Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Proszę o sprawdzenie logów

daveology 24 Lip 2018 18:27 276 11
  • #2 24 Lip 2018 18:44
    safbot1st
    Poziom 43  

    Infekcja. Wklej w notatnik:

    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\MountPoints2: {5ab82428-74b6-11e7-8278-b01041a4011e} - "D:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\MountPoints2: {5ab82443-74b6-11e7-8278-b01041a4011e} - "D:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\MountPoints2: {5ab82453-74b6-11e7-8278-b01041a4011e} - "D:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\MountPoints2: {6ff11416-b199-11e6-8254-b01041a4011e} - "D:\Autorun.exe"
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\MountPoints2: {a587c5e3-c022-11e7-8282-b01041a4011e} - "D:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\MountPoints2: {a587c77c-c022-11e7-8282-b01041a4011e} - "D:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\MountPoints2: {a9e390b0-b4d8-11e6-8255-b01041a4011e} - "F:\steambackup2.EXE"
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\MountPoints2: {cfbee9ba-6c8b-11e8-82fc-b01041a4011e} - "D:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKU\S-1-5-21-2071128820-1729352277-456477330-1001 -> {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-2391167849269628:2065933993&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
    CHR HomePage: Default -> hxxps://www.google.pl/
    CHR StartupUrls: Default -> "hxxp://www.google.pl/"
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    S2 HuaweiHiSuiteService64.exe; "C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
    S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
    S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
    S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]
    2018-07-24 18:12 - 2018-07-24 18:12 - 007395536 _____ (Malwarebytes) C:\Users\Y50\Downloads\AdwCleaner.exe
    2018-02-22 21:29 - 2018-02-22 21:29 - 000000000 ____D () C:\Users\Y50\AppData\Local\Temp\Explorer.EXE
    2018-06-20 17:51 - 2018-06-27 23:19 - 000000000 ____D () C:\Users\Y50\AppData\Local\Temp\fms.dll
    2018-04-06 16:53 - 2018-04-06 16:53 - 004346990 _____ (Napisy24.pl ) C:\Users\Y50\AppData\Local\Temp\Napisy24.exe
    2018-02-21 22:52 - 2017-07-19 00:38 - 000368760 _____ (NVIDIA Corporation) C:\Users\Y50\AppData\Local\Temp\nvStInst.exe
    2018-07-07 16:41 - 2018-07-07 16:41 - 010622920 _____ () C:\Users\Y50\AppData\Local\Temp\setup.dll
    2018-05-09 21:02 - 2018-05-21 00:34 - 000095407 _____ () C:\Users\Y50\AppData\Local\Temp\t.dll
    2018-03-12 19:46 - 2018-03-12 19:46 - 014456872 _____ (Microsoft Corporation) C:\Users\Y50\AppData\Local\Temp\vcredist_x86.exe
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\Software\Classes\regfile: regedit.exe "%1" <==== UWAGA
    AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
    EmptyTemp:

    zapisz jako fixlist.txt obok FRST.exe i w FRST kliknij napraw.
    Po naprawie usuń C:\FRST i to wszystko.

    0
  • #4 28 Lis 2018 00:51
    krzychupar
    Poziom 41  

    Odinstaluj:
    DiskWMpower version 1.0 (HKLM-x32\...\DiskWMpower_is1) (Version: 1.0 - WeMonetize) <==== UWAGA
    YoutubeAdBlock (HKLM-x32\...\1655C0CA-7AE7-4012-8502-970C8675E5F8) (Version: 2.0.0.700 - Company Inc.) <==== UWAGA
    One System Care (HKLM-x32\...\OneSystemCare_is1) (Version: 4.4.0.3 - One System Care) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    CloseProcesses:
    Hosts:
    HKLM-x32\...\Run: [DiskPower] => C:\Program Files (x86)\DiskWMpower\DiskPower.exe [210432 2017-02-10] () <==== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_Q223H] => C:\Program Files (x86)\aydcvtev0zd\KJPJ299SBM61G8D.exe [259072 2018-11-27] (MD2) <==== UWAGA
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [3990528 2018-02-02] (Napisy24.pl)
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\Run: [Napisy24.pl] => C:\Program Files (x86)\Napisy24\Napisy24.exe [7006208 2018-02-02] (Napisy24.pl)
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\Run: [GYN3XLV744P8XT9] => C:\Program Files\4IJL4ZSD03\4IJL4ZSD0.exe [874496 2018-11-27] (MD2)
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\Run: [4196006] => C:\Users\Y50\AppData\Roaming\pu4tmnh01hr\f34rdnah0ry.exe [1165097 2018-11-27] ( )
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\Run: [6ZAPYJLTV2VYEFU] => C:\Program Files\JBPYV0PSPW\JBPYV0PSP.exe [874496 2018-11-27] (MD2)
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\Run: [491YRYWJB8710IW] => C:\Program Files\31EQ98MYAC\ZIF6PAUK2.exe [874496 2018-11-27] (MD2)
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\Run: [5285648] => C:\Users\Y50\AppData\Roaming\mqzdgnw14yj\ktkhtbbiata.exe [1165097 2018-11-27] ( )
    ShortcutTarget: Shortcut to Primary output from Start (Active).lnk -> C:\Users\Y50\AppData\Roaming\Microsoft\Installer\{6C044E1B-C2BD-4B47-9913-40407FA5854E}\_4B4638EB5845C70A1B594B.exe ()
    BootExecute: autocheck autochk * SmartDefragBootTime.exe
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    FF Extension: (User search study) - C:\Users\Y50\AppData\Roaming\Mozilla\Firefox\Profiles\z9ly6d8a.default\Extensions\search-nudges@shield.mozilla.org.xpi [2018-09-25] [Przestarzałe]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [Brak pliku]
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [Brak pliku]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    2018-11-27 23:50 - 2018-11-27 23:50 - 000002872 _____ C:\Windows\System32\Tasks\cGuRYWMDXAzszcxQS2
    2018-11-27 23:50 - 2018-11-27 23:50 - 000002860 _____ C:\Windows\System32\Tasks\TGZZvvZkTeMODbIDdGH2
    2018-11-27 23:50 - 2018-11-27 23:50 - 000000000 ____D C:\ProgramData\pUIfuUUTjzrUMTVB
    2018-11-27 23:50 - 2018-11-27 23:50 - 000000000 ____D C:\Program Files (x86)\VtuYtIvrjzmOrIBvrWR
    2018-11-27 23:50 - 2018-11-27 23:50 - 000000000 ____D C:\Program Files (x86)\vevsoISKgkcDC
    2018-11-27 23:49 - 2018-11-27 23:50 - 000000000 ____D C:\Program Files (x86)\FVgedVjzKgFU2
    2018-11-27 23:49 - 2018-11-27 23:49 - 000003058 _____ C:\Windows\System32\Tasks\ZSFGHAUrEQvZYk
    2018-11-27 23:49 - 2018-11-27 23:49 - 000002850 _____ C:\Windows\System32\Tasks\lRXXZzUHcFPoIKk2
    2018-11-27 23:49 - 2018-11-27 23:49 - 000000000 ____D C:\Users\Y50\AppData\Roaming\WidModule
    2018-11-27 23:49 - 2018-11-27 23:49 - 000000000 ____D C:\Program Files (x86)\loreCZYyGIE
    2018-11-27 23:49 - 2018-11-27 23:49 - 000000000 ____D C:\Program Files (x86)\DjpYILTWU
    2018-11-27 23:49 - 2018-11-27 23:49 - 000000000 ____D C:\Program Files (x86)\bbIORqNasDUn
    C:\Program Files (x86)\DiskWMpower\DiskPower.exe
    C:\Program Files (x86)\aydcvtev0zd\KJPJ299SBM61G8D.exe
    TmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #6 28 Lis 2018 08:02
    krzychupar
    Poziom 41  

    Masz wrażenie, że coś mu dolega to weź w końcu opisz dokładnie te dolegliwości jak chcesz w ogóle otrzymać jakąś pomoc.A w logach infekcji nie widać.

    0
  • Pomocny post
    #7 28 Lis 2018 08:19
    Kolobos
    Spec od komputerów

    Widac.

    Odinstaluj: eweew3grthrtvew

    Fixlist.txt:
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [3535360 2018-03-01] (AresGalaxy)
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3884720 2017-10-04] (ALLPlayer.org)
    HKU\S-1-5-21-2071128820-1729352277-456477330-1001\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [6681776 2018-04-22] (ALLPlayer Group Ltd.)
    BHO: YoutubeAdBlock -> {D1660F2C-BBC4-4D94-A6BA-EB25BC207DA5} -> C:\Program Files (x86)\loreCZYyGIE\tgpPhL83.dll => Brak pliku
    BHO-x32: YoutubeAdBlock -> {D1660F2C-BBC4-4D94-A6BA-EB25BC207DA5} -> C:\Program Files (x86)\loreCZYyGIE\kZ1WNCoKF.dll => Brak pliku
    FF user.js: detected! => C:\Users\Y50\AppData\Roaming\Mozilla\Firefox\Profiles\z9ly6d8a.default\user.js [2017-06-30]
    C:\Program Files\Mozilla Firefox\browser\features\{733ED5DC-6D54-4A04-900B-CA85BF4B9A1B}.xpi
    FF Extension: (Brak nazwy) - C:\Program Files\Mozilla Firefox\browser\features\{733ED5DC-6D54-4A04-900B-CA85BF4B9A1B}.xpi [2018-11-27] [Brak podpisu cyfrowego]
    2018-11-28 02:02 - 2018-11-28 02:02 - 000000000 ____D C:\Users\Y50\Downloads\FRST-OlderVersion
    2018-11-28 00:52 - 2018-11-28 01:53 - 000000000 ____D C:\Users\Y50\AppData\Roaming\cbtnwrevkyn
    2018-11-28 00:52 - 2018-11-28 01:19 - 000000000 ____D C:\Program Files\SSQH9AG0BX
    2018-11-28 00:52 - 2018-11-28 01:12 - 000000004 _____ C:\ProgramData\lock.dat
    2018-11-28 00:52 - 2018-11-28 01:03 - 000000008 __RSH C:\Users\Y50\ntuser.pol
    2018-11-28 00:52 - 2018-11-28 01:03 - 000000008 _____ C:\ProgramData\irw.atsd
    2018-11-28 00:52 - 2018-11-28 00:52 - 000000008 _____ C:\ProgramData\ts.dat
    2018-11-27 23:53 - 2018-11-27 23:53 - 000000000 ____D C:\Users\Y50\AppData\LocalLow\uVLgKJnzBrgAs
    2018-11-27 23:48 - 2018-11-28 01:52 - 000000000 ____D C:\Users\Y50\AppData\Roaming\pu4tmnh01hr
    2018-11-27 23:48 - 2018-11-28 01:52 - 000000000 ____D C:\Users\Y50\AppData\Roaming\mqzdgnw14yj
    2018-11-27 23:48 - 2018-11-28 01:52 - 000000000 ____D C:\Program Files\JBPYV0PSPW
    2018-11-27 23:48 - 2018-11-28 01:21 - 000000000 ____D C:\Program Files\31EQ98MYAC
    2018-11-27 23:48 - 2018-11-28 01:12 - 000000000 ____D C:\ProgramData\localNETService
    2018-11-27 23:48 - 2018-11-28 01:12 - 000000000 ____D C:\Program Files (x86)\Berzek
    2018-11-27 23:48 - 2018-11-28 01:03 - 000000008 __RSH C:\ProgramData\ntuser.pol
    2018-11-27 23:48 - 2018-11-28 01:01 - 000000000 ____D C:\Program Files (x86)\aydcvtev0zd
    2018-11-27 23:48 - 2018-11-28 00:56 - 000000000 ____D C:\Program Files\4IJL4ZSD03
    2018-11-27 23:48 - 2018-11-27 23:48 - 002633728 _____ (TigerTrade ) C:\ProgramData\pdxijd.exe
    2018-11-27 23:48 - 2018-11-27 23:48 - 000332288 _____ C:\ProgramData\pdxijb.exe
    2018-11-27 23:48 - 2018-11-27 23:48 - 000000116 _____ C:\ProgramData\pdxijc.txt
    2018-11-27 23:47 - 2018-11-28 01:52 - 000000000 ____D C:\ProgramData\VVD
    2018-11-27 23:47 - 2018-11-27 23:47 - 000000000 ____D C:\ProgramData\Bloger
    2018-11-27 23:46 - 2018-11-27 23:46 - 000000000 ____D C:\Windows\MASYANA
    2018-11-27 23:46 - 2018-11-27 23:46 - 000000000 ____D C:\Program Files (x86)\VITSoft
    2018-11-27 23:46 - 2018-11-27 23:46 - 000000000 ____D C:\Program Files (x86)\Leongram
    2018-11-28 00:49 - 2017-06-22 14:47 - 000000000 ____D C:\AdwCleaner
    2018-11-28 00:52 - 2018-11-28 01:12 - 000000004 _____ () C:\ProgramData\lock.dat
    2018-11-27 23:48 - 2018-11-27 23:48 - 000332288 _____ () C:\ProgramData\pdxijb.exe
    2018-11-27 23:48 - 2018-11-27 23:48 - 002633728 _____ (TigerTrade ) C:\ProgramData\pdxijd.exe
    2018-11-28 00:52 - 2018-11-28 00:52 - 000000008 _____ () C:\ProgramData\ts.dat

    0
  • #9 28 Lis 2018 17:25
    Kolobos
    Spec od komputerów

    > Jak to odinstalować?

    Tak jak kazdy inny program pod Windows.

    > Może czymś innym jeszcze przeskanować?

    Czy problem nadal wystepuje?

    0
  • #10 28 Lis 2018 17:26
    daveology
    Poziom 4  

    A jak Ci napisze, że nigdzie nie widze takiego czegoś (eweew3grthrtvew)? :D
    Wydaje mi się, że wszystko jest już ok, tylko intryguje mnie to co kazałeś mi odinstalować.

    0
  • Pomocny post
    #11 28 Lis 2018 17:29
    Kolobos
    Spec od komputerów

    Zapewne mbam juz usunal ten wpis, dlatego go nie ma.

    0
  • #12 28 Lis 2018 22:34
    RADU23
    Moderator - Komputery Serwis

    daveology napisał:
    Wydaje mi się, że wszystko jest już ok

    Usuń folder C:\FRST i to wszystko.
    Proszę o sprawdzenie logów

    1