Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Usunięcie wirusa ŻeŃą i qtipr

makos350 04 Mar 2017 23:44 600 6
  • #2 04 Mar 2017 23:54
    Kolobos
    Spec od komputerów

    Odinstaluj Search App by Ask

    Wykonaj Fixlist.txt dla FRST:
    Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA
    Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA

    Odinstaluj:
    Online.io Application
    Traffic Exchange

    Wykonaj kolejny Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {05B4854C-730E-48AC-927A-F44F36383D54} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {39E8A3BB-D7BC-4A98-90A9-04B435C1F726} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {40583403-C1B0-4BEA-A14F-AAD1AB366A21} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {46F7F03D-31F5-4E70-A03D-E0C00F5B406F} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task
    Task: {768C447D-6853-4D42-A80B-D618CB8BB5FD} - System32\Tasks\{67B93090-E1FB-4D26-90BF-154717589472} => Firefox.exe hxxp://ui.skype.com/ui/0/6.22.64.106/pl/go/he...?source=lightinstaller&amp;LastError=1618
    Task: {89B6B7F2-DC16-4C5A-8338-0307953C18A9} - System32\Tasks\{FDE9D40B-711B-42E1-8CB6-ABEBA98A2350} => pcalua.exe -a "C:\Users\Zalman\Downloads\Post Process Injector 2_1 Installer-131-2-1.exe" -d C:\Users\Zalman\Downloads
    Task: {8FAC4A06-3E57-4A8B-A9B3-C928D37A3514} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {B83572B6-0C88-4B94-B3CC-757849D01739} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {CA67CF06-BE65-4959-8412-8A54E8A72FCF} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {CC804CF0-D241-4C55-BFF5-C22362AE9221} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {E42A2401-4DEC-467F-AD52-B7518DD68EE4} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {E6A83D0D-E419-421C-997A-3B94DA50D44C} - System32\Tasks\hostTask => C:\ProgramData\CloudPrinter\tree.exe




    Task: {F154CC6B-35B6-4724-B93E-20ACD5F2C76C} - System32\Tasks\{44A71AC5-8BA3-47FD-A93A-C8B8A4F190A6} => C:\Users\Zalman\Downloads\South Park.The Stick Of Truth.v 1.0.1361 + 2 DLC.(Новый Диск).(2014).Repack\setup.exe
    Task: {FABECD97-B0ED-45E2-B3CE-BC192EB40AD9} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Zalman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Zalman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Zalman\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    2017-03-04 20:27 - 2017-03-04 20:27 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    Hosts:
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\...\MountPoints2: F - F:\_AUTORUN\AUTORUN.EXE
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\...\MountPoints2: {4d1a9fc9-8abd-11e4-896e-806e6f6e6963} - E:\autorun.exe
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\...\MountPoints2: {626acf00-c4f5-11e4-b521-7824af9fd49c} - F:\setup.exe
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\...\MountPoints2: {830e1722-99e4-11e5-8361-7824af9fd49c} - F:\_AUTORUN\AUTORUN.EXE
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\...\MountPoints2: {830e1728-99e4-11e5-8361-7824af9fd49c} - G:\setup.exe
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\...\MountPoints2: {830e172e-99e4-11e5-8361-7824af9fd49c} - H:\_AUTORUN\AUTORUN.EXE
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\...\MountPoints2: {93844c2c-8e7b-11e4-9a8b-7824af9fd49c} - F:\setup.exe
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\...\MountPoints2: {974ec50e-1845-11e5-a3ce-7824af9fd49c} - G:\setup.exe
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\...\MountPoints2: {9b8b427d-2321-11e5-967a-7824af9fd49c} - F:\setup.exe
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\...\MountPoints2: {e80f8c11-87ed-11e5-87ea-7824af9fd49c} - H:\startme.exe
    HKU\S-1-5-18\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-03-04] ()
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...Io_ueUYaUHvPlUwtHUHWtxIYAoUl543CT3YaU,&q={searchTerms}
    HKU\S-1-5-21-393534324-1826201485-3774873838-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...YWO5ZzqdLpnlh3AWjYUejFiZYfiyu6Xndz8x9B5owDqM,,
    BHO: Brak nazwy -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> Brak pliku
    FF NewTab: Mozilla\Firefox\Profiles\xdi4ucyw.default -> C:\\ProgramData\\Hotfreshs\\ff.NT
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    2017-03-05 01:12 - 2017-03-05 01:12 - 00000000 ____D C:\Users\Zalman\AppData\Roaming\KuaiZip
    2017-03-04 20:29 - 2017-03-05 00:57 - 00000458 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-03-04 20:29 - 2017-03-04 20:48 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-03-04 20:29 - 2017-03-04 20:29 - 00003434 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2017-03-04 20:29 - 2017-03-04 20:29 - 00000000 ____D C:\Users\Zalman\AppData\Local\UCBrowser
    2017-03-04 20:27 - 2017-03-04 20:51 - 00000000 ____D C:\Program Files (x86)\Maoha
    2017-03-04 20:27 - 2017-03-04 20:28 - 00000000 ____D C:\Users\Zalman\AppData\Roaming\UCChannel
    2017-03-04 20:27 - 2017-03-04 20:27 - 01891819 _____ C:\Users\Zalman\AppData\Roaming\ScotFresh.tst
    2017-03-04 20:27 - 2017-03-04 20:27 - 00000837 _____ C:\Users\Zalman\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-03-04 20:27 - 2017-03-04 20:27 - 00000813 _____ C:\Users\Zalman\Desktop\żěŃą.lnk
    2017-03-04 20:27 - 2017-03-04 20:27 - 00000000 ____D C:\ProgramData\Logic Cramble
    2017-03-04 20:27 - 2017-03-04 20:27 - 00000000 ____D C:\Program Files\żěŃą
    2017-03-04 20:26 - 2017-03-05 01:29 - 00000334 _____ C:\Windows\Tasks\Online Application v209.job
    2017-03-04 20:26 - 2017-03-05 01:29 - 00000334 _____ C:\Windows\Tasks\Online Application v209 Guardian.job
    2017-03-04 20:26 - 2017-03-05 01:29 - 00000334 _____ C:\Windows\Tasks\Online Application v209 Guard.job
    2017-03-04 20:26 - 2017-03-05 01:29 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 3.job
    2017-03-04 20:26 - 2017-03-05 01:29 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 2.job
    2017-03-04 20:26 - 2017-03-05 01:29 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 1.job
    2017-03-04 20:26 - 2017-03-05 01:29 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
    2017-03-04 20:26 - 2017-03-05 01:29 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
    2017-03-04 20:26 - 2017-03-05 01:29 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
    2017-03-04 20:26 - 2017-03-04 20:27 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-03-04 20:26 - 2017-03-04 20:26 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209 Guardian
    2017-03-04 20:26 - 2017-03-04 20:26 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209 Guard
    2017-03-04 20:26 - 2017-03-04 20:26 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209
    2017-03-04 20:26 - 2017-03-04 20:26 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 3
    2017-03-04 20:26 - 2017-03-04 20:26 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 2
    2017-03-04 20:26 - 2017-03-04 20:26 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 1
    2017-03-04 20:26 - 2017-03-04 20:26 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
    2017-03-04 20:26 - 2017-03-04 20:26 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
    2017-03-04 20:26 - 2017-03-04 20:26 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
    2017-03-04 20:26 - 2017-03-04 20:26 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-03-04 20:26 - 2017-03-04 20:26 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-03-04 20:21 - 2017-03-04 20:21 - 00126464 _____ C:\Users\Zalman\AppData\Roaming\lobby.dat
    2017-03-04 20:21 - 2017-03-04 20:21 - 00072787 _____ C:\Users\Zalman\AppData\Roaming\Scoting.tst
    2017-03-04 20:21 - 2017-03-04 20:21 - 00054272 _____ C:\Users\Zalman\AppData\Roaming\ApplicationHosting.dat
    2017-03-04 20:21 - 2017-03-04 20:21 - 00003072 _____ C:\Windows\System32\Tasks\hostTask
    2017-03-04 20:21 - 2017-03-04 20:21 - 00000000 ____D C:\ProgramData\PrefersSecure
    2017-03-05 01:05 - 2015-01-02 14:50 - 00000000 ____D C:\AdwCleaner
    2017-03-04 20:21 - 2017-03-04 20:21 - 0054272 _____ () C:\Users\Zalman\AppData\Roaming\ApplicationHosting.dat
    2017-03-04 20:21 - 2017-03-04 20:21 - 0126464 _____ () C:\Users\Zalman\AppData\Roaming\lobby.dat
    2017-03-04 20:27 - 2017-03-04 20:27 - 1891819 _____ () C:\Users\Zalman\AppData\Roaming\ScotFresh.tst
    2017-03-04 20:21 - 2017-03-04 20:21 - 0072787 _____ () C:\Users\Zalman\AppData\Roaming\Scoting.tst
    2017-01-02 20:38 - 2017-01-02 20:39 - 49290112 _____ (Sony) C:\Users\Zalman\AppData\Local\pcc.exe
    EmptyTemp:


    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #3 05 Mar 2017 09:03
    makos350
    Poziom 2  

    Nie mogę odinstalować Search app by ask bo wyświetla mi się komunikat "określone konto już istnieje" i usuwanie się cofa. Nie wiem czy mogę to pominąć.

    0
  • #4 05 Mar 2017 09:56
    Kolobos
    Spec od komputerów

    Mozesz, wykonaj reszte.

    0
  • Pomocny post
    #6 05 Mar 2017 10:45
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt:
    S2 PrefersSecure; C:\ProgramData\PrefersSecure\Nettrans.exe [X]
    2017-03-05 12:18 - 2017-03-05 12:19 - 00000000 ____D C:\Users\Zalman\AppData\Local\AdvinstAnalytics

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #7 05 Mar 2017 10:49
    makos350
    Poziom 2  

    Zrobione. Wielkie dzięki.

    0