Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Mail.ru wirus ze skanem z FRST

Psychotito 05 Mar 2018 08:15 537 1
  • #2 05 Mar 2018 09:42
    Kolobos
    Spec od komputerów

    Odinstaluj Служба автоматического обновления программ

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {0489712F-E58C-4929-954F-4ADF0D3EB698} - System32\Tasks\{48B95E7E-A46E-42C9-865C-3F25B298B215} => C:\Users\tito\Cliunx.exe [2009-07-14] (Microsoft Corporation)
    Task: {6652EE96-636F-4316-8B3E-31C49EF7D06C} - System32\Tasks\zokidifcomkui => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" zokidif.com/kui <==== UWAGA
    Task: {73D0FCCF-EFC7-4CC1-8F94-CD4150861FD6} - System32\Tasks\{E7552E2B-91F3-4579-B012-4DC7C3969D37} => C:\Gry\Assassin's Creed Origins\ACOrigins.exe [2018-01-30] ()
    Task: {A8F4D55A-22A6-4A33-81FD-526A1578480D} - System32\Tasks\{3D3DEE71-6DDE-4BA5-A38F-14CAC3246E92} => C:\Windows\system32\pcalua.exe -a "C:\Users\tito\Downloads\Corel Website Creator X7 13.50 Multilingual (crack) [ChingLiu]\CorelWebsiteCreatorTrial.exe" -d "C:\Users\tito\Downloads\Corel Website Creator X7 13.50 Multilingual (crack) [ChingLiu]"
    Task: {E24A9029-5C41-4936-8CE3-93D9F2F1A1EB} - System32\Tasks\{86873FCE-B6F3-4F97-A885-310232D3C75D} => C:\Windows\SysWOW64\aooUOqOEwc.exe [2009-07-14] (Microsoft Corporation)
    Task: {E4415EC8-85BB-4A8C-B646-C9C3CBB2202B} - System32\Tasks\MailRuUpdater => C:\Users\tito\AppData\Local\Mail.Ru\MailRuUpdater.exe [2018-03-02] (Mail.Ru) <==== UWAGA
    ShortcutWithArgument: C:\Users\tito\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811144"
    IE trusted site: HKU\S-1-5-21-4256362362-1378093607-558625075-1000\...\webcompanion.com -> hxxp://webcompanion.com
    (Mail.Ru) C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
    (Mail.Ru) C:\Users\tito\AppData\Local\Mail.Ru\MailRuUpdater.exe
    (Mail.Ru) C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
    HKU\S-1-5-21-4256362362-1378093607-558625075-1000\...\Run: [WinStart] => C:\Users\tito\AppData\Local\Microsoft Windows\taskhost.exe [742912 2017-05-15] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-21-4256362362-1378093607-558625075-1000\...\Run: [MailRuUpdater] => C:\Users\tito\AppData\Local\Mail.Ru\MailRuUpdater.exe [4053176 2018-03-02] (Mail.Ru) <==== UWAGA
    HKU\S-1-5-21-4256362362-1378093607-558625075-1000\...\MountPoints2: {2ff1485c-1ee2-11e8-844e-309c233e5e7e} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-4256362362-1378093607-558625075-1000\...\MountPoints2: {741b7f57-d07c-11e6-9114-806e6f6e6963} - D:\DVDSetup.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    GroupPolicy: Ograniczenia <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-4256362362-1378093607-558625075-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811141
    SearchScopes: HKU\S-1-5-21-4256362362-1378093607-558625075-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B128D2791-9061-4CD8-8B6B-B29F67B1BCD4%7D&gp=811142
    SearchScopes: HKU\S-1-5-21-4256362362-1378093607-558625075-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/yhs/search?hspart...__1_0__ya__ch_WCYID10438__180228__yaie&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-4256362362-1378093607-558625075-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B128D2791-9061-4CD8-8B6B-B29F67B1BCD4%7D&gp=811142
    BHO-x32: Search(malpa)Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\tito\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2018-03-05] (Mail.Ru)
    CHR HomePage: Default -> inline.go.mail.ru
    CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811138"
    CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lhemechcanjmilllmccjbjldonmnnjjj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
    R2 mrupdsrv; C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe [1314008 2018-03-02] (Mail.Ru) <==== UWAGA
    R2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe [4053176 2018-03-02] (Mail.Ru) <==== UWAGA
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2018-03-05 02:12 - 2018-03-05 02:12 - 000000002 _____ C:\Users\tito\AppData\Local\WMI.ini
    2018-03-05 02:12 - 2018-03-05 02:12 - 000000000 ____D C:\Users\tito\AppData\LocalLow\Unity
    2018-03-05 02:12 - 2018-03-05 02:12 - 000000000 ____D C:\Users\tito\AppData\Local\Unity
    2018-03-05 02:11 - 2018-03-05 03:08 - 000000000 ____D C:\Users\tito\AppData\Local\Mail.Ru
    2018-03-05 02:11 - 2018-03-05 02:12 - 000003084 _____ C:\Windows\System32\Tasks\MailRuUpdater
    2018-03-05 02:11 - 2018-03-05 02:12 - 000000000 ____D C:\ProgramData\Mail.Ru
    2018-03-05 02:11 - 2018-03-05 02:12 - 000000000 ____D C:\Program Files (x86)\Mail.Ru
    2018-03-05 02:11 - 2018-03-05 02:11 - 000003604 _____ C:\Windows\System32\Tasks\zokidifcomkui
    2009-07-14 02:14 - 2009-07-14 02:14 - 000073216 ____N (Microsoft Corporation) C:\Users\tito\Cliunx.exe
    2018-02-08 16:24 - 2018-02-08 16:24 - 000000000 _____ () C:\Users\tito\AppData\Roaming\FC29FA0894FE.ini
    2009-07-14 02:14 - 2009-07-14 02:14 - 000186368 ____N (Microsoft Corporation) C:\Users\tito\AppData\Roaming\OiIhePr.exe
    2018-03-05 02:12 - 2018-03-05 02:12 - 000000002 _____ () C:\Users\tito\AppData\Local\WMI.ini
    C:\Users\tito\AppData\Local\Microsoft Windows\taskhost.exe
    C:\Users\tito\AppData\Local\Mail.Ru\MailRuUpdater.exe
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    Jezeli nadal cos bedzie sie wyswietlac w Chrome to usun katalog profilu przegladarki, wczesniej zgraj zakladki.

    0