Złośliwe oprogramowanie - chiński wirus

natalianna · 20 Czerwiec 2017 19:08

Witam. Przypadkowo zainstalował mi się dość uciążliwy wirus, który włącza “przeglądarke” w kształcie wiewiórki i wyświetla różne strony + reklamy - dodam, że po chińsku… Malwarebytes nie dał rady, rkill również, ADWCleaner też poległ = wirus ciągnie nie jest usunięty. Próbowałam usuwać to ręcznie ale również nic…W załączniku podaję FRST i raport z ADW… z góry dziękuję za pomoc!

edit: mogę dodać tylko FRST…

FRST.txt (93,5 KB)

natalianna · 20 Czerwiec 2017 19:09

Addition.txt (59,4 KB)
Addition

natalianna · 20 Czerwiec 2017 19:10

i Raport z przed chwilą wykonanego czyszczenia programu ADWCleaner. AdwCleaner[C4].txt (9,8 KB)

Atis · 20 Czerwiec 2017 19:25

Logiczne myślenie nie jest twoją mocną stroną?
Po co ktoś ma sprawdzać nieaktualne logi.

natalianna · 20 Czerwiec 2017 19:35

Nie musisz być taki opryskliwy niby jak nie aktualne? nie jestem żadnym znawcą, zrobiłam to co mniej więcej udało mi się wyczytać, jeśli coś jest nie tak wystarczy grzecznie powiedzieć i poinstruować.

ybu · 20 Czerwiec 2017 19:43

Logi przy pomocy FRST robiłaś 18.06.2017.Potem dałaś wynik działania programu Adwcleaner z dnia 20.06.2017 .Po jego zastosowaniu musisz podać aktualne logi FRST i czekać na dalsze instrukcje.

natalianna · 20 Czerwiec 2017 19:46

FRST robiłam dzisiaj, dosłownie chwile przed ich dodaniem. Nie wiem dlaczego tam jest 18.06, zrobię jeszcze raz i wrzucę.

edit: możliwe, że zmieniona tam data ma coś wspólnego ze wcześniejszym przywracaniem systemu? wczoraj robiłam przywracanie z dwóch dni wcześniej. Addition.txt (58,4 KB)

dalej pokazuje 18, nie wiem dlaczego.

natalianna · 20 Czerwiec 2017 19:53

Addition.txt (58,4 KB) i Addition. Oba zrobione przed chwilą.

Atis · 20 Czerwiec 2017 20:23

18 to jest oznaczenie wersji FRST.
Data utworzenia raportu jest niżej Uruchomiony przez …
Dlaczego dwa razy pokazujesz Addition i gdzie jest nowy raport FRST.txt?

natalianna · 20 Czerwiec 2017 20:54

Niechcący 2 razy mi się dodało, już poprawiam. FRST.txt (95,4 KB)

natalianna · 20 Czerwiec 2017 20:56

Dodaje też nowo wykonany raport z cleaner’a. AdwCleaner[C0].txt (4,0 KB)
i czekam na dalsze instrukcje

Atis · 20 Czerwiec 2017 21:13

Odinstaluj McAfee Security Scan Plus.

Otwórz folder C:\Program Files (x86)\UCBrowser
Kliknij prawym na pliku Uninstall i wybierz Uruchom jako administrator.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

CloseProcesses: WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA HKLM\...\RunOnce: [OMEWPRODUCT_NITA0] => C:\Program Files (x86)\af5eu2vwtg0\LY6738TGEWIMZ7H.exe [340480 2017-06-19] (E7AZC52) <===== UWAGA HKLM\...\RunOnce: [OMEWPRODUCT_N532L] => C:\Program Files (x86)\bcztbxttabt\REIL0L171Q8H6VB.exe [340480 2017-06-19] (E7AZC52) <===== UWAGA HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [m1ckmqiyyko] => C:\Users\shenzai\AppData\Roaming\fhzrd0gttza\5zct21km4e1.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [ykvhbgwumi5] => C:\Users\shenzai\AppData\Roaming\nura0dmmhpv\dsljdbb31r0.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [3RPOYVY7LIBE1MG] => C:\Program Files\SR251QB9FR\SR251QB9F.exe [1040384 2017-06-19] (BE6) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [nswedruz4bd] => C:\Users\shenzai\AppData\Roaming\ldmagzil55c\ftp0i4wlwfx.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [1heclwiz3o5] => C:\Users\shenzai\AppData\Roaming\zmzrs3tx0wf\f2nwb323hsr.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [K9SOJ7TC07URG4K] => C:\Program Files\WRTZITNY23\WRTZITNY2.exe [1040384 2017-06-19] (BE6) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [GS9STDA8LNBJTVK] => C:\Program Files\XC5Z0BU2Y6\XC5Z0BU2Y.exe [1040384 2017-06-19] (BE6) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [deumr2hprqx] => C:\Users\shenzai\AppData\Roaming\q05qybgj5jq\ghqbgghizvj.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [gsskaqbsoaj] => C:\Users\shenzai\AppData\Roaming\sugqxgvlxy5\ri3bke4qsm3.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [BXWXFNFZRYB4LF7] => C:\Program Files\93I1LBPZ1T\93I1LBPZ1.exe [1040384 2017-06-19] (15USG) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [W85WCZH87YEU86Q] => C:\Program Files\ISQS1Z69P0\ISQS1Z69P.exe [1040384 2017-06-19] (15USG) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [eaodoacsku5] => C:\Users\shenzai\AppData\Roaming\qpmxs3bw3ng\oznlho02uba.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [evvvz30iqof] => C:\Users\shenzai\AppData\Roaming\dz5uts4wvfd\kjg4k3pbawg.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [NGU3F4DMF4T3UWG] => C:\Program Files\393WNXK8JD\393WNXK8J.exe [1040384 2017-06-19] (15USG) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [sqfez104yk3] => C:\Users\shenzai\AppData\Roaming\qkbq50xf10b\cw1uk2ojliy.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [0JOF64PVYYOGA3B] => C:\Program Files\1RBOSEKT1M\R5OI8DWV0.exe [1040384 2017-06-19] (15USG) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [znwhwgfugvn] => C:\Users\shenzai\AppData\Roaming\hrjq31jjr1s\fpjvn4zz34s.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [B7S4B3507VF332X] => C:\Program Files\5XR5VD3DZ9\5XR5VD3DZ.exe [1040384 2017-06-19] (15USG) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [llpdejluifq] => C:\Users\shenzai\AppData\Roaming\rqva4vu3i5j\bzpxt0lba5z.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [y5h20hpyd3b] => C:\Users\shenzai\AppData\Roaming\yry2vavm0el\41suzs5cthi.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [7AOB8TB0M6289ZW] => C:\Program Files\UG6R5GFKJM\8NI04M7N8.exe [1040384 2017-06-19] (15USG) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [p22bowjecva] => C:\Users\shenzai\AppData\Roaming\s3hgbczwrde\ageptk0vzca.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [443HBEPMFNP2COW] => C:\Program Files\TKW87PQMG6\TKW87PQMG.exe [1040384 2017-06-19] (15USG) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [rl4z0km5ntl] => C:\Users\shenzai\AppData\Roaming\c0hqm2ldlwn\n2glakpvl1m.exe [8192 2017-06-19] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [AWOOOMLMR5QRU33] => C:\Program Files\MUMESLMP8Z\KUTN0UGDP.exe [1040384 2017-06-19] (15USG) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [3tezerajqf2] => C:\Users\shenzai\AppData\Roaming\dybmia1ijuv\q0y2d250eqq.exe [8192 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [fegr4qybouf] => C:\Users\shenzai\AppData\Roaming\y5biuysevnl\4phjuookzub.exe [8192 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [RRANUT1PEITPDP0] => C:\Program Files\4PBTGJC09T\JYDKCXGWC.exe [1040384 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [2fvtlwpnztc] => C:\Users\shenzai\AppData\Roaming\toczbv142yx\m2sxde1ymwr.exe [8192 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [pxmvybgpfen] => C:\Users\shenzai\AppData\Roaming\ghiuy3lhhxs\n32a1l3edju.exe [8192 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [LCK8DF8V64WRGN0] => C:\Program Files\W5M8VVC41Z\W5M8VVC41.exe [1040384 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [avdrzeqtghj] => C:\Users\shenzai\AppData\Roaming\koqyvsaiayp\41rp2vfgvbd.exe [8192 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [6ATVXOA3HL03UZA] => C:\Program Files\MM5915986V\MM5915986.exe [1040384 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [IJ0EJJZFO34LO56] => C:\Program Files\1R2KLZCDR0\1R2KLZCDR.exe [1040384 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [J73XW9IBZ1E86E2] => C:\Program Files\G8P4KU1YKZ\G8P4KU1YK.exe [1040384 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [eh5tcvjywil] => C:\Users\shenzai\AppData\Roaming\g5lv3hpk5ks\0xb1sbgtlce.exe [8192 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [mnpq55r5a50] => C:\Users\shenzai\AppData\Roaming\4d2002v0r0f\vmofordw3z2.exe [8192 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [RYLTG69SJ1ID8EO] => C:\Program Files\56XA2LHKIG\ZKFHTP73D.exe [1040384 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [5fjxrbjmltj] => C:\Users\shenzai\AppData\Roaming\2hbgqbtkrt4\ys5ynnoxh5d.exe [8192 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [ujxngj4u4cg] => C:\Users\shenzai\AppData\Roaming\k2eydxbro4d\fggyucix0hi.exe [8192 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [J99R6ICC7X6KJ6E] => C:\Program Files\OLPO2K3XJB\8EKPAN5IC.exe [1040384 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [A04UP8Q85ETVYSR] => C:\Program Files\FTG5QMPBVQ\6OZSYSNGJ.exe [1040384 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe /autostart <===== UWAGA HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [msiql] => C:\Users\shenzai\AppData\Local\Temp\00018051\msiql.exe [2072576 2017-06-20] () <===== UWAGA HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [cjaetaxbyz4] => C:\Users\shenzai\AppData\Roaming\ncci2xwqyz4\u1f0xjgbj0n.exe [8192 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [jzmogv3vqy1] => C:\Users\shenzai\AppData\Roaming\yd4trr2f34o\onlhvh2zxm3.exe [8192 2017-06-20] () HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [IS0LG0UKEJN9VAE] => C:\Program Files\HYMPMO5LPD\UNS4UOBMO.exe [1040384 2017-06-20] (F8@ZSQQ) HKU\S-1-5-21-900294517-2085080873-4140816556-1001\...\Run: [8270LF5WUPZTDF4] => C:\Program Files\42LSL6AY5M\42LSL6AY5.exe [1040384 2017-06-20] (F8@ZSQQ) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-06-02] (Microsoft Corporation) ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll -> Brak pliku ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [JzShlobj] -> {9A0700D2-920A-4E52-8697-9B5230C92612} => C:\Program Files (x86)\Maoha\JiSuZip\JZipExt.dll -> Brak pliku Startup: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2016-08-24] GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA HKU\S-1-5-21-900294517-2085080873-4140816556-1001\Software\Microsoft\Internet Explorer\Main,Start Page = SearchScopes: HKLM-x32 -> DefaultScope - brak wartości BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Brak pliku FF NewTab: Mozilla\Firefox\Profiles\p8rrujta.default -> hxxp://www-searching.com/?pid=s&s=H6Jzamobl20544BU,b839dd65-472c-4daf-8167-4380a9c726b7,&fnt=1 FF Extension: (Tables) - C:\Users\shenzai\AppData\Roaming\Mozilla\Firefox\Profiles\p8rrujta.default\Extensions\378507@extcorp.net.xpi [2017-04-08] CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=H6Jzltpbl1BU,352dd3f7-2197-492d-aa2f-2f009ff1c68e, CHR DefaultSearchKeyword: Default -> www-searching.com CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms} CHR Extension: (Tables) - C:\Users\shenzai\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-19] OPR Extension: (Tables) - C:\Users\shenzai\AppData\Roaming\Opera Software\Opera Stable\Extensions\egafjhhpbipcmpoiomegbckljbbbphoj [2017-06-19] OPR Extension: (Fast search) - C:\Users\shenzai\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-06-19] R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-05-11] () <==== UWAGA R1 cytdsk; C:\Windows\System32\drivers\cytdsk.sys [195496 2017-06-13] () U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA U0 aswVmm; Brak ImagePath S3 EverestDriver; \??\C:\Users\shenzai\AppData\Local\Temp\EverestDriver.sys [X] <==== UWAGA S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2017-06-20 21:24 - 2017-06-20 21:24 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\yd4trr2f34o 2017-06-20 21:24 - 2017-06-20 21:24 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\ncci2xwqyz4 2017-06-20 21:24 - 2017-06-20 21:24 - 00000000 ____D C:\Program Files\HYMPMO5LPD 2017-06-20 21:24 - 2017-06-20 21:24 - 00000000 ____D C:\Program Files\42LSL6AY5M 2017-06-20 20:58 - 2017-06-20 20:58 - 00000000 ____D C:\ProgramData\Microleaves 2017-06-20 20:57 - 2017-06-20 20:57 - 01623552 _____ C:\ProgramData\service.exe 2017-06-20 20:56 - 2017-06-20 20:56 - 00000000 ____D C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk 2017-06-20 20:56 - 2017-06-20 20:56 - 00000000 ____D C:\Users\Public\Documents\XMUpdate 2017-06-20 20:56 - 2017-06-20 20:56 - 00000000 ____D C:\Program Files (x86)\Microleaves 2017-06-20 20:55 - 2017-06-20 20:55 - 00010011 _____ C:\Users\shenzai\Desktop\AdwCleaner[C4].txt 2017-06-20 20:55 - 2017-06-20 20:55 - 00000000 ____D C:\Users\shenzai\AppData\Local\AdvinstAnalytics 2017-06-20 20:54 - 2017-06-20 20:54 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\Microleaves 2017-06-20 20:54 - 2017-06-20 20:54 - 00000000 ____D C:\Program Files\FTG5QMPBVQ 2017-06-20 20:53 - 2017-06-20 20:53 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\k2eydxbro4d 2017-06-20 20:53 - 2017-06-20 20:53 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\g5lv3hpk5ks 2017-06-20 20:53 - 2017-06-20 20:53 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\4d2002v0r0f 2017-06-20 20:53 - 2017-06-20 20:53 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\2hbgqbtkrt4 2017-06-20 20:53 - 2017-06-20 20:53 - 00000000 ____D C:\Program Files\OLPO2K3XJB 2017-06-20 20:53 - 2017-06-20 20:53 - 00000000 ____D C:\Program Files\56XA2LHKIG 2017-06-20 20:31 - 2017-06-20 20:31 - 00000000 _____ C:\Users\shenzai\Downloads\fixlist.txt.txt 2017-06-20 20:11 - 2017-06-20 20:11 - 00000000 ____D C:\Users\shenzai\AppData\Local\jiobodfkmdffkcajblpbomgodflafoph 2017-06-20 20:10 - 2017-06-20 20:11 - 00000000 ____D C:\Program Files\G8P4KU1YKZ 2017-06-20 20:10 - 2017-06-20 20:11 - 00000000 ____D C:\Program Files\1R2KLZCDR0 2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\y5biuysevnl 2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\toczbv142yx 2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\koqyvsaiayp 2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\ghiuy3lhhxs 2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\dybmia1ijuv 2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Program Files\W5M8VVC41Z 2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Program Files\MM5915986V 2017-06-20 20:10 - 2017-06-20 20:10 - 00000000 ____D C:\Program Files\4PBTGJC09T 2017-06-19 21:34 - 2017-06-19 21:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\s3hgbczwrde 2017-06-19 21:34 - 2017-06-19 21:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\c0hqm2ldlwn 2017-06-19 21:34 - 2017-06-19 21:34 - 00000000 ____D C:\Program Files\TKW87PQMG6 2017-06-19 21:34 - 2017-06-19 21:34 - 00000000 ____D C:\Program Files\MUMESLMP8Z 2017-06-19 21:33 - 2017-06-19 21:33 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\yry2vavm0el 2017-06-19 21:33 - 2017-06-19 21:33 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\rqva4vu3i5j 2017-06-19 21:33 - 2017-06-19 21:33 - 00000000 ____D C:\Program Files\UG6R5GFKJM 2017-06-19 21:33 - 2017-06-19 21:33 - 00000000 ____D C:\Program Files\BOBQXDCZQA 2017-06-19 21:22 - 2017-06-19 21:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\hrjq31jjr1s 2017-06-19 21:22 - 2017-06-19 21:22 - 00000000 ____D C:\Program Files\5XR5VD3DZ9 2017-06-19 21:21 - 2017-06-19 21:21 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\qpmxs3bw3ng 2017-06-19 21:21 - 2017-06-19 21:21 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\qkbq50xf10b 2017-06-19 21:21 - 2017-06-19 21:21 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\dz5uts4wvfd 2017-06-19 21:21 - 2017-06-19 21:21 - 00000000 ____D C:\Program Files\393WNXK8JD 2017-06-19 21:21 - 2017-06-19 21:21 - 00000000 ____D C:\Program Files\1RBOSEKT1M 2017-06-19 21:10 - 2017-06-20 20:40 - 00000000 ____D C:\AdwCleaner 2017-06-19 21:05 - 2017-06-19 21:05 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\sugqxgvlxy5 2017-06-19 21:05 - 2017-06-19 21:05 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\q05qybgj5jq 2017-06-19 21:05 - 2017-06-19 21:05 - 00000000 ____D C:\Program Files\ISQS1Z69P0 2017-06-19 21:05 - 2017-06-19 21:05 - 00000000 ____D C:\Program Files\93I1LBPZ1T 2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\zmzrs3tx0wf 2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\nura0dmmhpv 2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\ldmagzil55c 2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\fhzrd0gttza 2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Program Files\XC5Z0BU2Y6 2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Program Files\WRTZITNY23 2017-06-19 20:34 - 2017-06-19 20:34 - 00000000 ____D C:\Program Files\SR251QB9FR 2017-06-19 20:15 - 2017-06-19 20:15 - 00000000 ____D C:\Program Files\BLWC39Q0E4 2017-06-19 20:14 - 2017-06-19 20:14 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\qeqzfuxunch 2017-06-19 20:14 - 2017-06-19 20:14 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\e43xx11teho 2017-06-19 20:14 - 2017-06-19 20:14 - 00000000 ____D C:\Program Files\R8BW7C91AT 2017-06-19 20:13 - 2017-06-19 20:13 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\fycv4iesk2e 2017-06-19 20:13 - 2017-06-19 20:13 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\1s2rv3j1a2i 2017-06-19 20:13 - 2017-06-19 20:13 - 00000000 ____D C:\Program Files\JBLV5TJ2Z1 2017-06-19 19:33 - 2017-06-19 19:33 - 00000000 ____D C:\Program Files\V3HHTTJHKZ 2017-06-19 19:33 - 2017-06-19 19:33 - 00000000 ____D C:\Program Files\4W8VSVFL0W 2017-06-19 19:32 - 2017-06-19 19:32 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\tepzay5bj1y 2017-06-19 19:32 - 2017-06-19 19:32 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\k2gnjykm5ii 2017-06-19 19:31 - 2017-06-19 19:31 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\matll4qacsu 2017-06-19 19:31 - 2017-06-19 19:31 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\ldcqlyuiywt 2017-06-19 19:31 - 2017-06-19 19:31 - 00000000 ____D C:\Program Files\J7OD4XH1PR 2017-06-19 19:24 - 2017-06-19 19:24 - 00000000 ____D C:\Users\shenzai\AppData\Local\UCBrowser 2017-06-19 19:24 - 2017-06-19 19:22 - 02465280 _____ (TODO: <Company name>) C:\Users\shenzai\AppData\Local\Silmattom.exe 2017-06-19 19:23 - 2017-06-20 20:28 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2017-06-19 19:23 - 2017-06-19 19:23 - 00278509 _____ C:\Users\shenzai\AppData\Local\Medron.bin 2017-06-19 19:22 - 2017-06-19 20:55 - 00000000 ____D C:\Program Files (x86)\BZip 2017-06-19 19:22 - 2017-06-19 19:35 - 01705984 _____ C:\Users\shenzai\AppData\Local\po.db 2017-06-19 19:22 - 2017-06-19 19:27 - 00000000 ____D C:\Program Files (x86)\Retreive 2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\ub1iemx3kwf 2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\kvkbvqhhk1u 2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\fmbsrdwt5cy 2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\4nnus0vhemn 2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\UYIF6DU5IU 2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\O825X73I2W 2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\9CNCLV5VH3 2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\7VF1CV9KEO 2017-06-19 19:22 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\2CDSOXRAHX 2017-06-19 19:21 - 2017-06-20 20:56 - 00000000 ____D C:\Program Files (x86)\mgdisk 2017-06-19 19:21 - 2017-06-19 20:14 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\IeMiss2 2017-06-19 19:21 - 2017-06-19 19:22 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\irqehcq4yo1 2017-06-19 19:21 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files\MG7Q0GZCFX 2017-06-19 19:21 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files (x86)\bcztbxttabt 2017-06-19 19:21 - 2017-06-19 19:22 - 00000000 ____D C:\Program Files (x86)\af5eu2vwtg0 2017-06-19 19:21 - 2017-06-19 19:21 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\ytiwsjabqud 2017-06-19 19:21 - 2017-06-19 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk 2017-06-19 19:20 - 2017-06-19 19:21 - 00000000 ____D C:\Users\shenzai\AppData\Roaming\55manmergvu 2017-06-19 19:20 - 2017-06-19 19:21 - 00000000 ____D C:\Program Files\H07RWKZIGX 2017-06-17 06:23 - 2017-06-17 06:23 - 01126912 _____ C:\Windows\0bdbacc6a094c8dfe3ab91092151c1c4.exe 2017-06-13 04:26 - 2017-06-13 04:26 - 00195496 _____ C:\Windows\system32\Drivers\cytdsk.sys 2017-05-22 20:58 - 2015-05-29 23:23 - 00000000 ____D C:\Temp 2015-11-16 12:35 - 2015-11-17 19:16 - 0000429 _____ () C:\Users\shenzai\AppData\Roaming\burnaware.ini 2017-02-08 22:22 - 2017-02-08 22:22 - 0000009 _____ () C:\Users\shenzai\AppData\Roaming\update.dat 2017-06-19 19:24 - 2017-06-19 19:24 - 7307264 _____ () C:\Users\shenzai\AppData\Local\agent.dat 2017-06-19 19:24 - 2017-06-19 19:24 - 0070800 _____ () C:\Users\shenzai\AppData\Local\Config.xml 2017-06-19 19:22 - 2017-06-19 19:22 - 0140800 _____ () C:\Users\shenzai\AppData\Local\installer.dat 2017-06-19 19:24 - 2017-06-19 19:24 - 0018432 _____ () C:\Users\shenzai\AppData\Local\Main.dat 2017-06-19 19:24 - 2017-06-19 19:24 - 0005568 _____ () C:\Users\shenzai\AppData\Local\md.xml 2017-06-19 19:23 - 2017-06-19 19:23 - 0278509 _____ () C:\Users\shenzai\AppData\Local\Medron.bin 2017-06-19 19:24 - 2017-06-19 19:24 - 0126464 _____ () C:\Users\shenzai\AppData\Local\noah.dat 2017-06-19 19:22 - 2017-06-19 19:35 - 1705984 _____ () C:\Users\shenzai\AppData\Local\po.db 2017-06-19 19:24 - 2017-06-19 19:24 - 1896509 _____ () C:\Users\shenzai\AppData\Local\Silmattom.tst 2017-06-19 19:22 - 2017-06-19 19:22 - 0930816 _____ () C:\Users\shenzai\AppData\Local\test_db_cara.db 2016-07-20 18:57 - 2016-07-20 18:57 - 0000016 _____ () C:\ProgramData\mntemp C:\Program Files\Kaypall Phone Task: {0D5F8E27-1983-4CCF-AF47-48E8FE26E13D} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA Task: {0FEFA930-4387-41F8-AB08-EE0B8BE9DA0E} - System32\Tasks\Kaypall Phone => Rundll32.exe "C:\Program Files\Kaypall Phone\Kaypall Phone.dll",NRmWpXPs <==== UWAGA Task: {35EE5DC8-F496-4495-A853-39FD8EE1EF31} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-06-19] (UC Web Inc.) <==== UWAGA Task: {3B380142-B313-448F-B4E0-90C32A2F96C5} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-06-18] (Microleaves) <==== UWAGA Task: {6D776B98-3FB5-4007-B4B6-C5E71165F41F} - System32\Tasks\MyReader => Rundll32.exe "C:\Program Files\MyReader\MyReader.dll",cyvBpo <==== UWAGA Task: {91C72EC4-DC8B-4762-8697-9CE73C23E895} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA Task: {9AC09EF5-F041-43D6-9B17-DE05D38449B9} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-05-11] (UCWeb Inc) <==== UWAGA Task: {A966D23B-3130-42A6-B90B-71908E86A85D} - System32\Tasks\0b5c76bb7599252601fe688dbc063f23 => sc start 0b5c76bb7599252601fe688dbc063f23 <==== UWAGA Task: {D50F71E3-5845-4742-BE69-CEC973B59B9B} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA Shortcut: C:\Users\shenzai\Desktop\Fаllоut 4.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual4tuollaf.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\Gоogle Chromе.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\Lеft 4 Dеаd 2.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualemag.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\Орerа.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\programy\DАЕMОN Тоols Litе.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualtd.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\programy\Nехon Lаunсhеr.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\programy\NСsоft Launcher.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualcn.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\programy\kutafonga\pierdołki\dd\Nowy folder (2)\Nowy folder\WаrThunder.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\Desktop\Moja Postać - Eldarya_files\Nowy folder\Lеft 4 Dеаd 2.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualemag.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Еxрlorer.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WаrThunder.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Nеxon Lаunсher.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon\Ridеrs оf Icаrus.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual_noxen.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlorеr (Nо Аdd-ons).lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоoglе Chromе.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnet Ехрlоrеr Brоwser.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WаrThundеr.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Chrоme.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оpera.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <===== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Chrоme.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\АIОN Frеe-to-Play.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualcn.bat (Brak pliku) <===== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzilla Firefох.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <===== Cyrillic Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореra.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\Public\Desktop\АION Frее-tо-Рlay.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnualcn.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\Public\Desktop\Мozilla Firefох.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <===== Cyrillic Shortcut: C:\Users\Public\Desktop\ТERА.lnk -> C:\Users\shenzai\AppData\Roaming\Browsers\exe.rehcnual-aret.bat (Brak pliku) <===== Cyrillic ShortcutWithArgument: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\shenzai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\shenzai\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\shenzai\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/ ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/ AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444] AlternateDataStreams: C:\Windows\system32\drivers:x64 [1498914] AlternateDataStreams: C:\Windows\system32\drivers:x86 [1223458] C:\Windows\system32\drivers:ucdrv-x64.sys Hosts: EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

natalianna · 22 Czerwiec 2017 12:03

Fixlog.txt (56,5 KB)

Udało mi się też ręcznie dostać do tego wirusa i po prostu go usunąć, póki co nic nie wyskakuje

natalianna · 22 Czerwiec 2017 12:04

FRST.txt (95,4 KB)

Atis · 23 Czerwiec 2017 17:41

W jakim celu pokazujesz stary log?