Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o sprawdzenie logów FRST.

rtoip14 07 Paź 2016 20:41 576 9
  • #3 08 Paź 2016 09:29
    Acorus 20
    Spec od komputerów

    Odinstaluj trotux - Uninstall. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {0998E8DA-E0ED-4F35-9462-714BFD0017CE} - System32\Tasks\MailRuUpdater => C:\Users\Neo\AppData\Local\Mail.Ru\MailRuUpdater.exe
    Task: {454AA6EE-3002-4287-9B60-F494F42C5E6A} - System32\Tasks\ComDev => C:\Users\Neo\AppData\Local\ComDev\ComDev.exe [2016-10-07] () <==== UWAGA
    ShortcutWithArgument: C:\Users\Neo\Desktop\Вoйти в Интeрнeт (2).lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://mimoran.ru/?utm_source=startlink03&utm_content=00d440c507391e2ddb4ba86eb07b63a5&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    ShortcutWithArgument: C:\Users\Neo\Desktop\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://mimoran.ru/?utm_source=startlink03&utm_content=00d440c507391e2ddb4ba86eb07b63a5&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    ShortcutWithArgument: C:\Users\Neo\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://imatiro.ru/?utm_source=startlink03&utm_content=8e28c44c896d25fe988428402c272a9f&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    ShortcutWithArgument: C:\Users\Neo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://imatiro.ru/?utm_source=startlink03&utm_content=8e28c44c896d25fe988428402c272a9f&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\...\Run: [clxpxmltyp] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416" <===== UWAGA
    HKLM\...\Providers\14gy15ov: D:\Anna\\local32spl.dll [144896 2016-09-27] ()
    HKLM\...\Providers\4gzhg1xv: D:\Origin\\local32spl.dll [144896 2016-09-27] ()
    HKLM\...\Providers\75zsk0yb: D:\ikonki 2_\local32spl.dll [144896 2016-09-27] ()
    HKLM\...\Providers\91xrom9m: D:\ikonki 2\\local32spl.dll [144896 2016-09-27] ()
    HKLM\...\Providers\de3wqfas: D:\Anna_\local32spl.dll [144896 2016-09-27] ()
    HKLM\...\Providers\iog636ni: C:\_\local32spl.dll [144896 2016-09-27] ()
    HKLM\...\Providers\lhxqubct: D:\IKONY_\local32spl.dll [144896 2016-09-27] ()
    HKLM\...\Providers\nas0f6fh: D:\Origin_\local32spl.dll [144896 2016-09-27] ()
    HKLM\...\Providers\q87nemp6: D:\IKONY\\local32spl.dll [144896 2016-09-27] ()
    HKLM\...\Providers\qlo89jm6: D:\Program Files\UDPdp\UDPnp4\\local32spl.dll [144896 2016-09-27] ()




    HKLM\...\Providers\xzpsq348: D:\Program Files\UDPdp\UDPnp4_\local32spl.dll [144896 2016-09-27] ()
    HKLM\...\Providers\zpvgjk0w: C:\\local32spl.dll [144896 2016-09-27] ()
    GroupPolicy: Ograniczenia ? <======= UWAGA
    GroupPolicy\User: Ograniczenia ? <======= UWAGA
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9a...22F49296AF75215BDFE5C6AAFE&utm_d=20160416
    FF Homepage: Mozilla\Firefox\Profiles\3ffdy5q0.default -> hxxp://granena.ru/?utm_content=31b5cebd524a9a...22F49296AF75215BDFE5C6AAFE&utm_d=20160416
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\3ffdy5q0.default -> GoSearch
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\3ffdy5q0.default\searchplugins\d38petnr.xml [2016-10-07]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\3ffdy5q0.default\searchplugins\GoSearch.xml [2016-10-07]
    R2 mrupdsrv; C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe [2187992 2016-09-23] (Mail.Ru)
    S4 AGSService; "C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe" [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    U3 ainpegj9; Brak ImagePath
    2016-10-07 17:59 - 2016-10-07 17:59 - 00000000 ____D C:\ProgramData\Mail.Ru
    2016-10-07 17:55 - 2016-10-07 17:58 - 00000000 ____D C:\AdwCleaner
    2016-10-07 17:53 - 2016-10-07 18:58 - 00000000 ____D C:\Program Files\Phafient
    2016-10-07 17:53 - 2016-10-07 17:54 - 00000000 ____D C:\Users\Neo\AppData\Local\Thipagenerit
    2016-10-07 17:53 - 2016-10-07 17:53 - 00000000 ____D C:\Users\Neo\AppData\Roaming\Ghasetion
    2016-10-07 17:48 - 2016-10-07 17:58 - 00000000 ____D C:\Program Files\Mail.Ru
    2016-10-07 14:35 - 2016-10-07 15:46 - 00063000 _____ C:\Users\Neo\AppData\Roaming\FataL_temp_font.ttf
    2016-09-26 23:34 - 2016-09-27 23:58 - 00000000 ___HD C:\Program Files\fkmbh9ix
    2016-09-26 23:34 - 2016-09-27 23:34 - 00000000 ___HD C:\Program Files\i7ga3kjm
    2016-09-26 23:32 - 2016-10-07 13:10 - 00000000 ____D C:\Program Files\Dalesthijotion
    2016-09-26 23:32 - 2016-09-26 23:35 - 00000000 ____D C:\Users\Neo\AppData\Local\Anrientjerertion
    2016-09-26 23:29 - 2016-09-26 23:29 - 00000000 ____D C:\Users\Neo\AppData\Local\Вoйти в Интeрнет
    2016-09-26 23:25 - 2016-09-26 23:25 - 00000000 ____D C:\Users\Neo\AppData\Local\Поиcк в Интeрнете
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

    0
  • #4 08 Paź 2016 09:49
    Kolobos
    Spec od komputerów

    Po wykonaniu wszystkiego zamiesc nowe logi z FRST ze skanowania.

    0
  • #6 08 Paź 2016 19:29
    Kolobos
    Spec od komputerów

    @lukmlody OTL jest przestarzaly i nikt go juz nie uzywa.

    @rtoip14 Usun recznie te pliki:
    C:\Users\Neo\Desktop\Вoйти в Интeрнeт (2).lnk
    C:\Users\Neo\Desktop\Вoйти в Интeрнeт.lnk
    C:\Users\Neo\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk
    C:\Users\Neo\AppData\Local\Вoйти в Интeрнет
    C:\Users\Neo\AppData\Local\Поиcк в Интeрнете

    wlacz wszystko co wylaczyles w msconfig, wiekszosc tych wpisow trzeba usunac, a nie wylaczac!

    Wykonaj Fixlist.txt dla FRST:
    C:\Users\Neo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk
    S4 AnnaZdjęciaSKILL; "D:\Anna\AnnaZdjęciaSKILL.exe" 3e19779b2974487e881c2174c0562504 [X]
    S4 OriginIKONYTS; "D:\Origin\OriginIKONYTS.exe" 388837891c4f496ea6203a5f71b2a421 [X]
    S4 SKILLAZJAIKONY; "D:\IKONY\SKILLAZJAIKONY.exe" affe6dc7e5264e7e8e5695737342bee0 [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    U3 a46km18q; Brak ImagePath
    2016-09-27 23:34 - 2016-09-27 23:34 - 00144896 ____H C:\local32spl.dll
    2016-09-27 23:34 - 2016-09-27 23:34 - 00000020 ____H C:\local32spl.dll.ini
    2016-09-27 23:34 - 2016-09-27 23:34 - 00000000 ___HD C:\_
    2016-09-22 17:59 - 2016-09-22 17:59 - 00122016 _____ C:\Windows\838a32661f66b0f86de2cdfa61bf3e58.exe
    2016-09-27 00:30 - 2006-02-19 04:27 - 00000000 _RSHD C:\Windows\system32\WebHelper (32 bits)
    2016-09-12 22:47 - 2016-09-12 22:47 - 0000016 _____ () C:\ProgramData\mntemp


    Wklej do okna frst:
    local32spl

    Nacisnij Wyszukaj pliki i zamiesc log, ktory sie utworzy.

    Do tego nowe logi z FRST, ze skanowania.

    Ps. Musisz co chwile infekowac system? Moze juz czas nauczyc sie korzystac z internetu?

    0
  • #7 08 Paź 2016 21:36
    rtoip14
    Poziom 3  

    Tego nie mogę odszukać:
    C:\Users\Neo\Desktop\Вoйти в Интeрнeт (2).lnk
    C:\Users\Neo\Desktop\Вoйти в Интeрнeт.lnk
    C:\Users\Neo\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk

    0
  • #8 08 Paź 2016 21:47
    Kolobos
    Spec od komputerów

    Pliki nadal sa widoczne w logach, wiec musza byc na pulpicie.

    Dlaczego zupelnie pominales to co napisalem i nie wlaczyles wszystkiego w msconfig?
    > wlacz wszystko co wylaczyles w msconfig, wiekszosc tych wpisow trzeba usunac, a nie wylaczac!

    Masz to wszystko wlaczyc:
    MSCONFIG\Services: ACTION_SVC => 3
    MSCONFIG\Services: AGSService => 2
    MSCONFIG\Services: AnnaZdjęciaSKILL => 2
    MSCONFIG\Services: ArcService => 3
    MSCONFIG\Services: bykesute => 2
    MSCONFIG\Services: CGVPNCliService => 2
    MSCONFIG\Services: cucojope => 2
    MSCONFIG\Services: cybusyro => 2
    MSCONFIG\Services: dequzody => 2
    MSCONFIG\Services: DigitalWave.Update.Service => 2
    MSCONFIG\Services: dipubibu => 2
    MSCONFIG\Services: Disc Soft Lite Bus Service => 3
    MSCONFIG\Services: e3d27ded3c62e9a6bba9eb79d8863ea4 => 2
    MSCONFIG\Services: EngelmannMediaFuskr => 2
    MSCONFIG\Services: gukisode => 2
    MSCONFIG\Services: gyvixodu => 2
    MSCONFIG\Services: helusuty => 2
    MSCONFIG\Services: hidekoqe => 2
    MSCONFIG\Services: hirimoje => 2
    MSCONFIG\Services: insvc_1.10.0.14 => 2
    MSCONFIG\Services: IntelSecurityUseVLCforYouTube => 2
    MSCONFIG\Services: lehicewu => 2
    MSCONFIG\Services: LiveUpdateSvc => 2
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MBAMService => 2
    MSCONFIG\Services: mofysilo => 2
    MSCONFIG\Services: mrupdsrv => 2
    MSCONFIG\Services: muryroju => 2
    MSCONFIG\Services: muzaikonki => 2
    MSCONFIG\Services: myfejozi => 2
    MSCONFIG\Services: myroqole => 2
    MSCONFIG\Services: nvUpdatusService => 2
    MSCONFIG\Services: nyxixyzo => 2
    MSCONFIG\Services: ofiiedwerfitCntAwt.exe => 2
    MSCONFIG\Services: OriginIKONYTS => 2
    MSCONFIG\Services: PnkBstrA => 2
    MSCONFIG\Services: PnkBstrB => 2
    MSCONFIG\Services: PSI_SVC_2 => 2
    MSCONFIG\Services: rowugoqo => 2
    MSCONFIG\Services: runukijezbt => 2
    MSCONFIG\Services: ryholohu => 2
    MSCONFIG\Services: scsvc_1.10.0.16 => 2
    MSCONFIG\Services: sijemume => 2
    MSCONFIG\Services: SKILLAZJAIKONY => 2
    MSCONFIG\Services: swsesrvc_1.10.0.25 => 2
    MSCONFIG\Services: WinampReferenceAssemblies => 2
    MSCONFIG\Services: WinRARWindowsDefender => 2
    MSCONFIG\Services: WyanianOawahsid => 2
    MSCONFIG\Services: xoperoze => 2
    MSCONFIG\Services: xowijysy => 2
    MSCONFIG\Services: zedepory => 2
    MSCONFIG\Services: zehygiqo => 2
    MSCONFIG\Services: zomoxedi => 2
    MSCONFIG\Services: zytuzihu => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exif Launcher S.lnk => C:\Windows\pss\Exif Launcher S.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Neo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^be64217167462ae417d8abe9d43d1e5c.exe =>
    MSCONFIG\startupfolder: C:^Users^Neo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DreamMail.lnk => C:\Windows\pss\DreamMail.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Neo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Feed Notifier.lnk => C:\Windows\pss\Feed Notifier.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Neo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameRanger.lnk => C:\Windows\pss\GameRanger.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Neo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SmartWeb.lnk => C:\Windows\pss\SmartWeb.lnk.Startup
    MSCONFIG\startupreg: Advanced SystemCare 8 =>
    MSCONFIG\startupreg: be64217167462ae417d8abe9d43d1e5c =>
    MSCONFIG\startupreg: bpk =>
    MSCONFIG\startupreg: c8c25c9f2310298b572ff8e2f9906425 =>
    MSCONFIG\startupreg: cFosSpeed =>
    MSCONFIG\startupreg: CoupSeek =>
    MSCONFIG\startupreg: DAEMON Tools Lite =>
    MSCONFIG\startupreg: DIOJ Agent =>
    MSCONFIG\startupreg: EA Core =>
    MSCONFIG\startupreg: Form1 =>
    MSCONFIG\startupreg: gmsd_pl_005010102 =>
    MSCONFIG\startupreg: gmsd_pl_005010105 =>
    MSCONFIG\startupreg: gmsd_pl_005010149 =>
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_D36C64651E3A4EE85332558B1677FF26 =>
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_F8573294E3434E83A053586AD966BDBA =>
    MSCONFIG\startupreg: KometaAutoLaunch_A0C7281936AA65B084E954795C6EC38F =>
    MSCONFIG\startupreg: mbot_pl_014010102 =>
    MSCONFIG\startupreg: Nezavisimo =>
    MSCONFIG\startupreg: No-IP Client 1.42 =>
    MSCONFIG\startupreg: RSDTRAY =>
    MSCONFIG\startupreg: tpuzofccbt =>
    MSCONFIG\startupreg: TweakBit =>
    MSCONFIG\startupreg: Web Protector Plus UI =>
    MSCONFIG\startupreg: Wru =>

    Jezeli sprawia Ci to az taki problem to mozesz to pominac...

    Wykonaj Fixlist.txt:
    ShortcutWithArgument: C:\Users\Neo\Desktop\Вoйти в Интeрнeт (2).lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://mimoran.ru/?utm_source=startlink03&utm_content=00d440c507391e2ddb4ba86eb07b63a5&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    ShortcutWithArgument: C:\Users\Neo\Desktop\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://mimoran.ru/?utm_source=startlink03&utm_content=00d440c507391e2ddb4ba86eb07b63a5&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    ShortcutWithArgument: C:\Users\Neo\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://imatiro.ru/?utm_source=startlink03&utm_content=8e28c44c896d25fe988428402c272a9f&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    HKLM\...\Run: [WAN Service] => C:\Program Files\WAN Service\wansvc.exe
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\...\Run: [winupdate2k16] => "C:\Users\Neo\Downloads\Nowy folder (2)\bc\cache.exe" -silent
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\...\Run: [Napisy24Update] => C:\Program Files\Napisy24\Napisy24Update.exe [3709896 2015-11-04] (Napisy24.pl)
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\...\Run: [mailruhomesearch] => "C:\Users\Neo\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe" --pr_deferred
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.)
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files\ALLPlayer Remote\ALLPlayerRemoteControl.exe [5975264 2016-03-14] (ALLPlayer Group Ltd.)
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Neo\AppData\Local\Akamai\netsession_win.exe"
    Startup: C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TTeVfaiSJcgYScde.cmd.lnk [2016-08-09]
    ShortcutTarget: TTeVfaiSJcgYScde.cmd.lnk -> C:\Users\Neo\AppData\Roaming\KcFPPOhZCXFZcOiHKXDHX.exe (Brak pliku)
    Startup: C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XEJguO.vbs [2016-09-10] ()
    C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XEJguO.vbs
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    U3 ad87gh4f; Brak ImagePath
    2016-10-08 11:46 - 2016-10-08 11:47 - 00000002 _____ C:\END

    Po wykonaniu zamiesc fixlog oraz nowe logi ze skanowania.

    0
  • #10 09 Paź 2016 01:53
    Kolobos
    Spec od komputerów

    Nadal masz te skroty do kasacji i nie pisz, ze ich nie ma skoro w logu to widac:
    C:\Users\Neo\Desktop\Вoйти в Интeрнeт (2).lnk
    C:\Users\Neo\Desktop\Вoйти в Интeрнeт.lnk -
    C:\Users\Neo\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk

    Jak juz je znajdziesz i usuniesz to usun katalog C:\FRST i to wszystko.

    0