Prośba o sprawdzenie logów FRST

dawid1110 · 17 Grudzień 2017 21:10

Witam

Prosiłbym o przejrzenie logów z FRST bo jakoś dziwnie mi laptop działa ostatnio i otwiera mi się jakaś strona WWW niechciana.

FRST.txt
Addition.txt
Shortcut.txt

Prosił bym o pomoc bo jest to dla mnie dość kłopotliwe

Atis · 17 Grudzień 2017 23:07

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

CloseProcesses:
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\Run: [TCDW0QX7C85VSYI] => "C:\Program Files\WY1YSFKILA\WY1YSFKIL.exe"
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\Run: [CETVQFVH2R4GWSW] => "C:\Program Files\I73TG5P1H6\I73TG5P1H.exe"
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\Run: [1796167] => "C:\Users\Dawid\AppData\Roaming\0xefsmakd5m\svg0s4r5kqa.exe" /VERYSILENT
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\Run: [StillFeather] => C:\WINDOWS\rss\csrss.exe [7224320 2017-12-14] () <==== UWAGA
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\Run: [YN7678USJ98J5Q7] => "C:\Program Files\HUNTL3KP5N\HUNTL3KP5.exe"
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\Run: [224270] => "C:\Users\Dawid\AppData\Roaming\msvgzthbewf\w1mibczku1m.exe" /VERYSILENT
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\Run: [33GU0JCOG4WJ51F] => "C:\Program Files (x86)\1yvspwwj4sx\B2G74.exe"
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\Run: [CloudNet] => C:\Users\Dawid\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [680448 2017-12-15] (EpicNet Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2017-10-23]
R2 WinDefender; C:\WINDOWS\windefender.exe [3451904 2017-12-14] () [Brak podpisu cyfrowego]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 PowerBiosServer; "C:\Program Files (x86)\Hotkey\HotkeyService.exe" [X]
2017-12-17 22:05 - 2017-12-17 22:05 - 000000000 ____D C:\Users\Dawid\Desktop\FRST-OlderVersion
2017-12-16 13:17 - 2017-12-16 13:17 - 000000000 ____D C:\ProgramData\LGMOBILEAX
2017-12-14 23:44 - 2017-12-15 00:22 - 000000000 ____D C:\Users\Dawid\AppData\Roaming\EpicNet Inc
2017-12-14 23:44 - 2017-12-14 23:44 - 000000000 ____D C:\ProgramData\Microleaves
2017-12-14 23:43 - 2017-12-15 01:09 - 000000000 ____D C:\Users\Dawid\AppData\Roaming\0xefsmakd5m
2017-12-14 23:43 - 2017-12-15 00:37 - 000000000 ____D C:\Users\Dawid\AppData\Roaming\SIVApp
2017-12-14 23:43 - 2017-12-15 00:36 - 000000000 ____D C:\Program Files (x86)\HotspotNew
2017-12-14 23:43 - 2017-12-15 00:22 - 000000000 ___HD C:\WINDOWS\rss
2017-12-14 23:43 - 2017-12-15 00:22 - 000000000 ____D C:\Program Files\I73TG5P1H6
2017-12-14 23:43 - 2017-12-15 00:22 - 000000000 ____D C:\Program Files\HUNTL3KP5N
2017-12-14 23:43 - 2017-12-15 00:22 - 000000000 ____D C:\Program Files (x86)\1yvspwwj4sx
2017-12-14 23:43 - 2017-12-14 23:45 - 000000000 ____D C:\Users\Dawid\AppData\Roaming\msvgzthbewf
2017-12-14 23:43 - 2017-12-14 23:43 - 003451904 ____H C:\WINDOWS\windefender.exe
2017-12-14 23:43 - 2017-12-14 23:43 - 000000000 ____D C:\ProgramData\53d2cdd0-42e5-0
2017-12-14 23:43 - 2017-12-14 23:43 - 000000000 ____D C:\ProgramData\53d2cdd0-0597-1
2017-12-14 23:42 - 2017-12-15 00:22 - 000000000 ____D C:\Program Files\WY1YSFKILA
2017-12-14 23:41 - 2017-12-15 00:22 - 000000000 ____D C:\Users\Dawid\AppData\Local\AdvinstAnalytics
2017-12-14 23:41 - 2017-12-14 23:41 - 000000000 ____D C:\Program Files (x86)\Microleaves
2017-12-14 23:40 - 2017-12-15 00:22 - 000000000 ____D C:\Users\Dawid\AppData\Roaming\Microleaves
2017-12-14 23:40 - 2017-12-14 23:43 - 000000000 ____D C:\Users\Dawid\AppData\Local\AdService
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== UWAGA
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => F:\UltraISO\isoshl64.dll -> Brak pliku
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => F:\UltraISO\isoshl64.dll -> Brak pliku
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => F:\UltraISO\isoshl64.dll -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => F:\UltraISO\isoshl64.dll -> Brak pliku
Task: {03BDEBEA-5AB1-4745-98D7-50C875633CEB} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {094BAC37-AF8C-436A-BC0F-D461BAD88D47} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {30AF103A-85FD-4B3A-A710-DC3544CAB123} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {8E305410-DF23-492C-BE83-C33AD3C5D794} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {9677B61D-2519-4EC7-BE40-5F8FA3FDA7FD} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {A61A09B4-C000-47B4-81E6-A94C72FFC5C2} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== UWAGA
Task: {C1699ABF-DFC0-43C7-A9F4-33A7DAAD6B9A} - System32\Tasks\MRT => C:\Users\Dawid\AppData\Local\Temp\csrss\mrt.exe [2017-12-14] () <==== UWAGA
Task: {CFD6E008-9ABA-45D6-B3AC-1FDEE542A86E} - System32\Tasks\space(title, t_monitor) => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
Task: {F4BB7F24-330E-4A87-BB4F-3B4B628CD9F5} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\StartupApproved\Run: => "33GU0JCOG4WJ51F"
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\StartupApproved\Run: => "CloudNet"
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\StartupApproved\Run: => "StillFeather"
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\StartupApproved\Run: => "1796167"
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\StartupApproved\Run: => "YN7678USJ98J5Q7"
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\StartupApproved\Run: => "CETVQFVH2R4GWSW"
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\StartupApproved\Run: => "224270"
HKU\S-1-5-21-150257289-2650589017-3624766858-1001\...\StartupApproved\Run: => "TCDW0QX7C85VSYI"
FirewallRules: [{7E607FFD-FA12-4F49-A048-2118D91BBE86}] => (Allow) C:\WINDOWS\rss\csrss.exe
FirewallRules: [{90F06870-A960-4D1C-8B51-8E379DF6693C}] => (Allow) C:\Users\Dawid\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
Hosts:
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Oczyść (Clean).
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

dawid1110 · 18 Grudzień 2017 05:49

FRST.txt

Już po skanowaniu.

Atis · 18 Grudzień 2017 10:39

Skasuj folder C:\FRST i C:\AdwCleaner
Czyszczenie folderów Przywracania systemu