Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus ZENA, chińskie znaczki, jak usunąc krok po kroku

tsuski1986 09 Lip 2017 13:09 756 4
  • #1 09 Lip 2017 13:09
    tsuski1986
    Poziom 2  

    Jakiś czas temu mój komputer zainfekował się, prawdopodobnie w trakcie ściągania jakiegoś oprogramowania wirusem, który powoduje wyskakiwanie okienek, otwieranie stron oraz spowolnienie komputera, wszystko jest w języku chińskim. Nie wiem jak się tego pozbyć, zwykły format jest niemożliwy ponieważ wyskakuje błąd. Wiem, że trzeba użyc programu frst, ale nie wiem co dalej. załączam logi z frst. Proszę o pomoc

    0 4
  • Pomocny post
    #2 09 Lip 2017 13:27
    krzychupar
    Poziom 40  

    Odinstaluj:
    One System Care (HKLM-x32\...\OneSystemCare) (Version: 4.4.0.3 - OneSystemCare) <==== UWAGA
    Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== UWAGA
    Online Special Application (HKLM-x32\...\{57281722-3238-4A30-AAE7-85D93977E0FE}) (Version: 2.6.0 - Microleaves) Hidden <==== UWAGA
    Online.io Application (HKLM-x32\...\{F0847AE0-465A-4D7B-A555-AABB43B550F0}) (Version: 2.1.0 - Microleaves) Hidden <==== UWAGA
    ProxyGate version 3.0.0.1180 (HKLM-x32\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1180 - Gold Click Ltd) <==== UWAGA
    Traffic Exchange (HKLM-x32\...\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}) (Version: 2.1.0 - Microleaves) Hidden <==== UWAGA

    Otwórz notatnik systemowy i wklej:

    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-03-29] ()
    ContextMenuHandlers01: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-03-29] ()
    ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
    Task: {16A6E06E-FF6F-4041-A525-9941FDD5C8FA} - System32\Tasks\Updater_Online_Special_Application => C:\Program Files (x86)\Microleaves\Online Special Application\Online Special Application Updater.exe <==== UWAGA
    Task: {1704E864-38D6-4E2F-ADDB-7FF6370186DD} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-12-26] () <==== UWAGA
    Task: {56CBE8C9-77CF-48ED-96FE-90899C3E59AA} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-05-11] (UCWeb Inc) <==== UWAGA
    Task: {89E3D3FB-C6D7-4005-A974-E15CBD840B8B} - System32\Tasks\One System Care Task => C:\Program [Argument = Files (x86)\ONESYS~1\SYSTEM~1.EXE] <==== UWAGA
    Task: {8BD6FF16-8FE3-445D-8B7E-92E0608EF798} - System32\Tasks\Online Special Application V2G3 => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: {9317D8A6-5410-455F-9161-D6EF28B8DC6C} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-05-11] (UCWeb Inc) <==== UWAGA
    Task: {9A8EBDE3-C2F3-4AB3-B7AB-498E91DD9BD6} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-03-29] (UC Web Inc.) <==== UWAGA
    Task: {9F6A4BF2-71BA-4419-A849-D9C68AA398C0} - System32\Tasks\Online Special Application V2G1 => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: {B3740C0A-6FAE-46DD-8669-1FC61801D96F} - System32\Tasks\Online Special Application V2G2 => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA




    Task: {D5D63EA9-5AD3-4143-AED5-0B3D645DD42E} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2016-12-26] () <==== UWAGA
    Task: C:\WINDOWS\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Special Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Special Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Special Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Updater_Online_Special_Application.job => C:\Program Files (x86)\Microleaves\Online Special Application\Online Special Application Updater.exe <==== UWAGA
    2017-03-29 10:43 - 2017-03-29 10:43 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    HKU\S-1-5-21-2877699007-3859885216-2833884254-1001\...\MountPoints2: {291cf356-018a-11e7-824f-a08869543d09} - "D:\AutoRun.exe"
    HKU\S-1-5-21-2877699007-3859885216-2833884254-1001\...\MountPoints2: {291cfaca-018a-11e7-824f-a08869543d09} - "D:\AutoRun.exe"
    HKU\S-1-5-21-2877699007-3859885216-2833884254-1001\...\MountPoints2: {49fa5f56-3029-11e7-8258-a08869543d09} - "D:\startme.exe"
    HKU\S-1-5-21-2877699007-3859885216-2833884254-1001\...\MountPoints2: {49fa60ea-3029-11e7-8258-a08869543d09} - "D:\autorun.exe"
    HKU\S-1-5-21-2877699007-3859885216-2833884254-1001\...\MountPoints2: {49fa6118-3029-11e7-8258-a08869543d09} - "D:\autorun.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    HKLM\...\Providers\pa03qrmr: C:\Program Files (x86)\Kiqspjejet Agent\local64spl.dll [307200 2017-03-29] () <==== UWAGA
    ShellExecuteHooks: Brak nazwy - {1C4215B4-12EA-11E7-AADA-64006A5CFC23} - C:\Users\ANULA\AppData\Roaming\Thajophwadosh\Serqis.dll -> Brak pliku <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== UWAGA
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-05-11] () <==== UWAGA
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    2017-06-17 20:11 - 2017-06-21 20:10 - 00000290 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
    2017-06-17 20:11 - 2017-06-17 20:11 - 00002840 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
    2017-06-17 20:10 - 2017-06-17 20:10 - 00003672 _____ C:\WINDOWS\System32\Tasks\One System Care Task
    2017-06-17 20:10 - 2017-06-17 20:10 - 00000000 ____D C:\ProgramData\fb2aa3fb-3b81-1
    2017-06-17 20:10 - 2017-06-17 20:10 - 00000000 ____D C:\ProgramData\fb2aa3fb-0b61-0
    2017-06-17 20:09 - 2017-06-21 20:08 - 00000000 ____D C:\Users\ANULA\AppData\Roaming\One System Care
    2017-06-17 20:09 - 2017-06-17 20:11 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
    2017-06-17 20:09 - 2017-06-17 20:09 - 00003240 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
    2017-06-17 20:09 - 2017-06-17 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
    2017-07-09 12:46 - 2017-03-29 10:41 - 00000356 _____ C:\WINDOWS\Tasks\Online Application v209.job
    2017-07-09 12:46 - 2017-03-29 10:41 - 00000356 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
    2017-07-09 12:46 - 2017-03-29 10:41 - 00000356 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
    2017-07-09 12:38 - 2017-04-19 10:45 - 00000380 _____ C:\WINDOWS\Tasks\Online Special Application V2G3.job
    2017-07-09 12:38 - 2017-04-19 10:45 - 00000380 _____ C:\WINDOWS\Tasks\Online Special Application V2G2.job
    2017-07-09 12:38 - 2017-04-19 10:45 - 00000380 _____ C:\WINDOWS\Tasks\Online Special Application V2G1.job
    2017-07-09 12:37 - 2017-04-19 10:44 - 00000364 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
    2017-07-09 12:37 - 2017-04-19 10:44 - 00000364 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
    2017-07-09 12:37 - 2017-04-19 10:44 - 00000364 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
    2017-07-09 12:30 - 2017-04-19 16:32 - 00000306 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 09 Lip 2017 13:29
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== UWAGA
    Online Special Application (HKLM-x32\...\{57281722-3238-4A30-AAE7-85D93977E0FE}) (Version: 2.6.0 - Microleaves) Hidden <==== UWAGA
    Online.io Application (HKLM-x32\...\{F0847AE0-465A-4D7B-A555-AABB43B550F0}) (Version: 2.1.0 - Microleaves) Hidden <==== UWAGA
    Traffic Exchange (HKLM-x32\...\{52F7BE5C-2C3B-4C7B-A96D-F19B9EC1992D}) (Version: 2.1.0 - Microleaves) Hidden <==== UWAGA

    Po wykonaniu odinstaluj:
    One System Care
    ProxyGate version 3.0.0.1180
    Online Application
    Online Special Application
    Online.io Application
    Traffic Exchange

    Wykonaj kolejny Fixlist.txt dla FRST:
    CloseProcesses:
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-03-29] ()
    ContextMenuHandlers01: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-03-29] ()
    Task: {16A6E06E-FF6F-4041-A525-9941FDD5C8FA} - System32\Tasks\Updater_Online_Special_Application => C:\Program Files (x86)\Microleaves\Online Special Application\Online Special Application Updater.exe <==== UWAGA
    Task: {1704E864-38D6-4E2F-ADDB-7FF6370186DD} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-12-26] () <==== UWAGA
    Task: {1C720656-8C5B-4F46-9EBB-AA780CA6A7FE} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    Task: {3383736B-76E3-4E0B-9216-B742BCFAD197} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    Task: {41AA1F47-8AEE-4641-AB98-80E91AA23CF1} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe
    Task: {437C8064-D6CC-4C75-BA8B-44491EB078E5} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    Task: {46AECC30-39E6-4B88-AB87-436F409D476E} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe
    Task: {56CBE8C9-77CF-48ED-96FE-90899C3E59AA} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-05-11] (UCWeb Inc) <==== UWAGA
    Task: {62046931-DE1C-456E-A167-29105C7CD756} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    Task: {802B8138-9F1B-4341-9BC4-05E4FACF9FAE} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe
    Task: {81E7BE0C-C305-4BB9-B957-BB5B20312F34} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    Task: {89E3D3FB-C6D7-4005-A974-E15CBD840B8B} - System32\Tasks\One System Care Task => C:\Program [Argument = Files (x86)\ONESYS~1\SYSTEM~1.EXE] <==== UWAGA
    Task: {8B8D7566-8952-42E7-BBDC-11B75F4485B4} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    Task: {8BD6FF16-8FE3-445D-8B7E-92E0608EF798} - System32\Tasks\Online Special Application V2G3 => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: {9317D8A6-5410-455F-9161-D6EF28B8DC6C} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-05-11] (UCWeb Inc) <==== UWAGA
    Task: {9A8EBDE3-C2F3-4AB3-B7AB-498E91DD9BD6} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-03-29] (UC Web Inc.) <==== UWAGA
    Task: {9F6A4BF2-71BA-4419-A849-D9C68AA398C0} - System32\Tasks\Online Special Application V2G1 => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: {A5D34A8C-6AC3-46C4-A034-D8C03694A0B3} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    Task: {AC0C3847-AB43-44DC-BF57-191722CCA1C7} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe
    Task: {B3740C0A-6FAE-46DD-8669-1FC61801D96F} - System32\Tasks\Online Special Application V2G2 => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: {D54E8F0F-56CA-423C-81C5-7F5ECE557786} - System32\Tasks\Kiqspjejet Agent => C:\Program Files (x86)\Kercerther\xpheqaward.exe
    Task: {D5D63EA9-5AD3-4143-AED5-0B3D645DD42E} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2016-12-26] () <==== UWAGA
    Task: {FCCDA3F3-7146-4A1E-BF13-53CD1F5ED277} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    Task: {FFFB38B5-8F83-45BA-A50D-2E97756B7784} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    Task: C:\WINDOWS\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Special Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Special Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Special Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Special Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Updater_Online_Special_Application.job => C:\Program Files (x86)\Microleaves\Online Special Application\Online Special Application Updater.exe <==== UWAGA
    Shortcut: C:\Users\ANULA\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_311272933_pl.lnk -> hxxp://www.windowssearch.com:80/suggestions?q...1920&CVID=CEF6457B8AFC45928DFEEFEC9D867B2
    2017-03-29 10:41 - 2017-03-29 10:41 - 00307200 _____ () C:\Program Files (x86)\Kiqspjejet Agent\local64spl.dll
    2017-03-29 10:43 - 2017-03-29 10:43 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2016-12-26 11:35 - 2016-12-26 11:35 - 02238656 _____ () C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
    2017-03-29 10:45 - 2017-05-11 06:09 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    2017-05-24 21:57 - 2017-05-11 06:21 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\UCAgent.exe
    AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914]
    AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458]
    () C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
    () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
    () C:\Program Files (x86)\UCBrowser\Application\6.1.2716.5\UCAgent.exe
    (Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe
    (Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe
    HKU\S-1-5-21-2877699007-3859885216-2833884254-1001\...\MountPoints2: {291cf356-018a-11e7-824f-a08869543d09} - "D:\AutoRun.exe"
    HKU\S-1-5-21-2877699007-3859885216-2833884254-1001\...\MountPoints2: {291cfaca-018a-11e7-824f-a08869543d09} - "D:\AutoRun.exe"
    HKU\S-1-5-21-2877699007-3859885216-2833884254-1001\...\MountPoints2: {49fa5f56-3029-11e7-8258-a08869543d09} - "D:\startme.exe"
    HKU\S-1-5-21-2877699007-3859885216-2833884254-1001\...\MountPoints2: {49fa60ea-3029-11e7-8258-a08869543d09} - "D:\autorun.exe"
    HKU\S-1-5-21-2877699007-3859885216-2833884254-1001\...\MountPoints2: {49fa6118-3029-11e7-8258-a08869543d09} - "D:\autorun.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    HKLM\...\Providers\pa03qrmr: C:\Program Files (x86)\Kiqspjejet Agent\local64spl.dll [307200 2017-03-29] () <==== UWAGA
    ShellExecuteHooks: Brak nazwy - {1C4215B4-12EA-11E7-AADA-64006A5CFC23} - C:\Users\ANULA\AppData\Roaming\Thajophwadosh\Serqis.dll -> Brak pliku <==== UWAGA
    FF user.js: detected! => C:\Users\ANULA\AppData\Roaming\Mozilla\Firefox\Profiles\nzynp12a.default\user.js [2017-05-10]
    FF Extension: (Tables) - C:\Users\ANULA\AppData\Roaming\Mozilla\Firefox\Profiles\nzynp12a.default\Extensions\455574@extcorp.com.xpi [2017-06-02]
    CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== UWAGA
    R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-05-11] () <==== UWAGA
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    2017-07-09 12:23 - 2017-07-09 12:23 - 00000000 _____ C:\Users\ANULA\diskpart
    2017-07-09 12:18 - 2017-03-29 10:43 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2017-06-17 20:13 - 2017-06-17 20:13 - 00000000 ____D C:\Program Files (x86)\ProxyGate
    2017-06-17 20:11 - 2017-06-21 20:10 - 00000290 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
    2017-06-17 20:11 - 2017-06-17 20:11 - 00002840 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
    2017-06-17 20:10 - 2017-06-17 20:10 - 00003672 _____ C:\WINDOWS\System32\Tasks\One System Care Task
    2017-06-17 20:10 - 2017-06-17 20:10 - 00000000 ____D C:\ProgramData\fb2aa3fb-3b81-1
    2017-06-17 20:10 - 2017-06-17 20:10 - 00000000 ____D C:\ProgramData\fb2aa3fb-0b61-0
    2017-06-17 20:09 - 2017-06-21 20:08 - 00000000 ____D C:\Users\ANULA\AppData\Roaming\One System Care
    2017-06-17 20:09 - 2017-06-17 20:11 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
    2017-06-17 20:09 - 2017-06-17 20:09 - 00003240 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
    2017-06-17 20:09 - 2017-06-17 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
    2017-06-17 20:08 - 2017-06-17 20:08 - 00000000 ____D C:\Users\ANULA\AppData\Roaming\BrowserModule
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000346 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
    2017-07-09 12:46 - 2017-03-29 10:42 - 00000336 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
    2017-07-09 12:46 - 2017-03-29 10:41 - 00000356 _____ C:\WINDOWS\Tasks\Online Application v209.job
    2017-07-09 12:46 - 2017-03-29 10:41 - 00000356 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
    2017-07-09 12:46 - 2017-03-29 10:41 - 00000356 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
    2017-07-09 12:40 - 2017-04-19 16:27 - 00000000 ____D C:\Users\ANULA\AppData\Roaming\KuaiZip
    2017-07-09 12:38 - 2017-04-19 10:45 - 00000380 _____ C:\WINDOWS\Tasks\Online Special Application V2G3.job
    2017-07-09 12:38 - 2017-04-19 10:45 - 00000380 _____ C:\WINDOWS\Tasks\Online Special Application V2G2.job
    2017-07-09 12:38 - 2017-04-19 10:45 - 00000380 _____ C:\WINDOWS\Tasks\Online Special Application V2G1.job
    2017-07-09 12:37 - 2017-04-19 10:44 - 00000364 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
    2017-07-09 12:37 - 2017-04-19 10:44 - 00000364 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
    2017-07-09 12:37 - 2017-04-19 10:44 - 00000364 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
    2017-07-09 11:58 - 2017-03-29 10:46 - 00000470 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
    2017-07-09 11:42 - 2017-03-29 10:46 - 00003442 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
    2017-06-08 19:26 - 2017-06-08 19:31 - 3097600 _____ () C:\Users\ANULA\AppData\Local\pcc.exe
    EmptyTemp:

    Podany Fixlist.txt wykonaj z poziomu WinRe:
    https://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujących-windows/

    Nastepnie wykonaj Fixlist ponownie juz pod Windows.

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.


    :arrow: krzychupar
    Wpisy programow do deinstalacji sa ukryte, trzeba je dodac do Fixlist, nastepnie odinstalowac i dopiero wykonywac Fixlist.
    Do tego jest tutaj UCBrowser, ktory nie usunie sie tak latwo pod Windows.

    0
  • #4 09 Lip 2017 13:36
    tsuski1986
    Poziom 2  

    w jaki sposob odnalezc ukryte programy?

    0
  • Pomocny post
    #5 09 Lip 2017 13:54
    Kolobos
    Spec od komputerów

    @tsuski1986 przeciez wszystko podalem! Wykonaj to co napisalem.

    0