Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Zawirusowany laptop, programy antywirusowe nie działają

kwazi8kwazi 23 Maj 2017 12:43 519 8
  • CControls
  • #2 23 Maj 2017 12:49
    Kolobos
    Spec od komputerów

    Zamiesc wymagane logi z FRST w zalaczniku, tak jak wszyscy.

    0
  • CControls
  • #3 23 Maj 2017 12:56
    kwazi8kwazi
    Poziom 3  

    Logi dodane

    0
  • Pomocny post
    #4 23 Maj 2017 13:52
    Kolobos
    Spec od komputerów

    Zrob kopie zakladek z Chrome, skrypt usunie katalog profilu przegladarki utworzony przez infekcje.
    Usun tez dane synchronizacji Chrome z konta google: https://support.google.com/chrome/answer/6386691?hl=pl

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\...\ChromeHTML: -> "C:\Program Files (x86)\Eggper\Application\chrome.exe" "%1" <==== UWAGA
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\...\ChromeHTML: -> "C:\Program Files (x86)\Eggper\Application\chrome.exe" "%1" <==== UWAGA
    Task: {0B1E7975-27E1-4143-86F7-A0721CC56AB4} - System32\Tasks\{56851AB6-D135-420C-B441-BEBF123E2B8F} => pcalua.exe -a "C:\Users\User\Desktop\Nowy folder (2)\AutoRun.exe" -d "C:\Users\User\Desktop\Nowy folder (2)"
    Task: {1099EAD6-DBFB-4DC1-9591-D71953DB0246} - System32\Tasks\{F53D7307-5361-41CE-B56B-C1C5922ED362} => pcalua.exe -a C:\Users\User\Downloads\ASUS_N43JF_Camera_Azurewave_32_z5854000207\PNPINST.exe -d C:\Users\User\Downloads\ASUS_N43JF_Camera_Azurewave_32_z5854000207
    Task: {3316E486-6D28-4044-BB08-856EB1110FFC} - System32\Tasks\Windows-PG => powershell.exe C:\windows\psgo\psgo.ps1
    Task: {59B3961C-F470-48F1-8C50-80BAE452A86E} - System32\Tasks\Taqetain Cloud => C:\Program Files (x86)\Qoqotyjozerdom\xjfuent.exe [2017-03-14] (Glarysoft Ltd)
    Task: {6605B72E-1ADB-474A-BC17-557E2831D3DC} - \Stufalygrulert -> Brak pliku <==== UWAGA
    Task: {DC15BE85-E8FF-4E07-9DED-000F732E89CC} - System32\Tasks\Opera scheduled Autoupdate 1483447849 => C:\Program Files\Opera\launcher.exe [2017-05-15] (Opera Software)
    Hosts:
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\...\MountPoints2: {56647255-0d6e-11e7-b9cd-485b393af028} - "V:\Autorun.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\...\MountPoints2: {56647b5b-0d6e-11e7-b9cd-485b393af028} - "W:\Autorun.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\...\MountPoints2: {5c7aa60d-23cb-11e7-b9d1-485b393af028} - "G:\Lenovo_Suite.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\...\MountPoints2: {7c2e8058-da8c-11e6-b9c4-485b393af028} - "V:\Autorun.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\...\MountPoints2: {83850c2f-0588-11e7-b9c8-485b393af028} - "G:\Lenovo_Suite.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\...\MountPoints2: {f30d0734-1a1b-11e7-b9cd-485b393af028} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\...\MountPoints2: {f30d0754-1a1b-11e7-b9cd-485b393af028} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\...\MountPoints2: {f30d076e-1a1b-11e7-b9cd-485b393af028} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\...\MountPoints2: {56647255-0d6e-11e7-b9cd-485b393af028} - "V:\Autorun.exe"




    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\...\MountPoints2: {56647b5b-0d6e-11e7-b9cd-485b393af028} - "W:\Autorun.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\...\MountPoints2: {5c7aa60d-23cb-11e7-b9d1-485b393af028} - "G:\Lenovo_Suite.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\...\MountPoints2: {7c2e8058-da8c-11e6-b9c4-485b393af028} - "V:\Autorun.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\...\MountPoints2: {83850c2f-0588-11e7-b9c8-485b393af028} - "G:\Lenovo_Suite.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\...\MountPoints2: {f30d0734-1a1b-11e7-b9cd-485b393af028} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\...\MountPoints2: {f30d0754-1a1b-11e7-b9cd-485b393af028} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\...\MountPoints2: {f30d076e-1a1b-11e7-b9cd-485b393af028} - "G:\HiSuiteDownLoader.exe"
    IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
    IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
    ShellExecuteHooks: Brak nazwy - {73022E10-038C-11E7-8C2C-64006A5CFC23} - C:\Users\User\AppData\Roaming\Arefokmotot\Odomanizer.dll -> Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1945137566-4293120088-3390097971-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1945137566-4293120088-3390097971-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    Edge HomeButtonPage: HKU\S-1-5-21-1945137566-4293120088-3390097971-1001 -> hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\an06jkt1.default -> trotux
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\an06jkt1.default -> trotux
    FF Homepage: Mozilla\Firefox\Profiles\an06jkt1.default -> hxxp://www.ourluckysites.com/?type=hp&ts=...e0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1F
    FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-1945137566-4293120088-3390097971-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Brak pliku]
    StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.ourluckysites.com/?type=sc&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    CHR DefaultProfile: ChromeDefaultData
    CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=a238e7c2b8e4488139dc...=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&type=hp
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=a238e7c2b8e4488139dc025gdzbb6tbwfo2c7g6tdb&from=icb&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&type=hp"
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS&q={searchTerms}
    CHR DefaultSearchKeyword: ChromeDefaultData -> ourluckysites
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-22] <==== UWAGA
    C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR Extension: (Dokumenty Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-05]
    CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-20]
    CHR Extension: (Adblocker for Youtube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gndgngmogcnpkcbknmcgpnooljecgadk [2017-03-14]
    CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
    CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Eggper\Application\chrome.exe <==== UWAGA
    HKU\S-1-5-21-1945137566-4293120088-3390097971-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05222017231501351\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Eggper\Application\chrome.exe <==== UWAGA
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.ourluckysites.com/?type=sc&ts=...0812&uid=ST9320325AS_5VD3N1FSXXXX5VD3N1FS
    R3 HaozipVirtualCDBus; C:\Windows\System32\drivers\HaoZipVirtualCDBus.sys [207336 2015-08-28] (Shanghai RuiChuang)
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
    U2 snare; Brak ImagePath
    2017-05-23 12:39 - 2017-05-23 12:39 - 00602112 _____ (OldTimer Tools) C:\Users\User\Downloads\OTL.exe
    2017-05-23 12:23 - 2017-05-23 12:41 - 00000000 ____D C:\AdwCleaner
    2017-05-23 12:05 - 2017-05-23 12:05 - 00000000 ____D C:\Jopetiondipas
    2017-05-18 15:26 - 2017-05-18 15:26 - 00000000 ____D C:\Reimward
    2017-05-16 13:00 - 2017-05-16 13:00 - 00000000 ____D C:\Terward
    2017-05-12 23:33 - 2017-05-17 14:14 - 00000000 _____ C:\Windows\SysWOW64\1111
    2017-05-10 10:43 - 2017-05-22 23:29 - 00000000 _____ C:\Windows\SysWOW64\1
    2017-05-04 16:09 - 2017-05-04 16:09 - 00000000 ____D C:\Users\Public\Documents\Google
    2017-05-04 16:09 - 2017-05-04 16:09 - 00000000 ____D C:\Program Files (x86)\590B35FF_jumpeasy
    2017-05-04 16:07 - 2017-05-04 16:09 - 00000000 ____D C:\Program Files (x86)\590B35A0_jumpeasy
    2017-05-03 12:37 - 2017-05-05 15:26 - 00000000 ____D C:\Insist
    2017-04-28 13:23 - 2017-05-05 15:27 - 00003590 _____ C:\Windows\System32\Tasks\Windows-PG
    2017-04-28 13:23 - 2017-05-04 16:08 - 00000000 ____D C:\Windows\psgo
    2017-04-28 13:23 - 2017-04-28 13:23 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-04-28 13:22 - 2017-05-23 12:07 - 00000000 ____D C:\Program Files\MK
    2017-04-28 13:22 - 2017-05-05 13:44 - 00000000 ____D C:\Alitkojck
    2017-05-23 12:18 - 2017-01-03 14:32 - 00000000 ____D C:\Users\User\AppData\Roaming\HaoZip
    2017-05-23 12:05 - 2017-03-14 22:26 - 00000000 ____D C:\Program Files (x86)\Qoqotyjozerdom
    EmptyTemp:

    W FRST wybirz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #5 23 Maj 2017 13:54
    kwazi8kwazi
    Poziom 3  

    Okej, ale właśnie zauważyłem że przeglądarki chrome i mozilla zostały usunięte.

    0
  • #6 23 Maj 2017 13:56
    Kolobos
    Spec od komputerów

    Po co cytujesz caly post? Naucz sie korzystac z forum!

    Trudno, wykonaj to co podalem.

    0
  • Pomocny post
    #8 23 Maj 2017 14:24
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #9 23 Maj 2017 14:30
    kwazi8kwazi
    Poziom 3  

    Dziękuje bardzo za pomoc :)

    0