Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - feradolo

Pages: [1]
1
Malware removal help / Check logs please
« on: May 22, 2017, 06:22:35 pm »
Hi, its again me

I got a virus and so many adware's. I used RogueKiller but don t have logs coz i don t haved energy in my home and my pc shutdown. I have still adware Wifi Mobile and other trashes, Please help ;v

I give logs from FRST

2
Malware removal help / Check Logs
« on: April 22, 2017, 01:20:43 pm »
Today i downloaded This powerful Software Named Roguekiller. I scanned and it founded some Viruses/malwares i don't know. Please check my logs :)
(I using Polish Version so maybe can be problem with Understand, but i think Google can help)


RogueKiller V12.10.5.0 [Apr 18 2017] (wersja darmowa) od Adlice Software
Kontakt : http://www.adlice.com/contact/
Forum : https://forum.adlice.com
Strona internetowa : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

System operacyjny : Windows 7 (6.1.7600) 32 bits version
Tryb rozruchu : Tryb normalny
Użytkownik : Patryk [Administrator]
Lokalizacja programu : C:\Program Files\RogueKiller\RogueKiller.exe
Tryb : Skanowanie -- Data : 04/22/2017 12:11:49 (Duration : 00:36:27)

Procesy : 4
[Proc.Svchost] svchost.exe(1700) -- C:\Windows\System32\svchost.exe[7] -> Wykryto
[Proc.Injected|Proc.RunPE] launcher.exe(2888) -- C:\Program Files\Opera\launcher.exe[7] -> Wykryto
[Proc.Injected] svchost.exe(3028) -- C:\Users\Patryk\AppData\Local\Microsoft\svchost.exe[-] -> Wykryto
[Proc.Svchost] svchost.exe(3028) -- C:\Users\Patryk\AppData\Local\Microsoft\svchost.exe[-] -> Wykryto

Rejestr : 22
[PUP.DllFiles] HKEY_LOCAL_MACHINE\Software\dll-files.com -> Wykryto
[PUP.EventMonitor|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Event Monitor -> Wykryto
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\Jawego -> Wykryto
[PUP.UCBrowser|PUP.Gen1] HKEY_LOCAL_MACHINE\Software\UCBrowser -> Wykryto
[PUP.Gen1] HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Wykryto
[PUP.Gen1] HKEY_USERS\S-1-5-21-663137483-2068535372-257761148-1001\Software\AutoTime -> Wykryto
[PUP.DllFiles] HKEY_USERS\S-1-5-21-663137483-2068535372-257761148-1001\Software\dll-files.com -> Wykryto
[PUP.EventMonitor|PUP.Gen1] HKEY_USERS\S-1-5-21-663137483-2068535372-257761148-1001\Software\Event Monitor -> Wykryto
[PUP.Gen1] HKEY_USERS\S-1-5-21-663137483-2068535372-257761148-1001\Software\IM -> Wykryto
[PUP.Gen1] HKEY_USERS\S-1-5-21-663137483-2068535372-257761148-1001\Software\Installer -> Wykryto
[PUP.Gen1] HKEY_USERS\S-1-5-21-663137483-2068535372-257761148-1001\Software\SNDA -> Wykryto
[PUP.UCBrowser|PUP.Gen1] HKEY_USERS\S-1-5-21-663137483-2068535372-257761148-1001\Software\UCBrowser -> Wykryto
[PUP.Gen1] HKEY_USERS\S-1-5-21-663137483-2068535372-257761148-1001\Software\UCBrowserPID -> Wykryto
[PUP.VideoBox] HKEY_USERS\S-1-5-21-663137483-2068535372-257761148-1001\Software\VideoBox -> Wykryto
[PUP.Gen1] HKEY_USERS\S-1-5-21-663137483-2068535372-257761148-1001\Software\Win -> Wykryto
[PUP.Gen0] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | kuaizipupdatesvc : 
  • -> Wykryto
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wfpgameprotect (\??\C:\Users\Patryk\AppData\Local\Temp\5699.tmp.sys) -> Wykryto
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wfpgameprotect (\??\C:\Users\Patryk\AppData\Local\Temp\5699.tmp.sys) -> Wykryto
[PUM.HomePage] HKEY_USERS\S-1-5-21-663137483-2068535372-257761148-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://faststartpage.com/  -> Wykryto
[PUP.UCBrowser] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {95C72822-C61A-4FD7-9F78-C204FE35BB7A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\UCBrowser\Application\UCBrowser.exe|Name=Chromium (mDNS-In)|Desc=Regu?a dla ruchu przychodz?cego w Chromium zezwalaj?ca na ruch mDNS.|EmbedCtxt=UC???| [7] -> Wykryto
[PUP.UCBrowser] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {95C72822-C61A-4FD7-9F78-C204FE35BB7A} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\UCBrowser\Application\UCBrowser.exe|Name=Chromium (mDNS-In)|Desc=Regu?a dla ruchu przychodz?cego w Chromium zezwalaj?ca na ruch mDNS.|EmbedCtxt=UC???| [7] -> Wykryto
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Wykryto

Zaplanowane zadania : 10
[Suspicious.Path] %WINDIR%\Tasks\DLL-Files.Com Fixer_MONTHLY.job -- C:\Users\Patryk\AppData\Local\Temp\Rar$EXa0.239\Dll-Files Fixer 3.3.90.3079 Portable\App\Dll-Files.com Fixer\DLLFixer.exe (scan) -> Wykryto
[Suspicious.Path] %WINDIR%\Tasks\DLL-Files.Com Fixer_Updates.job -- C:\Users\Patryk\AppData\Local\Temp\Rar$EXa0.239\Dll-Files Fixer 3.3.90.3079 Portable\App\Dll-Files.com Fixer\DLLFixer.exe (-updatecheck) -> Wykryto
[Suspicious.Path] \463b8825b2038j5420 -- C:\Windows\system32\rundll32.exe ("C:\ProgramData\463b8825b2038j5420\463b8825b2038j5420.dll",bjDTMMydzy) -> Wykryto
[Suspicious.Path] \DLL-Files.Com Fixer_MONTHLY -- C:\Users\Patryk\AppData\Local\Temp\Rar$EXa0.239\Dll-Files Fixer 3.3.90.3079 Portable\App\Dll-Files.com Fixer\DLLFixer.exe (scan) -> Wykryto
[Suspicious.Path] \DLL-Files.Com Fixer_Updates -- C:\Users\Patryk\AppData\Local\Temp\Rar$EXa0.239\Dll-Files Fixer 3.3.90.3079 Portable\App\Dll-Files.com Fixer\DLLFixer.exe (-updatecheck) -> Wykryto
[PUP.Gen0] \mm -- "C:\Program Files\MyMemory\uninstall.exe " (/S) -> Wykryto
[Suspicious.Path] \RDReminder -- C:\Users\Patryk\AppData\Local\Temp\Rar$EXa0.239\Dll-Files Fixer 3.3.90.3079 Portable\App\Dll-Files.com Fixer\DLLFixer.exe (-rem) -> Wykryto
[Suspicious.Path|Tr.Gen1] \{A180AE35-162B-199E-DD72-CAFC6D1796B1} -- C:\ProgramData\{0556AA48-B2FD-1DE3-4B73-1464029E3619}\7698C24E-C133-75E5-BDA2-E6995DDA8D85.exe (/run) -> Wykryto
[Suspicious.Path|Tr.Gen1] \{C5E24BBE-7249-FC15-50FF-4AD008860FEA} -- C:\ProgramData\{D1328401-6699-33AA-1947-BF5458D52128}\D0AA6C68-6701-DBC3-C74B-04C0BD41FC28.exe (/run) -> Wykryto
[Suspicious.Path|Tr.Gen0] \Microsoft\Windows\Multimedia\Manager -- C:\Users\Patryk\AppData\Roaming\Adobe\Manager.exe (604C4206-B430-43E1-A102-8BF11249AEC2) -> Wykryto

Pliki : 23
[PUP.RegisterObject][Folder] C:\ProgramData\RegisterObject -> Wykryto
[Hj.Shortcut][Plik] C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://qtipr.com/ -> Wykryto
[Hj.Shortcut][Plik] C:\Users\Patryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [LNK@] C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe http://qtipr.com/ -> Wykryto
[Hj.Shortcut][Plik] C:\Users\Patryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://qtipr.com/ -> Wykryto
[PUP.Gen0][Plik] C:\Windows\System32\drivers\ucguard.sys -> Wykryto
[PUP.DllFiles][Folder] C:\Users\Patryk\AppData\Roaming\dll-files.com -> Wykryto
[PUP.Gen1][Folder] C:\Users\Patryk\AppData\Roaming\Note-UP -> Wykryto
[Tr.Gen0][Plik] C:\Users\Patryk\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Wykryto
[Tr.Gen0][Plik] C:\Users\Patryk\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Wykryto
[Tr.Gen0][Plik] C:\Users\Patryk\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Wykryto
[Tr.Gen0][Plik] C:\Users\Patryk\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Wykryto
[Tr.Gen0][Plik] C:\Users\Patryk\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Wykryto
[Tr.Gen0][Plik] C:\Users\Patryk\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Wykryto
[Tr.Gen0][Plik] C:\Users\Patryk\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Wykryto
[Tr.Gen0][Plik] C:\Users\Patryk\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Wykryto
[PUP.UCBrowser][Folder] C:\Users\Patryk\AppData\Local\UCBrowser -> Wykryto
[Hj.Shortcut][Plik] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [LNK@] C:\PROGRA~1\Google\Chrome\APPLIC~1\chrome.exe http://qtipr.com/ -> Wykryto
[PUP.RegisterObject][Folder] C:\ProgramData\RegisterObject -> Wykryto
[PUP.Gen1][Folder] C:\Program Files\Caster -> Wykryto
[PUP.Gen1][Folder] C:\Program Files\GreatMaker -> Wykryto
[PUP.Gen1][Folder] C:\Program Files\mpck -> Wykryto
[PUP.UCBrowser][Folder] C:\Program Files\UCBrowser -> Wykryto
[Hj.Shortcut][Plik] C:\Users\Patryk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://qtipr.com/ -> Wykryto

WMI : 1
[PUP.Yeahbests] instance (ActiveScriptEventConsumer) \ROOT\subscription:ActiveScriptEventConsumer.Name="ASEC" -> Wykryto

Plik hosts : 0

Rootkity : 0 (Driver: załadowano)

Przeglądarki : 0

Sprawdzenie MBR :
+++++ PhysicalDrive0: MAXTOR STM3250310AS ATA Device +++++
--- User ---
[MBR] 53b28b9846d11d3492d7fd331f5b7dce
[BSP] f096e302d4e3c4d15b6ae34d20face98 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 119135 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 244195328 | Size: 119237 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Urz?dzenie nie jest gotowe. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Urz?dzenie nie jest gotowe. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Urz?dzenie nie jest gotowe. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Urz?dzenie nie jest gotowe. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )


Pages: [1]