Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] FRST - proszę o przejrzenie logów

Xepen Kell 02 Wrz 2018 13:30 129 7
  • #1 02 Wrz 2018 13:30
    Xepen Kell
    Poziom 3  

    Witam,
    Proszę o przejrzenie logów i pomoc z tym cholerstwem. FRST i AdwCleaner działają tylko w trybie awaryjnym, do Chrome dodaje się chrome cleaner, pojawiają się nowe karty, usuwanie ręczne oraz AdwCleanerem nie daje żadnych rezultatów, po restarcie problem od nowa. Nie znam się aż tak na FRST i nie chcę narobić biedy.

    0 7
  • Pomocny post
    #2 02 Wrz 2018 21:20
    iJuliusz
    Poziom 12  

    Uruchom FRST i naciśnij Ctrl+Y, wklej zawartość okna poniżej, potem zapisz Ctrl+S i zamknij notatnik
    Kliknij Napraw, program wyłączy niepotrzebne procesy, zrobi Punkt Przywracania i zacznie pracę.
    Wklej plik wynikowy, będzie potrzebny, aby dokończyć oczyszczanie.

    Code:
    CloseProcesses:
    
    CreateRestorePoint:
    EmptyTemp:
    HKU\S-1-5-21-3548818850-2143203506-1895827364-1001\...\Policies\system: [DisableLockWorkstation] 0
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-06-16]
    ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{EBB6EF1E-4289-4B2E-8BD8-AE0303EC8FD5}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Brak pliku)
    Tcpip\..\Interfaces\{6b312e93-5c37-45ea-859c-b5efbd04058f}: [DhcpNameServer] 192.168.42.129
    Tcpip\..\Interfaces\{855CB843-DA2E-407C-ABC2-B198C335E016}: [DhcpNameServer] 62.179.1.60 62.179.1.61
    SearchScopes: HKU\S-1-5-21-3548818850-2143203506-1895827364-1001 -> DefaultScope {4AD136BC-0508-4288-B31D-3E3C9B75528E} URL =
    SearchScopes: HKU\S-1-5-21-3548818850-2143203506-1895827364-1001 -> {4AD136BC-0508-4288-B31D-3E3C9B75528E} URL =
    CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxps://www.google.com/","hxxp://www.istartsurf.com/?type=hp&ts=1407117825&from=smt&uid=ST1000LM024XHN-M101MBB_S30YJ9ADB13145","hxxps://www.google.com/","hxxp://websearch.searc-hall.info/?pid=2130&r=2014/11/06&hid=9399540436701591056&lg=EN&cc=PL&unqvl=65","hxxp://www.google.com/"
    CHR Session Restore: Default -> [funkcja włączona]
    S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [X]
    2018-09-02 13:04 - 2018-09-02 13:04 - 000000000 ____D C:\WINDOWS\{D32F0790-E651-41F4-9571-6065DA044B85}
    2018-09-02 13:03 - 2018-09-02 13:03 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2018-09-02 13:03 - 2018-09-02 13:03 - 000000008 __RSH C:\ProgramData\ntuser.pol
    2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\qCUUaitF.exe
    2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\Alienware\AppData\Local\hcUrIeYYOoEYe.exe
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku




    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Brak pliku
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
    Task: {2884A181-E528-4BBB-B0A0-B06DF9E90C6B} - \{3174137A-32CC-D327-CB2F-CCEF09A171DD} -> Brak pliku <==== UWAGA
    Task: {E4986728-BF9B-4141-A8A1-60120B33EAB4} - \{8634D6E0-4B10-19FC-F160-CCD14B86F3EB} -> Brak pliku <==== UWAGA
    Task: {F91CD3E8-F73E-4543-8CF9-0F7A2537907F} - \{515F3FB9-7A4B-93B0-A2F2-C55505862251} -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    FirewallRules: [{7F663D89-F17C-47D7-B051-89A494A4B796}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
    FirewallRules: [{B730E20F-77EB-4220-AAEA-28BB9CCFDD61}] => (Allow) C:\Program Files (x86)\Common Files\qCUUaitF.exe
    FirewallRules: [{715AAC3E-3DF3-441E-8348-BA8D9498AE9C}] => (Allow) C:\Users\Alienware\AppData\Local\hcUrIeYYOoEYe.exe
    FirewallRules: [{118824DA-DC41-4840-9AD5-A343193B0CCB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{669AE2BC-BD53-482D-AC42-4B4BB76A26CA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{1666C0A0-A8E3-49F0-878A-25C373F72A67}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{1F9ED22B-CD74-48E8-A1A5-11A3C70F5C32}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{F9660B8C-526D-4E2B-97C1-2F3E7F67E176}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{E2BF0B2C-02FC-46B6-A68C-15789D986645}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{8CBD60A8-B540-4BC1-A0D5-573E7565A17C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C83065D9-8709-44D7-934D-DEA083443752}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{0D5619B3-D95F-421B-9AA9-10A3767CA05A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{366BABF2-A5C6-420F-87EE-C61419735EBE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{E6D3ED5B-CB8C-41C1-BEDF-4085E9D6C227}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{DDBBEE8B-B16D-45F6-8E57-454099710ACB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{1D3291E7-8ACB-42E3-A8DC-D949DFBE43A8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{1356518D-6E17-4239-88B5-7DB9DC481F44}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{DDB234D3-2153-4C6A-8326-4D19AC6014CD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{4EF726A6-185C-4537-A72E-D12434BCF7C8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{1A9417C5-BA11-434A-91F5-8006FDCEA0F4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C2111C68-97A6-44D5-9344-B49A93701DF8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{20768CEE-7393-4305-8087-C9859435DEFE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{9910C674-E6C2-4E86-9572-B96F7E223558}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{A975C810-4108-4968-823F-DB33E925ECC4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{448F37A9-B825-4CBF-8884-5B2A35FAB54B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{18C313E0-9CDC-4B9C-A38C-9FDB7F045EC2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{B959938B-74D2-407D-983D-F663203ABD9D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{2EE1FB51-04A1-47B7-8FFB-41DB3E7EBF06}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{3DD79D36-CB09-4EF4-B141-09ED386BEAFC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{FAC526BE-FCB6-4B43-9910-13E08DF4869F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{0F0AFC1B-27F8-476E-8F97-EBE3A7FBC1C8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{56978942-529D-4B8D-B310-218CC51E14DE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{2695235C-8F38-4F9A-A9ED-812F0D4F2B42}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C8E99333-38E5-42B6-BFDA-67DC5958E0A1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{B9B3C2D2-42AF-462C-BB43-65AD5D2ED5FC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{3FA4E488-5DFF-4A42-BB65-23B0BAE8473D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{4D88B810-1579-4FA2-A715-B8DE8AC3F222}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{7D40F1C8-39BA-44A3-9D6C-72E62EA1BBB8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{726A9E75-3E36-478D-90AF-39F8DEB1AF20}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{390A134B-4D39-460F-BFC3-6EC61BA7DDD5}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{2194912B-DCDA-49C3-8B1F-D186F5A6B3B5}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{FF775172-17B8-4BBC-84CE-48BDD1A919C3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{6D34CD70-89E2-4889-8927-EAD77CD03952}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{554E3734-9365-47BD-B9A5-734A017DAA1F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{2F4D2E96-2F84-41E5-BCAF-7765C67EE244}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{D2AF02EC-CD30-4FF3-8946-049D0BA4D94B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{97EE7E48-D700-4EA6-94F3-B7F9F35CD5A4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{8C13CEBC-2D08-4BBF-9F00-0939EB893CCE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{8E23E361-3E16-4C69-8146-DBF9C2BC29DD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{87A84126-25A9-4C8E-BB93-DE94B7AC6A6E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{B8ED9A68-0634-49C7-92AF-7579A8BB0348}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{EF0F2248-3925-45BC-A343-29A52EE49473}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{F6F96DED-59ED-4173-8FE8-3BADC6E738E8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{179D6154-A112-4F9C-9FB9-0A47031D7DA2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{534E2476-56ED-43BB-80FF-7CC94FD9DA28}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{CE861538-241B-4813-B215-3C4586FE648A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{08381F51-D638-4721-A41A-4935D610C23C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FilesInDirectory: C:\Program Files (x86)\Common Files\*.exe;*.dll;*.ini
    FilesInDirectory: C:\Users\Alienware\AppData\Local\*.exe;*.dll;*.ini

    0
  • Pomocny post
    #4 03 Wrz 2018 20:34
    iJuliusz
    Poziom 12  

    Skrypt wykonał się właściwie.
    Nie wykryłem pozostałości malware/wirusa.
    Teraz możesz zastosować ADWCleaner
    Jeśli coś znajdzie, Oczyść.
    Możesz wkleić plik wynikowy do wglądu.

    Na koniec, jeśli system odzyskał sprawność, zastosuj DelFix
    Zaznacz Remove disinfection tools i kliknij Run.

    0
  • #5 03 Wrz 2018 20:48
    Xepen Kell
    Poziom 3  

    ADWCleaner i DelFix zastosować w trybie awaryjnym czy mogę już atakować normalnie?

    0
  • Pomocny post
    #6 03 Wrz 2018 20:55
    iJuliusz
    Poziom 12  

    Teraz już normalnie

    0
  • #7 03 Wrz 2018 20:58
    Xepen Kell
    Poziom 3  

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.3.0
    # -------------------------------
    # Build: 08-30-2018
    # Database: 2018-09-01.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 09-03-2018
    # Duration: 00:00:08
    # OS: Windows 10 Home
    # Scanned: 41852
    # Detected: 1


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    PUP.Optional.Legacy http://www.istartsurf.com/?type=hp&ts=1407117...smt&uid=ST1000LM024XHN-M101MBB_S30YJ9ADB13145

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.


    AdwCleaner[S00].txt - [2718 octets] - [02/09/2018 01:05:41]
    AdwCleaner[C00].txt - [2682 octets] - [02/09/2018 01:06:19]
    AdwCleaner[S01].txt - [1372 octets] - [02/09/2018 01:10:27]
    AdwCleaner[S02].txt - [2253 octets] - [02/09/2018 07:29:43]
    AdwCleaner[C02].txt - [2327 octets] - [02/09/2018 07:30:48]
    AdwCleaner[S03].txt - [2083 octets] - [02/09/2018 11:40:15]
    AdwCleaner[C03].txt - [2193 octets] - [02/09/2018 11:55:38]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########

    Wyczyszczone, odpalam DelFixa
    Ogromne dzięki za pomoc!

    0
  • #8 03 Wrz 2018 23:06
    Xepen Kell
    Poziom 3  

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.3.0
    # -------------------------------
    # Build: 08-30-2018
    # Database: 2018-09-01.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 09-03-2018
    # Duration: 00:00:08
    # OS: Windows 10 Home
    # Scanned: 41852
    # Detected: 1


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    No malicious folders found.

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    PUP.Optional.Legacy http://www.istartsurf.com/?type=hp&ts=1407117...smt&uid=ST1000LM024XHN-M101MBB_S30YJ9ADB13145

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.


    AdwCleaner[S00].txt - [2718 octets] - [02/09/2018 01]
    AdwCleaner[C00].txt - [2682 octets] - [02/09/2018 01]
    AdwCleaner[S01].txt - [1372 octets] - [02/09/2018 01]
    AdwCleaner[S02].txt - [2253 octets] - [02/09/2018 07]
    AdwCleaner[C02].txt - [2327 octets] - [02/09/2018 07]
    AdwCleaner[S03].txt - [2083 octets] - [02/09/2018 11]
    AdwCleaner[C03].txt - [2193 octets] - [02/09/2018 11]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########

    Wyczyszczone, odpalam DelFixa
    Ogromne dzięki za pomoc!

    Dodano po 2 [godziny] 7 [minuty]:

    Problem rozwiązany dzięki iJuliuszowi :)

    0