Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

c:\windows\run.vbs - dużo śmieci

vihren 08 Mar 2017 11:46 513 2
  • #3 08 Mar 2017 12:32
    krzychupar
    Poziom 40  

    Odinstaluj:
    AppTrailers - AppTrailers for Desktop (HKLM-x32\...\AppTrailers) (Version: 12.1.3amt - AppTrailers) <==== UWAGA
    Body Text Feathering (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Body Text Feathering) <==== UWAGA
    CleanBrowser (HKLM-x32\...\CleanBrowser) (Version: - ) <==== UWAGA
    InterStat (HKU\S-1-5-21-1309132853-2647594003-594715726-1001\...\InterStat) (Version: 1.0 - InterStat) <==== UWAGA
    mpck version 1.1 (HKLM-x32\...\mobilepcstarterkit_is1) (Version: 1.1 - mobilepcstarterkit) <==== UWAGA
    MyMemory (HKLM-x32\...\MyMemory) (Version: - MyMemory) <==== UWAGA
    MyMemory (HKLM-x32\...\MyMemoryPackage) (Version: - ) <==== UWAGA
    ProxyGate version 3.0.0.1176 (HKU\S-1-5-21-1309132853-2647594003-594715726-1001\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1176 - Gold Click Ltd) <==== UWAGA
    Youtube AdBlock (HKLM-x32\...\Youtube AdBlock) (Version: 2.0.0.153 - Company Inc.) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    CloseProcess:
    (TODO: <Company name>) C:\Program Files (x86)\MyMemory\MyMemory.exe
    () C:\Users\Mx\AppData\Roaming\AppTrailers\AppTrailers.exe
    () C:\Users\Mx\AppData\Roaming\AppTrailers\AppTrailers.exe
    () C:\Users\Mx\AppData\Roaming\AppTrailers\AppTrailers.exe
    Task: {11AE1F95-915E-49D6-9D98-9523B05CF186} - System32\Tasks\psv_Plustam => cmd.exe /c regedit.exe /s "C:\ProgramData\Utatity\SilLa.reg" &amp; del "C:\ProgramData\Utatity\SilLa.reg" &amp; SCHTASKS /Delete /TN "psv_Plustam" /F <==== UWAGA
    Task: {188A8CD0-BAFB-4183-A23B-0C2B11575EB1} - \SystemHealer Monitor -> Brak pliku <==== UWAGA
    Task: {4453F01D-6C64-47EF-AEEE-EA678638ADA0} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-15] (UCWeb Inc) <==== UWAGA
    Task: {52B12B9C-7EE3-44F4-8938-E3D18BBE690E} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-02-15] (UCWeb Inc) <==== UWAGA
    Task: {5B1EC398-2121-4766-A87A-5F4D8E6629E1} - \WinTOOL -> Brak pliku <==== UWAGA
    Task: {6DBE56EF-D43C-4E3D-A644-93E0A95ABA0D} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-03-08] (UC Web Inc.) <==== UWAGA
    Task: {78AC4E2B-C105-4566-9F10-33B029076A37} - \System Healer Task -> Brak pliku <==== UWAGA
    Task: {79D9B4CA-8BB7-49F2-943F-CABD3EC5AFE8} - \SystemHealer Run Delay -> Brak pliku <==== UWAGA
    Task: {734BD42A-B9A9-48C6-B36B-BD537FA19EB4} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-01-23] ()
    Task: {89F29C17-9845-4CF2-9677-C37F894747B9} - System32\Tasks\psv_Beta-Top => cmd.exe /c regedit.exe /s "C:\ProgramData\Utatity\Bigbam.reg" &amp; del "C:\ProgramData\Utatity\Bigbam.reg" &amp; SCHTASKS /Delete /TN "psv_Beta-Top" /F <==== UWAGA
    Task: {8AA33093-C7ED-4BEE-B386-E73C5BBE7982} - System32\Tasks\{0E780E47-7E78-790C-0E11-780C0B781104} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ACAAOwA7ADsAIAA7ACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0A (dane wartości zawierają 9996 znaków więcej). <==== UWAGA




    Task: {CC868108-E853-49E2-BE6D-EEDF38E17411} - System32\Tasks\542u635u7112B8235 => Rundll32.exe "C:\ProgramData\542u635u7112B8235\542u635u7112B8235.dll",uBFLDhO <==== UWAGA
    Task: {F3A823D0-EC3B-423D-8728-0CF1430FA7C1} - System32\Tasks\psv_Dripphase => cmd.exe /c regedit.exe /s "C:\ProgramData\Utatity\Newity.reg" &amp; del "C:\ProgramData\Utatity\Newity.reg" &amp; SCHTASKS /Delete /TN "psv_Dripphase" /F <==== UWAGA
    Task: {FE5D27DC-0E36-46D0-943E-E2056C072EFA} - System32\Tasks\SMW_UpdateTask_Time_323738393536363235382d4a4a5b415a34782a456c375a => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Shortcut: C:\Users\Mx\Desktop\Dеаd Spасе 2.lnk -> C:\Program Files (x86)\R.G. Mechanics\Dead Space 2\Launcher.bat ()
    Shortcut: C:\Users\Mx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sеаrсh.lnk -> C:\Program Files\Internet Explorer\iexplore.bat ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvаst SаfеZоnе Вrоwsеr.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.bat (Brak pliku)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
    Shortcut: C:\Users\Public\Desktop\Pаrаgоn Pаrtitiоn Маnаgеr™ 15 Ноmе.lnk -> C:\Program Files (x86)\Paragon Software\Partition Manager 15 Home\program\launcher.bat (Brak pliku)
    Shortcut: C:\Users\Public\Desktop\Аvаst SаfеZоnе Вrоwsеr.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.bat (Brak pliku)
    Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
    AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458]
    Hosts:
    HKLM-x32\...\Run: [MyMemory] => C:\Program Files (x86)\MyMemory\MyMemory.exe [7572480 2017-02-07] (TODO: <Company name>) <===== UWAGA
    HKLM-x32\...\Run: [AppTrailers] => C:\Users\Mx\AppData\Roaming\AppTrailers\AppTrailers.exe [47861928 2017-02-28] () <===== UWAGA
    HKLM-x32\...\Run: [] => "C:\Users\Mx\AppData\Local\Temp\Yicen214@gt@o.exe" /EKNBCHG <===== UWAGA
    HKLM-x32\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
    HKU\S-1-5-21-1309132853-2647594003-594715726-1001\...\Run: [InterStat] => C:\Users\Mx\AppData\Roaming\InterStat\interstat.exe <===== UWAGA
    HKU\S-1-5-21-1309132853-2647594003-594715726-1001\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
    HKU\S-1-5-21-1309132853-2647594003-594715726-1001\...\Run: [ProxyGate] => C:\Users\Mx\AppData\Roaming\ProxyGate\MainService.exe [1142880 2016-01-10] (Gold Click Ltd) <===== UWAGA
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    ShellExecuteHooks: Brak nazwy - {F3657E9C-DC67-11E6-AB5B-64006A5CFC23} - -> Brak pliku
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> Brak pliku
    GroupPolicy: Ograniczenia - Windows Defender <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    SearchScopes: HKU\S-1-5-21-1309132853-2647594003-594715726-1001 -> {2B67B69D-4F1C-420E-AF9D-A0DC06E78F84} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=H35zbcnbl1BU,45b7fec6-a404-4b8d-aeb4-0f2650c57ad2,
    BHO-x32: ČŐŔúÄŁżé¸¨Öú -> {8002EC7A-C61D-432C-975E-21D616D3B7E7} -> C:\Users\Mx\AppData\Roaming\6762250\jywebHelper.dll [2017-03-07] ()
    FF ProfilePath: C:\Users\Mx\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\1o17it5q.default\Profiles\1o17it5q.default [nie znaleziono]
    FF NewTab: Mozilla\Firefox\Profiles\1o17it5q.default -> about:newtab
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\1o17it5q.default -> Avast Search
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\1o17it5q.default -> Avast Search
    CHR HKU\S-1-5-21-1309132853-2647594003-594715726-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
    R2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: ]<==== UWAGA
    S3 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
    S3 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
    S3 0116461488811694mcinstcleanup; C:\WINDOWS\TEMP\011646~1.EXE -cleanup -nolog [X]
    S2 gemeloki; C:\Program Files (x86)\5d7104a8-b9d3-488b-a15b-b3a766047d511488926678\prot5d7104a8-b9d3-488b-a15b-b3a766047d51.tmpfs [X]
    S3 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [X]
    S2 ryxesive; C:\Program Files (x86)\5d7104a8-b9d3-488b-a15b-b3a766047d511488926678\kns5d7104a8-b9d3-488b-a15b-b3a766047d51.tmpfs [X]
    S1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    2017-03-07 23:50 - 2017-03-07 23:50 - 03057696 _____ C:\WINDOWS\system32\znyTSF.ime
    2017-03-07 23:50 - 2017-03-07 23:50 - 00187424 _____ C:\WINDOWS\system32\SCMenu64.dll
    2017-03-07 23:50 - 2017-03-07 23:50 - 00000000 ____D C:\Users\Mx\AppData\Roaming\6762250
    2017-03-07 23:50 - 2017-03-07 23:50 - 00000000 ____D C:\Users\Mx\AppData\Roaming\360se6
    2017-03-07 23:50 - 2017-03-07 23:50 - 00000000 ____D C:\Users\Mx\AppData\LocalLow\SmartCloudIME.users
    2017-03-07 23:50 - 2017-03-07 23:50 - 00000000 ____D C:\Users\Mx\AppData\LocalLow\SmartCloudIME
    2017-03-07 23:50 - 2017-03-07 23:50 - 00000000 ____D C:\Users\Mx\AppData\Local\Tencent
    2017-03-07 23:50 - 2017-03-07 23:50 - 00000000 ____D C:\Users\Mx\AppData\Local\360chrome
    2017-03-07 23:50 - 2017-03-07 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\智能云输入法
    2017-03-07 23:50 - 2017-03-07 23:50 - 00000000 ____D C:\Program Files (x86)\SmartCloudInput
    2017-03-07 23:49 - 2017-03-07 23:50 - 00000000 ____D C:\Users\Mx\AppData\Roaming\TFEIMLPE
    2017-03-07 23:49 - 2017-03-07 23:49 - 00001098 _____ C:\Users\Mx\Desktop\łŕÔ´«Ëµ2.lnk
    2017-03-07 23:49 - 2017-03-07 23:49 - 00000000 ____D C:\Users\Mx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\łŕÔ´«Ëµ2
    2017-03-07 23:49 - 2017-03-07 23:49 - 00000000 ____D C:\Program Files (x86)\łŕÔ´«Ëµ2
    2017-03-07 23:48 - 2017-03-08 10:38 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
    2017-03-07 23:48 - 2017-03-08 00:09 - 00000296 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
    2017-03-07 23:48 - 2017-03-08 00:04 - 00000000 ____D C:\Users\Mx\AppData\Local\app
    2017-03-07 23:48 - 2017-03-08 00:02 - 00002650 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
    2017-03-07 23:48 - 2017-03-07 23:52 - 00000460 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
    2017-03-07 23:48 - 2017-03-07 23:48 - 00155168 _____ C:\WINDOWS\system32\Drivers\flowhlp.dat
    2017-03-07 23:48 - 2017-03-07 23:48 - 00003472 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
    2017-03-07 23:48 - 2017-03-07 23:48 - 00001625 _____ C:\Users\Mx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2017-03-07 23:48 - 2017-03-07 23:48 - 00001595 _____ C:\Users\Mx\Desktop\UC浏览器.lnk
    2017-03-07 23:48 - 2017-03-07 23:48 - 00001256 _____ C:\Users\Mx\Desktop\Continue Last version Installation.lnk
    2017-03-07 23:48 - 2017-03-07 23:48 - 00000000 ____D C:\Users\Mx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2017-03-07 23:48 - 2017-03-07 23:48 - 00000000 ____D C:\Users\Mx\AppData\Local\UCBrowser
    2017-03-07 23:48 - 2017-03-07 23:48 - 00000000 ____D C:\Program Files (x86)\FlowSprit
    2017-03-07 23:47 - 2017-03-08 10:56 - 00000000 ____D C:\Users\Mx\AppData\Roaming\ProxyGate
    2017-03-07 23:47 - 2017-03-08 10:39 - 00000000 ____D C:\Program Files\C9PH5L3Y9G
    2017-03-07 23:47 - 2017-03-08 10:26 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlockIE
    2017-03-07 23:47 - 2017-03-07 23:57 - 00000000 ____D C:\Program Files (x86)\mpck
    2017-03-07 23:47 - 2017-03-07 23:54 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlockU
    2017-03-07 23:47 - 2017-03-07 23:48 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-03-07 23:47 - 2017-03-07 23:47 - 00024460 _____ C:\WINDOWS\System32\Tasks\{0E780E47-7E78-790C-0E11-780C0B781104}
    2017-03-07 23:47 - 2017-03-07 23:47 - 00000000 ____D C:\Users\Mx\AppData\Local\tuto_monetize_120170124
    2017-03-07 23:47 - 2017-03-07 23:47 - 00000000 ____D C:\Program Files\NQ8PWVZE7G
    2017-03-07 23:46 - 2017-03-07 23:48 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
    2017-03-07 23:44 - 2017-03-07 23:44 - 00001918 _____ C:\Users\Mx\Desktop\MyMemory.lnk
    2017-03-07 23:44 - 2017-03-07 23:44 - 00000000 ____D C:\Users\Mx\AppData\Roaming\Note-UP
    2017-03-07 23:44 - 2017-03-07 23:44 - 00000000 ____D C:\Program Files (x86)\MyMemory
    2017-03-07 23:44 - 2017-03-07 23:44 - 00000000 _____ C:\TOSTACK
    2017-03-05 19:49 - 2017-03-07 23:50 - 00000000 ____D C:\Users\Mx\AppData\Roaming\UCChannel
    2017-03-05 19:49 - 2017-03-05 19:49 - 00187904 _____ C:\WINDOWS\rsrcs.dll
    2017-03-05 19:49 - 2017-03-05 19:49 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2017-03-05 19:49 - 2017-03-05 19:49 - 00004388 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_323738393536363235382d4a4a5b415a34782a456c375a
    2017-03-05 19:49 - 2017-03-05 19:49 - 00000000 ____D C:\Users\Mx\AppData\Roaming\Softlink
    2017-03-05 19:49 - 2017-03-05 19:49 - 00000000 ____D C:\Users\Mx\AppData\Roaming\KuaiZip
    2017-03-05 19:49 - 2017-03-05 19:49 - 00000000 ____D C:\ProgramData\SearchModule
    2017-03-05 19:49 - 2017-03-05 19:49 - 00000000 ____D C:\ProgramData\21626453-5435-0
    2017-03-05 19:49 - 2017-03-05 19:49 - 00000000 ____D C:\ProgramData\21626453-1a61-1
    2017-03-05 19:49 - 2017-03-05 19:49 - 00000000 ____D C:\Program Files\Common Files\Noobzo
    2017-01-21 22:54 - 2017-01-21 22:54 - 7316480 _____ () C:\Users\Mx\AppData\Roaming\agent.dat
    2017-03-07 23:46 - 2017-03-07 23:46 - 0023622 _____ () C:\Users\Mx\AppData\Roaming\aliexpress.ico
    2017-03-07 23:46 - 2017-03-07 23:46 - 0099678 _____ () C:\Users\Mx\AppData\Roaming\booking.ico
    2017-01-21 22:54 - 2017-01-21 22:54 - 1908237 _____ () C:\Users\Mx\AppData\Roaming\CanZoosing.tst
    2017-01-21 22:54 - 2017-01-21 22:54 - 0070752 _____ () C:\Users\Mx\AppData\Roaming\Config.xml
    2017-01-21 22:54 - 2017-01-21 22:54 - 0011568 _____ () C:\Users\Mx\AppData\Roaming\InstallationConfiguration.xml
    2017-01-21 22:54 - 2017-01-21 22:54 - 0140288 _____ () C:\Users\Mx\AppData\Roaming\Installer.dat
    2017-01-21 22:54 - 2017-01-21 22:54 - 0018432 _____ () C:\Users\Mx\AppData\Roaming\Main.dat
    2017-01-21 22:54 - 2017-01-21 22:54 - 0005568 _____ () C:\Users\Mx\AppData\Roaming\md.xml
    2017-02-15 18:05 - 2017-02-15 18:05 - 0000055 _____ () C:\Users\Mx\AppData\Roaming\MouseServer.ini
    2017-01-21 22:54 - 2017-01-21 22:54 - 0126464 _____ () C:\Users\Mx\AppData\Roaming\noah.dat
    2017-01-21 22:55 - 2017-01-21 22:55 - 0001150 _____ () C:\Users\Mx\AppData\Roaming\uninstall_temp.ico
    2017-03-07 23:46 - 2017-03-07 23:46 - 0002048 _____ () C:\Users\Mx\AppData\Local\uninstallro.exe
    C:\Program Files (x86)\MyMemory\MyMemory.exe
    C:\Users\Mx\AppData\Roaming\AppTrailers\AppTrailers.exe
    C:\Users\Mx\AppData\Roaming\ProxyGate\MainService.exe

    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    Po wykonaniu zamieść nowe logi z FRST.

    0