Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunac wirus żěŃą! zwykle metody zawodzą!

kanonierkibic 02 Kwi 2017 11:47 435 5
  • #1 02 Kwi 2017 11:47
    kanonierkibic
    Poziom 3  

    Witam jestem tu nowy i widzę ze kilka osób miało już ten problem wiec proszę o pomoc z tym wirusem. Mam nadzieje ze pisze w dobrym dziale i zrobię to jak należy.Za błędy wybaczcie. Z tego co wyczytałem nalezy pobrac FRST i wkleić logi Frst.txt oraz Addition.txt. Wiec tyle na starcie wiem. Proszę o pomoc i jeszcze raz sorry jak coś zle zrobilem

    0 5
  • Pomocny post
    #2 02 Kwi 2017 12:11
    krzychupar
    Poziom 40  

    Odinstaluj:
    McAfee WebAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.235 - McAfee, Inc.)
    ByteFence Anti-Malware (HKLM\...\ByteFence) (Version: 2.7.0.7 - Byte Technologies LLC) <==== ATTENTION
    Sparta (HKLM\...\Sparta) (Version: - ) <==== ATTENTION
    Traffic Exchange (Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION
    WarThunder (HKLM\...\WarThunder) (Version: - ) <==== ATTENTION
    WorldofTanks (HKLM\...\WorldofTanks) (Version: - ) <==== ATTENTION

    Otwórz notatnik systemowy i wklej:
    Task: {149873DD-80CA-4ED1-B702-CD192D6E244C} - System32\Tasks\UCBrowserUpdater => C:\Program Files\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATTENTION
    Task: {17BDEEF5-60EB-4AE0-AAC4-109244D328B2} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATTENTION
    Task: {1C6CAAF3-1BDE-451D-9DBE-5D271D877BB5} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
    Task: {1CBF2C5A-BD28-4086-A988-04AB99B0D332} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
    Task: {25C3304C-1FDF-4AEB-832C-9049DEE5706A} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
    Task: {67005149-F2E5-49D5-8FEA-AA634954832E} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files\UCBrowser\Security\uclauncher.exe [2017-04-02] (UC Web Inc.) <==== ATTENTION
    Task: {71C898BB-5F2E-4257-9115-4026BF2853F2} - System32\Tasks\Traffic Exchange => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
    Task: {B128C49A-7339-4694-9AFA-DB1CCCFB039A} - System32\Tasks\KuaiZip_Update => C:\Program Files\żěŃą\X86\Update.exe [2017-04-02] (Shanghai Guangle Network Technology Ltd
    ) <==== ATTENTION
    Task: {CDB88162-D8FB-432C-87F7-1CF87511A9F6} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
    Task: {E14C84FD-BD2A-4622-8117-C5D0EDEE8A20} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
    Task: {E3A12EC5-93AA-4907-9ACC-1CEFF1FFE4AC} - System32\Tasks\Traffic Exchange Updater => C:\Program Files\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
    Task: {EFFAC9AE-FE60-40ED-8D69-7493283FE8D9} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION




    Task: {F92FD866-2322-4B5C-8C42-4BFA9F22C46C} - System32\Tasks\Traffic Exchange Guard => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
    Task: {FD4A56D6-25E4-4AFD-9C70-9DD7A3069BA0} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION
    WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=174&aff_id=1034 --app-window-size=1920,1080
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=1&click_id=a2b68f7525ca669944edafc6ac917f396059932c --app-window-size=1920,1080
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sparta.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x86.sys [84370]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458]
    (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    HKU\S-1-5-21-2970501793-119004339-3275236349-1001\...\MountPoints2: {fe76ca74-f029-11e6-b475-d8cb8ac0e1b5} - "F:\Setup.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X86\KZipShell.dll [2017-04-02] ()
    ManualProxies: 0hxxp://no-stop.org/wpad.dat?7be2e9944459cbc3cd4f62ebc04e401c21122456
    BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-22] (McAfee, Inc.)
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
    CHR NewTab: Default -> Not-active:"chrome-extension://iikpfnaikcjkbnamdhapaebbmocmchgb/redirect.html"
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-21]
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [160800 2017-02-22] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [41600 2016-06-06] (McAfee, Inc.)
    R1 ucdrv; C:\Program Files\UCBrowser\Security:ucdrv-x86.sys [84370 ] (UC Web Inc.) <==== ATTENTION
    2017-04-02 11:07 - 2017-04-02 11:07 - 00000000 ____D C:\ProgramData\SWCUTemp
    2017-04-02 11:04 - 2017-04-02 11:00 - 01620992 ____N C:\ProgramData\trz66D8.tmp
    2017-04-02 11:03 - 2017-04-02 11:06 - 00001559 _____ C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2017-04-02 11:03 - 2017-04-02 11:06 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2017-04-02 11:02 - 2017-04-02 11:33 - 00000312 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
    2017-04-02 11:02 - 2017-04-02 11:05 - 00000476 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
    2017-04-02 11:02 - 2017-04-02 11:02 - 00000000 ____D C:\Users\Piotr\AppData\Local\UCBrowser
    2017-04-02 11:02 - 2017-04-02 11:02 - 00000000 ____D C:\Program Files\UCBrowser
    2017-04-02 11:01 - 2017-04-02 11:01 - 00068128 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2017-04-02 11:01 - 2017-04-02 11:01 - 00001063 _____ C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-04-02 11:01 - 2017-04-02 11:01 - 00001039 _____ C:\Users\Piotr\Desktop\żěŃą.lnk
    2017-04-02 11:01 - 2017-04-02 11:01 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Softlink
    2017-04-02 11:01 - 2017-04-02 11:01 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\KuaiZip
    2017-04-02 11:01 - 2017-04-02 11:01 - 00000000 ____D C:\Program Files\żěŃą
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000394 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000352 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000352 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000352 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
    2017-04-02 11:00 - 2017-04-02 11:02 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\UCChannel
    2017-03-19 08:36 - 2016-11-28 19:58 - 00000000 ____D C:\Program Files\McAfee
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #3 02 Kwi 2017 12:11
    Kolobos
    Spec od komputerów

    To co podal @krzychupar jest jak zwykle niekompletne.

    Zgaduje, ze zainfekowales system po uruchomieniu:
    2017-04-02 10:57 - 2017-04-02 10:57 - 01110016 _____ C:\Users\Piotr\Downloads\FIFA 16 (PC) RELOADED.iso
    Plik usun.

    Odinstaluj:
    ByteFence Anti-Malware
    McAfee WebAdvisor
    Sparta
    WarThunder
    WorldofTanks

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Traffic Exchange (Version: 2.1.0 - Microleaves) Hidden <==== ATTENTION

    W FRST wybierz Napraw.

    Odinstaluj:
    Traffic Exchange

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj nowy Fixlist.txt, tym razem w trybie awaryjnym:
    CloseProcesses:
    Task: {149873DD-80CA-4ED1-B702-CD192D6E244C} - System32\Tasks\UCBrowserUpdater => C:\Program Files\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATTENTION
    Task: {17BDEEF5-60EB-4AE0-AAC4-109244D328B2} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATTENTION
    Task: {1C6CAAF3-1BDE-451D-9DBE-5D271D877BB5} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
    Task: {1CBF2C5A-BD28-4086-A988-04AB99B0D332} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
    Task: {25C3304C-1FDF-4AEB-832C-9049DEE5706A} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
    Task: {67005149-F2E5-49D5-8FEA-AA634954832E} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files\UCBrowser\Security\uclauncher.exe [2017-04-02] (UC Web Inc.) <==== ATTENTION
    Task: {71C898BB-5F2E-4257-9115-4026BF2853F2} - System32\Tasks\Traffic Exchange => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
    Task: {B128C49A-7339-4694-9AFA-DB1CCCFB039A} - System32\Tasks\KuaiZip_Update => C:\Program Files\żěŃą\X86\Update.exe [2017-04-02] (Shanghai Guangle Network Technology Ltd
    ) <==== ATTENTION
    Task: {CDB88162-D8FB-432C-87F7-1CF87511A9F6} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
    Task: {E14C84FD-BD2A-4622-8117-C5D0EDEE8A20} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
    Task: {E3A12EC5-93AA-4907-9ACC-1CEFF1FFE4AC} - System32\Tasks\Traffic Exchange Updater => C:\Program Files\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== ATTENTION
    Task: {EFFAC9AE-FE60-40ED-8D69-7493283FE8D9} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== ATTENTION
    Task: {F92FD866-2322-4B5C-8C42-4BFA9F22C46C} - System32\Tasks\Traffic Exchange Guard => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== ATTENTION
    Task: {FD4A56D6-25E4-4AFD-9C70-9DD7A3069BA0} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files\UCBrowser\Application\update_task.exe <==== ATTENTION
    WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=174&aff_id=1034 --app-window-size=1920,1080
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=1&click_id=a2b68f7525ca669944edafc6ac917f396059932c --app-window-size=1920,1080
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Sparta.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    2016-11-28 18:58 - 2016-11-28 18:58 - 00023040 _____ () C:\Windows\KMS-R@1n.exe
    2017-04-02 11:01 - 2017-04-02 11:01 - 00219032 _____ () c:\program files\żěńą\x86\kuaizipupdatechecker.dll
    2017-04-02 11:02 - 2017-03-07 16:32 - 00599440 _____ () C:\Program Files\UCBrowser\Application\UCService.exe
    2017-04-02 11:01 - 2017-04-02 11:01 - 00425368 _____ () C:\Program Files\żěŃą\X86\KZipShell.dll
    2017-04-02 11:02 - 2017-03-07 16:32 - 02150288 _____ () C:\Program Files\UCBrowser\Application\6.1.2107.204\UCAgent.exe
    AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x86.sys [84370]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458]
    () C:\Windows\KMS-R@1n.exe
    () C:\Program Files\UCBrowser\Application\UCService.exe
    () C:\Program Files\UCBrowser\Application\6.1.2107.204\UCAgent.exe
    HKU\S-1-5-21-2970501793-119004339-3275236349-1001\...\MountPoints2: {fe76ca74-f029-11e6-b475-d8cb8ac0e1b5} - "F:\Setup.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X86\KZipShell.dll [2017-04-02] ()
    ManualProxies: 0hxxp://no-stop.org/wpad.dat?7be2e9944459cbc3cd4f62ebc04e401c21122456
    RemoveProxy:
    CHR NewTab: Default -> Not-active:"chrome-extension://iikpfnaikcjkbnamdhapaebbmocmchgb/redirect.html"
    CHR Extension: (Movie Goat) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikpfnaikcjkbnamdhapaebbmocmchgb [2017-01-25]
    CHR Extension: (Any Print) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\liebbdobkmmedekbnjpgbjjknfobfacp [2017-03-13]
    CHR Extension: (Amertoli) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojbmgjdgnielgdpgckdkmcpnfdiphiip [2017-03-14]
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [23040 2016-11-28] () [File not signed]
    R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-04-02] ()
    R2 UCBrowserSvc; C:\Program Files\UCBrowser\Application\UCService.exe [599440 2017-03-07] ()
    R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [68128 2017-04-02] (WinMount International Inc)
    R1 ucdrv; C:\Program Files\UCBrowser\Security:ucdrv-x86.sys [84370 ] (UC Web Inc.) <==== ATTENTION
    2017-04-02 11:07 - 2017-04-02 11:07 - 00000000 ____D C:\ProgramData\SWCUTemp
    2017-04-02 11:04 - 2017-04-02 11:00 - 01620992 ____N C:\ProgramData\trz66D8.tmp
    2017-04-02 11:03 - 2017-04-02 11:06 - 00001559 _____ C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2017-04-02 11:03 - 2017-04-02 11:06 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2017-04-02 11:03 - 2017-04-02 11:03 - 00000000 ____D C:\ProgramData\Microleaves
    2017-04-02 11:02 - 2017-04-02 11:33 - 00000312 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
    2017-04-02 11:02 - 2017-04-02 11:05 - 00000476 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
    2017-04-02 11:02 - 2017-04-02 11:02 - 00000000 ____D C:\Users\Piotr\AppData\Local\UCBrowser
    2017-04-02 11:02 - 2017-04-02 11:02 - 00000000 ____D C:\Program Files\UCBrowser
    2017-04-02 11:01 - 2017-04-02 11:01 - 00068128 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2017-04-02 11:01 - 2017-04-02 11:01 - 00001063 _____ C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-04-02 11:01 - 2017-04-02 11:01 - 00001039 _____ C:\Users\Piotr\Desktop\żěŃą.lnk
    2017-04-02 11:01 - 2017-04-02 11:01 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Softlink
    2017-04-02 11:01 - 2017-04-02 11:01 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\KuaiZip
    2017-04-02 11:01 - 2017-04-02 11:01 - 00000000 ____D C:\Program Files\żěŃą
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000394 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000352 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000352 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000352 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
    2017-04-02 11:00 - 2017-04-02 11:05 - 00000342 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
    2017-04-02 11:00 - 2017-04-02 11:02 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\UCChannel
    2017-04-02 11:00 - 2017-04-02 11:00 - 00001211 _____ C:\Users\Piotr\Desktop\AutoTime.lnk
    2017-04-02 11:00 - 2017-04-02 11:00 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Microleaves
    2017-04-02 11:00 - 2017-04-02 11:00 - 00000000 ____D C:\Users\Piotr\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-04-02 11:00 - 2017-04-02 11:00 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-04-02 11:00 - 2017-04-02 11:00 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-04-02 11:00 - 2017-04-02 11:00 - 00000000 ____D C:\Program Files\Microleaves
    2017-04-02 10:59 - 2017-04-02 10:59 - 00140288 _____ C:\Users\Piotr\AppData\Roaming\Installer.dat
    2017-04-02 10:59 - 2017-04-02 10:59 - 00011568 _____ C:\Users\Piotr\AppData\Roaming\InstallationConfiguration.xml
    2017-04-02 10:59 - 2017-04-02 10:59 - 0011568 _____ () C:\Users\Piotr\AppData\Roaming\InstallationConfiguration.xml
    2017-04-02 10:59 - 2017-04-02 10:59 - 0140288 _____ () C:\Users\Piotr\AppData\Roaming\Installer.dat
    2017-04-02 11:04 - 2017-04-02 11:00 - 1620992 ____N () C:\ProgramData\trz66D8.tmp
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #5 02 Kwi 2017 13:07
    Kolobos
    Spec od komputerów

    W Chrome zmien Adblock na uBlock Origin.

    Nowy Fixlist.txt dla FRST:
    AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x86.sys [84370]
    CHR Extension: (Any Print) - C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\liebbdobkmmedekbnjpgbjjknfobfacp [2017-04-02]
    2017-04-02 12:26 - 2017-04-02 12:31 - 00000000 ____D C:\AdwCleaner
    C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\Default\Extensions\liebbdobkmmedekbnjpgbjjknfobfacp


    Synchronizujesz ustawienia Chrome z konta google? Jezeli tak to usun dane synchronizacji z konta i dopiero wykonaj Fixlist. Po wykonaniu sprawdz czy dalej masz w Chrome szkodliwe rozszerzenie: Any Print.

    Po wszystkim usun katalog C:\FRST.

    0
  • #6 02 Kwi 2017 13:20
    kanonierkibic
    Poziom 3  

    Wszystko zrobione. Szkodliwe rozszerzenie: Any Print zniknęło . Także jeszcze raz wielkie dzięki ! Pozdrawiam

    0