Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

żeną - jak usunąć tego wirusa

kropek_85 04 Mar 2017 23:51 813 6
  • #1 04 Mar 2017 23:51
    kropek_85
    Poziom 9  

    Witam
    Wiem, że taki temat już istniał, ale został zamknięty:
    https://www.elektroda.pl/rtvforum/topic3301340.html

    Otóż mam ten sam problem, pobrałem program FRST, porobił po 4 logi frst i addition. Wiem, że trzeba zrobić plik txt ale nie wiem co dokładnie mam w niego wkleić.
    Dodatkowo przeskanowałem kompa nodem a potem kombofixem.
    Dzięki temu nie wyskakują mi co chwile dziwne chińskie oferty, ale "żeną" nadal jest na kompie.
    Proszę o pomoc w usunięciu tego syfu

    0 6
  • Pomocny post
    #2 05 Mar 2017 00:31
    Kolobos
    Spec od komputerów

    Nie uzywaj combofix.

    Po co tyle tych plikow? Wymagane sa tylko dwa najnowsze.

    Odinstaluj:
    Browser-Security
    Java(TM) 6 Update 2

    Wykonaj Fixlist.txt dla FRST:
    Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA

    Odinstaluj: Traffic Exchange

    Wykonaj nowy Fixlist.txt:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-173245323-2256400673-3287937648-1002_Classes\CLSID\{F0D5B8DF-FA50-4AC1-B644-6DD3DABA2DC0}\InprocServer32 -> 42494E41525953545245414D030000000300000018B1828CA09A000CC67F88ED2A2A9672CB414E79AC0E9BFAE9ABDB880360 (dane wartości zawierają 14 znaków więcej).
    Task: {02C9AA50-52F1-43AA-9EC3-C2FC4B6921FB} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {06A79903-C605-4817-84E8-D8BEBAFEC2EF} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {0DAC42A9-AD5F-422F-8BB6-402E93F010BA} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {132B6C78-736E-4D2A-9194-42DF4519BD69} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {1B37C3BF-1DC7-4687-AB8E-46C6BB0CA158} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {23E34294-4988-4773-903D-F99501835542} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-03-04] (UC Web Inc.) <==== UWAGA
    Task: {2AA137AF-D393-49B3-8C13-9CB9CC05BFDD} - System32\Tasks\ALL Update => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2011-08-16] ()
    Task: {47887559-7EE6-4276-93AC-4894AC329A4D} - System32\Tasks\{3B0256CC-DBC4-4E58-BCC0-D3F61382A0AE} => pcalua.exe -a "C:\Users\kropek_85\Downloads\ABBYY Fine Reader 9.0 Pro. PL FULL\Crack 9.0.0.662-NoPE.exe" -d "C:\Users\kropek_85\Downloads\ABBYY Fine Reader 9.0 Pro. PL FULL"
    Task: {4EF05E46-18E7-4897-A463-79313E488F8F} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== UWAGA
    Task: {4F5B85F7-58A5-4579-AC49-61FBCF6DA34D} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {6D4AAA7E-7476-4359-8A35-854A15FE1A34} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA




    Task: {6F87B903-425A-4F18-80D9-05DB09480445} - System32\Tasks\KuaiZip_Update => C:\Program Files\żěŃą\X86\Update.exe [2017-03-04] (Shanghai Guangle Network Technology Ltd
    ) <==== UWAGA
    Task: {969901AF-EBB1-479C-AB22-BE196BB09AF4} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-01] (UCWeb Inc) <==== UWAGA
    Task: {BA22D99D-CE3B-443C-B15D-BC34D314D6FE} - System32\Tasks\Opera scheduled Autoupdate 1423695354 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
    Task: {CA125E76-EC0B-4E13-8C9E-8ECC27505F03} - System32\Tasks\osTip => Chrome.exe <==== UWAGA
    Task: {D16A6995-163B-4CBA-888B-40A0A8D771C1} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
    Task: {F4CB7832-B43C-4077-9CD2-A365360E7095} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {FB0D8723-588F-4384-B914-C4ED775376A7} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {FC0CEBE6-ADA6-4819-8EA8-76D7186D5DDE} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-01] (UCWeb Inc) <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\kropek_85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\kropek_85\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\KROPEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\kropek_85\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\kropek_85\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\KROPEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    2017-03-04 21:04 - 2017-03-04 21:04 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2016-08-27 15:04 - 2016-07-08 14:33 - 02548944 _____ () C:\Users\kropek_85\AppData\Roaming\Browser-Security\s768.exe
    2017-03-04 21:03 - 2017-03-04 21:03 - 02072064 _____ () C:\Users\kropek_85\AppData\Local\Temp\00000564\msiql.exe
    2017-03-04 21:03 - 2016-09-23 15:38 - 03447808 _____ () C:\Users\kropek_85\AppData\Local\Temp\is-5RCBU.tmp\AutoTime.exe
    2017-03-04 21:03 - 2017-03-04 21:03 - 01620992 _____ () C:\ProgramData\service.exe
    2017-03-04 21:08 - 2017-03-01 06:44 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    2017-03-04 21:08 - 2017-03-03 15:03 - 07316992 ___SH () C:\ProgramData\WindowsMsg\Chrome.exe
    2017-03-04 21:08 - 2017-03-01 12:45 - 92222464 ___SH () C:\ProgramData\WindowsMsg\libcef.dll
    2017-03-04 21:12 - 2017-03-04 21:12 - 01218456 _____ () C:\Users\kropek_85\AppData\Roaming\Kuaizip\ktpop3.exe
    2017-03-04 21:08 - 2017-03-01 06:44 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.201\UCAgent.exe
    2017-03-04 21:04 - 2017-03-04 21:04 - 00219032 _____ () c:\program files\żěńą\x86\kuaizipupdatechecker.dll
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1496610]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1221154]
    () C:\Users\kropek_85\AppData\Roaming\Browser-Security\s768.exe
    () C:\Users\kropek_85\AppData\Local\Temp\00000564\msiql.exe
    () C:\Users\kropek_85\AppData\Local\Temp\is-5RCBU.tmp\AutoTime.exe
    () C:\ProgramData\service.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    () C:\ProgramData\WindowsMsg\chrome.exe
    () C:\Users\kropek_85\AppData\Roaming\KuaiZip\ktpop3.exe
    () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.201\UCAgent.exe
    (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
    HKU\S-1-5-21-173245323-2256400673-3287937648-1002\...\Run: [safe_urls768] => C:\Users\kropek_85\AppData\Roaming\Browser-Security\s768.exe [2548944 2016-07-08] ()
    HKU\S-1-5-21-173245323-2256400673-3287937648-1002\...\Run: [msiql] => C:\Users\kropek_85\AppData\Local\Temp\00000564\msiql.exe [2072064 2017-03-04] () <===== UWAGA
    HKU\S-1-5-21-173245323-2256400673-3287937648-1002\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\Chrome.exe [7316992 2017-03-03] ()
    HKU\S-1-5-21-173245323-2256400673-3287937648-1002\...\MountPoints2: {07b21cc6-1a6b-11e5-9ef1-0008caf133c3} - G:\LG_PC_Programs.exe
    HKU\S-1-5-21-173245323-2256400673-3287937648-1002\...\MountPoints2: {c0557939-8dc8-11e4-9587-0008caf133c3} - G:\LG_PC_Programs.exe
    HKU\S-1-5-18\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-03-04] ()
    FF user.js: detected! => C:\Users\kropek_85\AppData\Roaming\Mozilla\Firefox\Profiles\amt0jjgn.default\user.js [2016-08-27]
    FF NetworkProxy: Mozilla\Firefox\Profiles\amt0jjgn.default -> type", 0
    FF Extension: (YouTube Video and Audio Downloader) - C:\Users\kropek_85\AppData\Roaming\Mozilla\Firefox\Profiles\amt0jjgn.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2017-02-02]
    FF Extension: (Aktualizacja dodatku Flash) - C:\Users\kropek_85\AppData\Roaming\Mozilla\Firefox\Profiles\amt0jjgn.default\Extensions\ff-dodatekkx@firefox.pl.xpi [2016-10-08]
    FF Extension: (Browser-Security) - C:\Users\kropek_85\AppData\Roaming\Mozilla\Firefox\Profiles\amt0jjgn.default\Extensions\firefox@browser-security.de.xpi [2016-09-27]
    CHR Extension: (Browser-Security) - C:\Users\kropek_85\AppData\Local\Google\Chrome\User Data\Default\Extensions\faeinneekbeceimjnljfmaincojhhmln [2016-08-27]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-03-04] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-03-04] ()
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-03-01] ()
    R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-03-04] (WinMount International Inc)
    U1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    S3 ALSysIO; \??\C:\Users\KROPEK~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA
    S3 AmUStor; system32\drivers\AmUStor.SYS [X]
    2017-03-04 21:09 - 2017-03-04 21:09 - 00002920 _____ C:\Windows\System32\Tasks\osTip
    2017-03-04 21:09 - 2017-03-04 21:09 - 00000000 ____D C:\Users\kropek_85\AppData\Local\CEF
    2017-03-04 21:08 - 2017-03-04 21:20 - 00002572 _____ C:\Windows\System32\Tasks\UCBrowserUpdaterCore
    2017-03-04 21:08 - 2017-03-04 21:20 - 00000300 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
    2017-03-04 21:08 - 2017-03-04 21:09 - 00000000 __SHD C:\ProgramData\WindowsMsg
    2017-03-04 21:08 - 2017-03-04 21:08 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-03-04 21:08 - 2017-03-04 21:08 - 00003446 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2017-03-04 21:08 - 2017-03-04 21:08 - 00001542 _____ C:\Users\kropek_85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2017-03-04 21:08 - 2017-03-04 21:08 - 00000464 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-03-04 21:08 - 2017-03-04 21:08 - 00000000 ____D C:\Users\kropek_85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2017-03-04 21:08 - 2017-03-04 21:08 - 00000000 ____D C:\Users\kropek_85\AppData\Local\UCBrowser
    2017-03-04 21:08 - 2017-03-04 21:08 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-03-04 21:06 - 2017-03-04 21:06 - 00000000 ____D C:\ProgramData\Microleaves
    2017-03-04 21:04 - 2017-03-04 21:13 - 00000000 ____D C:\Users\kropek_85\AppData\Roaming\KuaiZip
    2017-03-04 21:04 - 2017-03-04 21:04 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2017-03-04 21:04 - 2017-03-04 21:04 - 00003378 _____ C:\Windows\System32\Tasks\KuaiZip_Update
    2017-03-04 21:04 - 2017-03-04 21:04 - 00000839 _____ C:\Users\kropek_85\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-03-04 21:04 - 2017-03-04 21:04 - 00000815 _____ C:\Users\kropek_85\Desktop\żěŃą.lnk
    2017-03-04 21:04 - 2017-03-04 21:04 - 00000000 ____D C:\Users\kropek_85\AppData\Roaming\Softlink
    2017-03-04 21:04 - 2017-03-04 21:04 - 00000000 ____D C:\Program Files\żěŃą
    2017-03-04 21:03 - 2017-03-04 21:29 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 3.job
    2017-03-04 21:03 - 2017-03-04 21:29 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 2.job
    2017-03-04 21:03 - 2017-03-04 21:29 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 1.job
    2017-03-04 21:03 - 2017-03-04 21:29 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
    2017-03-04 21:03 - 2017-03-04 21:29 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
    2017-03-04 21:03 - 2017-03-04 21:29 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
    2017-03-04 21:03 - 2017-03-04 21:07 - 00000000 ____D C:\Users\kropek_85\AppData\Roaming\UCChannel
    2017-03-04 21:03 - 2017-03-04 21:06 - 00000366 ____H C:\Windows\Tasks\Traffic Exchange Updater.job
    2017-03-04 21:03 - 2017-03-04 21:03 - 01620992 _____ C:\ProgramData\service.exe
    2017-03-04 21:03 - 2017-03-04 21:03 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
    2017-03-04 21:03 - 2017-03-04 21:03 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
    2017-03-04 21:03 - 2017-03-04 21:03 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange
    2017-03-04 21:03 - 2017-03-04 21:03 - 00003196 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
    2017-03-04 21:03 - 2017-03-04 21:03 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 3
    2017-03-04 21:03 - 2017-03-04 21:03 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 2
    2017-03-04 21:03 - 2017-03-04 21:03 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 1
    2017-03-04 21:03 - 2017-03-04 21:03 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
    2017-03-04 21:03 - 2017-03-04 21:03 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
    2017-03-04 21:03 - 2017-03-04 21:03 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
    2017-03-04 21:03 - 2017-03-04 21:03 - 00001095 _____ C:\Users\kropek_85\Desktop\AutoTime.lnk
    2017-03-04 21:03 - 2017-03-04 21:03 - 00000000 __SHD C:\Users\kropek_85\AppData\Local\svchost
    2017-03-04 21:03 - 2017-03-04 21:03 - 00000000 ____D C:\Users\kropek_85\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-03-04 21:03 - 2017-03-04 21:03 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-03-04 21:02 - 2017-03-04 21:03 - 00000000 ____D C:\Users\kropek_85\AppData\Roaming\Microleaves
    2017-03-04 21:02 - 2017-03-04 21:03 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-03-04 21:02 - 2017-03-04 21:03 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2011-10-20 00:00 - 2010-10-06 17:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
    2017-03-04 21:03 - 2017-03-04 21:03 - 1620992 _____ () C:\ProgramData\service.exe
    EmptyTemp:

    Podany Fixlist.txt wykonaj w trybie awaryjnym, po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 05 Mar 2017 02:22
    Kolobos
    Spec od komputerów

    Nie wykonales:
    > Odinstaluj: Traffic Exchange

    Nowy Fixlist.txt dla FRST:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-173245323-2256400673-3287937648-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2017-03-05 01:43 - 2017-03-05 01:50 - 00038187 _____ C:\Users\kropek_85\Downloads\Fixlog.txt
    2017-03-05 01:41 - 2017-03-05 01:43 - 00000256 _____ C:\Users\kropek_85\Downloads\Search.txt
    2017-03-04 23:22 - 2017-03-04 23:22 - 00024702 _____ C:\ComboFix.txt
    2017-03-04 23:03 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2017-03-04 23:03 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2017-03-04 23:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2017-03-04 23:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2017-03-04 23:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2017-03-04 23:03 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2017-03-04 23:03 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2017-03-04 23:03 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    2017-03-04 21:49 - 2017-03-04 23:22 - 00000000 ____D C:\Qoobox
    2017-03-04 21:47 - 2017-03-04 21:47 - 05660168 ____R (Swearware) C:\Users\kropek_85\Downloads\ComboFix.exe
    2017-03-04 21:08 - 2017-03-05 00:00 - 00000000 ____D C:\Users\kropek_85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器

    Po wykonaniu sprawdz czy usunal sie:
    C:\Users\kropek_85\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    Jezeli nie to usun recznie, razem z C:\FRST i to wszystko.

    0
  • Pomocny post
    #6 05 Mar 2017 03:11
    Kolobos
    Spec od komputerów

    Po co? Napisalem, ze to juz wszystko. Zreszta sam chyba mozesz zobaczyc czy to co podalem jest w logu czy nie.

    0
  • #7 25 Kwi 2017 15:33
    kropek_85
    Poziom 9  

    Temat rozwiązany dzięki koledze Kolobos

    0