Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus żěŃą nowy laptop windows 10 - logi

lesiu891 22 Mar 2017 16:08 447 2
  • #1 22 Mar 2017 16:08
    lesiu891
    Poziom 8  

    Witam.
    Kupiłem nowy laptop z oryginalnym Windows 10. Po instalacji kilku programów, pojawił się wirus "żěŃą".
    Pod prawym przyciskiem myszy, mam jakieś chińskie znaki.
    Bardzo proszę o pomoc. Przesyłam wyniki ze skanowania, programem Farbar.

    0 2
  • #2 22 Mar 2017 16:49
    krzychupar
    Poziom 40  

    Odinstaluj:
    Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA
    Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA

    Otwórz notatnik systemowy i wklej:

    Task: {029B37B1-C3CA-41F9-8706-C13A88A4BD6C} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {08B8F4B7-89C5-4C8E-B357-A3AB228E610B} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {61241C70-FE5E-4D7C-BCC8-763BA7DB8EB8} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {62A24660-B113-4185-8E85-C549F1AB8047} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {62FAB099-BEBD-41F2-A35A-C844F5A5D275} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {9AA8AF7F-2DA9-4D2F-9E56-8D0E87B2C1BF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\windows\Explorer.exe /NOUACCHECK
    Task: {A1B332B2-B5B3-4092-8E97-C1075BD0CC73} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {A4FAD545-EC56-4027-8CEE-AB7F14B3ADAE} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {AF6188AB-7957-4677-BF29-E4C72EB526E5} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {D4CA0FAD-E155-4C16-BDB7-59EC0905C97C} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {F4521827-BEBF-480B-AFE5-C0AE22840114} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: C:\windows\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\windows\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\windows\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA




    Task: C:\windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\damia\Desktop\Google Chrome.lnk -> C:\Users\damia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\damia\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\damia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Users\damia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\damia\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\damia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\damia\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\damia\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    HKU\S-1-5-18\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-03-22] ()
    HKU\S-1-5-21-1827232124-2065232228-384299617-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...Y9Scr8ZPdsxF9V7-QC-fhWChuceoWxsoep8A,,&q={searchTerms}
    HKU\S-1-5-21-1827232124-2065232228-384299617-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...toB1RGtY0iPonWxjfXgv1sNgvwT2mmvnbiIn5T1YZIw,,,,
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-1827232124-2065232228-384299617-1003 -> DefaultScope {ielnksrch} URL =
    S2 MbeUlDmpWkR3 Updater; C:\Program Files (x86)\MbeUlDmpWkR3 Updater\MbeUlDmpWkR3 Updater.exe [X]
    2017-03-22 15:55 - 2017-03-22 16:01 - 00000000 ____D C:\Users\damia\AppData\Roaming\KuaiZip
    2017-03-22 15:50 - 2017-03-22 15:54 - 00000000 ____D C:\AdwCleaner
    2017-03-22 15:28 - 2017-03-22 15:28 - 00092832 _____ (WinMount International Inc) C:\windows\system32\Drivers\KuaiZipDrive.sys
    2017-03-22 15:28 - 2017-03-22 15:28 - 00000884 _____ C:\Users\damia\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-03-22 15:28 - 2017-03-22 15:28 - 00000000 ____D C:\Users\damia\AppData\Local\UCBrowser
    2017-03-22 15:28 - 2017-03-22 15:28 - 00000000 ____D C:\Users\damia\AppData\Local\PeerDistRepub
    2017-03-22 15:28 - 2017-03-22 15:28 - 00000000 ____D C:\Program Files\żěŃą
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 22 Mar 2017 17:29
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0