Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

złośliwy wirus przeglądarkowy Aqovd.com

fredmieczkowski 03 Sty 2016 10:12 834 2
  • Pomocny post
    #2 03 Sty 2016 10:22
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Ad-Aware Antivirus
    PCBoost

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {3B706018-EB64-428E-9C87-30D89C93F864} - System32\Tasks\DLL-files.com Fixer_UPDATES => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    Task: {52CBBAE7-CDC2-425E-A64E-B34D5CD17168} - System32\Tasks\{0B87745C-D879-44EF-8B0E-FAD6F6CC5188} => pcalua.exe -a C:\Users\uz1\AppData\Local\Temp\$PowerISO$\Setup.exe -d E:\
    Task: {7488C57B-C024-4E3C-B252-7932249FAA00} - System32\Tasks\{08516DF3-E744-43C7-BF53-BFC7A307D3D5} => pcalua.exe -a "C:\Users\uz1\Desktop\Firefox Setup Stub 38.0.1.exe" -d C:\Users\uz1\Desktop
    Task: {7ED2686F-E2A3-4CE7-836C-71A4ADE6BEF4} - System32\Tasks\{A9892E8A-A812-4C89-8B89-5235B22DC78E} => pcalua.exe -a "E:\DYSK D\as 0,99\alkohol 120%\setup.exe" -d "E:\DYSK D\as 0,99\alkohol 120%"
    Task: {BB363C34-38F5-4012-8B5F-72FF909ED2B5} - System32\Tasks\{309DF12A-41B0-43CD-A49F-9A87C0D019B5} => pcalua.exe -a C:\Users\uz1\AppData\Local\Temp\intel\HAXM\1.1.1\2015-04-18_10-31-02\setup.exe -d C:\Users\uz1\AppData\Local\Temp\\Intel\HAXM\1.1.1\2015-04-18_10-31-02
    Task: {D6CFEB5E-C791-41C6-BB62-8E5044D919F1} - System32\Tasks\DLL-files.com Fixer => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    Task: {FC490065-CD2F-4A98-85CF-67DE7C7B3E9E} - System32\Tasks\{BD99A850-CA5D-4CA4-B5B5-80E2BCCEA468} => pcalua.exe -a C:\Users\uz1\Downloads\vs_community_ENU.exe -d C:\Users\uz1\Downloads
    Task: C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
    ShortcutWithArgument: C:\Users\uz1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=Y0LS11EYTL4Z_TOSHIBATHNSNC128GAMJ&tm=1451372552
    ShortcutWithArgument: C:\Users\uz1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=Y0LS11EYTL4Z_TOSHIBATHNSNC128GAMJ&tm=1451372552
    ShortcutWithArgument: C:\Users\uz1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=Y0LS11EYTL4Z_TOSHIBATHNSNC128GAMJ&tm=1451372552




    ShortcutWithArgument: C:\Users\uz1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=Y0LS11EYTL4Z_TOSHIBATHNSNC128GAMJ&tm=1451372552
    ShortcutWithArgument: C:\Users\uz1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=Y0LS11EYTL4Z_TOSHIBATHNSNC128GAMJ&tm=1451372552
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=Y0LS11EYTL4Z_TOSHIBATHNSNC128GAMJ&tm=1451372552
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\webcompanion.com -> hxxp://webcompanion.com
    Hosts:
    () C:\Users\uz1\AppData\Roaming\NetService\netservice.exe
    () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
    (TFuns LIMITED) C:\ProgramData\aWdMa\WdMan.exe
    () C:\Users\uz1\AppData\Roaming\WinNetSvc\WinNetSvc.exe
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [gmsd_pl_005010190] => [X]
    HKLM-x32\...\Run: [rec_en_77] => [X]
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1447696 2015-12-11] (Lavasoft)
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\MountPoints2: E - E:\autorun.exe
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\MountPoints2: F - F:\autorun.exe
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\MountPoints2: {082f3648-a9a4-11e4-921e-806e6f6e6963} - D:\wubi.exe
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\MountPoints2: {11abcb27-e197-11e4-9910-00a0c6000000} - F:\AutoRun.exe
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\MountPoints2: {186c78b0-11b9-11e5-a3c2-889ffaf7327c} - F:\AutoRun.exe
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\MountPoints2: {499f5615-e5ac-11e4-bba6-889ffaf7327c} - F:\LaunchU3.exe -a
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\MountPoints2: {5540f2f8-541e-11e5-9ff7-e7a5ea87dc6d} - I:\autorun.exe
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\MountPoints2: {5540f2fc-541e-11e5-9ff7-e7a5ea87dc6d} - H:\autorun.exe
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\MountPoints2: {5540f2fe-541e-11e5-9ff7-e7a5ea87dc6d} - I:\autorun.exe
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\MountPoints2: {5540f301-541e-11e5-9ff7-e7a5ea87dc6d} - J:\start.exe
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\...\MountPoints2: {d8f335b7-dd3b-11e4-8d46-b577574e150c} - F:\.\StartModem.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3041072691-4050438017-1527746782-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
    SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3041072691-4050438017-1527746782-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3041072691-4050438017-1527746782-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D...&form=CONBDF&conlogo=CT3332038&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3041072691-4050438017-1527746782-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3041072691-4050438017-1527746782-1000 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php...&ent=ch_WCYID10140_instalki_150527&q={searchTerms}
    FF NewTab: hxxp://www.istartpageing.com/newtab/?type=nt&...id=TOSHIBAXTHNSNC128GAMJ_Y0LS11EYTL4Z11EYTL4Z
    FF SelectedSearchEngine: Bing®
    FF SearchPlugin: C:\Users\uz1\AppData\Roaming\Mozilla\Firefox\Profiles\s2gpha8g.default\searchplugins\bing-lavasoft.xml [2015-10-14]
    FF Extension: Wooden Seal 1.0.1 - C:\Users\uz1\AppData\Roaming\Mozilla\Firefox\Profiles\s2gpha8g.default\Extensions\{708baae4-2014-445c-878c-249ce533cd80}.xpi [2015-12-26] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\uz1\AppData\Roaming\Mozilla\Firefox\Profiles\s2gpha8g.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\uz1\AppData\Roaming\Mozilla\Firefox\Profiles\s2gpha8g.default\extensions\yahooprotected@gmail.com => nie znaleziono
    R2 NetTcpHandler; C:\Users\uz1\AppData\Roaming\NetService\netservice.exe [173088 2015-07-09] ()
    R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-11] ()
    R2 WdMan; C:\ProgramData\aWdMa\WdMan.exe [336520 2015-12-29] (TFuns LIMITED)
    R2 WinNetSvc; C:\Users\uz1\AppData\Roaming\WinNetSvc\WinNetSvc.exe [4845408 2015-12-16] ()
    S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [X]
    R3 WinHttpAutoProxySvc; winhttp.dll [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    2016-01-01 12:11 - 2016-01-02 12:40 - 00002321 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    2016-01-01 12:11 - 2016-01-01 12:11 - 00000000 ____D C:\Users\uz1\AppData\Roaming\LavasoftStatistics
    2016-01-01 12:02 - 2016-01-01 12:02 - 02012464 _____ C:\Users\uz1\Downloads\Adaware_Installer.exe
    2015-12-31 09:50 - 2015-12-31 09:51 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\uz1\Downloads\SpyHunter-Installer.exe
    2015-12-29 18:20 - 2015-12-29 18:20 - 00000000 ____D C:\Program Files (x86)\GUMB66.tmp
    2015-12-29 16:58 - 2015-12-30 11:12 - 00000000 ____D C:\Users\uz1\AppData\rundir
    2015-12-29 16:53 - 2015-12-29 16:53 - 00000000 ____D C:\Users\uz1\AppData\Roaming\WinNetSvc
    2015-12-29 13:55 - 2015-12-29 16:53 - 00000000 _____ C:\END
    2015-12-29 08:04 - 2015-12-29 16:09 - 00000000 ____D C:\Users\uz1\AppData\Roaming\systweak
    2015-12-29 08:04 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe
    2015-12-29 08:03 - 2015-12-29 13:54 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-12-29 08:02 - 2015-12-29 16:53 - 00000000 ____D C:\Users\uz1\AppData\Roaming\RunDir
    2015-12-29 08:02 - 2015-12-29 13:53 - 00000000 ____D C:\Users\uz1\AppData\Roaming\istartpageing
    2015-12-29 08:02 - 2015-12-29 08:04 - 00000000 ____D C:\ProgramData\aWdMa
    2015-12-29 08:02 - 2015-12-29 08:02 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-12-29 08:02 - 2015-12-29 08:02 - 00000000 ____D C:\Users\uz1\AppData\Roaming\NetService
    2015-12-29 08:01 - 2015-12-29 20:50 - 00000000 ____D C:\Users\uz1\AppData\Local\SmartWeb
    2015-12-28 23:08 - 2015-12-28 23:08 - 00000000 ____D C:\Users\uz1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
    2015-12-25 10:17 - 2015-12-26 16:12 - 00003130 _____ C:\Windows\System32\Tasks\DLL-files.com Fixer
    2015-12-25 10:17 - 2015-12-25 10:25 - 00000288 _____ C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job
    2015-12-25 10:17 - 2015-12-25 10:17 - 00003034 _____ C:\Windows\System32\Tasks\DLL-files.com Fixer_UPDATES
    2015-12-25 10:17 - 2015-12-25 10:17 - 00000000 ____D C:\Users\uz1\AppData\Roaming\dll-files.com
    2015-12-29 20:50 - 2015-10-02 21:22 - 00000000 ___HD C:\Users\uz1\AppData\Roaming\pwo6
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun wszystko co wykryje.

    Po wszystkim zamiesc nowe logi ze skanowania z FRST.

    0
  • #3 03 Sty 2016 11:04
    fredmieczkowski
    Poziom 2  

    dziekuje za pomoc
    pozdrawiam

    0