Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus Żęńą - otwiera ogromna liczbę reklam + chińskie znaki - chinskie dodatki

Troll2016 23 Sty 2017 22:56 723 6
  • #1 23 Sty 2017 22:56
    Troll2016
    Poziom 2  

    Witam,

    proszę o pomoc z tym wirusem sam nie potrafię sobie poradzic.
    Rozpakowałem przez nieroztropność plik sciagniety z internetu,w którym znajdował się ten przeklety wirus. Wyskakuje mi bardzo dużo reklam , strona sie odpala sama dodatkowo po wyszukaniu czegokolwiek w google przekierowuje mnie na jakas rosyjksa wyszukiwarke . Przesyłam logi i proszę o pomoc !

    0 6
  • #2 23 Sty 2017 23:06
    Kolobos
    Spec od komputerów

    Odinstaluj: Spybot - Search & Destroy

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Usun recznie wszystkie skroty z cyrylica w nazwie:
    Shortcut: C:\Users\y50\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Eхрlоrеr.lnk
    Shortcut: C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnet Ехрlоrеr Вrowser.lnk
    Shortcut: C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UС浏览器.lnk
    Shortcut: C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UС浏览器.lnk
    Shortcut: C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оperа.lnk
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrome.lnk
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Оperа.lnk
    Shortcut: C:\Users\Public\Desktop\Оpеra.lnk

    Zgraj zakladki z Chrome, skrypt usunie profil przegladarki utworzony przez infekcje.

    Uruchom system w trybie awaryjnym.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CliseProcesses:
    Traffic Exchange (x32 Version: 1.15.3 - Microleaves) Hidden <==== UWAGA
    Task: {16547142-1558-4D7D-9109-C856A2A26697} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {29C3703A-215A-4512-BB57-E292DA723EF4} - System32\Tasks\Traffic Exchange Debug => C:\Program Files (x86)\Microleaves\Traffic Exchange\nc.exe <==== UWAGA
    Task: {34A6D06C-5662-440A-B1F7-9CCD6AE5B9CD} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-22] (UC Web Inc.) <==== UWAGA
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
    Task: {4B0577EA-4561-4B35-BF4E-A8B6BC4BA660} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {5410937D-5D4D-4CFB-93C8-2ED195760833} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {5BCAAFBA-2885-41CD-BAAE-A298B9D1377F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {65683096-827B-4176-B9E0-34BF8BFD427F} - System32\Tasks\Driver Booster SkipUAC (y50) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
    Task: {68F96CE4-AA2B-42C1-AD30-B7EA48E09B6D} - System32\Tasks\SMW_UpdateTask_Time_313635373436303938382d4a375b5a5a6c783245343741 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA




    Task: {6D497D37-B53B-45B9-BBFA-C357E7D6467A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {747026BF-08BE-43DA-9122-ABE54E5C8C21} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-16] (UCWeb Inc) <==== UWAGA
    Task: {800638FC-E393-40E5-BB5F-7DDB1C16AE6E} - System32\Tasks\Gipareedese Reports => C:\Program Files (x86)\Pharudom\prerjght.exe [2017-01-22] (Glarysoft Ltd)
    Task: {979CF663-A513-4822-BBE9-2AA379BAC9A5} - \WPD\SqmUpload_S-1-5-21-1234759474-2429951954-416129286-1001 -> Brak pliku <==== UWAGA
    Task: {9E2E1E9F-6ACB-4EF4-9E5D-92F3DAECC566} - System32\Tasks\y50CoerciveSlowerV2 => Rundll32.exe ArdoursPawnable.dll,main 7 1 <==== UWAGA
    Task: {A9A09CB9-DD35-4903-906C-3261A3D0515C} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA
    Task: {AB795F7E-BDED-489F-A753-3CF3A604625D} - System32\Tasks\Opera scheduled Autoupdate 1466140648 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-16] (Opera Software)
    Task: {AD11559F-97B2-4915-ACDB-12AA5F41847B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {B2E9ADE8-8D5A-42A6-B900-19662DDC55C0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {B9FF391E-7043-44C7-8575-AF4496B451F8} - \Microsoft\Windows\Setup\gwx\rundetector -> Brak pliku <==== UWAGA
    Task: {BF990413-233F-4696-8654-F88788731392} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {E446746A-042B-48FF-9BC0-72CFD7993921} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Brak pliku <==== UWAGA
    Task: {EBCF0D90-6409-4550-8ADB-B848AC3C818A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {EDCF8DBF-E5C4-4177-A494-DDBFB28C2671} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {EE20C0D3-D6E8-488C-90DB-4820DD90A00F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {F43A7E88-C449-45DB-81F6-48569B5B7DCB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Shortcut: C:\Users\y50\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Eхрlоrеr.lnk -> C:\Users\y50\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnet Ехрlоrеr Вrowser.lnk -> C:\Users\y50\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UС浏览器.lnk -> C:\Users\y50\AppData\Roaming\Browsers\exe.resworbcu.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UС浏览器.lnk -> C:\Users\y50\AppData\Roaming\Browsers\exe.resworbcu.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оperа.lnk -> C:\Users\y50\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrome.lnk -> C:\Users\y50\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Оperа.lnk -> C:\Users\y50\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Public\Desktop\Оpеra.lnk -> C:\Users\y50\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <===== Cyrillic
    2017-01-22 18:58 - 2017-01-22 18:58 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2017-01-22 18:58 - 2017-01-16 12:23 - 00930704 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    2017-01-22 19:02 - 2017-01-22 19:02 - 00380416 _____ () C:\Program Files\P09Q58OAMU\2PG5D7UBL.exe
    AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [23652]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1479458]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1205026]
    () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    () C:\Program Files\P09Q58OAMU\2PG5D7UBL.exe
    (Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    HKLM-x32\...\RunOnce: [window.bat] => C:\Windows\window.bat [59 2017-01-05] ()
    HKU\S-1-5-21-1234759474-2429951954-416129286-1001\...\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [3709896 2015-11-04] (Napisy24.pl)
    HKU\S-1-5-21-1234759474-2429951954-416129286-1001\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [5975264 2016-03-14] (ALLPlayer Group Ltd.)
    HKU\S-1-5-21-1234759474-2429951954-416129286-1001\...\Run: [Napisy24.pl] => C:\Program Files (x86)\Napisy24\Napisy24.exe [5798400 2016-06-03] (Napisy24.pl)
    HKU\S-1-5-21-1234759474-2429951954-416129286-1001\...\Run: [MHWHNM39L4] => C:\Program Files\P09Q58OAMU\2PG5D7UBL.exe [380416 2017-01-22] ()
    HKU\S-1-5-21-1234759474-2429951954-416129286-1001\...\Run: [MSConfig] => C:\Users\y50\bxytuixv.exe [45580288 2017-01-22] (Canon)
    HKU\S-1-5-21-1234759474-2429951954-416129286-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
    HKU\S-1-5-21-1234759474-2429951954-416129286-1001\...\Run: [qaHVOq&_Ls.exe] => C:\Users\y50\AppData\Local\Temp\{053-7e-7c-a74dd-8904a-049c-35d73}\qaHVOq&_Ls.exe -r1_1 -r2_1 <===== UWAGA
    HKU\S-1-5-21-1234759474-2429951954-416129286-1001\...\MountPoints2: {d402fcd2-a6c3-11e6-8269-d07e35d77f57} - "F:\Startme.exe"
    HKU\S-1-5-18\...\Run: [] => 0
    HKLM\...\Providers\o0asda6a: C:\Program Files (x86)\Gipareedese Reports\local64spl.dll [289792 2017-01-22] ()
    ShellExecuteHooks: Brak nazwy - {036CBE24-DE3B-11E6-95A0-64006A5CFC23} - C:\Users\y50\AppData\Roaming\Vvuckchvosh\Jujutshnile.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-01-22] ()
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    CHR DefaultProfile: ChromeDefaultData2
    CHR Profile: C:\Users\y50\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-22] <==== UWAGA
    C:\Users\y50\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR Extension: (Fast search) - C:\Users\y50\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-22]
    C:\Users\y50\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pbdpajcdgknpendpmecafmopknefafha
    CHR Profile: C:\Users\y50\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-01-23] <==== UWAGA
    C:\Users\y50\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2
    C:\Users\y50\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pbdpajcdgknpendpmecafmopknefafha
    CHR Extension: (Fast search) - C:\Users\y50\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-22]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    OPR Extension: (Fast search) - C:\Users\y50\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-01-22]
    C:\Users\y50\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha
    R2 GoogleIntel; C:\Program Files (x86)\Intel\GoogleIntel.dll [225792 2017-01-22] () [Brak podpisu cyfrowego]
    C:\Program Files (x86)\Intel\GoogleIntel.dll
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [930704 2017-01-16] ()
    R2 Uktain; C:\Program Files (x86)\Pharudom\Vohekzektaincnf.dll [136192 2017-01-22] () [Brak podpisu cyfrowego]
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA
    2017-01-23 22:42 - 2017-01-23 22:42 - 00000000 ____D C:\Users\y50\AppData\Roaming\KuaiZip
    2017-01-23 22:40 - 2017-01-23 22:40 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
    2017-01-23 18:39 - 2017-01-23 18:39 - 05659349 _____ (Swearware) C:\Users\y50\Downloads\ComboFix 17.01.13.01.exe
    2017-01-22 21:34 - 2017-01-22 21:34 - 01131824 _____ (Opera Software) C:\Users\y50\Downloads\OperaSetup.exe
    2017-01-22 21:31 - 2017-01-23 18:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-01-22 21:31 - 2017-01-22 21:31 - 00001327 _____ C:\Users\y50\Desktop\Spybot - Search & Destroy.lnk
    2017-01-22 21:31 - 2017-01-22 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    2017-01-22 21:31 - 2017-01-22 21:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2017-01-22 21:30 - 2017-01-22 21:30 - 16409960 _____ (Safer Networking Limited ) C:\Users\y50\Downloads\Spybot - Search & Destroy 1.6.2 [1].exe
    2017-01-22 21:29 - 2017-01-22 21:30 - 01293552 _____ ( ) C:\Users\y50\Downloads\Spybot - Search & Destroy 1.6.2.exe
    2017-01-22 19:26 - 2017-01-22 19:26 - 00000000 ____D C:\Users\y50\AppData\Local\AdvinstAnalytics
    2017-01-22 19:23 - 2017-01-23 22:38 - 00000000 ____D C:\AdwCleaner
    2017-01-22 19:23 - 2017-01-22 19:23 - 45580288 ____H (Canon) C:\Users\y50\bxytuixv.exe
    2017-01-22 19:11 - 2017-01-23 07:21 - 00004390 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_313635373436303938382d4a375b5a5a6c783245343741
    2017-01-22 19:03 - 2017-01-23 22:40 - 00000228 _____ C:\WINDOWS\web.bat
    2017-01-22 19:03 - 2017-01-22 19:12 - 00000000 ____D C:\ProgramData\ProductData
    2017-01-22 19:03 - 2017-01-22 19:04 - 00000000 ____D C:\Users\y50\AppData\LocalLow\IObit
    2017-01-22 19:03 - 2017-01-22 19:03 - 00720033 _____ C:\WINDOWS\unins000.exe
    2017-01-22 19:03 - 2017-01-22 19:03 - 00033976 _____ C:\WINDOWS\unins000.dat
    2017-01-22 19:03 - 2017-01-22 19:03 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
    2017-01-22 19:03 - 2017-01-22 19:03 - 00003006 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (y50)
    2017-01-22 19:03 - 2017-01-22 19:03 - 00000000 ____D C:\WINDOWS\IObit
    2017-01-22 19:03 - 2017-01-22 19:03 - 00000000 ____D C:\ProgramData\IObit
    2017-01-22 19:03 - 2017-01-16 17:06 - 00385510 _____ ( ) C:\WINDOWS\window.exe
    2017-01-22 19:03 - 2017-01-05 11:10 - 00000059 _____ C:\WINDOWS\window.bat
    2017-01-22 19:02 - 2017-01-22 19:28 - 00000000 ____D C:\Program Files (x86)\pccleanplus
    2017-01-22 19:02 - 2017-01-22 19:22 - 00000000 ____D C:\Users\y50\AppData\Roaming\isMiner
    2017-01-22 19:02 - 2017-01-22 19:02 - 00001249 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Chrome.lnk
    2017-01-22 19:02 - 2017-01-22 19:02 - 00001213 ___RS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Оperа.lnk
    2017-01-22 19:02 - 2017-01-22 19:02 - 00001183 ___RS C:\Users\Public\Desktop\Оpеra.lnk
    2017-01-22 19:02 - 2017-01-22 19:02 - 00000000 ____D C:\Users\y50\AppData\Roaming\IObit
    2017-01-22 19:02 - 2017-01-22 19:02 - 00000000 ____D C:\Program Files\P09Q58OAMU
    2017-01-22 19:01 - 2017-01-22 19:02 - 00016224 _____ C:\Users\y50\AppData\Roaming\InstallationConfiguration.xml
    2017-01-22 19:01 - 2017-01-22 19:02 - 00000334 _____ C:\Users\y50\Desktop\Booking.com.url
    2017-01-22 19:01 - 2017-01-22 19:02 - 00000000 ____D C:\Program Files (x86)\baidu
    2017-01-22 19:01 - 2017-01-22 19:01 - 00140288 _____ C:\Users\y50\AppData\Roaming\Installer.dat
    2017-01-22 18:59 - 2017-01-22 19:00 - 00000000 ____D C:\WINDOWS\SysWOW64\glogs
    2017-01-22 18:58 - 2017-01-22 19:28 - 00000460 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
    2017-01-22 18:58 - 2017-01-22 19:03 - 00003474 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
    2017-01-22 18:58 - 2017-01-22 18:58 - 00000882 _____ C:\Users\y50\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-01-22 18:58 - 2017-01-22 18:58 - 00000000 ____D C:\Users\y50\AppData\Local\UCBrowser
    2017-01-22 18:58 - 2017-01-22 18:58 - 00000000 ____D C:\Program Files\żěŃą
    2017-01-22 18:57 - 2017-01-22 19:20 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-01-22 18:56 - 2017-01-22 18:56 - 00003606 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Debug
    2017-01-22 18:56 - 2017-01-22 18:56 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-01-22 18:56 - 2017-01-22 18:56 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-01-22 18:55 - 2017-01-23 18:56 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-01-22 18:55 - 2017-01-22 19:28 - 00000000 ____D C:\Users\y50\AppData\Roaming\Vvuckchvosh
    2017-01-22 18:55 - 2017-01-22 19:28 - 00000000 ____D C:\Program Files (x86)\Pharudom
    2017-01-22 18:55 - 2017-01-22 19:08 - 00000000 ____D C:\Users\y50\AppData\Local\Etuieddinich
    2017-01-22 18:55 - 2017-01-22 19:08 - 00000000 ____D C:\Program Files (x86)\Gipareedese Reports
    2017-01-22 18:55 - 2017-01-22 18:55 - 00006076 _____ C:\WINDOWS\System32\Tasks\Gipareedese Reports
    2017-01-22 18:55 - 2017-01-22 18:55 - 00000000 ____D C:\ProgramData\Avira
    2017-01-22 18:55 - 2017-01-22 18:55 - 00000000 ____D C:\ProgramData\Avg
    2017-01-22 19:02 - 2017-01-22 19:02 - 0023622 _____ () C:\Users\y50\AppData\Roaming\aliexpress.ico
    2017-01-22 19:02 - 2017-01-22 19:02 - 0099678 _____ () C:\Users\y50\AppData\Roaming\booking.ico
    2017-01-22 19:01 - 2017-01-22 19:02 - 0016224 _____ () C:\Users\y50\AppData\Roaming\InstallationConfiguration.xml
    2017-01-22 19:01 - 2017-01-22 19:01 - 0140288 _____ () C:\Users\y50\AppData\Roaming\Installer.dat
    C:\Users\y50\bxytuixv.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 24 Sty 2017 00:18
    Kolobos
    Spec od komputerów

    Odinstaluj: Traffic Exchange

    Nadal nie usunales czesci skrotow, zostalo:
    C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UС浏览器.lnk
    C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оperа.lnk
    C:\Users\Public\Desktop\Оpеra.lnk
    Usun te pliki recznie.

    W Chrome utworz nowy profil.

    Nowy Fixlist.txt:
    CloseProcesses:
    Task: {42B7642B-4A40-46B8-B661-54B2343224CB} - \UCBrowserSecureUpdater -> Brak pliku <==== UWAGA
    C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UС浏览器.lnk
    C:\Users\y50\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Оperа.lnk
    C:\Users\Public\Desktop\Оpеra.lnk
    HKU\S-1-5-21-1234759474-2429951954-416129286-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.)
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll -> Brak pliku
    CHR DefaultProfile: ChromeDefaultData2
    S1 HWiNFO32; \??\C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [X]
    2017-01-23 23:52 - 2017-01-23 23:52 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2017-01-23 23:52 - 2017-01-22 18:58 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 24 Sty 2017 09:42
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt:
    S2 KuaiZipDrive; \??\C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [X]

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #7 24 Sty 2017 18:16
    Troll2016
    Poziom 2  

    Wszystko zrobiłem bardzo dziękuje za pomoc !

    0