Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Wyskakujące okno CMD oraz błąd. Logi FRST

Mezulith 16 Cze 2018 11:37 219 4
  • #1 16 Cze 2018 11:37
    Mezulith
    Poziom 3  

    Witam.
    Niestety komputerek był bardzo zawirusowany, poustawiał sobie proxy, otwierał sam przeglądarkę oraz wyskakuje okno cmd po czym pojawia się błąd "Nie można odnaleźć pliku C:\...\AppData\Roaming\Microsoft\Windows\hvigajwt\wvvwifrf.exe" , upewnij się, że lokalizacja jest prawidłowa i spróbuj ponownie"

    Po przeskanowaniu ADW Cleaner oraz DR Web CureIT zostało tylko wyskakujące co średnio pół godziny okno CMD z błędem, resztę udało się jakoś ogarnąć.
    Proszę szanownych forumowiczów o analizę loga z FRST.
    Z góry dziękuję.

    0 4
  • Pomocny post
    #2 16 Cze 2018 13:38
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-852458146-1063966183-124498465-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Win8\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-852458146-1063966183-124498465-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Win8\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-852458146-1063966183-124498465-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Win8\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-852458146-1063966183-124498465-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\Win8\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-852458146-1063966183-124498465-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Win8\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-852458146-1063966183-124498465-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Win8\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-852458146-1063966183-124498465-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\Win8\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Win8\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Win8\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Win8\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [{BFD98515-CD74-48A4-98E2-13D209E3EE4F}] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => C:\Windows\system32\mcicda64.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Win8\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Win8\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Win8\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Win8\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku




    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Win8\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Win8\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    Task: {07287519-6491-4456-9D48-C9353D034BB8} - \GoogleUpdateSecurityTaskMachine_NJ -> Brak pliku <==== UWAGA
    Task: {1F04C2ED-4CBB-49AB-9A02-9D1D7E4E71B5} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
    Task: {2B9FF816-1044-4361-9388-9EC71A3C17A1} - \GoogleUpdateSecurityTaskMachine_NY -> Brak pliku <==== UWAGA
    Task: {35389457-A224-41F7-94B4-935E7ECBF90C} - \GoogleUpdateSecurityTaskMachine_WK -> Brak pliku <==== UWAGA
    Task: {3B59E10A-5582-4765-8BA1-6076E9357692} - \GoogleUpdateSecurityTaskMachine_EE -> Brak pliku <==== UWAGA
    Task: {4008552B-31C4-4EEF-AB82-4D25BFB9389D} - \{402A33E5-CE64-4256-6B63-0D6BBC0898D3} -> Brak pliku <==== UWAGA
    Task: {562C3F7F-2FD4-4CCD-91EF-59A9F71075D6} - \{D26CCCCF-6C3F-1E66-F3C3-A849F2B55C10} -> Brak pliku <==== UWAGA
    Task: {6D9B3BE4-9EF8-4F92-8C08-CDB856A7F10C} - \GoogleUpdateSecurityTaskMachine_JX -> Brak pliku <==== UWAGA
    Task: {6FEAAA53-50AC-4E75-9F81-0A261A9B79F6} - \{C9B52719-08E1-235E-143E-692E6B2EE227} -> Brak pliku <==== UWAGA
    Task: {780B7A09-8EAC-43EC-BBC4-C9FD13B85F31} - System32\Tasks\Family Plus => C:\Windows\system32\rundll32.exe "C:\Program Files\Family Plus\Family Plus.dll",acHCZo <==== UWAGA
    Task: {782AD4A5-BE24-44D0-9BAA-D9F76E08E46B} - \GoogleUpdateSecurityTaskMachine_LJ -> Brak pliku <==== UWAGA
    Task: {9DC61740-DFC1-4F76-B49E-7A44143E38EC} - \{24CC9649-B67C-0260-4F67-C2C55755A2F4} -> Brak pliku <==== UWAGA
    Task: {A592A9FC-6159-4A74-B5D3-FD8373C7D088} - \GoogleUpdateSecurityTaskMachine_AR -> Brak pliku <==== UWAGA
    Task: {B2CC821A-039F-40C1-8BCA-41AECFD1E0EB} - \GoogleUpdateSecurityTaskMachine_NB -> Brak pliku <==== UWAGA
    Task: {B2D60855-E342-4607-B649-92F7CDC8D4A0} - System32\Tasks\Opera scheduled Autoupdate 4086469641 => C:\Windows\system32\cmd.exe /c start "" "C:\Users\Win8\AppData\Roaming\Microsoft\Windows\hvigajwt\wvvuifrf.exe"
    Task: {CE8C0CC8-858A-4CA9-8E66-2E7611A205F3} - \GoogleUpdateSecurityTaskMachine_VA -> Brak pliku <==== UWAGA
    Task: {E2CE8A50-C1D2-42D0-9D29-78FF0DB87381} - \Opera scheduled Autoupdate 2796787680 -> Brak pliku <==== UWAGA
    Task: {F5F89766-4E11-47CA-B91C-2D3314A3820A} - \GoogleUpdateSecurityTaskMachine_DB -> Brak pliku <==== UWAGA
    (© 2015 Microsoft Corporation) C:\Users\Win8\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-852458146-1063966183-124498465-1001\...\Run: [BingSvc] => C:\Users\Win8\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-852458146-1063966183-124498465-1001\...\MountPoints2: {1ac547c0-8c99-11e6-824f-806e6f6e6963} - "F:\autorun.exe"
    HKU\S-1-5-21-852458146-1063966183-124498465-1001\...\MountPoints2: {2e720b75-4db5-11e7-829a-d05099968dee} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-852458146-1063966183-124498465-1001\...\MountPoints2: {2e720b8d-4db5-11e7-829a-d05099968dee} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-852458146-1063966183-124498465-1001\...\MountPoints2: {9534ea79-2850-11e7-828f-d05099968dee} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-852458146-1063966183-124498465-1001\...\MountPoints2: {9534eaa5-2850-11e7-828f-d05099968dee} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-852458146-1063966183-124498465-1001\...\MountPoints2: {d048ed4d-04e9-11e7-8286-d05099968dee} - "H:\AutoRun.exe"
    ShellExecuteHooks: Brak nazwy - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - C:\Windows\system32\mcicda64.dll -> Brak pliku <==== UWAGA
    Startup: C:\Users\Win8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hvigajwt.lnk [2018-06-15]
    ShortcutTarget: hvigajwt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    GroupPolicy: Ograniczenia ? <==== UWAGA
    ProxyServer: [S-1-5-21-852458146-1063966183-124498465-1001] => http=127.0.0.1:8080;https=127.0.0.1:8080
    Hosts:
    HKU\S-1-5-21-852458146-1063966183-124498465-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.amazon.com/gp/bit/amazonserp/ref=...nnel-17_2f8918ba_1201_1403_20161030_PL_ie_sp_
    SearchScopes: HKU\S-1-5-21-852458146-1063966183-124498465-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=..._ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms}
    CHR HKU\S-1-5-21-852458146-1063966183-124498465-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    S2 winamgr; "C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe" -s [X]
    U0 A7673AB5; C:\Windows\System32\drivers\A7673AB5.sys [59416 2018-06-16] ()
    S3 AsrSetupDrv; \??\C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [X]
    2018-06-16 11:03 - 2018-06-16 11:03 - 000059416 _____ C:\Windows\system32\Drivers\A7673AB5.sys
    2018-06-16 10:04 - 2018-06-16 10:59 - 000000000 ____D C:\AdwCleaner
    2018-06-15 18:06 - 2018-06-15 18:09 - 000000004 _____ C:\ProgramData\lock.dat
    2018-06-15 18:06 - 2018-06-15 18:06 - 000000004 _____ C:\ProgramData\rwi.khad
    2018-06-15 17:56 - 2018-06-15 19:56 - 000000000 ____D C:\Users\Win8\AppData\Local\5a7cabcdab704c7db12cd8dc7c27b9da
    2018-06-15 17:56 - 2018-06-15 19:56 - 000000000 ____D C:\Users\Win8\AppData\Local\33a960da21c544f69ba941ca0971f2f0
    2018-06-15 17:56 - 2018-06-15 19:56 - 000000000 ____D C:\ProgramData\f94151a9bc7e4c1dbaa8748f7dd4dddd
    2018-06-15 17:56 - 2018-06-15 18:08 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2018-06-15 17:56 - 2018-06-15 18:03 - 000929792 _____ C:\Users\Win8\AppData\Local\sham.db
    2018-06-15 17:56 - 2018-06-15 17:58 - 000000008 __RSH C:\ProgramData\ntuser.pol
    2018-06-15 17:56 - 2018-06-15 17:56 - 000140800 _____ C:\Users\Win8\AppData\Local\installer.dat
    2018-06-15 17:56 - 2018-06-15 17:56 - 000016696 _____ C:\Windows\System32\Tasks\Family Plus
    2018-06-15 17:56 - 2018-06-15 17:56 - 000000000 ____D C:\Users\Win8\AppData\Roaming\bqaru4vbp1z
    2018-06-15 17:56 - 2018-06-15 17:56 - 000000000 ____D C:\Program Files\My Program
    2018-06-15 17:56 - 2018-06-15 17:56 - 000000000 ____D C:\Program Files\BXJ8ZKUQSD
    2018-06-15 17:55 - 2018-06-16 11:04 - 000000000 ____D C:\Users\Win8\AppData\Roaming\vdn5cjtjyth
    2018-06-15 17:55 - 2018-06-16 11:04 - 000000000 ____D C:\Users\Win8\AppData\Roaming\nsftzaak3e3
    2018-06-15 17:55 - 2018-06-16 11:03 - 000000000 ____D C:\Users\Win8\AppData\Roaming\t21upqds2wo
    2018-06-15 17:55 - 2018-06-15 19:56 - 000000000 ____D C:\Users\Win8\AppData\Roaming\9979311e0f4642a1b68e0ae01bef6cdf
    2018-06-15 17:55 - 2018-06-15 19:56 - 000000000 ____D C:\ProgramData\f787a55bc40d423d93f81246af756582
    2018-06-15 17:55 - 2018-06-15 19:56 - 000000000 ____D C:\ProgramData\e4e7f5e8eaaa48cdbbe462077b4adc8b
    2018-06-15 17:55 - 2018-06-15 19:56 - 000000000 ____D C:\ProgramData\7790c8a8b9b5477a9cacfa572ce1dc84
    2018-06-15 17:55 - 2018-06-15 18:15 - 000000000 ____D C:\Windows\System32\Tasks\PandaService
    2018-06-15 17:55 - 2018-06-15 18:10 - 000003578 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 4086469641
    2018-06-15 17:55 - 2018-06-15 18:10 - 000000000 ____D C:\ProgramData\dahkService
    2018-06-15 17:55 - 2018-06-15 18:10 - 000000000 ____D C:\Program Files\UTUAPZT9C8
    2018-06-15 17:55 - 2018-06-15 18:10 - 000000000 ____D C:\Program Files\KQN4Q479GX
    2018-06-15 17:55 - 2018-06-15 18:10 - 000000000 ____D C:\Program Files\7QCHMMF2RE
    2018-06-15 17:55 - 2018-06-15 18:10 - 000000000 ____D C:\Program Files (x86)\UPUP
    2018-06-15 17:55 - 2018-06-15 18:10 - 000000000 ____D C:\Program Files (x86)\eCCFSA
    2018-06-15 17:55 - 2018-06-15 17:55 - 000000003 _____ C:\Users\Win8\AppData\Local\wbem.ini
    2018-06-15 18:10 - 2013-08-22 15:36 - 000000000 ____D C:\Program Files\Family Plus
    2018-06-15 18:06 - 2018-06-15 18:09 - 000000004 _____ () C:\ProgramData\lock.dat
    1601-01-03 21:33 - 1601-01-03 21:33 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\iwxeEmo.exe
    1601-01-03 21:33 - 1601-01-03 21:33 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\PUIKaAlID.exe
    1601-01-03 21:33 - 1601-01-03 21:33 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\Onyo.exe
    1601-01-03 21:33 - 1601-01-03 21:33 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\ssadpAEEohOCP.exe
    2018-06-15 17:56 - 2018-06-15 17:56 - 000140800 _____ () C:\Users\Win8\AppData\Local\installer.dat
    2018-06-15 17:56 - 2018-06-15 18:03 - 000929792 _____ () C:\Users\Win8\AppData\Local\sham.db
    2018-06-15 17:55 - 2018-06-15 17:55 - 000000003 _____ () C:\Users\Win8\AppData\Local\wbem.ini
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #4 18 Cze 2018 14:16
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #5 21 Cze 2018 13:23
    Mezulith
    Poziom 3  

    Dziękuje wielkie za pomoc. Wszystko działa jak należy.

    0