Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Podejrzenie infekcji - nicesearches

asish 10 Sty 2017 22:35 354 3
  • CControls
  • #2 10 Sty 2017 22:40
    krzychupar
    Poziom 40  

    Nie dość, że podczepiasz się pod cudze wątki to w dodatku nie zamieszczasz wymaganych logów. Jeszcze Addition.txt.

    0
  • CControls
  • #4 10 Sty 2017 23:24
    krzychupar
    Poziom 40  

    Odinstaluj:
    WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. ) i zmień na darmowy np. 7zip

    Otwórz notatnik systemowy i wklej:
    Task: {2FF3C9EB-ABB7-4F1B-B7C1-37C0DF50998C} - System32\Tasks\{68D58F11-6501-F2A7-64B3-62A1173F6E44} => C:\Users\Asish\AppData\Roaming\PRICEF~1\updater.exe <==== UWAGA
    Task: {4E75A0CF-E5FA-43AF-9C8B-8D7CD10FA8DE} - System32\Tasks\Opera scheduled Autoupdate 1443946445 => C:\Program Files (x86)\Opera\launcher.exe
    Task: {F6E22FB8-195D-4234-81C9-E18F7D1204B3} - System32\Tasks\TrickEffects => c:\programdata\{399b4b46-a1b5-7e65-399b-b4b46a1b2d1a}\sensible world of soccer 96_97.exe <==== UWAGA
    Task: C:\Windows\Tasks\TrickEffects.job => c:\programdata\{399b4b46-a1b5-7e65-399b-b4b46a1b2d1a}\sensible world of soccer 96_97.exe <==== UWAGA
    Task: C:\Windows\Tasks\{68D58F11-6501-F2A7-64B3-62A1173F6E44}.job => C:\Users\Asish\AppData\Roaming\PRICEF~1\updater.exe <==== UWAGA
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: F - F:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {408c7f49-7f73-11e2-875a-74e543b9ce7d} - F:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {408c7f58-7f73-11e2-875a-74e543b9ce7d} - F:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {408c7f8b-7f73-11e2-875a-74e543b9ce7d} - G:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {675e0535-5965-11e5-aa41-74e543b939bd} - F:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {675e05ba-5965-11e5-aa41-74e543b939bd} - F:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {7bb26706-956e-11e6-a5d5-b4b52f35ab15} - F:\LG_PC_Programs.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {a6b10d4d-5b7e-11e5-9434-b4b52f35ab15} - F:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {bac6c77a-82a9-11e3-b5e5-74e543b9ce7d} - F:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {bb6d297a-5efd-11e6-a565-b4b52f35ab15} - F:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {be79e77d-5003-11e5-aa2a-b4b52f35ab15} - "F:\WD SmartWare.exe" autoplay=true
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {be79e8a2-5003-11e5-aa2a-b4b52f35ab15} - F:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {e5e2cdd4-8b69-11e3-b660-74e543b9ce7d} - F:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {e5e2ce49-8b69-11e3-b660-74e543b9ce7d} - F:\AutoRun.exe
    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {feecc5e4-ea35-11e5-ae5c-b4b52f35ab15} - H:\HTC_Sync_Manager_PC.exe




    HKU\S-1-5-21-2888680082-3698371755-1814960963-1000\...\MountPoints2: {ff572b38-8c16-11e2-a56d-74e543b9ce7d} - F:\AutoRun.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    BootExecute: autocheck autochk /p \??\F:autocheck autochk *
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254
    Tcpip\..\Interfaces\{0E5B252B-05BE-4973-921D-0852DD28432B}: [NameServer] 89.108.195.20 89.108.202.20
    Tcpip\..\Interfaces\{24EB5444-9447-4525-952E-3D7EB1857628}: [NameServer] 89.108.195.20 89.108.202.20
    Tcpip\..\Interfaces\{2887A4AA-A492-4358-82D6-9152E51D0B6E}: [NameServer] 89.108.195.20 89.108.202.20
    Tcpip\..\Interfaces\{463264FA-C360-4A15-B6CC-C46AECCFB6C5}: [DhcpNameServer] 37.8.214.2 31.11.202.254
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://pl.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-2888680082-3698371755-1814960963-1000 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku
    FF NewTab: Firefox\Firefox\Profiles\wqcm5zb4.default-1409682919663 -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=d2d255081f093e7201e7b43g4zcm3t1o7oacctcg7b
    FF DefaultSearchEngine: Firefox\Firefox\Profiles\wqcm5zb4.default-1409682919663 -> nice
    FF SearchEngineOrder.1: Firefox\Firefox\Profiles\wqcm5zb4.default-1409682919663 -> nice
    FF SelectedSearchEngine: Firefox\Firefox\Profiles\wqcm5zb4.default-1409682919663 -> nice
    FF Homepage: Firefox\Firefox\Profiles\wqcm5zb4.default-1409682919663 -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=d2d255081f093e7201e7b43g4zcm3t1o7oacctcg7b
    CHR DefaultSearchURL: Default -> hxxp://www.mylucky123.com/search/?type=ds&...m=wpm0616&uid=ST9500325AS_S2WLFYNL&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> mylucky123
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\Exts\Chrome.crx <nie znaleziono>
    S2 Hkhlp; C:\Program Files (x86)\Common Files\Apps\Hkhlp.dll [X]
    U0 aswVmm; Brak ImagePath
    S1 ibqxmkdd; \??\C:\Windows\system32\drivers\ibqxmkdd.sys [X]
    2017-01-10 21:57 - 2015-07-31 20:24 - 00000000 ____D C:\AdwCleaner
    2016-04-11 11:35 - 2016-04-11 11:35 - 6504960 _____ () C:\Users\Asish\AppData\Roaming\agent.dat
    2016-04-11 11:35 - 2016-04-11 11:35 - 1932216 _____ () C:\Users\Asish\AppData\Roaming\AlphaRedis.bin
    2015-08-03 17:24 - 2015-10-13 14:38 - 0000024 _____ () C:\Users\Asish\AppData\Roaming\appdataFr25.bin
    2016-04-11 11:34 - 2016-04-11 11:34 - 0127488 _____ () C:\Users\Asish\AppData\Roaming\Installer.dat
    2016-04-11 11:35 - 2016-04-11 11:35 - 0018432 _____ () C:\Users\Asish\AppData\Roaming\Main.dat
    2014-01-18 14:07 - 2014-11-04 05:21 - 0004608 _____ () C:\Users\Asish\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    C:\Windows\Tasks\{68D58F11-6501-F2A7-64B3-62A1173F6E44}.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0