Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o skrypt fixlist do FRST - svchost.exe

06 Mar 2019 01:55 357 8
  • Poziom 2  
    Witam, proszę o stworzenie skryptu naprawy. Złapałem jakiegoś wirusa, skanowałem i czyściłem Adwcleaner'em i Malwarebytes'em, teraz już nic nie wykrywają, tylko ochrona Malwarebytes'a co chwilę blokuje jakieś połączenia. W załączeniu oczywiście pliczki z FRST.

    Ps. Czy mógłby mi ktoś przy okazji wytłumaczyć jak się tworzy takie skrypty?
  • Pomocny post
    Poziom 42  
    bvrteksco napisał:
    Ps. Czy mógłby mi ktoś przy okazji wytłumaczyć jak się tworzy takie skrypty?
    Nie da się tego wytłumaczyć ;-) , trzeba się tego nauczyć samemu, poczytaj tu https://www.fixitpc.pl/topic/23904-frst-tutorial-obs%C5%82ugi-farbar-recovery-scan-tool/

    Plik fixlist.txt w załączeniu.
  • Poziom 42  
    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    Task: {FD309A27-9A1E-4270-81ED-439D06610A89} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe (AVAST Software s.r.o. -> AVAST Software)
    Hosts:
    HKLM-x32\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-3111132547-3592709195-2606480044-1001\...\MountPoints2: {30b87054-c25a-11e8-96a7-309c23b6304e} - "F:\AutoRun.exe"
    HKU\S-1-5-21-3111132547-3592709195-2606480044-1001\...\MountPoints2: {30b87094-c25a-11e8-96a7-309c23b6304e} - "L:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-3111132547-3592709195-2606480044-1001\...\MountPoints2: {3945bb9d-19b0-11e9-96e1-309c23b6304e} - "L:\HiSuiteDownLoader.exe"
    IFEO\OSppSvc.exe: [Debugger] KMS-R(malpa)1nhook.exe
    IFEO\SppExtComObj.exe: [Debugger] KMS-R(malpa)1nhook.exe
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    Tcpip\Parameters: [DhcpNameServer] 62.179.1.61 62.179.1.63
    CHR DefaultSearchURL: Default -> hxxps://pl.search.yahoo.com/search?fr=mcafee_uninternational&type=E210PL91105G0&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
    S2 opuymksi; C:\Windows\SysWOW64\opuymksi\dcokpzjw.exe [0 ]<==== UWAGA (zerobajtowy plik/folder)
    U3 aswbdisk; Brak ImagePath
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
    2019-03-05 23:19 - 2019-03-05 23:19 - 000000000 ____D C:\AdwCleaner
    2018-04-12 00:34 - 2018-04-12 00:34 - 000060416 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\ODiWA.exe
    2018-10-20 23:15 - 2018-10-20 23:15 - 000000002 _____ () C:\Users\home\AppData\Local\imw.ini
    2019-03-05 23:15 - 2019-03-05 23:15 - 000140800 _____ () C:\Users\home\AppData\Local\installer.dat
    2018-04-12 00:34 - 2018-04-12 00:34 - 000178688 ____N (Microsoft Corporation) C:\Users\home\AppData\Local\NuEui.exe
    2019-03-05 23:15 - 2019-03-05 23:15 - 000722944 _____ () C:\Users\home\AppData\Local\sha.db
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.
  • Poziom 43  
    Odinstaluj:
    360 Total Security
    (oraz inne programy, których nie używasz...)

    Spoiler:
    (QIHU 360 SOFTWARE CO. LIMITED -> QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
    Tcpip\Parameters: [DhcpNameServer] 62.179.1.61 62.179.1.63
    Tcpip\Parameters: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{16b4e2f1-62ab-4715-9acf-564bd12fb633}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{16b4e2f1-62ab-4715-9acf-564bd12fb633}: [DhcpNameServer] 8.8.8.8
    Tcpip\..\Interfaces\{1b4ab04c-e525-4315-ab11-9434719237fb}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{1b4ab04c-e525-4315-ab11-9434719237fb}: [DhcpNameServer] 62.179.1.61 62.179.1.63
    Tcpip\..\Interfaces\{262dc65a-7e1e-4e08-8757-78ae59f02007}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{3f1fcd1e-2aca-46c3-b60c-129c04989979}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{3f1fcd1e-2aca-46c3-b60c-129c04989979}: [DhcpNameServer] 8.8.8.8
    Tcpip\..\Interfaces\{4292eea5-6f5c-461f-8fdf-1b2d7b4cf828}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{4e86b9bd-92da-44ca-beb9-7bac34acf002}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{4e86b9bd-92da-44ca-beb9-7bac34acf002}: [DhcpNameServer] 8.8.8.8
    Tcpip\..\Interfaces\{61c670b1-c184-11e8-96a0-806e6f6e6963}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{6b78ba2b-594c-48a6-bd12-2a56a743f995}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{6b78ba2b-594c-48a6-bd12-2a56a743f995}: [DhcpNameServer] 8.8.8.8
    Tcpip\..\Interfaces\{97d9a667-0eb1-4401-92df-2d92938ee196}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{a69253e9-e6eb-4df3-bc20-2c536dab63f3}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{c8a2cbfb-1b15-458a-93be-fd25f041036e}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{ca8ca71e-1a97-4f11-b66a-45e4465e01e4}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{d2ffbb86-7e87-4469-a0ac-0e01bf45c35a}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{d2ffbb86-7e87-4469-a0ac-0e01bf45c35a}: [DhcpNameServer] 8.8.8.8
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-01-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-01-15] (Microsoft Corporation -> Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-11-13] (Oracle America, Inc. -> Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-13] (Oracle America, Inc. -> Oracle Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-15] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-15] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-15] (Microsoft Corporation -> Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-01-15] (Microsoft Corporation -> Microsoft Corporation)
    FF Extension: (Brak nazwy) - C:\Program Files\Mozilla Firefox\browser\features\{91C54DC0-6B37-4DDB-A763-D5C4588C9A23}.xpi [2019-03-05] [Brak podpisu cyfrowego]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [2019-02-12] (Adobe Systems Incorporated -> )
    CHR Extension: (360 Internet Protection) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\glcimepnljoholdmjchkloafkggfoijh [2018-11-05]
    CHR Extension: (Chrome Media Router) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-26]
    R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [192600 2018-09-04] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
    R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [95232 2016-08-10] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
    R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [95232 2018-09-04] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
    R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [340568 2018-09-04] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
    S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [57848 2018-09-04] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
    R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [443992 2018-09-04] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
    R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [96424 2018-09-04] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
    R1 7553EB85B89D; C:\Windows\7553EB85B89D.sys [619880 2019-03-05] (韵羽健康管理咨询(上海)有限公司 -> VxDriver)
    R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [211160 2018-12-21] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
    2019-02-27 16:40 - 2019-03-04 17:57 - 000000759 _____ C:\Users\home\Desktop\visit www.nosteam.ro.lnk
    2019-03-06 14:47 - 2018-09-27 16:02 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
    2019-03-05 23:30 - 2018-09-26 13:01 - 000000000 __SHD C:\ProgramData\360Quarant
    2019-03-05 23:30 - 2018-09-26 13:01 - 000000000 __SHD C:\$360Section
    2019-03-05 23:23 - 2018-04-12 00:38 - 000000000 ___HD C:\Windows\ELAMBKUP
    2019-03-05 23:20 - 2018-09-26 13:00 - 000000000 _RSHD C:\360SANDBOX
    ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-04] (QIHU 360 SOFTWARE CO. LIMITED -> )
    ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-04] (QIHU 360 SOFTWARE CO. LIMITED -> )
    ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2018-09-04] (QIHU 360 SOFTWARE CO. LIMITED -> )
    EmptyTemp:



    Prosiłbym kogoś o zajrzenie do "Zainstalowane programy" oraz zapory...
  • Moderator - Komputery Serwis
    Otwórz notatnik i wklej zawartość:
    Cytat:
    CloseProcesses:
    CreateRestorePoint:
    Tcpip\..\Interfaces\{1b4ab04c-e525-4315-ab11-9434719237fb}: [DhcpNameServer] 62.179.1.61 62.179.1.63
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_142.dll [Brak pliku]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_142.dll [Brak pliku]
    2019-03-05 23:35 - 2019-03-05 23:38 - 000000266 __RSH C:\ProgramData\ntuser.pol
    AlternateDataStreams: C:\Windows\system32\Drivers\jlchkpto.sys:changelist [426]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [476]
    FirewallRules: [{D1F055E4-EB43-437A-A5B4-FCEBE18CF9FB}] => (Allow) C:\Program Files (x86)\Common Files\ODiWA.exe Brak pliku
    FirewallRules: [{3C6CE1CE-E55A-4EB9-9C3D-22307398DB2F}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
    FirewallRules: [{4BAC8BF0-C8AB-4F5A-B891-186D3A93A85E}] => (Allow) C:\Windows\SysWOW64\svchost.exe (Microsoft Windows Publisher -> Microsoft Corporation)
    FirewallRules: [TCP Query User{923D140E-5E48-423A-BD02-0F425F0F16D0}E:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe] => (Allow) E:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe Brak pliku
    FirewallRules: [UDP Query User{25791A05-395C-4F6D-9149-463F19EFCEC4}E:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe] => (Allow) E:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.169\deploy\leagueclient.exe Brak pliku
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    W logach nic więcej nie widać.
  • Poziom 2  
    Wygląda na to, że już jest wszystko w porządku. Dzięki wielkie! :D