Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Virus Trotux w przegladarkach

soldner1 19 Lis 2016 14:15 675 5
  • #1 19 Lis 2016 14:15
    soldner1
    Poziom 3  

    Witam, ostatnio wgrywając grę, wgrała mi się paczka wirusów, z większością sobie poradziłem adwclenear i malwarbytes, ale został mi jeden wirus o nazwie trotux który cały czas ustawia mi w każdej przeglądarce swoją wyszukiwarkę. Proszę o pomoc, załączam skany.

    0 5
  • #2 19 Lis 2016 14:29
    Kolobos
    Spec od komputerów

    Utworz punkt przywracania systemu.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {19716DF9-BDDE-4CA5-93CE-4BD9389925FF} - System32\Tasks\360wp-srv => C:\Users\Mellortini\AppData\Roaming\360bizhi\360wpsrv.exe
    Task: {3A201894-E0A5-4C56-A9C7-746D998E1089} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-08-02] (UCWeb Inc) <==== ATTENTION
    Task: {9FE7B7CF-9316-4F24-B6B7-33D330D7A53F} - System32\Tasks\Cozoyghatitain Update => C:\Program Files (x86)\Prazsckobosy\jureent.exe [2016-11-19] (Glarysoft Ltd)
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
    WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
    Shortcut: C:\Users\Mellortini\Desktop\Nowy folder\GFАCE.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.rehcnualfg.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Eхрlorеr (64-bit).lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Eхрlоrеr.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GFACE Launcher\GFАСE.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.rehcnualfg.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехplorеr (No Аdd-оns).lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Internet Exрlоrеr Вrоwser.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firefоx.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvast SаfeZone Browser.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
    Hosts:
    HKU\S-1-5-21-1926927551-2722054727-1838523252-1000\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.)




    HKU\S-1-5-21-1926927551-2722054727-1838523252-1000\...\MountPoints2: I - I:\setup.exe
    HKU\S-1-5-21-1926927551-2722054727-1838523252-1000\...\MountPoints2: {008ce68a-9c8b-11e6-8320-801f7cf13785} - G:\autorun.exe /S
    HKU\S-1-5-21-1926927551-2722054727-1838523252-1000\...\MountPoints2: {008ce690-9c8b-11e6-8320-801f7cf13785} - H:\setup.exe
    HKU\S-1-5-21-1926927551-2722054727-1838523252-1000\...\MountPoints2: {04c645f8-9fa2-11e6-9b0d-d69a4a96b49b} - K:\setup.exe
    HKU\S-1-5-21-1926927551-2722054727-1838523252-1000\...\MountPoints2: {488a4575-9e12-11e6-b624-aa82d7425c9e} - J:\setup.exe
    HKU\S-1-5-21-1926927551-2722054727-1838523252-1000\...\MountPoints2: {bfa4d89a-9d43-11e6-bbe6-8331b4af1480} - J:\setup.exe
    HKU\S-1-5-18\...\Run: [] => 0
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-10-23] (Microsoft Corporation)
    ShellExecuteHooks: - {A3F2F5AE-A5BB-11E6-A873-64006A5CFC23} - C:\Users\Mellortini\AppData\Roaming\Hiderygrihle\Growadomkiperther.dll [146944 2016-11-19] ()
    ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1926927551-2722054727-1838523252-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    R2 Qodity; C:\Program Files (x86)\Clegition\velaentcnt.dll [275968 2016-11-19] () [File not signed]
    S2 GmSvc; C:\Program Files (x86)\LDSGameCenter\GmSvc.dll [X]
    R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [190696 2016-07-12] (360.cn)
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    NETSVCx32: HpSvc -> no filepath.
    NETSVCx32: GmSvc -> C:\Program Files (x86)\LDSGameCenter\GmSvc.dll ==> No File
    NETSVCx32: WpSvc -> no filepath.
    2016-11-19 14:22 - 2016-11-19 14:22 - 00000000 ____D C:\ProgramData\360safe
    2016-11-19 14:20 - 2016-07-12 08:03 - 00190696 _____ (360.cn) C:\Windows\system32\Drivers\BAPIDRV64.SYS
    2016-11-19 14:19 - 2016-11-19 14:19 - 00000000 ____D C:\Users\Mellortini\AppData\Roaming\CleanAndroid
    2016-11-19 14:19 - 2016-11-19 14:19 - 00000000 ____D C:\ProgramData\CleanAndroid
    2016-11-19 12:27 - 2016-11-19 12:27 - 00000000 ____D C:\Users\Mellortini\Documents\360js Files
    2016-11-19 12:27 - 2016-11-19 12:27 - 00000000 ____D C:\Users\Mellortini\AppData\Roaming\Expert
    2016-11-19 12:27 - 2016-11-19 12:27 - 00000000 ____D C:\Users\Mellortini\AppData\Roaming\360DiagnoseScan
    2016-11-19 12:07 - 2016-11-19 12:07 - 00000000 ____D C:\Users\Mellortini\AppData\Roaming\360Login
    2016-11-19 12:05 - 2016-11-19 12:23 - 00001561 _____ C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2016-11-19 12:05 - 2016-11-19 12:23 - 00000000 ____D C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-11-19 11:48 - 2016-11-19 11:48 - 00000000 ____D C:\Users\Mellortini\AppData\Roaming\360mobilemgr
    2016-11-19 11:47 - 2016-11-19 11:47 - 00003396 _____ C:\Windows\System32\Tasks\360wp-srv
    2016-11-19 11:47 - 2016-11-19 11:47 - 00000000 ____D C:\Users\Mellortini\AppData\Roaming\LDSGameAssistant
    2016-11-19 11:40 - 2016-11-19 11:40 - 00003450 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2016-11-19 11:39 - 2016-11-19 14:46 - 00000466 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2016-11-19 11:39 - 2016-11-19 11:39 - 00000000 ____D C:\Users\Mellortini\AppData\Local\UCBrowser
    2016-11-19 11:36 - 2016-11-19 11:39 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2016-11-19 11:32 - 2016-11-19 11:32 - 00002056 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvast SаfeZone Browser.lnk
    2016-11-19 11:32 - 2016-11-19 11:32 - 00001447 ___RS C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Eхрlоrеr.lnk
    2016-11-19 11:32 - 2016-11-19 11:32 - 00001443 ___RS C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Eхрlorеr (64-bit).lnk
    2016-11-19 11:32 - 2016-11-19 11:32 - 00000000 ____D C:\Windows\Azart
    2016-11-19 11:32 - 2016-11-19 11:32 - 00000000 ____D C:\Users\Mellortini\AppData\Roaming\SPI
    2016-11-19 11:31 - 2016-11-19 12:07 - 00000000 ____D C:\Program Files (x86)\360
    2016-11-19 11:29 - 2016-11-19 14:26 - 00000000 ____D C:\Program Files (x86)\Prazsckobosy
    2016-11-19 11:29 - 2016-11-19 14:26 - 00000000 ____D C:\Program Files (x86)\Clegition
    2016-11-19 11:29 - 2016-11-19 11:29 - 00006052 _____ C:\Windows\System32\Tasks\Cozoyghatitain Update
    2016-11-19 11:29 - 2016-11-19 11:29 - 00000000 ____D C:\Users\Mellortini\AppData\Roaming\Hiderygrihle
    2016-11-19 11:29 - 2016-11-19 11:29 - 00000000 ____D C:\Users\Mellortini\AppData\Local\Therkochclugupy
    2016-11-19 11:29 - 2016-11-19 11:29 - 00000000 ____D C:\ProgramData\Avira
    2016-11-19 11:29 - 2016-11-19 11:29 - 00000000 ____D C:\ProgramData\Avg
    2016-11-19 11:28 - 2016-11-19 11:28 - 00000000 _____ C:\TOSTACK
    2016-11-19 11:27 - 2016-11-19 11:27 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2016-11-19 11:26 - 2016-11-19 11:26 - 07299584 _____ C:\Users\Mellortini\AppData\Roaming\agent.dat
    2016-11-19 11:26 - 2016-11-19 11:26 - 00018432 _____ C:\Users\Mellortini\AppData\Roaming\Main.dat
    2016-11-19 11:25 - 2016-11-19 11:25 - 00140288 _____ C:\Users\Mellortini\AppData\Roaming\Installer.dat
    2016-10-27 23:45 - 2016-11-19 15:01 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    W FRST wybierz Napraw.

    Utworz ponownie poprawne skroty do tych aplikacji:
    Shortcut: C:\Users\Mellortini\Desktop\Nowy folder\GFАCE.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.rehcnualfg.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Eхрlorеr (64-bit).lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Eхрlоrеr.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GFACE Launcher\GFАСE.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.rehcnualfg.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехplorеr (No Аdd-оns).lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Internet Exрlоrеr Вrоwser.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\Mellortini\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firefоx.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvast SаfeZone Browser.lnk -> C:\Users\Mellortini\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic

    0
  • #3 19 Lis 2016 15:30
    soldner1
    Poziom 3  

    po części się udało trotux już się nie włącza ale za to włącza sie http://www.9o0gle.com/ jako strona startowa...

    0
  • #4 19 Lis 2016 15:34
    Kolobos
    Spec od komputerów

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 19 Lis 2016 18:50
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    C:\Users\Mellortini\Desktop\Nowy folder\GFАCE.lnk
    C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Eхрlorеr (64-bit).lnk
    C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Eхрlоrеr.lnk
    C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk
    C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GFACE Launcher\GFАСE.lnk
    C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Ехplorеr (No Аdd-оns).lnk
    C:\Users\Mellortini\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Internet Exрlоrеr Вrоwser.lnk
    C:\Users\Mellortini\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firefоx.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvast SаfeZone Browser.lnk
    ShortcutWithArgument: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://9o0gle.com/
    ShortcutWithArgument: C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://9o0gle.com/
    ShortcutWithArgument: C:\Users\Mellortini\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://9o0gle.com/
    ShortcutWithArgument: C:\Users\Mellortini\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://9o0gle.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://9o0gle.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://9o0gle.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://9o0gle.com/


    Usun recznie:
    C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    C:\Users\Mellortini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器

    0