Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

logi FRST- prośba o pomoc -

neisser 20 Gru 2016 15:29 468 10
  • #2 20 Gru 2016 15:43
    Domino_2
    Pomocny dla użytkowników

    Cytat:

    Task: {447D46E2-E8A0-4330-811D-4BF8FDE0508D} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2016-12-20] (UC Web Inc.) <==== UWAGA
    Task: {51BD3142-EE5F-4A85-B687-82E4C0311B2A} - System32\Tasks\225899518d34t3265133 => Rundll32.exe "C:\ProgramData\225899518d34t3265133\225899518d34t3265133.dll",DMT
    Task: {6D0BA17A-9E27-42E5-A053-0E586200C2E3} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-01] ()
    Task: {84DE106F-B5A2-4C06-839D-153770832B97} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-12-13] (UCWeb Inc) <==== UWAGA
    Task: {B18E30F3-D155-4783-8B08-81206D9F5F8E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
    Task: {BD0A0BB2-88DA-4D39-BC6D-D5634BD03E1D} - System32\Tasks\SMW_UpdateTask_Time_313330393136303732382d4155346c375a455778415a34 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
    Task: {D6AE6BE1-AF87-4AD3-96C7-94EB5795B176} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-12-13] (UCWeb Inc) <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabd66.cc/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabd66.cc/
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\RunOnce: [wd] => C:\WINDOWS\TEMP\g3FB5.tmp.exe [252416 2016-12-20] () <===== UWAGA
    HKU\S-1-5-21-2279149347-59632844-64033259-1001\...\Run: [chAtom] => C:\Users\wojtek\AppData\Local\Temp\fhfshffsf99udau.exe [167936 2016-12-20] () <===== UWAGA
    HKU\S-1-5-21-2279149347-59632844-64033259-1001\...\Run: [360wp-srv] => "C:\Users\wojtek\AppData\Roaming\360bizhi\360wpsrv.exe" /autorun
    HKU\S-1-5-21-2279149347-59632844-64033259-1001\...\MountPoints2: {646cbace-5587-11e6-b8a7-448a5b8ba737} - "I:\SETUP.EXE"
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2016-12-20] ()
    GroupPolicy: Ograniczenia - Windows Defender <======= UWAGA




    AutoConfigURL: [S-1-5-21-2279149347-59632844-64033259-1001] => hxxp://nonblocker.net/wpad.dat?a048feb88707b5546eee36d0917c0f4122390201
    ManualProxies: 0hxxp://nonblocker.net/wpad.dat?a048feb88707b5546eee36d0917c0f4122390201
    BHO: Brak nazwy -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Brak pliku
    BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\DTWNWw.dll => Brak pliku
    BHO-x32: Brak nazwy -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Brak pliku
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ie4cf0kn.fdfdsfasdf ->
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\438631515.js [2016-12-19] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\438631515.cfg [2016-12-19] <==== UWAGA
    CHR HKU\S-1-5-21-2279149347-59632844-64033259-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2279149347-59632844-64033259-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
    S2 GmSvc; C:\Program Files (x86)\LDSGameCenter\GmSvc.dll [X]
    R1 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== UWAGA
    NETSVCx32: GmSvc -> C:\Program Files (x86)\LDSGameCenter\GmSvc.dll ==> Brak pliku
    NETSVCx32: WpSvc -> C:\Users\wojtek\AppData\Roaming\360bizhi\lpi\WpSvc.dll ()
    2016-12-20 15:12 - 2016-12-20 15:12 - 00001600 _____ C:\Users\Public\Desktop\UC红包.lnk
    2016-12-20 14:40 - 2016-12-20 14:40 - 00002660 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
    2016-12-20 14:28 - 2016-12-20 14:31 - 00000000 ____D C:\AdwCleaner
    2016-12-20 14:18 - 2016-12-20 14:18 - 00000000 ____D C:\Program Files (x86)\360
    2016-12-20 14:15 - 2016-12-20 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
    2016-12-20 14:14 - 2016-12-20 14:32 - 00000490 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
    2016-12-20 14:14 - 2016-12-20 14:14 - 00003510 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
    2016-12-20 14:14 - 2016-12-20 14:14 - 00001591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2016-12-20 14:14 - 2016-12-20 14:14 - 00000000 ____D C:\Users\wojtek\AppData\Local\UCBrowser
    2016-12-20 14:14 - 2016-12-20 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-12-20 14:13 - 2016-12-20 15:07 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2016-12-20 14:13 - 2016-12-20 14:13 - 00000882 _____ C:\Users\wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2016-12-20 14:13 - 2016-12-20 14:13 - 00000858 _____ C:\Users\wojtek\Desktop\żěŃą.lnk
    2016-12-20 14:13 - 2016-12-20 14:13 - 00000000 ____D C:\Program Files\żěŃą
    2016-12-20 14:11 - 2016-12-20 14:11 - 00004426 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_313330393136303732382d4155346c375a455778415a34
    C:\WINDOWS\TEMP\g3FB5.tmp.exe
    C:\Users\wojtek\AppData\Local\Temp\fhfshffsf99udau.exe
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, uruchom go i kliknij Fix/Napraw.

    Przy zapisywaniu w notatniku wybierz kodowanie UTF-8.

    Zamień AdBlock na uBlock Origin.

    0
  • #3 20 Gru 2016 15:46
    Kolobos
    Spec od komputerów

    Nie wykonuj tego co podal Domino_2, fix jest wybrakowany.

    Odinstaluj: gpedt.msc 1.0

    Uruchom: C:\Program Files (x86)\LuDaShi\uninst.exe

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {447D46E2-E8A0-4330-811D-4BF8FDE0508D} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2016-12-20] (UC Web Inc.) <==== UWAGA
    Task: {51BD3142-EE5F-4A85-B687-82E4C0311B2A} - System32\Tasks\225899518d34t3265133 => Rundll32.exe "C:\ProgramData\225899518d34t3265133\225899518d34t3265133.dll",DMT
    Task: {6D0BA17A-9E27-42E5-A053-0E586200C2E3} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-01] ()
    Task: {84DE106F-B5A2-4C06-839D-153770832B97} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-12-13] (UCWeb Inc) <==== UWAGA
    Task: {B18E30F3-D155-4783-8B08-81206D9F5F8E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
    Task: {BD0A0BB2-88DA-4D39-BC6D-D5634BD03E1D} - System32\Tasks\SMW_UpdateTask_Time_313330393136303732382d4155346c375a455778415a34 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
    Task: {D6AE6BE1-AF87-4AD3-96C7-94EB5795B176} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-12-13] (UCWeb Inc) <==== UWAGA
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
    Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabd66.cc/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabd66.cc/
    2016-12-20 14:12 - 2014-03-22 22:46 - 03117056 _____ () C:\ProgramData\225899518d34t3265133\225899518d34t3265133.dll
    2016-12-20 14:13 - 2016-12-20 14:13 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2016-12-20 14:33 - 2016-12-20 14:33 - 00252416 _____ () C:\WINDOWS\TEMP\g3FB5.tmp.exe
    2016-12-20 14:14 - 2016-12-13 11:43 - 00935312 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    2016-11-17 11:07 - 2016-11-17 11:07 - 00253352 _____ () c:\users\wojtek\appdata\roaming\360bizhi\lpi\wpsvc.dll
    2016-12-20 14:33 - 2016-12-20 14:33 - 03780096 _____ () C:\WINDOWS\TEMP\g2D64.tmp
    2016-12-20 15:07 - 2016-12-13 11:51 - 02147216 _____ () C:\Program Files (x86)\UCBrowser\Application\6.0.1121.13\UCAgent.exe
    AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [364744]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1176354]
    Hosts:
    () C:\Windows\Temp\g3FB5.tmp.exe
    () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\RunOnce: [wd] => C:\WINDOWS\TEMP\g3FB5.tmp.exe [252416 2016-12-20] () <===== UWAGA
    HKU\S-1-5-21-2279149347-59632844-64033259-1001\...\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [3709896 2015-11-04] (Napisy24.pl)
    HKU\S-1-5-21-2279149347-59632844-64033259-1001\...\Run: [chAtom] => C:\Users\wojtek\AppData\Local\Temp\fhfshffsf99udau.exe [167936 2016-12-20] () <===== UWAGA
    HKU\S-1-5-21-2279149347-59632844-64033259-1001\...\Run: [360wp-srv] => "C:\Users\wojtek\AppData\Roaming\360bizhi\360wpsrv.exe" /autorun
    HKU\S-1-5-21-2279149347-59632844-64033259-1001\...\MountPoints2: {646cbace-5587-11e6-b8a7-448a5b8ba737} - "I:\SETUP.EXE"
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2016-12-20] ()
    GroupPolicy: Ograniczenia - Windows Defender <======= UWAGA
    AutoConfigURL: [S-1-5-21-2279149347-59632844-64033259-1001] => hxxp://nonblocker.net/wpad.dat?a048feb88707b5546eee36d0917c0f4122390201
    ManualProxies: 0hxxp://nonblocker.net/wpad.dat?a048feb88707b5546eee36d0917c0f4122390201
    BHO: Brak nazwy -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Brak pliku
    BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\DTWNWw.dll => Brak pliku
    BHO-x32: Brak nazwy -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Brak pliku
    FF Extension: (Fast search) - C:\Users\wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\ie4cf0kn.fdfdsfasdf\Extensions\amcontextmenu@loucypher [2016-12-20]
    FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2016-12-20] [Brak podpisu cyfrowego]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\438631515.js [2016-12-19] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\438631515.cfg [2016-12-19] <==== UWAGA
    CHR HKU\S-1-5-21-2279149347-59632844-64033259-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2279149347-59632844-64033259-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [935312 2016-12-13] ()
    R2 WpSvc; C:\Users\wojtek\AppData\Roaming\360bizhi\lpi\WpSvc.dll [253352 2016-11-17] ()
    S2 GmSvc; C:\Program Files (x86)\LDSGameCenter\GmSvc.dll [X]
    R1 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== UWAGA
    NETSVCx32: HpSvc -> Brak ścieżki do pliku.
    NETSVCx32: GmSvc -> C:\Program Files (x86)\LDSGameCenter\GmSvc.dll ==> Brak pliku
    NETSVCx32: WpSvc -> C:\Users\wojtek\AppData\Roaming\360bizhi\lpi\WpSvc.dll ()
    2016-12-20 15:12 - 2016-12-20 15:12 - 00001600 _____ C:\Users\Public\Desktop\UC红包.lnk
    2016-12-20 15:07 - 2016-12-20 15:07 - 00004438 _____ C:\WINDOWS\System32\Tasks\SecureUpdater
    2016-12-20 14:40 - 2016-12-20 14:40 - 00002660 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
    2016-12-20 14:40 - 2016-12-20 14:40 - 00000326 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
    2016-12-20 14:34 - 2016-12-20 15:08 - 00000000 ____D C:\Users\wojtek\AppData\Roaming\KuaiZip
    2016-12-20 14:33 - 2016-12-20 14:34 - 00000000 ____D C:\Users\wojtek\AppData\Roaming\Ludashi
    2016-12-20 14:33 - 2016-12-20 14:34 - 00000000 ____D C:\Users\wojtek\AppData\Roaming\lockhomepage
    2016-12-20 14:28 - 2016-12-20 14:31 - 00000000 ____D C:\AdwCleaner
    2016-12-20 14:18 - 2016-12-20 14:41 - 00000000 ____D C:\Users\wojtek\AppData\Roaming\360bizhi
    2016-12-20 14:18 - 2016-12-20 14:18 - 00000000 ____D C:\Users\wojtek\AppData\Roaming\LDSGameAssistant
    2016-12-20 14:18 - 2016-12-20 14:18 - 00000000 ____D C:\Program Files (x86)\360
    2016-12-20 14:16 - 2016-12-20 14:16 - 00000000 ____D C:\Users\wojtek\AppData\Roaming\navplugin
    2016-12-20 14:15 - 2016-12-20 14:30 - 00000000 ____D C:\Program Files (x86)\LuDaShi
    2016-12-20 14:15 - 2016-12-20 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
    2016-12-20 14:14 - 2016-12-20 14:32 - 00000490 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
    2016-12-20 14:14 - 2016-12-20 14:14 - 00003510 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
    2016-12-20 14:14 - 2016-12-20 14:14 - 00001591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2016-12-20 14:14 - 2016-12-20 14:14 - 00000000 ____D C:\Users\wojtek\AppData\Local\UCBrowser
    2016-12-20 14:14 - 2016-12-20 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-12-20 14:13 - 2016-12-20 15:07 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2016-12-20 14:13 - 2016-12-20 14:13 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2016-12-20 14:13 - 2016-12-20 14:13 - 00000882 _____ C:\Users\wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2016-12-20 14:13 - 2016-12-20 14:13 - 00000858 _____ C:\Users\wojtek\Desktop\żěŃą.lnk
    2016-12-20 14:13 - 2016-12-20 14:13 - 00000000 __SHD C:\Users\wojtek\AppData\Local\svchost
    2016-12-20 14:13 - 2016-12-20 14:13 - 00000000 ____D C:\Program Files\żěŃą
    2016-12-20 14:13 - 2016-11-09 15:55 - 00778752 _____ C:\WINDOWS\system32\chtbrkg.dll
    2016-12-20 14:13 - 2016-11-09 15:55 - 00590848 _____ C:\WINDOWS\SysWOW64\chtbrkg.dll
    2016-12-20 14:12 - 2016-12-20 14:12 - 00016840 _____ C:\WINDOWS\System32\Tasks\225899518d34t3265133
    2016-12-20 14:12 - 2016-12-20 14:12 - 00000000 ___HD C:\ProgramData\225899518d34t3265133
    2016-12-20 14:12 - 2016-12-20 14:12 - 00000000 ____D C:\Users\Public\Thunder Network
    2016-12-20 14:11 - 2016-12-20 14:11 - 02237120 _____ (BitTorrent Inc.) C:\Users\wojtek\Downloads\empire total war sound fix for all releases
    C:\WINDOWS\TEMP\g3FB5.tmp.exe
    C:\Users\wojtek\AppData\Local\Temp\fhfshffsf99udau.exe
    EmptyTemp:

    Fixlist.txt zapisz z kodowaniem UTF-8. W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    1
  • #4 20 Gru 2016 15:52
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {447D46E2-E8A0-4330-811D-4BF8FDE0508D} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2016-12-20] (UC Web Inc.) <==== UWAGA
    Task: {51BD3142-EE5F-4A85-B687-82E4C0311B2A} - System32\Tasks\225899518d34t3265133 => Rundll32.exe "C:\ProgramData\225899518d34t3265133\225899518d34t3265133.dll",DMT
    Task: {84DE106F-B5A2-4C06-839D-153770832B97} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-12-13] (UCWeb Inc) <==== UWAGA
    Task: {B18E30F3-D155-4783-8B08-81206D9F5F8E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
    Task: {BD0A0BB2-88DA-4D39-BC6D-D5634BD03E1D} - System32\Tasks\SMW_UpdateTask_Time_313330393136303732382d4155346c375a455778415a34 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
    Task: {D6AE6BE1-AF87-4AD3-96C7-94EB5795B176} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-12-13] (UCWeb Inc) <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabd66.cc/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabd66.cc/
    AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [364744]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1176354]
    Hosts:
    FirewallRules: [{093460B2-4806-4C91-A6BB-6F287DCD04DA}] => C:\Users\wojtek\AppData\Local\Temp\is-1UF2E.tmp\download\MiniThunderPlatform.exe
    FirewallRules: [{5901B0F5-8B18-4223-A47C-7F4A97532EE5}] => C:\Users\wojtek\AppData\Local\Temp\00012849\inst_buychannel_07.exe
    FirewallRules: [{75782EB3-75BA-473C-B9D3-B23C444F7B5D}] => C:\Users\wojtek\AppData\Local\Temp\00012849\inst_buychannel_07.exe
    FirewallRules: [{7DCCB84F-1297-424F-9D9A-867BC09B0845}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
    FirewallRules: [{1E66D4DD-6499-4595-90B9-C312544FA0A2}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
    FirewallRules: [{4E1AD003-B804-4953-BD3C-B3D18EE55976}] => C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
    FirewallRules: [{09B402E8-0B36-4413-A6FC-3A5DE05BFBE5}] => C:\Program Files (x86)\LuDaShi\Utils\Down.exe
    FirewallRules: [{776D40A6-D1D4-4A30-B738-11A817E59491}] => C:\Program Files (x86)\LuDaShi\Utils\Down.exe
    FirewallRules: [{EB336B18-4A2C-4B70-BABB-C9F6FFB93BD4}] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
    FirewallRules: [{B3AC48B4-0FFE-4A8D-857C-D59FD947FB9F}] => C:\Program Files (x86)\LuDaShi\ComputerZTray.exe
    FirewallRules: [{90F15192-CF83-410F-BE3B-4F29A38D0D4F}] => C:\Program Files (x86)\LuDaShi\Utils\mininews.exe
    FirewallRules: [{AE157FD7-D6BF-4E75-8C2B-9D059463D286}] => C:\Program Files (x86)\LuDaShi\Utils\mininews.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\RunOnce: [wd] => C:\WINDOWS\TEMP\g3FB5.tmp.exe [252416 2016-12-20] () <===== UWAGA
    HKU\S-1-5-21-2279149347-59632844-64033259-1001\...\Run: [chAtom] => C:\Users\wojtek\AppData\Local\Temp\fhfshffsf99udau.exe [167936 2016-12-20] () <===== UWAGA
    HKU\S-1-5-21-2279149347-59632844-64033259-1001\...\Run: [360wp-srv] => "C:\Users\wojtek\AppData\Roaming\360bizhi\360wpsrv.exe" /autorun
    HKU\S-1-5-21-2279149347-59632844-64033259-1001\...\MountPoints2: {646cbace-5587-11e6-b8a7-448a5b8ba737} - "I:\SETUP.EXE"
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2016-12-20] ()
    GroupPolicy: Ograniczenia - Windows Defender <======= UWAGA
    AutoConfigURL: [S-1-5-21-2279149347-59632844-64033259-1001] => hxxp://nonblocker.net/wpad.dat?a048feb88707b5546eee36d0917c0f4122390201
    ManualProxies: 0hxxp://nonblocker.net/wpad.dat?a048feb88707b5546eee36d0917c0f4122390201
    HKU\S-1-5-21-2279149347-59632844-64033259-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
    BHO: Brak nazwy -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Brak pliku
    BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\DTWNWw.dll => Brak pliku
    BHO-x32: Brak nazwy -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Brak pliku
    FF Extension: (Fast search) - C:\Users\wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\ie4cf0kn.fdfdsfasdf\Extensions\amcontextmenu@loucypher [2016-12-20]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\438631515.js [2016-12-19] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\438631515.cfg [2016-12-19] <==== UWAGA
    CHR HKU\S-1-5-21-2279149347-59632844-64033259-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2279149347-59632844-64033259-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [935312 2016-12-13] ()
    R2 WpSvc; C:\Users\wojtek\AppData\Roaming\360bizhi\lpi\WpSvc.dll [253352 2016-11-17] ()
    S2 GmSvc; C:\Program Files (x86)\LDSGameCenter\GmSvc.dll [X]
    R1 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== UWAGA
    NETSVCx32: HpSvc -> Brak ścieżki do pliku.
    NETSVCx32: GmSvc -> C:\Program Files (x86)\LDSGameCenter\GmSvc.dll ==> Brak pliku
    NETSVCx32: WpSvc -> C:\Users\wojtek\AppData\Roaming\360bizhi\lpi\WpSvc.dll ()
    2016-12-20 15:12 - 2016-12-20 15:12 - 00001600 _____ C:\Users\Public\Desktop\UC红包.lnk
    2016-12-20 14:34 - 2016-12-20 15:08 - 00000000 ____D C:\Users\wojtek\AppData\Roaming\KuaiZip
    2016-12-20 14:33 - 2016-12-20 14:34 - 00000000 ____D C:\Users\wojtek\AppData\Roaming\Ludashi
    2016-12-20 14:33 - 2016-12-20 14:34 - 00000000 ____D C:\Users\wojtek\AppData\Roaming\lockhomepage
    2016-12-20 14:28 - 2016-12-20 14:31 - 00000000 ____D C:\AdwCleaner
    2016-12-20 14:18 - 2016-12-20 14:41 - 00000000 ____D C:\Users\wojtek\AppData\Roaming\360bizhi
    2016-12-20 14:18 - 2016-12-20 14:18 - 00000000 ____D C:\Users\wojtek\AppData\Roaming\LDSGameAssistant
    2016-12-20 14:18 - 2016-12-20 14:18 - 00000000 ____D C:\Program Files (x86)\360
    2016-12-20 14:15 - 2016-12-20 14:30 - 00000000 ____D C:\Program Files (x86)\LuDaShi
    2016-12-20 14:15 - 2016-12-20 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\鲁大师
    2016-12-20 14:14 - 2016-12-20 14:32 - 00000490 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
    2016-12-20 14:14 - 2016-12-20 14:14 - 00003510 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
    2016-12-20 14:14 - 2016-12-20 14:14 - 00001591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2016-12-20 14:14 - 2016-12-20 14:14 - 00000000 ____D C:\Users\wojtek\AppData\Local\UCBrowser
    2016-12-20 14:14 - 2016-12-20 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-12-20 14:13 - 2016-12-20 15:07 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2016-12-20 14:13 - 2016-12-20 14:13 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2016-12-20 14:13 - 2016-12-20 14:13 - 00000882 _____ C:\Users\wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2016-12-20 14:13 - 2016-12-20 14:13 - 00000858 _____ C:\Users\wojtek\Desktop\żěŃą.lnk
    2016-12-20 14:13 - 2016-12-20 14:13 - 00000000 __SHD C:\Users\wojtek\AppData\Local\svchost
    2016-12-20 14:13 - 2016-12-20 14:13 - 00000000 ____D C:\Program Files\żěŃą
    2016-12-20 14:12 - 2016-12-20 14:12 - 00016840 _____ C:\WINDOWS\System32\Tasks\225899518d34t3265133
    2016-12-20 14:12 - 2016-12-20 14:12 - 00000000 ___HD C:\ProgramData\225899518d34t3265133
    2016-12-20 14:12 - 2016-12-20 14:12 - 00000000 ____D C:\Users\Public\Thunder Network
    C:\WINDOWS\TEMP\g3FB5.tmp.exe
    C:\Users\wojtek\AppData\Local\Temp\fhfshffsf99udau.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Zapisując Fixlist kodowanie ustaw na UTF-8
    Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

    0
  • #5 20 Gru 2016 16:02
    neisser
    Poziom 3  

    To który fix jest dobry?

    0
  • #6 20 Gru 2016 16:05
    Kolobos
    Spec od komputerów

    Wykonaj to co podalem.

    0
  • #7 20 Gru 2016 16:10
    neisser
    Poziom 3  

    @Kolobos

    Cytat:
    Uruchom: C:\Program Files (x86)\LuDaShi\uninst.exe



    nie mam tego pliku, ktoś kto wcześniej siedział przy kompie wywalił go, folder z jakimiś plikami dalej jest ale chyba nie kompletny

    0
  • #8 20 Gru 2016 16:19
    Kolobos
    Spec od komputerów

    W takim razie pomin i wykonaj reszte.

    0
  • Pomocny post
    #10 20 Gru 2016 21:26
    Kolobos
    Spec od komputerów

    Nie odinstalowales: gpedt.msc 1.0

    Zrob kopie zakladek itp. Odinstaluj Firefox, usun katalog profilu z C:\Users\wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\ie4cf0kn.fdfdsfasdf i zainstaluj FF ponownie.

    Usun katalog C:\FRST i to wszystko.

    0