-27 10:14 - 2016-08-27 10:14 - 00072709 _____ () C:\Users\Wiwent\AppData\Roaming\Roundstock.tst
    2016-08-27 10:14 - 2016-08-27 10:14 - 00070704 _____ () C:\Users\Wiwent\AppData\Roaming\Config.xml
    2016-08-27 10:14 - 2016-08-27 10:14 - 00054272 _____ () C:\Users\Wiwent\AppData\Roaming\ApplicationHosting.dat
    2016-08-27 10:14 - 2016-08-27 10:14 - 00018432 _____ () C:\Users\Wiwent\AppData\Roaming\Main.dat
    2016-08-27 10:14 - 2016-08-27 10:14 - 00005568 _____ () C:\Users\Wiwent\AppData\Roaming\md.xml
    2016-08-27 10:13 - 2016-08-27 10:13 - 0848565 _____ () C:\Users\Wiwent\AppData\Roaming\Duoity.bin
    2016-08-27 10:14 - 2016-08-27 10:13 - 0704000 _____ () C:\Users\Wiwent\AppData\Roaming\DuoLax.exe
    2016-08-27 10:13 - 2016-08-27 10:13 - 0848565 _____ () C:\Users\Wiwent\AppData\Roaming\Geo-Ex.bin
    2016-08-27 10:13 - 2016-08-27 10:13 - 0020304 _____ () C:\Users\Wiwent\AppData\Roaming\InstallationConfiguration.xml
    2016-08-27 10:13 - 2016-08-27 10:13 - 0138240 _____ () C:\Users\Wiwent\AppData\Roaming\Installer.dat
    2016-08-27 10:14 - 2016-08-27 10:13 - 0704000 _____ () C:\Users\Wiwent\AppData\Roaming\Refan.exe
    2016-08-27 10:14 - 2016-08-27 10:14 - 1901886 _____ () C:\Users\Wiwent\AppData\Roaming\Refan.tst
    2016-08-27 10:14 - 2016-08-27 10:13 - 0704000 _____ () C:\Users\Wiwent\AppData\Roaming\Roundstock.exe
    2016-08-27 10:14 - 2016-08-27 10:14 - 0188578 _____ () C:\Users\Wiwent\AppData\Roaming\Saltlight.bin
    2016-08-27 10:14 - 2016-08-27 10:13 - 0704000 _____ () C:\Users\Wiwent\AppData\Roaming\Strongquadtex.exe
    2016-08-27 10:14 - 2016-08-27 10:14 - 0072709 _____ () C:\Users\Wiwent\AppData\Roaming\Strongquadtex.tst
    2016-08-27 10:14 - 2016-08-27 10:15 - 0032038 _____ () C:\Users\Wiwent\AppData\Roaming\uninstall_temp.ico
    2016-08-27 10:12 - 2016-02-18 10:10 - 5267952 _____ () C:\Users\Wiwent\AppData\Roaming\ziptool_wc-9015_setup.exe
    2016-08-27 10:14 - 2016-08-27 10:14 - 0188578 _____ () C:\Users\Wiwent\AppData\Roaming\Zoohold.bin
    2016-08-27 10:14 - 2016-08-27 10:14 - 00003510 _____ () C:\WINDOWS\System32\Tasks\UCBrowserUpdater
    2016-08-27 10:14 - 2016-08-27 10:14 - 00000000 ____D () C:\Users\Wiwent\AppData\Local\UCBrowser
    2016-08-27 10:14 - 2016-08-27 10:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
    2016-08-27 10:14 - 2016-08-27 10:14 - 00000000 ____D () C:\Program Files\żěŃą
    2016-08-27 10:03 - 2016-08-27 12:16 - 00000000 ____D () C:\Program Files (x86)\sbqh
    2016-08-27 10:03 - 2016-08-27 12:16 - 00000000 ____D () C:\Program Files (x86)\MPC Cleaner
    2016-08-27 10:03 - 2016-08-27 10:03 - 00060136 ____N () C:\WINDOWS\system32\Drivers\MPCKpt.sys
    2016-08-27 10:15 - 2016-08-27 10:15 - 2279413 _____ () C:\Users\Wiwent\AppData\Roaming\Alpha-Stock.bin
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw

    0
  • Pomocny post
    #3 30 Sie 2016 20:39
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #5 31 Sie 2016 12:51
    Kolobos
    Spec od komputerów

    Odinstaluj:
    SafeFinder
    youndoo - Uninstall

    Fixlist.txt dla FRST:
    Task: {5D848125-B266-4E68-B535-54C05145F7FF} - \UCBrowserUpdater No Task File <==== ATTENTION
    Task: {E003FCB1-0C24-4CDB-87E6-037FDAF39843} - \UCBrowserUpdaterCore No Task File <==== ATTENTION
    AlternateDataStreams: C:\Program Files\Microsoft Office:Win32App_1
    AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\HP:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Microsoft.NET:Win32App_1
    AlternateDataStreams: C:\Program Files\Common Files\Autodesk Shared:Win32App_1
    AlternateDataStreams: C:\Program Files\Common Files\DESIGNER:Win32App_1
    AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
    AlternateDataStreams: C:\ProgramData\Autodesk:Win32App_1
    AlternateDataStreams: C:\ProgramData\HP:Win32App_1
    AlternateDataStreams: C:\ProgramData\HP Photo Creations:Win32App_1
    AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
    S2 MPCProtectService; "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe" [X]
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-08-27] () [File not signed]
    S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
    2016-08-27 10:23 - 2016-08-27 10:23 - 00000000 ____D () C:\ProgramData\sozy
    2016-08-27 10:16 - 2016-08-27 12:16 - 00000000 ____D () C:\Program Files\ktip
    2016-08-27 10:15 - 2016-08-27 10:15 - 00092872 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2016-08-27 10:15 - 2016-08-27 10:15 - 00000884 _____ () C:\Users\Wiwent\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2016-08-27 10:14 - 2016-08-27 10:14 - 00000000 ____D () C:\Program Files (x86)\LDSGameCenter
    2016-08-27 10:14 - 2016-08-23 09:58 - 00081792 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
    2016-08-27 10:13 - 2016-08-30 16:51 - 00000000 ____D () C:\Program Files (x86)\UCBrowser
    2016-08-27 10:13 - 2016-08-27 10:29 - 00000000 ____D () C:\Program Files (x86)\LuDaShi
    2016-08-27 10:10 - 2016-08-27 12:16 - 00000000 ____D () C:\Program Files\SpaceSoundPro
    2016-08-27 10:10 - 2016-08-27 11:26 - 00000000 ____D () C:\Program Files\AiduwbUn
    2016-08-27 10:10 - 2016-08-27 10:10 - 00000000 ____D () C:\Program Files\Aiduwb
    2016-08-27 10:09 - 2016-08-27 10:29 - 00000000 ____D () C:\Users\Wiwent\AppData\Local\Apps\2.0
    2016-08-27 10:09 - 2016-08-27 10:09 - 00000000 _____ () C:\WINDOWS\SysWOW64\Number of results
    2016-08-27 10:03 - 2016-08-27 12:16 - 00000000 ____D () C:\Program Files (x86)\MPC Cleaner
    2016-08-27 10:03 - 2016-08-27 10:03 - 00060136 _____ () C:\WINDOWS\system32\Drivers\MPCKpt.sys
    2016-08-27 10:02 - 2016-08-27 10:02 - 00009044 _____ () C:\WINDOWS\System32\Tasks\Namudomvinerght Reports
    2016-08-27 10:02 - 2016-08-27 10:02 - 00000000 ____D () C:\Users\Wiwent\AppData\Local\hidughtarijugecoerjoch
    2016-08-27 10:01 - 2016-08-27 11:31 - 00000000 ____D () C:\Program Files (x86)\Clsuyvertoph


    Uruchom frst z poziomu WinRe i ponownie wykonaj podany Fixlist.
    http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartuj%C4%85cych-windows/

    0