Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chiński wirus? Nic nie pomaga

czekolada189 11 Wrz 2016 13:53 1062 9
  • #1 11 Wrz 2016 13:53
    czekolada189
    Poziom 3  

    Witam, od niedawna na moim komputerze dzieje się coś dziwnego. Strony internetowe same się wyświetlają i do tego jakiś chiński program. Mam antywirusa (McAfee). ale on nie może usunąć niektórych potencjalnie zainfekowanych plików. Robiłam skan przez AdwCleaner ale on nie może usunąć plików, bo za każdym razem komputer mi się zacina. Proszę o instrukcję krok po kroku jak dla przedszkolaka, ponieważ nie znam się na komputerach za bardzo.

    Moderowany przez Mirek Z.:

    Pisownię postu poprawiłem (brakujące wielkie litery). https://www.elektroda.pl/rtvforum/faq.php - p.3.1.13.

    1 9
  • #4 11 Wrz 2016 14:53
    krzychupar
    Poziom 39  

    Odinstaluj:
    MPC Cleaner (HKLM-x32\...\MPC) (Version: - DotC United Inc) <==== UWAGA
    SpaceSoundPro (HKLM\...\SpaceSoundPro) (Version: 1.0 - ) <==== UWAGA
    sunnyday version 1.1 (HKLM-x32\...\sunnyday_is1) (Version: 1.1 - sunnyday) <==== UWAGA

    Uruchom frst z poziomu WinRe:
    http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujących-windows/

    Wykonaj tam taki Fixlist.txt:
    Otwórz notatnik systemowy i wklej:
    Task: {0BB3E11B-78C1-4D42-9E33-9D06E7836176} - System32\Tasks\Opera scheduled Autoupdate 1471202964 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-05] (Opera Software)
    Task: {2372303E-F0BC-4570-B96E-FBB071563599} - System32\Tasks\{6F3B5C6C-BE0B-482C-8F84-9CA96F2589DB} => pcalua.exe -a "C:\Program Files (x86)\sunnyday\uninstaller.exe"
    Task: {860DF298-9889-47D8-AE30-BEBBEECFF865} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-08-02] (UCWeb Inc) <==== UWAGA
    Task: {E24B1CFB-A45D-4272-B74C-2D31427E1D36} - System32\Tasks\{A548011B-F2E2-4B82-894E-E4EC2BE569B0} => pcalua.exe -a "C:\Program Files (x86)\360\360Safe\uninst.exe"
    Task: {E921DFD0-035A-4D4A-B13B-3D1E2F846BBA} - System32\Tasks\KuaiZip_Update => C:\Program Files\żěŃą\X86\Update.exe [2016-09-07] (Shanghai Guangle Network Technology Ltd
    ) <==== UWAGA
    Task: {EE5F22A9-69B4-492A-8835-421CC7026F4E} - System32\Tasks\psv_Vilafan => /c regedit.exe /s "C:\ProgramData\Holdtam\Domflex.reg" &amp; del "C:\ProgramData\Holdtam\Domflex.reg" &amp; SCHTASKS /Delete /TN "psv_Vilafan" /F <==== UWAGA
    Task: {F082A3B4-566E-43AA-890F-986DE6AF2F10} - System32\Tasks\{0C639510-EF55-4AB7-AAC5-6BAF67B61C1C} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Goldensoft\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Goldensoft\uninstall.dat" -a uninstallme 840D7C45-FD20-4310-BC8B-2DF44A400213 DeviceId=5dbb60f1-871c-1a10-ccd0-0a75a6dcad51 BarcodeId=51129011 ChannelId=11 DistributerName=APSFSWAds
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Klaudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1472905361&a=1079160&src=sh&uuid=b47c412c-d79b-46bb-874e-0a4794a5a8b8"
    ShortcutWithArgument: C:\Users\Public\Desktop\WPS Office.lnk -> C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5657\office6\launcher.exe (Zhuhai Kingsoft Office Software Co.,Ltd) -> "hxxp://safesurfs.net/?ssid=1472905361&a=1079160&src=sh&uuid=b47c412c-d79b-46bb-874e-0a4794a5a8b8"




    Hosts:
    HKLM-x32\...\Run: [win_en_77] => [X]
    HKLM-x32\...\Run: [sun21] => [X]
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\...\MountPoints2: {e0f90419-7528-11e6-9bda-80a589625d1c} - "F:\AutoRun.exe"
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\...\MountPoints2: {ef960e4b-557d-11e6-9bd3-80a589625d1c} - "H:\AutoRun.exe"
    AppInit_DLLs: C:\ProgramData\Holdtam\Vilatam.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Holdtam\Cofjob.dll => Brak pliku
    ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => C:\Program Files\ZipTool\JZipExt.dll [2015-11-30] ()
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2016-09-07] ()
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...IovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...IovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...IovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...IovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-101405689-715440400-2047377668-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...IovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-101405689-715440400-2047377668-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-101405689-715440400-2047377668-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...IovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    CHR StartupUrls: dtithershboyjerotion -> "search.mpc.am"
    CHR DefaultSearchURL: dtithershboyjerotion -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
    CHR DefaultSearchKeyword: dtithershboyjerotion -> MPC Safe Search
    CHR DefaultSuggestURL: dtithershboyjerotion -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-101405689-715440400-2047377668-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    R2 HpSvc; c:\program files (x86)\ludashi\lpi\HpSvc.dll [239016 2016-07-21] () <==== UWAGA
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [355808 2016-09-03] (DotC United Inc) <==== UWAGA
    R2 ziphost; c:\program files\ziptool\ziphost.dll [114080 2015-11-30] () <==== UWAGA
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    R2 ComputerZLock; C:\Program Files (x86)\LuDaShi\ComputerZLock_x64.sys [44264 2016-05-19] (www.ludashi.com) <==== UWAGA
    S3 ComputerZ_x64; C:\Program Files (x86)\LuDaShi\ComputerZ_x64.sys [49152 2016-06-27] (ludashi.com) <==== UWAGA
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-09-03] (DotC United Inc) <==== UWAGA
    R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== UWAGA
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    2016-09-10 22:24 - 2016-09-11 11:48 - 00001855 _____ C:\Users\Public\Desktop\MPC Desktop.lnk
    2016-09-10 22:24 - 2016-09-11 11:48 - 00001848 _____ C:\Users\Public\Desktop\MPC AdCleaner.lnk
    2016-09-10 22:24 - 2016-09-11 11:48 - 00001800 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-09-10 21:56 - 2016-09-11 14:01 - 00000000 ____D C:\AdwCleaner
    2016-09-07 20:51 - 2016-09-07 20:51 - 00000000 ____D C:\Users\Klaudia\AppData\Local\tuto_monetize_120160907
    2016-09-07 20:51 - 2016-09-07 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
    2016-09-07 20:51 - 2016-09-07 20:51 - 00000000 ____D C:\Program Files\żěŃą
    2016-09-07 20:51 - 2016-09-07 20:51 - 00000000 ____D C:\Program Files (x86)\LDSGameCenter
    2016-09-07 20:29 - 2016-09-07 20:29 - 00003318 _____ C:\Windows\System32\Tasks\psv_Vilafan
    2016-09-07 20:29 - 2016-09-07 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
    2016-09-07 20:29 - 2016-09-07 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
    2016-09-03 15:07 - 2016-09-10 16:50 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-09-03 15:07 - 2016-09-03 15:07 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-09-03 14:32 - 2015-12-29 06:10 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-09-03 14:24 - 2016-09-03 14:24 - 7085568 _____ () C:\Users\Klaudia\AppData\Roaming\agent.dat
    2016-09-03 14:23 - 2016-09-03 14:23 - 0054272 _____ () C:\Users\Klaudia\AppData\Roaming\ApplicationHosting.dat
    2016-09-03 14:24 - 2016-09-03 14:24 - 0070704 _____ () C:\Users\Klaudia\AppData\Roaming\Config.xml
    2016-09-03 14:23 - 2016-09-03 14:23 - 0018432 _____ () C:\Users\Klaudia\AppData\Roaming\InstallationConfiguration.xml
    2016-09-03 14:23 - 2016-09-03 14:23 - 0138240 _____ () C:\Users\Klaudia\AppData\Roaming\Installer.dat
    2016-09-03 14:23 - 2016-09-03 14:23 - 0707072 _____ () C:\Users\Klaudia\AppData\Roaming\Jaytax.exe
    2016-09-03 14:23 - 2016-09-03 14:23 - 0072711 _____ () C:\Users\Klaudia\AppData\Roaming\Jaytax.tst
    2016-09-03 14:23 - 2016-09-03 14:23 - 0126464 _____ () C:\Users\Klaudia\AppData\Roaming\lobby.dat
    2016-09-03 14:24 - 2016-09-03 14:24 - 0018432 _____ () C:\Users\Klaudia\AppData\Roaming\Main.dat
    2016-09-03 14:23 - 2016-09-03 14:24 - 0005568 _____ () C:\Users\Klaudia\AppData\Roaming\md.xml
    2016-09-03 14:24 - 2016-09-03 14:24 - 0126464 _____ () C:\Users\Klaudia\AppData\Roaming\noah.dat
    2016-09-03 14:24 - 2016-09-03 14:23 - 0707072 _____ () C:\Users\Klaudia\AppData\Roaming\Solo-Kix.exe
    2016-09-03 14:24 - 2016-09-03 14:24 - 1904462 _____ () C:\Users\Klaudia\AppData\Roaming\Solo-Kix.tst
    2016-08-14 18:12 - 2016-09-11 11:51 - 0000165 _____ () C:\Users\Klaudia\AppData\Roaming\sp_data.sys
    2016-09-03 14:24 - 2016-09-03 14:24 - 0032038 _____ () C:\Users\Klaudia\AppData\Roaming\uninstall_temp.ico
    2016-07-22 20:10 - 2016-07-22 20:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #5 11 Wrz 2016 14:58
    Kolobos
    Spec od komputerów

    Widze, ze @krzychupar juz napisal (i jak zwykle pominal sporo..), ale i tak wykonaj rowniez to co podalem.


    Odinstaluj (o ile sie uda):
    MPC Cleaner
    SpaceSoundPro
    sunnyday version 1.1

    Przejdz do katalogu (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\ i uruchom uninstall z prawami administratora.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {0BB3E11B-78C1-4D42-9E33-9D06E7836176} - System32\Tasks\Opera scheduled Autoupdate 1471202964 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-05] (Opera Software)
    Task: {2372303E-F0BC-4570-B96E-FBB071563599} - System32\Tasks\{6F3B5C6C-BE0B-482C-8F84-9CA96F2589DB} => pcalua.exe -a "C:\Program Files (x86)\sunnyday\uninstaller.exe"
    Task: {860DF298-9889-47D8-AE30-BEBBEECFF865} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-08-02] (UCWeb Inc) <==== UWAGA
    Task: {D0159D38-973A-436B-9FB0-718F95049D0C} - System32\Tasks\{7802BBF4-3A01-4BB7-A4BA-ED79B409C64A} => launchwinapp.exe hxxp://www.skype.com/go/downloading?source=li...mp;amp;ver=7.26.0.101&amp;LastError=12002
    Task: {E24B1CFB-A45D-4272-B74C-2D31427E1D36} - System32\Tasks\{A548011B-F2E2-4B82-894E-E4EC2BE569B0} => pcalua.exe -a "C:\Program Files (x86)\360\360Safe\uninst.exe"
    Task: {E921DFD0-035A-4D4A-B13B-3D1E2F846BBA} - System32\Tasks\KuaiZip_Update => C:\Program Files\żěŃą\X86\Update.exe [2016-09-07] (Shanghai Guangle Network Technology Ltd) <==== UWAGA
    Task: {EE5F22A9-69B4-492A-8835-421CC7026F4E} - System32\Tasks\psv_Vilafan => /c regedit.exe /s "C:\ProgramData\Holdtam\Domflex.reg" &amp; del "C:\ProgramData\Holdtam\Domflex.reg" &amp; SCHTASKS /Delete /TN "psv_Vilafan" /F <==== UWAGA
    Task: {F082A3B4-566E-43AA-890F-986DE6AF2F10} - System32\Tasks\{0C639510-EF55-4AB7-AAC5-6BAF67B61C1C} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Goldensoft\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Goldensoft\uninstall.dat" -a uninstallme 840D7C45-FD20-4310-BC8B-2DF44A400213 DeviceId=5dbb60f1-871c-1a10-ccd0-0a75a6dcad51 BarcodeId=51129011 ChannelId=11 DistributerName=APSFSWAds
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Klaudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1472905361&a=1079160&src=sh&uuid=b47c412c-d79b-46bb-874e-0a4794a5a8b8"
    ShortcutWithArgument: C:\Users\Public\Desktop\WPS Office.lnk -> C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5657\office6\launcher.exe (Zhuhai Kingsoft Office Software Co.,Ltd) -> "hxxp://safesurfs.net/?ssid=1472905361&a=1079160&src=sh&uuid=b47c412c-d79b-46bb-874e-0a4794a5a8b8"
    2015-07-02 17:12 - 2015-07-02 17:12 - 01927680 _____ () C:\Program Files\SpaceSoundPro\SpaceSoundPro.dll
    2016-09-03 14:32 - 2016-09-03 14:32 - 00180740 _____ () C:\Users\MS.Default\Helper.4\Helper44.exe
    2016-09-03 14:32 - 2016-09-03 14:32 - 00180740 _____ () C:\Users\MS.Default\Helper.5\Helper55.exe
    2016-09-03 14:32 - 2016-09-03 14:32 - 00180740 _____ () C:\Users\MS.Default\Helper.3\Helper33.exe
    2016-09-07 20:50 - 2016-09-07 20:51 - 04281344 _____ () C:\Program Files (x86)\sunnyday\wincom_NDD.exe
    2016-09-07 21:10 - 2016-09-07 21:10 - 04281344 _____ () C:\Program Files (x86)\sunnyday\wincom_TEM.exe
    Hosts:
    () C:\Program Files (x86)\SOEasy.3\SSoEasyySvc3.exe
    () C:\Program Files (x86)\SOEasy.4\SSoEasyySvc4.exe
    () C:\Program Files (x86)\SOEasy.5\SSoEasyySvc5.exe
    () C:\Users\MS.Default\Helper.4\Helper44.exe
    () C:\Users\MS.Default\Helper.5\Helper55.exe
    () C:\Users\MS.Default\Helper.3\Helper33.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Space Sound Pro) C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe
    () C:\Program Files (x86)\EasyHotspot\idsccom_Z7P.exe
    () C:\Program Files (x86)\sunnyday\wincom_NDD.exe
    () C:\Program Files (x86)\sunnyday\wincom_TEM.exe
    (© 2015 Microsoft Corporation) C:\Users\Klaudia\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    () C:\Program Files (x86)\sunnyday\wincom_TEM.exe
    () C:\Program Files (x86)\sunnyday\wincom_TEM.exe
    () C:\Program Files (x86)\sunnyday\wincom_TEM.exe
    () C:\Users\Klaudia\AppData\Local\Microsoft\Windows\INetCache\IE\2RETBB9Y\AdwCleaner.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exeowiązany plik nie zostanie przeniesiony.)
    HKLM\...\Run: [SpaceSoundPro] => C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe [4203520 2015-08-03] (Space Sound Pro)
    HKLM\...\Run: [IDSCCOMZ7P] => C:\Program Files (x86)\EasyHotspot\idsccom_Z7P.exe [4281344 2016-09-07] ()
    HKLM\...\Run: [WINCOMNDD] => C:\Program Files (x86)\sunnyday\wincom_NDD.exe [4281344 2016-09-07] ()
    HKLM\...\Run: [WINCOMTEM] => C:\Program Files (x86)\sunnyday\wincom_TEM.exe [4281344 2016-09-07] ()
    HKLM-x32\...\Run: [app] => C:\Program Files (x86)\sbqh\uc.exe [221246 2016-09-05] ( )
    HKLM-x32\...\Run: [win_en_77] => [X]
    HKLM-x32\...\Run: [DiskPower] => C:\Program Files (x86)\DPower\DiskPower.exe [210432 2016-07-21] ()
    HKLM-x32\...\Run: [AdAnti] => C:\Program Files (x86)\AdAnti\AdAnti.exe [4334016 2016-08-31] ()
    HKLM-x32\...\Run: [sun21] => [X]
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\...\Run: [BingSvc] => C:\Users\Klaudia\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\...\Run: [ComputerZ-Tray] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe [2976680 2016-08-24] ()
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\...\Run: [apphide] => C:\Program Files (x86)\sbqh\uc.exe [221246 2016-09-05] ( )
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\...\MountPoints2: {e0f90419-7528-11e6-9bda-80a589625d1c} - "F:\AutoRun.exe"
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\...\MountPoints2: {ef960e4b-557d-11e6-9bd3-80a589625d1c} - "H:\AutoRun.exe"
    AppInit_DLLs: C:\ProgramData\Holdtam\Vilatam.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Holdtam\Cofjob.dll => Brak pliku
    ShellIconOverlayIdentifiers: [JzShlobj] -> {7B286609-DA97-47E1-AC6B-33B8B4732C95} => C:\Program Files\ZipTool\JZipExt.dll [2015-11-30] ()
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2016-09-07] ()
    Tcpip\..\Interfaces\{0f25590e-7c3d-4efb-821a-f9c978c79a29}: [DhcpNameServer] 172.30.1.1
    ManualProxies: 0hxxp://nonblock.net/wpad.dat?c5da0739e53c03e63f973e3ef6e879a815673623
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...TTSx0hlJd7sYyxnjBYf8lz6SF9An483v0MOEQHrPhG7M-
    NtW327frb5QbmbPgdO4KnhPsnna0ZfhYViaT1NhjtIovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?
    p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptWOdoJuBKikp4x5ACvRMx-rPtpHbSXX-5TTSx0hlJd7sYyxnjBYf8lz6SF9An483v0MOEQHrPhG7M-
    NtW327frb5QbmbPgdO4KnhPsnna0ZfhYViaT1NhjtIovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?
    p=mKO_AwFzXIpYRaHdGKBVRmzv2pJwNObeR_98Utx3C8ptWOdoJuBKikp4x5ACvRMx-rPtpHbSXX-5TTSx0hlJd7sYyxnjBYf8lz6SF9An483v0MOEQHrPhG7M-
    NtW327frb5QbmbPgdO4KnhPsnna0ZfhYViaT1NhjtIovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    HKU\S-1-5-21-101405689-715440400-2047377668-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...IovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-101405689-715440400-2047377668-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...IovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-101405689-715440400-2047377668-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-101405689-715440400-2047377668-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...IovgQTlcwZS2Dq8gD62h3HFcvN0uJ5UbBrcGp8&q={searchTerms}
    CHR HomePage: dtithershboyjerotion -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl
    CHR StartupUrls: dtithershboyjerotion -> "search.mpc.am"
    CHR DefaultSearchURL: dtithershboyjerotion -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
    CHR DefaultSearchKeyword: dtithershboyjerotion -> MPC Safe Search
    CHR DefaultSuggestURL: dtithershboyjerotion -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-101405689-715440400-2047377668-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] -
    hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    R2 BSSoEasySvc3; C:\Program Files (x86)\SOEasy.3\SSoEasyySvc3.exe [180740 2016-09-03] () [Brak podpisu cyfrowego]
    R2 BSSoEasySvc4; C:\Program Files (x86)\SOEasy.4\SSoEasyySvc4.exe [180740 2016-09-03] () [Brak podpisu cyfrowego]
    R2 BSSoEasySvc5; C:\Program Files (x86)\SOEasy.5\SSoEasyySvc5.exe [180740 2016-09-03] () [Brak podpisu cyfrowego]
    R2 HpSvc; c:\program files (x86)\ludashi\lpi\HpSvc.dll [239016 2016-07-21] () <==== UWAGA
    R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219072 2016-09-07] ()
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [355808 2016-09-03] (DotC United Inc) <==== UWAGA
    R2 ziphost; c:\program files\ziptool\ziphost.dll [114080 2015-11-30] () <==== UWAGA
    R2 ZSHelper33; C:\Users\MS.Default\Helper.3\Helper33.exe [180740 2016-09-03] () [Brak podpisu cyfrowego]
    R2 ZSHelper44; C:\Users\MS.Default\Helper.4\Helper44.exe [180740 2016-09-03] () [Brak podpisu cyfrowego]
    R2 ZSHelper55; C:\Users\MS.Default\Helper.5\Helper55.exe [180740 2016-09-03] () [Brak podpisu cyfrowego]
    R2 ComputerZLock; C:\Program Files (x86)\LuDaShi\ComputerZLock_x64.sys [44264 2016-05-19] (www.ludashi.com) <==== UWAGA
    S3 ComputerZ_x64; C:\Program Files (x86)\LuDaShi\ComputerZ_x64.sys [49152 2016-06-27] (ludashi.com) <==== UWAGA
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-09-03] (DotC United Inc) <==== UWAGA
    R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== UWAGA
    R1 ZipProtect; c:\program files\ziptool\ZipProtect64.sys [886512 2015-12-14] ()
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    NETSVCx32: HpSvc -> C:\program files (x86)\ludashi\lpi\HpSvc.dll ()
    2016-09-11 11:48 - 2016-09-11 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-09-10 22:24 - 2016-09-11 11:48 - 00001855 _____ C:\Users\Public\Desktop\MPC Desktop.lnk
    2016-09-10 22:24 - 2016-09-11 11:48 - 00001848 _____ C:\Users\Public\Desktop\MPC AdCleaner.lnk
    2016-09-10 22:24 - 2016-09-11 11:48 - 00001800 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-09-10 21:56 - 2016-09-11 14:01 - 00000000 ____D C:\AdwCleaner
    2016-09-10 17:01 - 2016-09-10 17:01 - 00001739 _____ C:\Users\Klaudia\Desktop\spacesoundpro.lnk
    2016-09-10 16:59 - 2016-09-10 16:59 - 00003748 _____ C:\Windows\System32\Tasks\{0C639510-EF55-4AB7-AAC5-6BAF67B61C1C}
    2016-09-07 22:18 - 2016-09-07 22:18 - 08249608 _____ (McAfee, Inc.) C:\Users\Klaudia\Downloads\Setup_serial_CqGtOxFti7H-6Wioqh50eg2_key (1).exe
    2016-09-07 21:12 - 2016-09-11 14:01 - 00000492 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2016-09-07 21:12 - 2016-09-07 21:12 - 00003514 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2016-09-07 21:02 - 2016-09-07 21:03 - 00000000 ____D C:\Program Files (x86)\AdAnti
    2016-09-07 20:53 - 2016-09-07 20:53 - 00003566 _____ C:\Windows\System32\Tasks\KuaiZip_Update
    2016-09-07 20:53 - 2016-09-07 20:53 - 00000000 ____D C:\Users\Klaudia\AppData\Local\UCBrowser
    2016-09-07 20:53 - 2016-08-02 15:37 - 00081792 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\ucguard.sys
    2016-09-07 20:52 - 2016-09-11 11:49 - 00000000 ____D C:\Users\Klaudia\AppData\Roaming\Ludashi
    2016-09-07 20:52 - 2016-09-07 20:53 - 00000000 ____D C:\Users\Klaudia\AppData\Roaming\lockhomepage
    2016-09-07 20:51 - 2016-09-07 20:51 - 00000000 ____D C:\Users\Klaudia\AppData\Local\tuto_monetize_120160907
    2016-09-07 20:51 - 2016-09-07 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
    2016-09-07 20:51 - 2016-09-07 20:51 - 00000000 ____D C:\Program Files\żěŃą
    2016-09-07 20:51 - 2016-09-07 20:51 - 00000000 ____D C:\Program Files (x86)\LDSGameCenter
    2016-09-07 20:49 - 2016-09-10 18:09 - 00000000 ____D C:\Program Files (x86)\sunnyday
    2016-09-07 20:49 - 2016-09-10 17:54 - 00000000 ____D C:\Program Files (x86)\host
    2016-09-07 20:49 - 2016-09-10 17:52 - 00000000 ____D C:\Program Files (x86)\DPower
    2016-09-07 20:49 - 2016-09-10 16:54 - 00000000 ____D C:\Program Files (x86)\LuDaShi
    2016-09-07 20:49 - 2016-09-07 21:11 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2016-09-07 20:49 - 2016-09-07 20:50 - 00000000 ____D C:\ProgramData\{1FD0A724-FAA1-4ea9-86E8-4789CAAEDF4B}.tmp
    2016-09-07 20:46 - 2016-09-11 14:04 - 00000000 ____D C:\Users\Klaudia\AppData\Roaming\Kuaizip
    2016-09-07 20:46 - 2016-09-07 20:46 - 00092872 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2016-09-07 20:46 - 2016-09-07 20:46 - 00000000 ____D C:\Users\Klaudia\AppData\Roaming\Softlink
    2016-09-07 20:43 - 2016-09-07 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Compress
    2016-09-07 20:41 - 2016-09-07 20:42 - 00000000 ____D C:\Program Files\ZipTool
    2016-09-07 20:39 - 2016-09-07 20:39 - 00000000 ____D C:\Users\Klaudia\AppData\Local\csdi_monetize_120160907
    2016-09-07 20:37 - 2016-09-10 20:30 - 00000000 ____D C:\Program Files\Caster
    2016-09-07 20:37 - 2016-09-10 17:52 - 00000000 ____D C:\Program Files (x86)\EasyHotspot
    2016-09-07 20:37 - 2016-09-07 20:37 - 00000000 ____D C:\Users\Klaudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
    2016-09-07 20:37 - 2016-09-07 20:37 - 00000000 ____D C:\Users\Klaudia\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2016-09-07 20:36 - 2016-09-10 20:30 - 00000000 ____D C:\Program Files\SpaceSoundPro
    2016-09-07 20:36 - 2016-09-10 18:09 - 00000000 ____D C:\Program Files (x86)\sbqh
    2016-09-07 20:36 - 2016-09-10 17:05 - 00000000 ____D C:\Users\Klaudia\AppData\Local\Apps\2.0
    2016-09-07 20:36 - 2016-09-07 20:36 - 00000000 ____D C:\Users\Klaudia\AppData\Roaming\UPUpdata
    2016-09-07 20:35 - 2016-09-07 20:35 - 00000000 ____D C:\Users\Klaudia\AppData\Roaming\MCorp
    2016-09-07 20:29 - 2016-09-07 20:29 - 00003318 _____ C:\Windows\System32\Tasks\psv_Vilafan
    2016-09-07 20:29 - 2016-09-07 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
    2016-09-07 20:29 - 2016-09-07 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
    2016-09-07 20:14 - 2016-09-07 20:14 - 08249608 _____ (McAfee, Inc.) C:\Users\Klaudia\Downloads\Setup_serial_RTNdcj2OauaYDFcKA4yDhw2_key.exe
    2016-09-03 15:07 - 2016-09-10 16:50 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-09-03 15:07 - 2016-09-03 15:07 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-09-03 14:59 - 2016-09-03 14:59 - 00000000 ____D C:\Program Files\YhidUn
    2016-09-03 14:59 - 2016-09-03 14:59 - 00000000 ____D C:\Program Files\Yhid
    2016-09-03 14:32 - 2016-09-03 14:33 - 00000000 ___HD C:\Program Files (x86)\SOEasy.3
    2016-09-03 14:32 - 2016-09-03 14:32 - 00000000 ___HD C:\Users\MS.Default\Helper.5
    2016-09-03 14:32 - 2016-09-03 14:32 - 00000000 ___HD C:\Users\MS.Default\Helper.4
    2016-09-03 14:32 - 2016-09-03 14:32 - 00000000 ___HD C:\Users\MS.Default\Helper.3
    2016-09-03 14:32 - 2016-09-03 14:32 - 00000000 ___HD C:\Program Files (x86)\SOEasy.5
    2016-09-03 14:32 - 2016-09-03 14:32 - 00000000 ___HD C:\Program Files (x86)\SOEasy.4
    2016-09-03 14:32 - 2016-09-03 14:32 - 00000000 ____D C:\Users\Klaudia\AppData\Local\batosparercultfemipy
    2016-09-03 14:31 - 2016-09-07 20:28 - 00000000 ____D C:\Program Files (x86)\Chorerentkzaty
    2016-09-03 14:27 - 2016-09-03 16:29 - 00000000 ____D C:\Program Files (x86)\B4D10559-1472905626-2A4F-8C05-CD02C56CF187
    2016-09-03 14:25 - 2016-09-03 14:25 - 00000000 ____D C:\Users\Klaudia\AppData\Roaming\Mozilla
    2016-09-03 14:24 - 2016-09-03 14:24 - 07085568 _____ C:\Users\Klaudia\AppData\Roaming\agent.dat
    2016-09-03 14:24 - 2016-09-03 14:24 - 01904462 _____ C:\Users\Klaudia\AppData\Roaming\Solo-Kix.tst
    2016-09-03 14:24 - 2016-09-03 14:24 - 00126464 _____ C:\Users\Klaudia\AppData\Roaming\noah.dat
    2016-09-03 14:24 - 2016-09-03 14:24 - 00070704 _____ C:\Users\Klaudia\AppData\Roaming\Config.xml
    2016-09-03 14:24 - 2016-09-03 14:24 - 00018432 _____ C:\Users\Klaudia\AppData\Roaming\Main.dat
    2016-09-03 14:24 - 2016-09-03 14:24 - 00002393 _____ C:\Windows\SysWOW64\findit.xml
    2016-09-03 14:24 - 2016-09-03 14:24 - 00000000 ____D C:\ProgramData\Holdtams
    2016-09-03 14:24 - 2016-09-03 14:23 - 00707072 _____ C:\Users\Klaudia\AppData\Roaming\Solo-Kix.exe
    2016-09-03 14:23 - 2016-09-03 14:24 - 00005568 _____ C:\Users\Klaudia\AppData\Roaming\md.xml
    2016-09-03 14:23 - 2016-09-03 14:23 - 00707072 _____ C:\Users\Klaudia\AppData\Roaming\Jaytax.exe
    2016-09-03 14:23 - 2016-09-03 14:23 - 00138240 _____ C:\Users\Klaudia\AppData\Roaming\Installer.dat
    2016-09-03 14:23 - 2016-09-03 14:23 - 00126464 _____ C:\Users\Klaudia\AppData\Roaming\lobby.dat
    2016-09-03 14:23 - 2016-09-03 14:23 - 00072711 _____ C:\Users\Klaudia\AppData\Roaming\Jaytax.tst
    2016-09-03 14:23 - 2016-09-03 14:23 - 00054272 _____ C:\Users\Klaudia\AppData\Roaming\ApplicationHosting.dat
    2016-09-03 14:23 - 2016-09-03 14:23 - 00018432 _____ C:\Users\Klaudia\AppData\Roaming\InstallationConfiguration.xml
    2016-09-03 14:23 - 2016-09-03 14:23 - 00000000 ____D C:\Users\Klaudia\AppData\Roaming\SpringFiles
    2016-09-03 14:23 - 2016-09-03 14:23 - 00000000 ____D C:\ProgramData\CloudPrinter
    2016-09-03 14:24 - 2016-09-03 14:24 - 7085568 _____ () C:\Users\Klaudia\AppData\Roaming\agent.dat
    2016-09-03 14:23 - 2016-09-03 14:23 - 0054272 _____ () C:\Users\Klaudia\AppData\Roaming\ApplicationHosting.dat
    2016-09-03 14:24 - 2016-09-03 14:24 - 0070704 _____ () C:\Users\Klaudia\AppData\Roaming\Config.xml
    2016-09-03 14:23 - 2016-09-03 14:23 - 0018432 _____ () C:\Users\Klaudia\AppData\Roaming\InstallationConfiguration.xml
    2016-09-03 14:23 - 2016-09-03 14:23 - 0138240 _____ () C:\Users\Klaudia\AppData\Roaming\Installer.dat
    2016-09-03 14:23 - 2016-09-03 14:23 - 0707072 _____ () C:\Users\Klaudia\AppData\Roaming\Jaytax.exe
    2016-09-03 14:23 - 2016-09-03 14:23 - 0072711 _____ () C:\Users\Klaudia\AppData\Roaming\Jaytax.tst
    2016-09-03 14:23 - 2016-09-03 14:23 - 0126464 _____ () C:\Users\Klaudia\AppData\Roaming\lobby.dat
    2016-09-03 14:24 - 2016-09-03 14:24 - 0018432 _____ () C:\Users\Klaudia\AppData\Roaming\Main.dat
    2016-09-03 14:23 - 2016-09-03 14:24 - 0005568 _____ () C:\Users\Klaudia\AppData\Roaming\md.xml
    2016-09-03 14:24 - 2016-09-03 14:24 - 0126464 _____ () C:\Users\Klaudia\AppData\Roaming\noah.dat
    2016-09-03 14:24 - 2016-09-03 14:23 - 0707072 _____ () C:\Users\Klaudia\AppData\Roaming\Solo-Kix.exe
    2016-09-03 14:24 - 2016-09-03 14:24 - 1904462 _____ () C:\Users\Klaudia\AppData\Roaming\Solo-Kix.tst
    2016-08-14 18:12 - 2016-09-11 11:51 - 0000165 _____ () C:\Users\Klaudia\AppData\Roaming\sp_data.sys
    2016-09-03 14:24 - 2016-09-03 14:24 - 0032038 _____ () C:\Users\Klaudia\AppData\Roaming\uninstall_temp.ico
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe


    Po wykonaniu wszystkiego zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 11 Wrz 2016 15:27
    czekolada189
    Poziom 3  

    nie można jakoś prościej ? Zresetować komputer albo coś ? nie za bardzo wiem co mam robić. Kompletnie się na tym nie znam ..

    0
  • #7 11 Wrz 2016 15:31
    Kolobos
    Spec od komputerów

    Nie mozna, trzeba bylo pomyslec wczesniej i nie infekowac komputera.

    Nie musisz sie znac, zeby odinstalowac pare programow i klikac tak jak masz podane.
    Notatnik chyba umiesz uruchomic, nic wiecej nie jest tutaj wymagane.

    Zreszta zawsze mozna zapytac w razie problemow, a nie tylko pisac, ja nic nie umiem i koniec. W takim wypadku nie wiem po co piszesz na forum skoro i tak nie zamierzasz niczego wykonac...

    Od biedy mozesz uzyc przywracania systemu do wczesniejszego punktu, ale i tak bedzie trzeba usunac to wszystko.

    0
  • #9 11 Wrz 2016 15:50
    czekolada189
    Poziom 3  

    okej spokojnie spróbuje to zrobić to nie jest tak że mi się nie chce tylko ja naprawdę jestem w takich rzeczach lewa

    Dodano po 7 [minuty]:

    mam zrobić również to co podał krzychupar ??

    0
  • #10 12 Wrz 2016 01:03
    Kolobos
    Spec od komputerów

    Lepiej wykonaj tylko to co ja podalem.

    0