Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Potrzebna szybka pomoc malware -

Htpp 24 Lut 2017 21:42 420 4
  • Pomocny post
    #3 24 Lut 2017 23:20
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== UWAGA
    CleanBrowser (HKLM-x32\...\CleanBrowser) (Version: - ) <==== UWAGA
    Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: - ) <==== UWAGA

    Uzyj adwc i usun wszystko co wykryje.

    Zrob kopie zakladek z Chrome, katalog profilu zostanie usuniety.

    Wykonaj Fixlist.txt:
    CloseProcesses:
    Task: {9612B97B-E719-4D5F-8F7B-1CE273799BE2} - System32\Tasks\Thernleserhch Module => C:\Program Files (x86)\Drpasydest\mubiy.exe [2017-02-24] (Glarysoft Ltd)
    Task: {F4980372-B6EB-4E7A-9055-2D2D3FC23A22} - System32\Tasks\PPI Update => C:\Windows\explorer.exe "hxxp://insightcdn.online/download/index.php?mn=9995" <==== UWAGA
    2016-02-15 12:56 - 2016-02-15 12:56 - 46344704 _____ () C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
    2017-02-24 19:53 - 2017-02-24 19:53 - 00387584 _____ () C:\Program Files (x86)\01a67563-1e59-4f0a-87f4-972a12af4e9c1487962426\kns01a67563-1e59-4f0a-87f4-972a12af4e9c.tmpfs
    2017-02-24 19:51 - 2017-02-24 19:51 - 01304064 _____ () C:\Users\Buli\AppData\Local\Ojmics\vmmbublz.dll
    2017-02-24 19:52 - 2017-02-24 19:52 - 01304064 _____ () C:\Users\Buli\AppData\Local\Uxfmmedia\vmmbublz.dll
    2016-02-15 12:56 - 2016-02-15 12:56 - 01481728 _____ () C:\Program Files (x86)\CleanBrowser\app\bin\libglesv2.dll
    2016-02-15 12:56 - 2016-02-15 12:56 - 00073728 _____ () C:\Program Files (x86)\CleanBrowser\app\bin\libegl.dll
    2016-02-15 12:56 - 2016-02-15 12:56 - 01681224 _____ () C:\Program Files (x86)\CleanBrowser\app\bin\ffmpegsumo.dll
    () C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
    () C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
    () C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
    () C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
    () C:\Program Files (x86)\01a67563-1e59-4f0a-87f4-972a12af4e9c1487962426\kns01a67563-1e59-4f0a-87f4-972a12af4e9c.tmpfs
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKU\S-1-5-21-800759064-2579545316-1945446508-1000\...\Run: [Ojmics] => regsvr32.exe C:\Users\Buli\AppData\Local\Ojmics\vmmbublz.dll <===== UWAGA
    HKU\S-1-5-21-800759064-2579545316-1945446508-1000\...\Run: [ARDworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Buli\AppData\Local\Uxfmmedia\vmmbublz.dll <===== UWAGA
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> Brak pliku
    Tcpip\..\Interfaces\{0D5DB575-E171-4CE3-956F-5C9F1CC53BE8}: [NameServer] 82.163.142.8,95.211.158.136
    SearchScopes: HKU\S-1-5-21-800759064-2579545316-1945446508-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://zquirrel.com/SmartSearch/index.php?p={searchTerms}&bn=ie&ch_id=AM01&g=01a67563-1e59-4f0a-87f4-972a12af4e9c&




    SearchScopes: HKU\S-1-5-21-800759064-2579545316-1945446508-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://zquirrel.com/SmartSearch/index.php?p={searchTerms}&bn=ie&ch_id=AM01&g=01a67563-1e59-4f0a-87f4-972a12af4e9c&
    CHR DefaultSearchURL: Profile 1 -> file://C:\\Users\\Buli\\AppData\\Local\\Temp\\740.html?bn=gch&ch_id=AM01&g=01a67563-1e59-4f0a-87f4-972a12af4e9c&p={searchTerms}
    CHR DefaultSearchKeyword: Profile 1 -> yahoo.com
    CHR Profile: C:\Users\Buli\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-24] <==== UWAGA
    C:\Users\Buli\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    S2 QForlLgs0EYm Updater; C:\Program Files (x86)\QForlLgs0EYm Updater\QForlLgs0EYm Updater.exe [X]
    R2 rejeweke; C:\Program Files (x86)\01a67563-1e59-4f0a-87f4-972a12af4e9c1487962426\kns01a67563-1e59-4f0a-87f4-972a12af4e9c.tmpfs [X]
    S2 serverss; C:\Windows\Temp\F8D3.tmp [X]
    S3 4F95D9BEC1E2FB76; \??\C:\Users\Buli\AppData\Local\Temp\18842E53.sys [X] <==== UWAGA
    S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
    2017-02-24 21:08 - 2017-02-24 21:08 - 00000000 ____D C:\Users\Buli\AppData\Roaming\Rofawardghazosh
    2017-02-24 20:30 - 2017-02-24 20:30 - 00000000 ____D C:\Users\Buli\AppData\Local\UCBrowser
    2017-02-24 20:28 - 2017-02-24 21:08 - 00000000 ____D C:\Users\Buli\AppData\Local\app
    2017-02-24 20:27 - 2017-02-24 20:35 - 00000000 ____D C:\Users\Buli\AppData\Local\00000000-1487968068-0000-0000-001A4D86B694
    2017-02-24 20:27 - 2017-02-24 20:28 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
    2017-02-24 19:53 - 2017-02-24 20:35 - 00000000 ____D C:\Program Files (x86)\01a67563-1e59-4f0a-87f4-972a12af4e9c1487962426
    2017-02-24 19:53 - 2017-02-24 19:53 - 00000000 _____ C:\TOSTACK
    2017-02-24 19:52 - 2017-02-24 19:52 - 00006022 _____ C:\Windows\System32\Tasks\Thernleserhch Module
    2017-02-24 19:52 - 2017-02-24 19:52 - 00000000 ____D C:\Users\Buli\AppData\Local\Grohot
    2017-02-24 19:52 - 2017-02-24 19:52 - 00000000 ____D C:\Program Files (x86)\Thernleserhch Module
    2017-02-24 19:52 - 2017-02-24 19:52 - 00000000 ____D C:\Program Files (x86)\Drpasydest
    2017-02-24 19:51 - 2017-02-24 20:35 - 00000000 ____D C:\Users\Buli\AppData\Local\Uxfmmedia
    2017-02-24 19:51 - 2017-02-24 19:51 - 00000000 ____D C:\Users\Buli\AppData\Local\Ojmics
    2017-02-24 19:49 - 2017-02-24 19:49 - 00003532 _____ C:\Windows\System32\Tasks\PPI Update
    2017-02-20 06:35 - 2017-02-24 21:09 - 00000000 ____D C:\Users\Buli\Downloads\FRST-OlderVersion
    2017-02-19 21:11 - 2017-02-19 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2017-02-07 18:56 - 2017-02-07 19:09 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:


    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 24 Lut 2017 23:27
    Htpp
    Poziom 5  

    Kolobos napisał:
    Odinstaluj:
    Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== UWAGA
    CleanBrowser (HKLM-x32\...\CleanBrowser) (Version: - ) <==== UWAGA
    Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: - ) <==== UWAGA


    Jak to usunac?

    0
  • #5 24 Lut 2017 23:34
    Kolobos
    Spec od komputerów

    Zagladales kiedys do panelu sterowania -> programy i funkcje? Mozesz tam odinstalowywac programy i wlasnie tam masz je odinstalowac...

    0