Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Windows 10 - problem z folderem Maoha i innymi programami

miotlatychy 13 Cze 2017 22:52 582 4
  • #1 13 Cze 2017 22:52
    miotlatychy
    Poziom 2  

    Witam, podczas instalacji jednego z program zainfekowałem komputer. Poinstalowałem mnóstwo różnych programów, niektóre dało sie usunąc ręcznie, inne zostały usunięte podczas skanu AVG, a niektóre niestety pozostały. Nie umiem ich usunąć, m.in. to folder Moaha. Wyskakują mi po chińsku znaczki i strasznie mnie to irytuje. Czy da sie to w jakiś prosty (jestem kompletnym laikiem) sposób usunąć? Widziałme już podobne tematy, zostały jednak one zamknięte, a wydaje mi się, że rozwiązania tam proponowane, odnosiły sie bezpośrednio do tamtych użytkowników. Z góry dzieki, pozdrawiam.

    0 4
  • #2 13 Cze 2017 23:02
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {08188490-200D-49B3-A9C5-126567C08DD3} - System32\Tasks\MapInGate => Rundll32.exe "C:\Program Files\MapInGate\MapInGate.dll",eZmTKPgbNqQc
    Task: {1B59B76C-0A1B-45CB-98AA-3C684C24CF87} - System32\Tasks\PC Clean Plus_DEFAULT => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== UWAGA
    Task: {22988BE6-1C74-4832-AB6A-6F5609027733} - System32\Tasks\bku8041767158645390 => C:\Users\Kolja Mi\AppData\Local\Temp\8d0c4fab9acf4051991ff68d60cd8ec5\ytab_m_1_big.exe [2017-06-13] () <==== UWAGA
    Task: {2B5E0561-1C0F-4ECE-AA9B-C32AAC3BF023} - System32\Tasks\{1ED6A45E-D5BA-4E81-9870-27CD8C95204F} => pcalua.exe -a "C:\Users\Kolja Mi\Downloads\BGT104-Install\BGT104-Install\Setup-BGT.exe" -d "C:\Users\Kolja Mi\Downloads\BGT104-Install\BGT104-Install"
    Task: {5F32D3BB-1136-4270-8975-902941F81B18} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-08-19] (SlimWare Utilities, Inc.)
    Task: {613CCE19-B7EB-4D59-8BB0-02644961A776} - System32\Tasks\RunAtStartup => C:\Users\Kolja Mi\AppData\Roaming\Event Monitor\em.exe <==== UWAGA
    Task: {ABD6A4BE-1641-4833-B03E-09F299A21A97} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
    Task: {ABED2D2D-B55B-4627-A88E-11DAA34D4776} - System32\Tasks\PC Clean Plus_UPDATES => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== UWAGA
    Task: {B6765E6E-156F-469C-9D46-307909C970CA} - System32\Tasks\{5E8B558F-BFFB-4B36-BA7E-CBD33E907036} => pcalua.exe -a "E:\Baldur's Gate\setup-widescreen.exe" -d "E:\Baldur's Gate"
    Task: {DEB7E27D-51F0-46F8-9F27-C5E4D7A745E2} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Kolja Mi) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2016-10-25] (Slimware Utilities Holdings, Inc.)
    Task: {E140ECF7-C738-446D-B165-3A895876A13F} - System32\Tasks\Calendar Cyber PC Optimizer => Rundll32.exe "C:\Program Files\Calendar Cyber PC Optimizer\Calendar Cyber PC Optimizer.dll",duREMwe
    Task: {F3E99737-EA97-435D-94F4-6901D301B033} - System32\Tasks\Microsoft\Windows\DeviceSettings\Shalerpyplerpige => msiexec.exe /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/oc...etXSSDX240GB_G22906R001290&amp;d=20170613 /q <==== UWAGA
    Task: {F9713813-56D9-440D-8A61-59BE40807F82} - System32\Tasks\PC Clean Plus => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\bku8041767158645390.job => C:\Users\Kolja Mi\AppData\Local\Temp\8d0c4fab9acf4051991ff68d60cd8ec5\ytab_m_1_big.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== UWAGA




    Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Kolja Mi).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: C:\WINDOWS\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Kolja Mi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\KOLJAM~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/
    ShortcutWithArgument: C:\Users\Kolja Mi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\KOLJAM~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\KOLJAM~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\KOLJAM~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/
    Hosts:
    HKU\S-1-5-21-2194384548-3325775648-3491769294-1001\...\MountPoints2: {28ab8fab-d775-11e6-9663-5cf9dd532bcf} - "D:\AUTORUN.EXE"
    IFEO\SppExtComObj.exe: [Debugger] C:\Windows\SECOH-QAD.exe
    ShellIconOverlayIdentifiers: [JzShlobj] -> {9A0700D2-920A-4E52-8697-9B5230C92612} => C:\Program Files (x86)\Maoha\JiSuZip\JZipExt.dll [2016-12-27] (深圳市猫哈网络科技发展有限公司)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR Extension: (easychrome) - C:\Users\KOLJAM~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-06-13]
    R2 mptpmdxm; C:\Windows\SysWow64\mptpmdxm.dll [460072 2017-06-13] ()
    S2 JszipService; C:\Program Files (x86)\Maoha\JiSuZip\JszipSvc.exe [X]
    R1 cytdsk; C:\WINDOWS\System32\drivers\cytdsk.sys [195496 2017-06-13] ()
    R1 JszipProtect; C:\Program Files (x86)\Maoha\JiSuZip\JsZipProtect64.sys [39256 2016-12-27] ()
    R2 UefGdstor; C:\WINDOWS\system32\drivers\UefGdstor.sys [192552 2017-01-30] ()
    R1 WiserIso; C:\WINDOWS\System32\Drivers\vcdrom.sys [25432 2016-12-27] ()
    2017-06-13 21:09 - 2017-06-13 21:09 - 00000000 ____D C:\ProgramData\KZMount
    2017-06-13 21:04 - 2017-06-13 21:04 - 01381582 _____ (Igor Pavlov) C:\Users\Kolja Mi\Downloads\7z1604-x64 (2).exe
    2017-06-13 21:04 - 2017-06-13 21:04 - 01381582 _____ (Igor Pavlov) C:\Users\Kolja Mi\Downloads\7z1604-x64 (1).exe
    2017-06-13 20:50 - 2017-06-13 20:50 - 00000000 ____D C:\ProgramData\WinCacheData
    2017-06-13 20:30 - 2017-06-13 20:30 - 00000000 ____D C:\Users\Kolja Mi\AppData\Local\57c6a221192c455ea91a9a833563acf8
    2017-06-13 20:28 - 2017-06-13 20:35 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-06-13 20:28 - 2017-06-13 20:30 - 00000524 _____ C:\WINDOWS\Tasks\bku8041767158645390.job
    2017-06-13 20:28 - 2017-06-13 20:28 - 00003188 _____ C:\WINDOWS\System32\Tasks\bku8041767158645390
    2017-06-13 20:28 - 2017-06-13 20:28 - 00000000 ____D C:\Users\Kolja Mi\AppData\Local\UCBrowser
    2017-06-13 20:27 - 2017-06-13 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\极速压缩
    2017-06-13 20:27 - 2017-06-13 20:47 - 00000000 ____D C:\ProgramData\Cache
    2017-06-13 20:27 - 2017-06-13 20:42 - 00000000 ____D C:\Users\Kolja Mi\AppData\Roaming\Event Monitor
    2017-06-13 20:27 - 2017-06-13 20:42 - 00000000 ____D C:\Program Files (x86)\PC Clean Plus
    2017-06-13 20:27 - 2017-06-13 20:37 - 00000000 ____D C:\Program Files (x86)\WindowsTM
    2017-06-13 20:27 - 2017-06-13 20:36 - 00000000 ____D C:\Program Files (x86)\pccleanplus
    2017-06-13 20:27 - 2017-06-13 20:33 - 00000000 ____D C:\Users\Kolja Mi\AppData\Roaming\gplyra
    2017-06-13 20:27 - 2017-06-13 20:31 - 00000000 ____D C:\Users\Kolja Mi\AppData\Local\0e6d8707819b41af99debd7db17ec405
    2017-06-13 20:27 - 2017-06-13 20:31 - 00000000 ____D C:\ProgramData\f9ef1be633244ad59d50b17e1e19467f
    2017-06-13 20:27 - 2017-06-13 20:30 - 00000324 _____ C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job
    2017-06-13 20:27 - 2017-06-13 20:30 - 00000316 _____ C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job
    2017-06-13 20:27 - 2017-06-13 20:28 - 00000000 ____D C:\Users\Kolja Mi\AppData\Roaming\PC Clean Plus
    2017-06-13 20:27 - 2017-06-13 20:27 - 00460072 _____ C:\WINDOWS\SysWOW64\mptpmdxm.dll
    2017-06-13 20:27 - 2017-06-13 20:27 - 00016894 _____ C:\WINDOWS\System32\Tasks\Calendar Cyber PC Optimizer
    2017-06-13 20:27 - 2017-06-13 20:27 - 00016796 _____ C:\WINDOWS\System32\Tasks\MapInGate
    2017-06-13 20:27 - 2017-06-13 20:27 - 00003318 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_DEFAULT
    2017-06-13 20:27 - 2017-06-13 20:27 - 00003184 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus
    2017-06-13 20:27 - 2017-06-13 20:27 - 00003144 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_UPDATES
    2017-06-13 20:27 - 2017-06-13 20:27 - 00003112 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
    2017-06-13 20:27 - 2017-06-13 20:27 - 00001243 _____ C:\Users\Kolja Mi\Desktop\Kontynuuj instalację Registry_Activation - Free Download.lnk
    2017-06-13 20:27 - 2017-06-13 20:27 - 00001130 _____ C:\Users\Public\Desktop\PC Clean Plus.lnk
    2017-06-13 20:27 - 2017-06-13 20:27 - 00000000 ____D C:\Users\Kolja Mi\AppData\Local\jiobodfkmdffkcajblpbomgodflafoph
    2017-06-13 20:27 - 2017-06-13 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
    2017-06-13 20:27 - 2017-06-13 20:27 - 00000000 ____D C:\Program Files (x86)\Maoha
    2017-06-13 20:27 - 2016-12-27 04:34 - 00025432 _____ C:\WINDOWS\system32\Drivers\vcdrom.sys
    2017-06-13 20:26 - 2017-06-13 20:37 - 00000000 ____D C:\Program Files (x86)\YeaDesktop
    2017-06-13 20:26 - 2017-06-13 20:28 - 00930816 _____ C:\Users\Kolja Mi\AppData\Local\test_db_cara.db
    2017-06-13 20:26 - 2017-06-13 20:27 - 00000000 ____D C:\Users\Kolja Mi\AppData\Roaming\UCChannel
    2017-06-13 20:26 - 2017-06-13 20:26 - 00140800 _____ C:\Users\Kolja Mi\AppData\Local\installer.dat
    2017-06-13 20:26 - 2017-06-13 20:26 - 00011568 _____ C:\Users\Kolja Mi\AppData\Local\InstallationConfiguration.xml
    2017-06-13 20:26 - 2017-06-13 20:26 - 00001052 _____ C:\Users\Public\Desktop\magicdisk.lnk
    2017-06-13 20:26 - 2017-06-13 20:26 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-06-13 20:26 - 2017-06-13 20:26 - 00000000 ____D C:\Users\Kolja Mi\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-06-13 20:26 - 2017-06-13 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop
    2017-06-13 20:26 - 2017-06-13 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk
    2017-06-13 20:26 - 2017-06-13 20:26 - 00000000 ____D C:\ProgramData\2ccb9aa1-4a21-0
    2017-06-13 20:26 - 2017-06-13 20:26 - 00000000 ____D C:\ProgramData\2ccb9aa1-1d35-1
    2017-06-13 20:26 - 2017-06-13 20:26 - 00000000 ____D C:\Program Files (x86)\mgdisk
    2017-06-13 04:26 - 2017-06-13 04:26 - 00195496 _____ C:\WINDOWS\system32\Drivers\cytdsk.sys
    2017-06-13 20:26 - 2017-06-13 20:26 - 0011568 _____ () C:\Users\Kolja Mi\AppData\Local\InstallationConfiguration.xml
    2017-06-13 20:26 - 2017-06-13 20:26 - 0140800 _____ () C:\Users\Kolja Mi\AppData\Local\installer.dat
    EmptyTemp:


    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #4 14 Cze 2017 07:14
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST oraz C:\AdwCleaner i to wszystko.

    0
  • #5 14 Cze 2017 22:54
    miotlatychy
    Poziom 2  

    dzięki wielkie za pomoc :)

    0