Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak skorzystać z programu FRST?

marcinmu31 19 Mar 2017 09:55 378 3
  • #1 19 Mar 2017 09:55
    marcinmu31
    Poziom 2  

    Witam,

    też mam podobny problem z chińską przeglądarką i nie mogę jej usunąć przez adw cleaner, problem powraca

    przeczytałem o FRST, ale jak tworze fixlist, mam komunikat o jego zamknięciu, nie wiem dokładnie co tam mam umieścić

    proszę o pomoc w usunięciu tego oprogramowania.

    w załączniku zamieszczam pliki z FRST po zeskanowaniu komputera

    0 3
  • #2 19 Mar 2017 10:19
    Kolobos
    Spec od komputerów

    @marcinmu31 Zgraj zakladki z Chrome, skrypt usunie katalog profilu.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA
    Traffic Exchange (HKLM-x32\...\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}) (Version: 2.1.0 - Microleaves) <==== UWAGA

    Odinstaluj:
    Online.io Application
    Traffic Exchange

    Wykonaj kolejny Fixlist.txt:
    Task: {26A25017-0489-433C-8FC7-3F6BAA9CA317} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {4AA4859A-EAAB-40EE-BA76-2231DF0040FB} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {79B00956-36F7-4814-80BA-F1DAB60601F6} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {850ECE06-C12F-494A-AD58-8B671DE55787} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {8FF84F16-31BA-4277-B5B8-0EB544898D63} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {B05EC836-0D54-4034-888D-3E06119509DB} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {B82AD012-73F4-4890-8B08-6FFF9A166957} - System32\Tasks\Mobigh Update => C:\Program Files (x86)\Prjoentmerdery\phifch.exe
    Task: {E119A47F-EC0E-49CE-87E3-BC114EDAAF64} - \UCBrowserUpdater -> Brak pliku <==== UWAGA
    Task: {E5142914-26E7-43FB-B038-672400D47F3F} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {E60BF906-066F-4753-91AE-F185C76C5621} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {E829F56A-00AB-4F13-B644-20F3DFC9E7C7} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {E836E699-D9C3-4857-86AC-1E2521E106BB} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA




    Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Ptysiak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Ptysiak\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Ptysiak\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Ptysiak\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    2017-03-19 01:19 - 2017-03-19 01:19 - 00307200 _____ () C:\Program Files (x86)\Mobigh Update\local64spl.dll
    HKU\S-1-5-21-1043489338-1035767369-3213801692-1001\...\MountPoints2: {e3d5274c-00a8-11e7-8d38-74c63bf477bc} - "I:\setup.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    HKLM\...\Providers\3rbctfic: C:\Program Files (x86)\Mobigh Update\local64spl.dll [307200 2017-03-19] ()
    ShellExecuteHooks: Brak nazwy - {EA5A8580-0923-11E7-8220-64006A5CFC23} - C:\Users\Ptysiak\AppData\Roaming\Aresich\Coizighprenether.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll -> Brak pliku
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    CHR DefaultProfile: ChromeDefaultData
    CHR Profile: C:\Users\Ptysiak\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-19] <==== UWAGA
    C:\Users\Ptysiak\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    S2 UCBrowserSvc; "C:\Program Files (x86)\UCBrowser\Application\UCService.exe" [X]
    U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    2017-03-19 02:44 - 2017-03-19 02:45 - 01244408 _____ (Tehe ) C:\Users\Ptysiak\Downloads\Eraser-12852-dp.exe
    2017-03-19 02:29 - 2017-03-19 03:30 - 00000000 ____D C:\AdwCleaner
    2017-03-19 02:29 - 2017-03-19 02:29 - 04031440 _____ C:\Users\Ptysiak\Downloads\adwcleaner_6.044.exe
    2017-03-19 01:23 - 2017-03-19 01:23 - 00000000 ____D C:\Users\Ptysiak\AppData\Local\UCBrowser
    2017-03-19 01:22 - 2017-03-19 02:48 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-03-19 01:21 - 2017-03-19 01:26 - 00000000 ____D C:\Users\Ptysiak\AppData\Local\Epqtion
    2017-03-19 01:20 - 2017-03-19 01:26 - 00000000 ____D C:\Users\Ptysiak\AppData\Local\Ekvption
    2017-03-19 01:20 - 2017-03-19 01:24 - 00000368 _____ C:\Windows\Tasks\Online Application v209.job
    2017-03-19 01:20 - 2017-03-19 01:24 - 00000368 _____ C:\Windows\Tasks\Online Application v209 Guardian.job
    2017-03-19 01:20 - 2017-03-19 01:24 - 00000368 _____ C:\Windows\Tasks\Online Application v209 Guard.job
    2017-03-19 01:20 - 2017-03-19 01:24 - 00000358 _____ C:\Windows\Tasks\Traffic Exchange v209 - 3.job
    2017-03-19 01:20 - 2017-03-19 01:24 - 00000358 _____ C:\Windows\Tasks\Traffic Exchange v209 - 2.job
    2017-03-19 01:20 - 2017-03-19 01:24 - 00000358 _____ C:\Windows\Tasks\Traffic Exchange v209 - 1.job
    2017-03-19 01:20 - 2017-03-19 01:24 - 00000348 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
    2017-03-19 01:20 - 2017-03-19 01:24 - 00000348 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
    2017-03-19 01:20 - 2017-03-19 01:24 - 00000348 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
    2017-03-19 01:20 - 2017-03-19 01:20 - 00003274 _____ C:\Windows\System32\Tasks\Online Application v209 Guardian
    2017-03-19 01:20 - 2017-03-19 01:20 - 00003268 _____ C:\Windows\System32\Tasks\Online Application v209 Guard
    2017-03-19 01:20 - 2017-03-19 01:20 - 00003256 _____ C:\Windows\System32\Tasks\Online Application v209
    2017-03-19 01:20 - 2017-03-19 01:20 - 00003250 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 3
    2017-03-19 01:20 - 2017-03-19 01:20 - 00003250 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 2
    2017-03-19 01:20 - 2017-03-19 01:20 - 00003250 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 1
    2017-03-19 01:20 - 2017-03-19 01:20 - 00003236 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
    2017-03-19 01:20 - 2017-03-19 01:20 - 00003236 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
    2017-03-19 01:20 - 2017-03-19 01:20 - 00003236 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
    2017-03-19 01:20 - 2017-03-19 01:20 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-03-19 01:20 - 2017-03-19 01:20 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-03-19 01:19 - 2017-03-19 02:49 - 00000000 ____D C:\Program Files (x86)\Mobigh Update
    2017-03-19 01:19 - 2017-03-19 01:34 - 00000000 ____D C:\Users\Ptysiak\AppData\Roaming\Aresich
    2017-03-19 01:19 - 2017-03-19 01:19 - 00006100 _____ C:\Windows\System32\Tasks\Mobigh Update
    2017-03-19 01:19 - 2017-03-19 01:19 - 00000000 ____D C:\Users\Ptysiak\AppData\Local\Arujercult
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #4 19 Mar 2017 11:19
    Kolobos
    Spec od komputerów

    Synchronizujesz ustawienia Chrome z konta google? Jezeli tak to usun dane synchronizacji z konta: https://support.google.com/chrome/answer/6386691?hl=pl

    Nowy Fixlist.txt, wykonaj go w trybie awaryjnym:
    CloseProcesses:
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    2017-03-19 01:22 - 2017-03-19 02:48 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    CHR DefaultProfile: ChromeDefaultData
    CHR Profile: C:\Users\Ptysiak\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-19] <==== UWAGA
    C:\Users\Ptysiak\AppData\Local\Google\Chrome\User Data\ChromeDefaultData

    Co do Adwc, to mozesz usunac te pare kluczy recznie przy pomocy regedit (o ile nie usuna sie po wykonaniu fixlist i ponownym uzyciu adwc).

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0