Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Logi FRST , UC Browser , zeNa - wirus powiązany z przeglądarką UC broweser.

Shaman0323 05 Lut 2017 10:25 510 7
  • #1 05 Lut 2017 10:25
    Shaman0323
    Poziom 2  

    Witam!

    Jestem szczęśliwym posiadaczem wirusa który znajduje się pod postacią przeglądarki UC Browser. Nierozważnie otworzyłem paczkę .rar w której znajdowało się to cholerstwo. Mam dwa nowe programy: UC Browser oraz zeNa. Widziałem już , że wiele osób miało z tym problem i zdążyłem zorientować się co w takiej sytuacji zrobić. Proszę o pomoc , w utworzeniu skryptu do pliku fixlist.txt którego będę mógł użyć w FRST.

    0 7
  • #2 05 Lut 2017 12:35
    krzychupar
    Poziom 40  

    Odinstaluj:
    PublicHotspot version 1.0 (HKLM-x32\...\PublicHotspot_is1) (Version: 1.0 - Leading2Apps) <==== UWAGA
    trotux - Uninstall (HKLM-x32\...\{1E1C38E9-D192-48F7-A212-85DA951585DF}) (Version: - ) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    Task: {2B825A37-789D-421B-8C45-D85DB542B074} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-04] (UC Web Inc.) <==== UWAGA
    Task: {3BACC8CA-FA06-46A5-9338-D0A14A95C3C2} - System32\Tasks\Opera scheduled Autoupdate 1440054385 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-26] (Opera Software)
    Task: {652C5505-354C-4050-B8D0-F00A0ADE9A7F} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: {75301412-F624-4A16-BA5F-9245B978CD52} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: {88812A9E-D8F3-4946-BF9A-57F73B7E4B86} - System32\Tasks\{E1E87450-E011-46AA-A888-4715C317F50A} => pcalua.exe -a E:\Win8.1\7.TouchPad\Setup.exe -d E:\Win8.1\7.TouchPad
    Task: {A52947EA-BFD8-4A63-B913-F410D5578735} - System32\Tasks\6520m19u17q8081 => Rundll32.exe "C:\ProgramData\6520m19u17q8081\6520m19u17q8081.dll",muqsjyd <==== UWAGA
    Task: {A5C57726-7010-4ECF-9DD4-FDCF21B66839} - System32\Tasks\Zazshzerfertain => /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel....24UE4T0_WD-WXS1EC3WLEF8WLEF8&amp;v=201724 /q
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Laptop 4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Laptop 4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\LAPTOP~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Laptop 4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/




    ShortcutWithArgument: C:\Users\Laptop 4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\LAPTOP~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\LAPTOP~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: F - F:\autorun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: G - G:\aoesetup.exe /autorun
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: H - H:\aoesetup.exe /autorun
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: I - I:\aoesetup.exe /autorun
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {5468ab1b-8843-11e5-a374-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {562d410a-7bae-11e5-a622-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {562d4115-7bae-11e5-a622-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {6efe84ad-6b1f-11e5-807b-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {72fe40c4-7ae6-11e5-940d-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {7b5012fa-6beb-11e5-8607-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {7c24572e-74bf-11e5-a32f-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {907fa057-7883-11e5-b41a-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {98c9f27a-98a7-11e5-b3b9-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {a57b850d-7230-11e5-8ebc-3010b3603a86} - F:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {b7e652ca-8cf1-11e5-a64a-3010b3603a86} - F:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {b90f4708-9f64-11e5-b31a-3010b3603a86} - F:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {c240f586-803f-11e5-8355-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {c5f363dd-8aa4-11e5-8a0b-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {cd23af41-634c-11e5-928a-3010b3603a86} - I:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {cd23af51-634c-11e5-928a-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {db9e36eb-6905-11e5-b02f-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {db9e3701-6905-11e5-b02f-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {ed6c88fb-7a30-11e5-acdf-3010b3603a86} - H:\AutoRun.exe
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-02-04] ()
    BootExecute: autocheck autochk *
    Hosts:
    Tcpip\..\Interfaces\{4A052961-ED5D-44BB-9D92-26188202EF84}: [NameServer] 89.108.195.20 89.108.202.20
    Tcpip\..\Interfaces\{AA7441FA-78F6-4013-AE99-9B235347E0C9}: [NameServer] 89.108.195.20 89.108.202.20
    Tcpip\..\Interfaces\{B2E2E38A-E4F1-4058-934D-07EDAA2B2EF2}: [NameServer] 89.108.195.20 89.108.202.20
    Tcpip\..\Interfaces\{F6C2ECB3-2353-40F0-AB82-FAB13F402B32}: [NameServer] 89.108.195.20 89.108.202.20
    FF ProfilePath: C:\Users\Laptop 4\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\v5p9t6hx.default\Profiles\v5p9t6hx.default [nie znaleziono]
    FF ProfilePath: C:\Users\Laptop 4\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\v5p9t6hx.default\Profiles\yhf1m49o.default-1471346051648 [nie znaleziono]
    CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=81fbbfa8239d38f83831...JPCX-24UE4T0_WD-WXS1EC3WLEF8WLEF8&type=hp
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=81fbbfa8239d38f838312e5g4zbb2q8oacctco8eab&from=icb&uid=WDCXWD10JPCX-24UE4T0_WD-WXS1EC3WLEF8WLEF8&type=hp"
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=81fbbfa8239d38f838312e5g4zbb2q8oacctco8eab&from=icb&uid=WDCXWD10JPCX-24UE4T0_WD-WXS1EC3WLEF8WLEF8&type=sp
    CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
    CHR Profile: C:\Users\Laptop 4\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-04] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    S2 Ralerly; C:\Program Files (x86)\Shbseverqersp\TerqutCmm.dll [X]
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA
    S3 AmUStor; system32\drivers\AmUStor.SYS [X]
    2017-02-04 21:17 - 2017-02-05 09:40 - 00002584 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore
    2017-02-04 21:17 - 2017-02-05 09:40 - 00000298 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
    2017-02-04 21:17 - 2017-02-05 09:20 - 00000462 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-02-04 21:17 - 2017-02-04 21:17 - 00003442 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2017-02-04 21:16 - 2017-02-05 09:38 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-02-04 21:16 - 2017-02-04 22:13 - 00000000 ____D C:\Program Files\PN1FN1CMFN
    2017-02-04 21:16 - 2017-02-04 21:26 - 00000000 ____D C:\Users\Laptop 4\AppData\Roaming\KuaiZip
    2017-02-04 21:16 - 2017-02-04 21:16 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2017-02-04 21:16 - 2017-02-04 21:16 - 00001482 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000837 _____ C:\Users\Laptop 4\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000000 ____D C:\Users\Laptop 4\AppData\Roaming\Softlink
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000000 ____D C:\Users\Laptop 4\AppData\Local\UCBrowser
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000000 ____D C:\Program Files\żěŃą
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-02-04 21:15 - 2017-02-05 09:56 - 00000000 ____D C:\Program Files (x86)\PublicHotspot
    2017-02-04 21:15 - 2017-02-04 21:15 - 00003694 _____ C:\Windows\System32\Tasks\Zazshzerfertain
    2017-02-04 21:15 - 2017-02-04 21:15 - 00000000 ____D C:\Users\Laptop 4\AppData\Roaming\UCChannel
    2017-02-04 21:15 - 2017-02-04 21:15 - 00000000 ____D C:\Users\Laptop 4\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-02-04 21:15 - 2017-02-04 21:15 - 00000000 ____D C:\ProgramData\Avira
    2017-02-04 21:15 - 2017-02-04 21:15 - 00000000 ____D C:\ProgramData\Avg
    2017-02-04 21:14 - 2017-02-04 22:13 - 00000000 ____D C:\Program Files\UZHT7B3HRJ
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #3 05 Lut 2017 14:21
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Malware Hunter 1.23.0.40
    McAfee Security Scan Plus
    PublicHotspot version 1.0
    trotux - Uninstall

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob kopie zakladek z Chrome, profil przegladarki zostanie usuniety przez skrypt.

    Podany Fixlist wykonaj w trybie awaryjnym.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {02968FB5-E1D3-4D5C-9634-016842ECB4F7} - System32\Tasks\GMHSkipUAC => C:\Program Files (x86)\Glarysoft\Malware Hunter\MalwareHunter.exe [2016-11-04] (Glarysoft Ltd)
    Task: {2B825A37-789D-421B-8C45-D85DB542B074} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-04] (UC Web Inc.) <==== UWAGA
    Task: {3BACC8CA-FA06-46A5-9338-D0A14A95C3C2} - System32\Tasks\Opera scheduled Autoupdate 1440054385 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-26] (Opera Software)
    Task: {4239524F-4385-4260-9FD5-ABD3F0B2870C} - System32\Tasks\Microsoft\Windows\Multimedia\Manager => C:\Users\Laptop 4\AppData\Roaming\Adobe\Manager.exe
    Task: {44DA6099-8166-437B-B63A-C7CCA897F5E0} - System32\Tasks\Driver Booster SkipUAC (Laptop 4) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
    Task: {652C5505-354C-4050-B8D0-F00A0ADE9A7F} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: {75301412-F624-4A16-BA5F-9245B978CD52} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: {88812A9E-D8F3-4946-BF9A-57F73B7E4B86} - System32\Tasks\{E1E87450-E011-46AA-A888-4715C317F50A} => pcalua.exe -a E:\Win8.1\7.TouchPad\Setup.exe -d E:\Win8.1\7.TouchPad
    Task: {8F53AC44-AEEA-41CE-80C7-7F6CA0F9AD30} - System32\Tasks\Cherperksterrot Engine => C:\Program Files (x86)\Shbseverqersp\plubapy.exe [2017-02-04] (Glarysoft Ltd)
    Task: {A52947EA-BFD8-4A63-B913-F410D5578735} - System32\Tasks\6520m19u17q8081 => Rundll32.exe "C:\ProgramData\6520m19u17q8081\6520m19u17q8081.dll",muqsjyd <==== UWAGA
    Task: {A5C57726-7010-4ECF-9DD4-FDCF21B66839} - System32\Tasks\Zazshzerfertain => /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel....24UE4T0_WD-WXS1EC3WLEF8WLEF8&amp;v=201724 /q
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Laptop 4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Laptop 4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\LAPTOP~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Laptop 4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Laptop 4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\LAPTOP~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\LAPTOP~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://fanli90.cn/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://fanli90.cn/
    2017-02-04 21:16 - 2017-02-04 21:16 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2017-02-04 21:16 - 2017-01-11 13:23 - 00931112 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    2017-02-04 21:16 - 2017-02-04 21:16 - 00219032 _____ () c:\program files\żěńą\x86\kuaizipupdatechecker.dll
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1479458]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1205026]
    () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    HKLM\...\RunOnce: [ucdrv_repair] => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [739728 2017-02-04] (UC Web Inc.)
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: F - F:\autorun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: G - G:\aoesetup.exe /autorun
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: H - H:\aoesetup.exe /autorun
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: I - I:\aoesetup.exe /autorun
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {5468ab1b-8843-11e5-a374-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {562d410a-7bae-11e5-a622-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {562d4115-7bae-11e5-a622-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {6efe84ad-6b1f-11e5-807b-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {72fe40c4-7ae6-11e5-940d-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {7b5012fa-6beb-11e5-8607-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {7c24572e-74bf-11e5-a32f-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {907fa057-7883-11e5-b41a-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {98c9f27a-98a7-11e5-b3b9-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {a57b850d-7230-11e5-8ebc-3010b3603a86} - F:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {b7e652ca-8cf1-11e5-a64a-3010b3603a86} - F:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {b90f4708-9f64-11e5-b31a-3010b3603a86} - F:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {c240f586-803f-11e5-8355-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {c5f363dd-8aa4-11e5-8a0b-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {cd23af41-634c-11e5-928a-3010b3603a86} - I:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {cd23af51-634c-11e5-928a-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {db9e36eb-6905-11e5-b02f-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {db9e3701-6905-11e5-b02f-3010b3603a86} - H:\AutoRun.exe
    HKU\S-1-5-21-754364652-1024835874-3875188121-1000\...\MountPoints2: {ed6c88fb-7a30-11e5-acdf-3010b3603a86} - H:\AutoRun.exe
    HKLM\...\Providers\k0agg4el: C:\Program Files (x86)\Cherperksterrot Engine\local64spl.dll
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-02-04] ()
    Hosts:
    FF Extension: (Diagnostics) - C:\Users\Laptop 4\AppData\Roaming\Mozilla\Firefox\Profiles\v5p9t6hx.default\features\{9a6bff26-8c2f-4f7c-9d5b-da6b7a10b6d4}\diagnostics@mozilla.org.xpi [2017-02-02]
    FF Extension: (Send HSTS Priming Requests) - C:\Users\Laptop 4\AppData\Roaming\Mozilla\Firefox\Profiles\v5p9t6hx.default\features\{9a6bff26-8c2f-4f7c-9d5b-da6b7a10b6d4}\hsts-priming@mozilla.org.xpi [2017-02-02]
    FF SearchPlugin: C:\Users\Laptop 4\AppData\Roaming\Mozilla\Firefox\Profiles\v5p9t6hx.default\searchplugins\k0agg4el.xml [2017-02-04]
    CHR DefaultProfile: ChromeDefaultData
    CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=81fbbfa8239d38f83831...JPCX-24UE4T0_WD-WXS1EC3WLEF8WLEF8&type=hp
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=81fbbfa8239d38f838312e5g4zbb2q8oacctco8eab&from=icb&uid=WDCXWD10JPCX-24UE4T0_WD-WXS1EC3WLEF8WLEF8&type=hp"
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=81fbbfa8239d38f838312e5g4zbb2q8oacctco8eab&from=icb&uid=WDCXWD10JPCX-24UE4T0_WD-WXS1EC3WLEF8WLEF8&type=sp
    CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
    CHR Profile: C:\Users\Laptop 4\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-04] <==== UWAGA
    C:\Users\Laptop 4\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    rogram Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-02-04] ()
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [931112 2017-01-11] ()
    S2 Ralerly; C:\Program Files (x86)\Shbseverqersp\TerqutCmm.dll [X]
    R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-02-04] (WinMount International Inc)
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA
    S3 AmUStor; system32\drivers\AmUStor.SYS [X]
    2017-02-04 21:17 - 2017-02-05 09:40 - 00002584 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore
    2017-02-04 21:17 - 2017-02-05 09:40 - 00000298 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
    2017-02-04 21:17 - 2017-02-05 09:20 - 00000462 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-02-04 21:17 - 2017-02-04 21:17 - 00003442 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2017-02-04 21:16 - 2017-02-05 09:38 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-02-04 21:16 - 2017-02-04 22:13 - 00000000 ____D C:\Program Files\PN1FN1CMFN
    2017-02-04 21:16 - 2017-02-04 21:26 - 00000000 ____D C:\Users\Laptop 4\AppData\Roaming\KuaiZip
    2017-02-04 21:16 - 2017-02-04 21:16 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2017-02-04 21:16 - 2017-02-04 21:16 - 00001482 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000837 _____ C:\Users\Laptop 4\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000000 ____D C:\Users\Laptop 4\AppData\Roaming\Softlink
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000000 ____D C:\Users\Laptop 4\AppData\Local\UCBrowser
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000000 ____D C:\Program Files\żěŃą
    2017-02-04 21:16 - 2017-02-04 21:16 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-02-04 21:15 - 2017-02-05 09:56 - 00000000 ____D C:\Program Files (x86)\PublicHotspot
    2017-02-04 21:15 - 2017-02-04 21:15 - 00003694 _____ C:\Windows\System32\Tasks\Zazshzerfertain
    2017-02-04 21:15 - 2017-02-04 21:15 - 00000000 ____D C:\Users\Laptop 4\AppData\Roaming\UCChannel
    2017-02-04 21:15 - 2017-02-04 21:15 - 00000000 ____D C:\Users\Laptop 4\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-02-04 21:15 - 2017-02-04 21:15 - 00000000 ____D C:\ProgramData\Avira
    2017-02-04 21:15 - 2017-02-04 21:15 - 00000000 ____D C:\ProgramData\Avg
    2017-02-04 21:15 - 2017-02-04 21:15 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-02-04 21:14 - 2017-02-05 09:53 - 00000000 ____D C:\Users\Laptop 4\AppData\LocalLow\IObit
    2017-02-04 21:14 - 2017-02-05 09:53 - 00000000 ____D C:\ProgramData\ProductData
    2017-02-04 21:14 - 2017-02-05 09:52 - 00000000 ____D C:\ProgramData\IObit
    2017-02-04 21:14 - 2017-02-04 22:13 - 00000000 ____D C:\Program Files\UZHT7B3HRJ
    2017-02-04 21:14 - 2017-02-04 21:14 - 00002890 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Laptop 4)
    2017-02-04 21:14 - 2017-02-04 21:14 - 00000000 ____D C:\Windows\IObit
    2017-02-04 21:14 - 2017-02-04 21:14 - 00000000 ____D C:\Users\Public\Thunder Network
    2017-02-04 21:14 - 2017-02-04 21:14 - 00000000 ____D C:\ProgramData\Thunder Network
    2017-02-04 21:13 - 2017-02-05 09:57 - 00000000 ____D C:\Users\Laptop 4\AppData\Roaming\IObit
    2017-02-04 21:13 - 2017-02-05 00:01 - 00000000 ___HD C:\ProgramData\6520m19u17q8081
    2017-02-04 21:13 - 2017-02-05 00:01 - 00000000 ____D C:\Program Files (x86)\Shbseverqersp
    2017-02-04 21:13 - 2017-02-05 00:01 - 00000000 ____D C:\Program Files (x86)\Cherperksterrot Engine
    2017-02-04 21:13 - 2017-02-05 00:00 - 00016710 _____ C:\Windows\System32\Tasks\6520m19u17q8081
    2017-02-04 21:13 - 2017-02-04 22:54 - 00000000 ____D C:\Users\Laptop 4\AppData\Roaming\Ckeose
    2017-02-04 21:13 - 2017-02-04 21:16 - 00000000 ____D C:\Users\Laptop 4\AppData\Local\Dernush
    2017-02-04 21:13 - 2017-02-04 21:13 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
    2017-02-04 21:13 - 2017-02-04 21:13 - 00005994 _____ C:\Windows\System32\Tasks\Cherperksterrot Engine
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.


    :arrow: krzychupar
    Widzisz drobna roznice w podanych skryptach?

    0
  • #4 05 Lut 2017 17:07
    Shaman0323
    Poziom 2  

    Kolobos - dzięki , Twoja odpowiedź mi pomogła. Skrypt który podał mi krzychupar niestety nie rozwiązał problemu , ale Tobie również dziekuje!

    Po wykonaniu wszystkich instrukcji udało mi się pozbyć UC Browser oraz zeNa. W ogóle widzę różnicę w pracy komputera (in plus oczywiście).

    0
  • #5 05 Lut 2017 17:13
    Kolobos
    Spec od komputerów

    Jeszcze nowy frst.txt zalacz.

    0
  • #7 05 Lut 2017 17:50
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    S1 HWiNFO32; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [X]
    2017-02-05 15:55 - 2017-02-05 15:55 - 00000000 ____D C:\Users\Laptop 4\Downloads\FRST-OlderVersion
    2017-02-05 15:37 - 2017-02-05 15:47 - 00000000 ____D C:\AdwCleaner


    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #8 05 Lut 2017 17:54
    Shaman0323
    Poziom 2  

    Temat rozwiązany więc zamykam!

    0