Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Zlosliwy wirus - Mam wirusa ktory blokuje pobieranie programow antywirusowych

pro100w7 04 Lis 2017 04:01 756 11
  • #1 04 Lis 2017 04:01
    pro100w7
    Poziom 3  

    Witam, dzisiaj pobralem wirusa ktory blokuje pobierannie programow antywirusowych i nie tylko czyli Malwarebytes Anty Malware i podobnego typu programy. Z tego co widzialem otwiera mi sie w cmd przy wlaczeniu komputera sm2.exe. Byl jeszcze gplyra.exe ale chyba juz mi sie go udalo odinstalowac, bo znalazlem jego plik uninstall. Wirus podaje sie za Antywirusa z tego co wiem stal sie takze Administratorem komputera. W Aplikacjach znalazlem takze Dragon Booste to tez jest wirus ale bez programu Malwaresbyte nie umiem go usunac. Przywracanie systemu niestety jest niemozliwe bo wyskakuje mi jakis problem, a przy cofnieciu do punktu zapisu pokazuje mi, ze nie mam zadnego... Prosilbym o pilna pomoc.

    0 11
  • #2 04 Lis 2017 04:23
    dt1
    Moderator - Komputery Serwis

    Witaj. Zobacz, czy uda Ci się pobrać i uruchomić FRST: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

    Jeśli tak, nie zmieniaj żadnych ustawień, wykonaj skan, wygeneruje on dwa pliki tekstowe - FRST oraz Addition. Załącz je tutaj. Jeśli masz zablokowaną możliwość pobrania z tej strony, w załączniku znajdziesz pobrane przed chwilą wersje 32 i 64 bitową FRST (nazwy plików również zmieniłem). Uruchom poprawną dla Twojej wersji systemu (zwykle 64 bit).

    0
  • #4 05 Lis 2017 20:43
    Kolobos
    Spec od komputerów

    Odinstaluj:
    CloudNet
    Driver Updater Plus
    ProxyGate version 3.0.0.1180
    Search module
    System Healer
    YoutubeAdBlock

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== UWAGA

    W FRST wybierz Napraw.

    Odinstaluj Online Application.

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj kolejny Fixlist.txt dla FRST:
    CloseProcesses:
    ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Brak pliku
    Task: {044FA76E-0864-4B39-8BCC-68E886ECE6FD} - System32\Tasks\WeeklyWeather => C:\Users\Karaa34\AppData\Roaming\WeeklyWeather\python\pythonw.exe [2017-07-08] (Python Software Foundation) <==== UWAGA
    Task: {045060D5-9FDF-487D-9D01-5F413D344A8B} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-11-04] () <==== UWAGA
    Task: {076C2179-B6CC-4009-9794-4F307199922D} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {0CF2F3E6-43A3-43BD-B00B-159579BD87CD} - System32\Tasks\GoogleUpdateSecurityTaskMachine_DW => C:\Users\Karaa34\AppData\Local\Temp\e41820303e8b4d64801f80920b6363f5\chipset.exe exec hide CBBBKGDECT.cmd <==== UWAGA
    Task: {0E286C6A-7E7B-426B-8C6E-9696E3F25151} - System32\Tasks\WeeklyWeather2 => C:\Users\Karaa34\AppData\Roaming\WeeklyWeather\python\pythonw.exe [2017-07-08] (Python Software Foundation) <==== UWAGA
    Task: {0E3D219D-6A7F-4C8A-B1B3-A00886750472} - System32\Tasks\zjwPaeaadZaNwF => rundll32 "C:\Program Files (x86)\JIdcnntTvnKU2\ArwkNHHBORJbN.dll",#1
    Task: {0FDBEA1C-883D-4B68-A25A-0BDC6E2968AE} - System32\Tasks\IBUpd2 => C:\Users\Karaa34\AppData\Local\BrowserAir\48.0.0.0\updater.exe [2016-06-30] () <==== UWAGA
    Task: {14C9F6F3-5FF3-45A6-BDBC-1AC8ABDF48AF} - System32\Tasks\bab28435bb74b8b924132a8dd382bd76 => sc start bab28435bb74b8b924132a8dd382bd76 <==== UWAGA
    Task: {248CA7B3-9440-4CCB-94D8-6570E2EF5E5F} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UP => C:\ProgramData\be44e0c1f6374b419ecb60d0984bc1a1\chipset.exe exec hide GGBOKFGNHZ.cmd <==== UWAGA
    Task: {27F05606-A054-47F6-ADC4-C7102723F9A9} - System32\Tasks\SMW_UpdateTask_Time_323139313739373434312d5b4a4a416c34232a2a6c555a => wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
    Task: {2D08A4D6-A4E3-464F-89A7-9F737221DF36} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {30AA45E4-6315-4AB7-99F5-BD00DDB47E0E} - System32\Tasks\7cf3961fd56625d1ad423bf7f7e79b10 => sc start 7cf3961fd56625d1ad423bf7f7e79b10 <==== UWAGA




    Task: {3A83D537-96E7-4BC7-87E3-F08158AE696B} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {42AAF638-F359-43DF-BACC-EEAA3A7FFCEF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
    Task: {446ADF7E-EDEE-4594-91BD-39D7E33D30EB} - System32\Tasks\GoogleUpdateSecurityTaskMachine_ZV => C:\Users\Karaa34\AppData\Local\Temp\0ded047015244d4eb01219c28c17e249\chipset.exe exec hide LOZFHOOFRE.cmd <==== UWAGA
    Task: {70FC023E-A6DE-4DB7-8840-18FDA6742D4D} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {84756E91-4309-426F-9411-BF89A1F02EF7} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {8EEEACAE-8A30-4BA5-836E-422A706284B6} - System32\Tasks\PjDfytumxbayONn => rundll32 "C:\Program Files (x86)\kqEuPYMaU\rkHBRb.dll",#1
    Task: {9C04D7AC-376B-40AB-92AB-D4BBE929E762} - System32\Tasks\FreeAntiVirus => C:\WINDOWS\explorer.exe "hxxp://destyy.com/qNHR3u" <==== UWAGA
    Task: {C6A35FE9-295A-4A54-9183-4B63A4D2F4D6} - System32\Tasks\Ko-Say Accounting => C:\Windows\system32\rundll32.exe "C:\Program Files\Ko-Say Accounting\Ko-Say Accounting.dll",NqMrfouo <==== UWAGA
    Task: {D098EE8F-E4F9-45E6-B6C3-0433DF316445} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== UWAGA
    Task: {D542507F-5E43-4F65-B59B-7E80429CDD82} - System32\Tasks\Bkz3fPlU2m => C:\Program Files (x86)\NSKqHZiqXh\updengine.exe <==== UWAGA
    Task: {E1367AB7-35BF-47BE-826C-C102138F64E9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-26] ()
    Task: {E1E65C94-559F-46F6-A964-489AE2597534} - System32\Tasks\6f50ac5f144e689a9c6f5c9de9eed494 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\Windows\6f50ac5f144e689a9c6f5c9de9eed494.ps1" <==== UWAGA
    Task: {E62F5BB4-961D-48B7-9B6E-017D561AA332} - System32\Tasks\IBUpd => C:\Users\Karaa34\AppData\Local\BrowserAir\48.0.0.0\updater.exe [2016-06-30] () <==== UWAGA
    Task: {EB83B103-23F2-4FF2-AB22-07966AC70D22} - System32\Tasks\Green Siege Analyser => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Green Siege Analyser\Green Siege Analyser.dll",pHCdRUnovxw <==== UWAGA
    Task: {ECE65292-0BB6-45C3-A106-C03D9AF3376A} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {ED920028-C54D-4B64-ADAA-75204647E811} - System32\Tasks\GoogleUpdateSecurityTaskMachine_EH => C:\Users\Karaa34\AppData\Roaming\c05b55c6214646f4b4f4e81422a0f425\chipset.exe exec hide ZKHVWMNENC.cmd <==== UWAGA
    Task: {F0EDCB83-C6FB-4A58-88D9-DCFE679B523E} - System32\Tasks\w3wVXNNZ9a => C:\Program Files (x86)\U8htZ5Jz2A\updengine.exe <==== UWAGA
    Task: {F4F59CFF-3C59-4D27-8086-659456C342BA} - System32\Tasks\PjDfytumxbayONn2 => rundll32 "C:\Program Files (x86)\kqEuPYMaU\rkHBRb.dll",#1
    Task: {F72B9116-F97F-41D9-A877-4BEA7EFD3837} - System32\Tasks\UpdaterService => C:\Users\Karaa34\AppData\Roaming\Microsoft\taskhw.exe [2017-11-03] () <==== UWAGA
    Task: {FAB10EF5-AE92-43B0-BE40-1C28A5A24702} - System32\Tasks\GoogleUpdateSecurityTaskMachine_FX => C:\Users\Karaa34\AppData\Local\12f6c324a4174b9abfdbb89ce12706f2\chipset.exe exec hide TQKNUULSJR.cmd <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\PjDfytumxbayONn.job => C:\Program Files (x86)\kqEuPYMaU\rkHBRb.dll
    Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s...cnbl1bu,5b50efbc-16b1-4125-8822-c3f20f08de28,,
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epf&s=h...cnbl1bu,5b50efbc-16b1-4125-8822-c3f20f08de28,,
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s...cnbl1bu,5b50efbc-16b1-4125-8822-c3f20f08de28,,
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epf&s=h...cnbl1bu,5b50efbc-16b1-4125-8822-c3f20f08de28,,
    Hosts:
    (Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
    () C:\Windows\windefender.exe
    () C:\Windows\rss\csrss.exe
    (EpicNet Inc.) C:\Users\Ccnztcw\AppData\Local\Temp\csrss\cloudnet.exe
    () C:\Program Files\7cf3961fd56625d1ad423bf7f7e79b10\b69bf92c6f35f08a609ffd7728861985.exe
    () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    () C:\Windows\Temp\gCBDE.tmp.exe
    () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    () C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
    HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
    HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
    HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
    HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
    HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
    HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
    HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
    HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-382245277-4244083573-1178017633-1007\...\Run: [CloudNet] => C:\Users\Ccnztcw\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [776704 2017-11-04] (EpicNet Inc.)
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    Tcpip\..\Interfaces\{f180f7b6-5e0a-4e74-8cef-ddad32ef2d85}: [NameServer] 82.163.142.8,95.211.158.136
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
    BHO: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\ZfJRwqLPhIE\t1U2AJ7.dll => Brak pliku
    BHO: - -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files\{90043D65-0F59-4020-BD40-4830E06DB836}\{47F46AF0-4CB8-4D01-B3CA-38852D3CD122}.bin [2017-11-03] ( )
    BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\ZfJRwqLPhIE\kUyAeMEpi.dll => Brak pliku
    BHO-x32: - -> {C654F3FE-8E84-4BB7-87CF-8D9171FC3C73} -> C:\Program Files (x86)\{71E69440-A555-43F2-BC1B-4FB4BE5DB70D}\{F791B3E2-C1FF-4A51-B01D-75EE473D1853}.bin => Brak pliku
    FF user.js: detected! => C:\Users\Ccnztcw\AppData\Roaming\Mozilla\Firefox\Profiles\df8gbvxc.default\user.js [2017-11-03]
    FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} [2017-11-03] [Brak podpisu cyfrowego]
    FF HKLM\...\Firefox\Extensions: [{DF4914B7-F5EF-4C2D-95DA-C423E806597F}] - C:\WINDOWS\Installer\{28A6AF44-25D5-4CAC-A241-7E4FB6D3E632}\{DF4914B7-F5EF-4C2D-95DA-C423E806597F}.xpi
    FF Extension: ( ) - C:\WINDOWS\Installer\{28A6AF44-25D5-4CAC-A241-7E4FB6D3E632}\{DF4914B7-F5EF-4C2D-95DA-C423E806597F}.xpi [2017-11-04]
    FF HKLM-x32\...\Firefox\Extensions: [{DF4914B7-F5EF-4C2D-95DA-C423E806597F}] - C:\WINDOWS\Installer\{28A6AF44-25D5-4CAC-A241-7E4FB6D3E632}\{DF4914B7-F5EF-4C2D-95DA-C423E806597F}.xpi
    C:\Users\Ccnztcw\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpmmandcadflhnnaiclipadomfmdbjbp
    CHR Extension: (uTab) - C:\Users\Ccnztcw\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpmmandcadflhnnaiclipadomfmdbjbp [2017-11-04]
    C:\Users\Ccnztcw\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg
    CHR Extension: (Hermes Tab) - C:\Users\Ccnztcw\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlceeijggpdgfcefmipcmdelickjgfg [2017-11-04]
    CHR Extension: (Brak nazwy) - C:\Users\Ccnztcw\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnopfmccchnnfdoiddbihbcboeedll [2017-11-03]
    C:\Users\Ccnztcw\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnopfmccchnnfdoiddbihbcboeedll
    CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx
    R2 7cf3961fd56625d1ad423bf7f7e79b10; C:\Program Files\7cf3961fd56625d1ad423bf7f7e79b10\b69bf92c6f35f08a609ffd7728861985.exe [894976 2017-11-03] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 AdsService; C:\Users\Karaa34\AppData\Local\AdService\AdService.dll [781312 2017-11-03] () [Brak podpisu cyfrowego]
    R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3119616 2017-09-17] (Search Module Ltd.) [Brak podpisu cyfrowego] <==== UWAGA
    R2 WinDefender; C:\WINDOWS\windefender.exe [1370624 2017-11-03] () [Brak podpisu cyfrowego]
    S2 HOapJuCBc5mb Updater; C:\Program Files (x86)\HOapJuCBc5mb Updater\HOapJuCBc5mb Updater.exe [X]
    S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [X] <==== UWAGA
    R1 306230533844727ed9db3aab1a670821; C:\Windows\system32\drivers\306230533844727ed9db3aab1a670821.sys [84400 2017-11-03] (O6TR71) <==== UWAGA
    R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2017-09-17] () <==== UWAGA
    2017-11-04 04:58 - 2017-11-04 04:58 - 000119766 _____ C:\Users\Ccnztcw\Desktop\Extras.Txt
    2017-11-04 04:52 - 2017-11-04 05:09 - 000160360 _____ C:\Users\Ccnztcw\Desktop\OTL.Txt
    2017-11-04 04:15 - 2017-11-04 04:13 - 000602112 _____ (OldTimer Tools) C:\Users\Ccnztcw\Desktop\OTL.exe
    2017-11-04 04:13 - 2017-11-04 04:13 - 000602112 _____ (OldTimer Tools) C:\Users\Ccnztcw\Downloads\OTL.exe
    2017-11-04 03:43 - 2017-11-04 04:57 - 000000000 ____D C:\Program Files\7cf3961fd56625d1ad423bf7f7e79b10
    2017-11-04 03:36 - 2017-11-04 03:36 - 000000000 ____D C:\Users\Ccnztcw\AppData\Roaming\EpicNet Inc
    2017-11-04 01:55 - 2017-11-04 01:55 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\EpicNet Inc
    2017-11-04 01:43 - 2017-11-04 01:44 - 078346672 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mb3-setup-26964.26964-3.3.1.2183.exe
    2017-11-04 01:41 - 2017-11-04 01:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\kAUNCUkNWH
    2017-11-04 01:26 - 2017-11-04 01:26 - 008261584 _____ (Malwarebytes) C:\Users\Administrator\Downloads\adwcleaner_7.0.4.0.exe
    2017-11-04 01:23 - 2017-11-04 01:23 - 000003610 _____ C:\Windows\System32\Tasks\IBUpd
    2017-11-04 01:23 - 2017-11-04 01:23 - 000003356 _____ C:\Windows\System32\Tasks\IBUpd2
    2017-11-04 01:23 - 2017-11-04 01:23 - 000000000 ____D C:\Users\Karaa34\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
    2017-11-04 01:23 - 2017-11-04 01:23 - 000000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub
    2017-11-04 01:21 - 2017-11-04 01:23 - 000000000 ____D C:\Users\Karaa34\AppData\Local\BrowserAir
    2017-11-04 01:20 - 2017-11-04 01:20 - 000004430 _____ C:\Windows\System32\Tasks\SMW_UpdateTask_Time_323139313739373434312d5b4a4a416c34232a2a6c555a
    2017-11-04 01:12 - 2017-11-04 01:12 - 000002052 _____ C:\Windows\System32\Tasks\Bkz3fPlU2m
    2017-11-03 22:44 - 2017-11-04 01:20 - 000300544 _____ C:\ProgramData\smp2.exe
    2017-11-03 22:44 - 2017-11-04 01:20 - 000187904 _____ C:\Windows\rsrcs.dll
    2017-11-03 22:44 - 2017-11-04 01:20 - 000004256 _____ C:\Windows\System32\Tasks\SMW_P
    2017-11-03 22:44 - 2017-11-03 22:44 - 000000000 ____D C:\ProgramData\SearchModule
    2017-11-03 22:44 - 2017-11-03 22:44 - 000000000 ____D C:\Program Files\Common Files\Noobzo
    2017-11-03 22:39 - 2017-11-03 22:39 - 000000000 ____D C:\Users\Karaa34\AppData\Roaming\EpicNet Inc
    2017-11-03 22:38 - 2017-11-03 22:38 - 000000000 ____D C:\Users\Karaa34\AppData\Local\dd6b77eeb5894171a47d88fec5413073
    2017-11-03 22:37 - 2017-11-03 22:38 - 000000000 ____D C:\Users\Karaa34\AppData\Local\95f839fe732c4760910b2a5305426631
    2017-11-03 22:37 - 2017-11-03 22:37 - 001370624 ____H C:\Windows\windefender.exe
    2017-11-03 22:37 - 2017-11-03 22:37 - 000000000 ____D C:\ProgramData\c32e1929ebaa4aa49c43c5f41021936e
    2017-11-03 22:36 - 2017-11-03 22:36 - 000000266 __RSH C:\Users\Karaa34\ntuser.pol
    2017-11-03 22:33 - 2017-11-03 22:33 - 000003214 _____ C:\Windows\System32\Tasks\zjwPaeaadZaNwF
    2017-11-03 22:33 - 2017-11-03 22:33 - 000002864 _____ C:\Windows\System32\Tasks\PjDfytumxbayONn2
    2017-11-03 22:32 - 2017-11-04 02:14 - 000016836 _____ C:\Windows\System32\Tasks\Ko-Say Accounting
    2017-11-03 22:32 - 2017-11-03 22:34 - 000000324 _____ C:\Windows\Tasks\PjDfytumxbayONn.job
    2017-11-03 22:32 - 2017-11-03 22:32 - 000002644 _____ C:\Windows\System32\Tasks\PjDfytumxbayONn
    2017-11-03 22:31 - 2017-11-03 22:31 - 000000000 ____D C:\ProgramData\e4a55077eb624df2a53bbe9fcdc9375a
    2017-11-03 22:28 - 2017-11-03 22:28 - 000003446 _____ C:\Windows\System32\Tasks\SystemHealer Monitor
    2017-11-03 22:27 - 2017-11-04 00:22 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-11-03 22:27 - 2017-11-04 00:20 - 000000000 ____D C:\Users\Karaa34\AppData\Roaming\c05b55c6214646f4b4f4e81422a0f425
    2017-11-03 22:27 - 2017-11-03 22:27 - 000016860 _____ C:\Windows\System32\Tasks\Green Siege Analyser
    2017-11-03 22:27 - 2017-11-03 22:27 - 000014848 _____ C:\Users\Karaa34\AppData\Local\uweprt.dll
    2017-11-03 22:27 - 2017-11-03 22:27 - 000004110 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_ZV
    2017-11-03 22:27 - 2017-11-03 22:27 - 000004110 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_DW
    2017-11-03 22:27 - 2017-11-03 22:27 - 000004098 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_EH
    2017-11-03 22:27 - 2017-11-03 22:27 - 000004090 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_FX
    2017-11-03 22:27 - 2017-11-03 22:27 - 000004026 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_UP
    2017-11-03 22:27 - 2017-11-03 22:27 - 000003072 _____ C:\Users\Karaa34\AppData\Local\uninstallce.exe
    2017-11-03 22:27 - 2017-11-03 22:27 - 000001124 _____ C:\Users\Karaa34\Desktop\Launch System Healer.lnk
    2017-11-03 22:27 - 2017-11-03 22:27 - 000000000 ____D C:\Users\Karaa34\AppData\Roaming\System Healer
    2017-11-03 22:27 - 2017-11-03 22:27 - 000000000 ____D C:\Users\Karaa34\AppData\Roaming\jawego
    2017-11-03 22:27 - 2017-11-03 22:27 - 000000000 ____D C:\Users\Karaa34\AppData\Local\7a3e6edf70bb45d0b8f230f98f3d2baa
    2017-11-03 22:27 - 2017-11-03 22:27 - 000000000 ____D C:\Users\Karaa34\AppData\Local\3ee3c42553f94b51b5a5283701bcc239
    2017-11-03 22:27 - 2017-11-03 22:27 - 000000000 ____D C:\Users\Karaa34\AppData\Local\12f6c324a4174b9abfdbb89ce12706f2
    2017-11-03 22:27 - 2017-11-03 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
    2017-11-03 22:27 - 2017-11-03 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Updater Plus
    2017-11-03 22:27 - 2017-11-03 22:27 - 000000000 ____D C:\ProgramData\be44e0c1f6374b419ecb60d0984bc1a1
    2017-11-03 22:26 - 2017-11-03 22:26 - 000000000 ____D C:\ProgramData\Microleaves
    2017-11-03 22:25 - 2017-11-03 22:25 - 000002052 _____ C:\Windows\System32\Tasks\w3wVXNNZ9a
    2017-11-03 22:24 - 2017-11-04 02:36 - 000000000 ____D C:\Program Files (x86)\ProxyGate
    2017-11-03 22:24 - 2017-11-03 22:27 - 000000103 _____ C:\Windows\SysWOW64\del.bat
    2017-11-03 22:23 - 2017-11-04 00:16 - 000000414 _____ C:\Windows\Tasks\Updater_Online_Application.job
    2017-11-03 22:23 - 2017-11-04 00:16 - 000000382 _____ C:\Windows\Tasks\Online Application V2G6.job
    2017-11-03 22:23 - 2017-11-04 00:16 - 000000382 _____ C:\Windows\Tasks\Online Application V2G5.job
    2017-11-03 22:23 - 2017-11-04 00:16 - 000000382 _____ C:\Windows\Tasks\Online Application V2G4.job
    2017-11-03 22:23 - 2017-11-04 00:16 - 000000382 _____ C:\Windows\Tasks\Online Application V2G3.job
    2017-11-03 22:23 - 2017-11-04 00:16 - 000000382 _____ C:\Windows\Tasks\Online Application V2G2.job
    2017-11-03 22:23 - 2017-11-04 00:16 - 000000382 _____ C:\Windows\Tasks\Online Application V2G1.job
    2017-11-03 22:23 - 2017-11-03 22:39 - 000003308 _____ C:\Windows\System32\Tasks\Updater_Online_Application
    2017-11-03 22:23 - 2017-11-03 22:39 - 000003272 _____ C:\Windows\System32\Tasks\Online Application V2G3
    2017-11-03 22:23 - 2017-11-03 22:39 - 000003272 _____ C:\Windows\System32\Tasks\Online Application V2G2
    2017-11-03 22:23 - 2017-11-03 22:39 - 000003272 _____ C:\Windows\System32\Tasks\Online Application V2G1
    2017-11-03 22:23 - 2017-11-03 22:23 - 000003272 _____ C:\Windows\System32\Tasks\Online Application V2G6
    2017-11-03 22:23 - 2017-11-03 22:23 - 000003272 _____ C:\Windows\System32\Tasks\Online Application V2G5
    2017-11-03 22:23 - 2017-11-03 22:23 - 000003272 _____ C:\Windows\System32\Tasks\Online Application V2G4
    2017-11-03 22:23 - 2017-11-03 22:23 - 000000000 ____D C:\Users\Karaa34\AppData\Roaming\Microleaves
    2017-11-03 22:23 - 2017-11-03 22:23 - 000000000 ____D C:\Users\Karaa34\AppData\Local\AdvinstAnalytics
    2017-11-03 22:23 - 2017-11-03 22:23 - 000000000 ____D C:\Program Files (x86)\Microleaves
    2017-11-03 22:22 - 2017-11-03 22:22 - 000930816 _____ C:\Users\Karaa34\AppData\Local\po.db
    2017-11-03 22:22 - 2017-11-03 22:22 - 000140800 _____ C:\Users\Karaa34\AppData\Local\installer.dat
    2017-11-03 22:22 - 2017-11-03 22:22 - 000011568 _____ C:\Users\Karaa34\AppData\Local\InstallationConfiguration.xml
    2017-11-03 22:22 - 2017-11-03 22:22 - 000004236 _____ C:\Windows\System32\Tasks\AppXDeploymentplatformy
    2017-11-03 22:22 - 2017-11-03 22:22 - 000000000 ____D C:\ProgramData\04958166-30b1-1
    2017-11-03 22:22 - 2017-11-03 22:22 - 000000000 ____D C:\ProgramData\04958166-1a43-0
    2017-11-03 22:22 - 2017-11-03 22:22 - 000000000 ____D C:\Program Files\{90043D65-0F59-4020-BD40-4830E06DB836}
    2017-11-03 22:21 - 2017-11-03 22:22 - 000000000 ____D C:\Program Files (x86)\nodejs
    2017-11-03 22:21 - 2017-11-03 22:21 - 000000000 ____D C:\Users\Karaa34\AppData\Roaming\npm
    2017-11-03 22:20 - 2017-11-04 00:21 - 000006656 _____ C:\Windows\system32\xwizaresx.dll
    2017-11-03 22:20 - 2017-11-04 00:21 - 000004608 _____ C:\Windows\system32\xwizares.dll
    2017-11-03 22:20 - 2017-11-03 22:20 - 000004608 _____ C:\Windows\SysWOW64\xwizares.dll
    2017-11-03 22:20 - 2017-11-03 22:20 - 000000000 ____D C:\Users\Karaa34\AppData\Local\AdService
    2017-11-03 22:13 - 2017-11-04 04:58 - 000031481 _____ C:\Windows\6f50ac5f144e689a9c6f5c9de9eed494.ps1
    2017-11-03 22:13 - 2017-11-04 04:58 - 000003476 _____ C:\Windows\System32\Tasks\6f50ac5f144e689a9c6f5c9de9eed494
    2017-11-03 22:12 - 2017-11-04 04:57 - 000003300 _____ C:\Windows\System32\Tasks\7cf3961fd56625d1ad423bf7f7e79b10
    2017-11-03 22:11 - 2017-11-03 22:26 - 000000000 ____D C:\Users\Karaa34\AppData\Roaming\WeeklyWeather
    2017-11-03 22:11 - 2017-11-03 22:11 - 000003654 _____ C:\Windows\System32\Tasks\WeeklyWeather
    2017-11-03 22:11 - 2017-11-03 22:11 - 000003598 _____ C:\Windows\System32\Tasks\WeeklyWeather2
    2017-11-03 22:10 - 2017-11-03 22:21 - 000003588 _____ C:\Windows\System32\Tasks\FreeAntiVirus
    2017-11-03 21:54 - 2017-11-03 21:56 - 000000000 ____D C:\Users\Karaa34\AppData\Local\{F45FC203-D0F7-AEBB-BD6F-8B53990777CB}
    2017-11-03 20:30 - 2017-11-03 20:36 - 000003350 _____ C:\Windows\System32\Tasks\UpdaterService
    2017-11-03 14:52 - 2017-11-03 14:52 - 000473600 _____ C:\Windows\63b286e1b396e197fe987bedb854e73f.exe
    2017-11-03 14:52 - 2017-11-03 14:52 - 000084400 _____ (O6TR71) C:\Windows\system32\Drivers\306230533844727ed9db3aab1a670821.sys
    2017-11-03 14:52 - 2017-11-03 14:52 - 000051619 _____ C:\Windows\uninstaller.dat
    2017-11-02 15:46 - 2017-11-02 15:46 - 000808448 _____ (Team) C:\Windows\system32\bi3.exe
    2017-11-01 13:34 - 2017-11-01 13:34 - 000108824 _____ (Driver Lace 514) C:\Windows\system32\Drivers\Lace_wpf_x64.sys
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy mbam i usun to co wykryje.

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • #5 05 Lis 2017 20:57
    pro100w7
    Poziom 3  

    A i jeszcze mam pytanie czy ten wirus ma mozliwosc wejscia na konta bankowe zdejcia itd ? Mam sie czegos obawiac ?

    Dodano po 8 [minuty]:

    NIe moge odinstalowac CloudNet

    0
  • #6 05 Lis 2017 21:00
    Kolobos
    Spec od komputerów

    Wszystko jest mozliwe przy takiej ilosci szkodliwych programow. Na przyszlosc nie sciagaj zainfekowanych aktywatorow skoro nie umiesz korzystac z internetu.

    Pomin i wykonaj reszte.

    0
  • #7 05 Lis 2017 21:04
    pro100w7
    Poziom 3  

    Zlosliwy wirus - Mam wirusa ktory blokuje pobieranie programow antywirusowychZlosliwy wirus - Mam wirusa ktory blokuje pobieranie programow antywirusowych

    I z kazda inna odinstalacja to samo

    0
  • #8 05 Lis 2017 21:05
    Kolobos
    Spec od komputerów

    Trudno! Pomin i wykonaj reszte.

    0
  • #9 05 Lis 2017 21:17
    pro100w7
    Poziom 3  

    NIe idzie bo nadal wyksakuje komunikat ze Administrator uniemozliwil uruchomienie tej aplikacji czyli Adwcleaner

    Dodano po 2 [minuty]:

    A plik txt juz utworzylem i nacisnolem napraw

    0
  • #10 05 Lis 2017 21:21
    Kolobos
    Spec od komputerów

    Zmien nazwe adwcleaner na 1234.exe i sprobuj uruchomic.

    Zamiesc nowe logi z FRST, ze skanowania oraz Fixlog, ktory sie utworzyl po wykonaniu Fixlist.

    0
  • #12 06 Lis 2017 07:49
    Kolobos
    Spec od komputerów

    Czy adwc oraz mbam juz dzialaja?

    0