Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus żěŃą :( fixlist potrzebny

flaszk4 07 Kwi 2017 22:00 357 1
  • #2 07 Kwi 2017 22:19
    Kolobos
    Spec od komputerów

    Odinstaluj Browser Configuration Utility

    Podany Fixlist wykonaj w trybie awaryjnym.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {2C07BACB-FE4D-4CB5-8133-883F7534C548} - System32\Tasks\KuaiZip_Update => C:\PROGRA~1\88D7~1\X86\Update.exe <==== UWAGA
    Task: {B97CC667-E9BB-43FB-8B83-5560FA05F22F} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-04-07] (UC Web Inc.) <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Ja\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Games.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c "start hxxp://socialgames.splashtop.com/redirectGames/?oem=asusegbcu00^&os=Windows^&p=M4A78LT-M^&pv=1.0.12^&v=1^&flv=^&c=1045^&t=1a5504862bb070d9fe3e55c0547bdf2b^&l=pl-PL"
    ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Ja\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/




    ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Ja\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Ja\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Ja\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    2017-04-07 18:51 - 2017-04-07 18:51 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2017-04-07 18:52 - 2017-03-07 15:27 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    2017-04-07 18:51 - 2017-04-07 18:51 - 00219032 _____ () c:\program files\żěńą\x86\kuaizipupdatechecker.dll
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1498914]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1223458]
    () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [411864 2010-03-05] (DeviceVM, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-621321787-1685279522-822394074-1000\...\MountPoints2: {577e374e-a715-11e6-ace7-bcaec518d305} - H:\setup.exe
    HKU\S-1-5-21-621321787-1685279522-822394074-1000\...\MountPoints2: {585c7290-eb99-11e6-9a98-0c5b8f279a64} - F:\startme.exe
    HKU\S-1-5-21-621321787-1685279522-822394074-1000\...\MountPoints2: {f193cad1-3d55-11e6-8155-bcaec518d305} - F:\AutoRun.exe
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-04-07] ()
    HKU\S-1-5-21-621321787-1685279522-822394074-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3n6oLykbCtfYMliKKDzhjua8LZmllFj5NEzg,,&q={searchTerms}
    HKU\S-1-5-21-621321787-1685279522-822394074-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...rhb1wVOyCiaoif-JO5U3m6-emkPY72yWeb1ecv3G5aQ,,,,
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3n6oLykbCtfYMliKKDzhjua8LZmllFj5NEzg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-621321787-1685279522-822394074-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3n6oLykbCtfYMliKKDzhjua8LZmllFj5NEzg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-621321787-1685279522-822394074-1000 -> {04E96648-DE0C-4dc1-92C6-1835F7C779AF} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
    SearchScopes: HKU\S-1-5-21-621321787-1685279522-822394074-1000 -> {2216513C-8ECE-40e5-A164-0C29FE00A044} URL = hxxp://www.google.com/custom?client=pub-37942...%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-621321787-1685279522-822394074-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3n6oLykbCtfYMliKKDzhjua8LZmllFj5NEzg,,&q={searchTerms}
    CHR Extension: (Seen On Screen) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\adhocdiccajfkmnpbkpogmkponpcpdop [2017-01-10]
    CHR Extension: (MySearch) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\flkinkcejccncjkjkciaeaagjifgkffd [2017-01-10]
    CHR Extension: (Screen Addict) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkfpmfocjleiiaonoegechkdchmcjpnn [2017-01-10]
    R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-04-07] ()
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-03-07] ()
    S2 GoogleChromeUpService; C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51504 /local:br [X] <==== UWAGA
    S2 Hotfresh; C:\ProgramData\\Hotfresh\\Hotfresh.exe shuz -f "C:\ProgramData\\Hotfresh\\Hotfresh.dat" -l -a
    R1 cryptfd; C:\Windows\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
    R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-04-07] (WinMount International Inc)
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    2017-04-07 18:53 - 2017-04-07 21:14 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-04-07 18:53 - 2017-04-07 18:53 - 00000000 ___HD C:\$AV_ASW
    2017-04-07 18:52 - 2017-04-07 18:53 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-04-07 18:52 - 2017-04-07 18:52 - 00000000 ____D C:\Users\Ja\AppData\Local\UCBrowser
    2017-04-07 18:51 - 2017-04-07 20:59 - 00000000 ____D C:\Program Files\żěŃą
    2017-04-07 18:51 - 2017-04-07 18:51 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2017-04-07 18:51 - 2017-04-07 18:51 - 00003374 _____ C:\Windows\System32\Tasks\KuaiZip_Update
    2017-04-07 18:51 - 2017-04-07 18:51 - 00000000 ____D C:\Users\Ja\AppData\Roaming\Softlink
    2017-04-07 18:51 - 2017-04-07 18:51 - 00000000 ____D C:\Users\Ja\AppData\Roaming\Mozilla
    2017-04-07 18:51 - 2017-04-07 18:51 - 00000000 ____D C:\Users\Ja\AppData\Roaming\KuaiZip
    2017-04-07 18:50 - 2017-04-07 19:42 - 00000000 ____D C:\ProgramData\Logic Cramble
    2017-04-07 18:50 - 2017-04-07 19:42 - 00000000 ____D C:\ProgramData\Hotfresh
    2017-04-07 18:50 - 2017-04-07 18:51 - 00000000 ____D C:\Users\Ja\AppData\Roaming\UCChannel
    2017-04-07 18:50 - 2017-04-07 18:50 - 07303680 _____ C:\Users\Ja\AppData\Roaming\agent.dat
    2017-04-07 18:50 - 2017-04-07 18:50 - 01894458 _____ C:\Users\Ja\AppData\Roaming\Holdtop.tst
    2017-04-07 18:50 - 2017-04-07 18:50 - 00126464 _____ C:\Users\Ja\AppData\Roaming\noah.dat
    2017-04-07 18:50 - 2017-04-07 18:50 - 00070800 _____ C:\Users\Ja\AppData\Roaming\Config.xml
    2017-04-07 18:50 - 2017-04-07 18:50 - 00018432 _____ C:\Users\Ja\AppData\Roaming\Main.dat
    2017-04-07 18:50 - 2017-04-07 18:50 - 00015606 _____ C:\Windows\SysWOW64\findit.xml
    2017-04-07 18:50 - 2017-04-07 18:50 - 00005568 _____ C:\Users\Ja\AppData\Roaming\md.xml
    2017-04-07 18:50 - 2017-04-07 18:50 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-04-07 18:50 - 2017-04-07 18:50 - 00000000 ____D C:\Users\Ja\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-04-07 18:50 - 2017-04-07 18:50 - 00000000 ____D C:\ProgramData\Hotfreshs
    2017-04-07 18:49 - 2017-04-07 18:49 - 00140288 _____ C:\Users\Ja\AppData\Roaming\Installer.dat
    2017-04-07 18:49 - 2017-04-07 18:49 - 00016512 _____ C:\Users\Ja\AppData\Roaming\InstallationConfiguration.xml
    2017-04-07 18:50 - 2017-04-07 18:50 - 7303680 _____ () C:\Users\Ja\AppData\Roaming\agent.dat
    2017-04-07 18:50 - 2017-04-07 18:50 - 0070800 _____ () C:\Users\Ja\AppData\Roaming\Config.xml
    2017-04-07 18:50 - 2017-04-07 18:50 - 1894458 _____ () C:\Users\Ja\AppData\Roaming\Holdtop.tst
    2017-04-07 18:49 - 2017-04-07 18:49 - 0016512 _____ () C:\Users\Ja\AppData\Roaming\InstallationConfiguration.xml
    2017-04-07 18:49 - 2017-04-07 18:49 - 0140288 _____ () C:\Users\Ja\AppData\Roaming\Installer.dat
    2017-04-07 18:50 - 2017-04-07 18:50 - 0018432 _____ () C:\Users\Ja\AppData\Roaming\Main.dat
    2017-04-07 18:50 - 2017-04-07 18:50 - 0005568 _____ () C:\Users\Ja\AppData\Roaming\md.xml
    2017-04-07 18:50 - 2017-04-07 18:50 - 0126464 _____ () C:\Users\Ja\AppData\Roaming\noah.dat
    2017-04-07 18:50 - 2017-04-07 18:50 - 0032038 _____ () C:\Users\Ja\AppData\Roaming\uninstall_temp.ico
    2016-12-30 20:53 - 2016-12-30 21:13 - 0000001 _____ () C:\Users\Ja\AppData\Roaming\update.dat
    EmptyTemp:


    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Po wszystkim zamiesc nowe logi z FRST, ze skanowania.

    0