Skocz do zawartości

Jurejjaeb


kawa69

Rekomendowane odpowiedzi

Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

Jest tu potworna ilość adware/PUP oraz fałszywe profile wstawione w przeglądarkach Chrome i Firefox... Działania wstępne do przeprowadzenia:

 

1. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
R2 MaohaWifiSvr; C:\Program Files\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe [170464 2014-12-18] (猫哈网络 版权所有)
R2 Mogileghekpy; C:\Program Files\Gruheph\Mwscloud.dll [277504 2016-10-21] () [brak podpisu cyfrowego]
S3 ucdrv; C:\Windows\System32\drivers:ucdrv-x86.sys [69010 ] (UC Web Inc.) <==== UWAGA
R1 MaohaWifiNetPro; \??\C:\Program Files\GreatMaker\MaohaWiFi\MaoHaWiFiNet.sys [X]
HKLM\...\Providers\04946f7y: C:\Users\UpdatusUser\AppData\LocalLow\Youtube AdBlock_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\0k8tte2j: C:\Users\MATEUSZ\AppData\Local\Google\Chrome\User Data_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\0ljj4oi5: C:\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\0oao8zaf: C:\Windows\Temp_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\0ps778jc: e:\mazury 2 2015_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\1h61wcsd: e:\mazury 2 2015_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\224mwbyp: E:\mazury 2015\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\28ylz3qh: C:\Users\DAMIAN\AppData\LocalLow\Youtube AdBlock_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\29mvacy5: C:\Users\pipek\AppData\Local\Temp_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\2coon5vi: e:\mazury 2 2015\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\2urry2cn: d:\katalogi_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\2ymkb0ok: C:\Users\pipek\AppData\Roaming\Opera Software\Opera Stable_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\332yyp3l: C:\Users\DAMIAN\AppData\Local\Google\Chrome\User Data\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\33zn95n9: C:\Users\MATEUSZ\AppData\Local\Temp\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\3s7fuaih: c:\_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\3ykv4qz7: C:\Users\DAMIAN\AppData\Local\Google\Chrome\User Data_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\3yzx6wwm: C:\Users\pipek\AppData\Local\Temp\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\44ubtcoz: E:\mazury 2015_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\463q6jzc: C:\Users\pipek\AppData\Local\Google\Chrome\User Data_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\490kqvpw: C:\Users\DAMIAN\AppData\Roaming\Opera Software\Opera Stable_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\4a4vsm9h: C:\Windows\Temp\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\4t86ip39: C:\Users\MATEUSZ\AppData\LocalLow\Youtube AdBlock\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\51j78t2s: C:\Users\pipek\AppData\Local\Google\Chrome\User Data\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\5yrgbsoo: C:\Users\DAMIAN\AppData\Local\Temp_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\67pd86ir: C:\Users\DAMIAN\AppData\Local\Temp\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\6aazv9sw: d:\hip hop\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\6v47rmaw: D:\Hip Hop_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\7zrpfh4r: C:\Users\DAMIAN\AppData\Local\Google\Chrome\User Data\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\94wpkk60: C:\Users\pipek\AppData\LocalLow\Youtube AdBlock\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\9f3z8q7i: d:\katalogi\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\9l9k3t9m: C:\Users\pipek\AppData\Local\Temp_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\a0pyjr7g: C:\Users\MATEUSZ\AppData\Roaming\Opera Software\Opera Stable_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\a911vv07: C:\Program Files\Youtube AdBlock\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\afn3mx7n: C:\Users\UpdatusUser\AppData\Local\Temp\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\amxi9m62: E:\mazury 2 2015\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\apzmy4ko: C:\Users\MATEUSZ\AppData\Roaming\Opera Software\Opera Stable\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\awv7p3we: D:\Hip Hop_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\c01qizb6: d:\hip hop_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\cgqxvi7k: C:\Program Files\Mozilla Firefox\browser\features_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\cxlb65dn: C:\_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\dg76wkaf: C:\Users\DAMIAN\AppData\Roaming\Opera Software\Opera Stable_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\dq0u3v2u: C:\Users\pipek\AppData\Roaming\Opera Software\Opera Stable\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\dz9f3m5e: C:\Users\DAMIAN\AppData\Roaming\Opera Software\Opera Stable\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\e2xd893s: d:\katalogi\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\ego7d5rs: c:\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\eix20zao: C:\Users\UpdatusUser\AppData\Local\Temp_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\eqnd7oct: C:\Users\DAMIAN\AppData\Roaming\Opera Software\Opera Stable\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\f2qwxq8c: C:\Users\pipek\AppData\LocalLow\Youtube AdBlock_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\fpiiqsre: C:\Users\MATEUSZ\AppData\Roaming\Opera Software\Opera Stable_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\fqcewcx8: C:\Users\MATEUSZ\AppData\Local\Temp_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\g13h6f8q: D:\katalogi_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\gnnn00bz: C:\Users\DAMIAN\AppData\LocalLow\Youtube AdBlock_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\h8omagr8: C:\Users\MATEUSZ\AppData\Local\Google\Chrome\User Data\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\h9f05g8n: C:\Program Files\Youtube AdBlock_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\hxxi7pxz: E:\mazury 2 2015_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\ihymuzii: C:\Users\DAMIAN\AppData\LocalLow\Youtube AdBlock\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\ix1rwdwp: e:\mazury 2 2015\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\izoyrbhx: C:\Users\DAMIAN\AppData\Local\Google\Chrome\User Data_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\jfsza3z5: E:\mazury 2015_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\jzr5umca: C:\Users\MATEUSZ\AppData\Local\Google\Chrome\User Data\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\k0t5zryc: C:\Program Files\Youtube AdBlock\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\knuhr082: C:\Users\pipek\AppData\Roaming\Opera Software\Opera Stable\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\m2axiw3l: d:\katalogi_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\m7kl87xg: C:\Users\MATEUSZ\AppData\Local\Temp_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\m7sbha9q: C:\Users\UpdatusUser\AppData\LocalLow\Youtube AdBlock\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\m8z4px8t: C:\Users\MATEUSZ\AppData\Local\Temp\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\ml2vmzi5: C:\Windows\Temp\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\n0m16dba: C:\Users\MATEUSZ\AppData\LocalLow\Youtube AdBlock_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\nqzb6anv: d:\hip hop_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\nte8qk0d: D:\katalogi\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\nyctbjac: C:\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\o374i3a1: c:\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\on8n976h: D:\Hip Hop\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\phhcp8p4: C:\Users\pipek\AppData\LocalLow\Youtube AdBlock_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\pj272zwp: C:\Program Files\Mozilla Firefox\browser\features\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\pko9h5lm: C:\Users\MATEUSZ\AppData\LocalLow\Youtube AdBlock_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\qfk5c0vl: d:\hip hop\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\qkzdwrwe: D:\katalogi\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\rnxfhqok: D:\Hip Hop\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\rqk37jq4: D:\katalogi_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\s9zjgbv9: C:\Users\pipek\AppData\LocalLow\Youtube AdBlock\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\sjzxr4di: C:\Users\pipek\AppData\Local\Google\Chrome\User Data_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\swn2dj7h: C:\Program Files\Youtube AdBlock_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\szd4kdzr: C:\Users\DAMIAN\AppData\LocalLow\Youtube AdBlock\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\tbct2d5j: C:\Users\UpdatusUser\AppData\LocalLow\Youtube AdBlock_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\ucn014e6: c:\_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\uu7y1yjh: C:\_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\v5api39c: C:\Users\pipek\AppData\Roaming\Opera Software\Opera Stable_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\v7ktan23: C:\Users\MATEUSZ\AppData\Local\Google\Chrome\User Data_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\vgmbjaiq: C:\Users\DAMIAN\AppData\Local\Temp\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\whkvzb96: C:\Users\UpdatusUser\AppData\Local\Temp\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\wuhwe0n3: C:\Users\DAMIAN\AppData\Local\Temp_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\wwogu1kp: C:\Windows\Temp_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\x3c3fx9j: C:\Users\MATEUSZ\AppData\LocalLow\Youtube AdBlock\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\x7t9n3vv: C:\Users\UpdatusUser\AppData\Local\Temp_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\y8uz9yhl: C:\Users\pipek\AppData\Local\Temp\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\ymn5kj0g: C:\Users\UpdatusUser\AppData\LocalLow\Youtube AdBlock\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\z0vsc8qz: E:\mazury 2 2015\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\z6iux0t6: C:\Users\MATEUSZ\AppData\Roaming\Opera Software\Opera Stable\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\z8dsz5u4: C:\Users\pipek\AppData\Local\Google\Chrome\User Data\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\z9qbe20i: C:\Program Files\Mozilla Firefox\browser\features_\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\zju2yh6k: C:\Program Files\Mozilla Firefox\browser\features\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\zs4m3gbr: E:\mazury 2015\\local32spl.dll [145408 2016-10-22] ()
HKLM\...\Providers\zske1dn3: E:\mazury 2 2015_\local32spl.dll [145408 2016-10-22] ()
Task: {1D2098D5-0A39-48F6-A95C-8307A6809E8E} - System32\Tasks\{4A136A37-DBC0-49BD-B67F-B00F0EEB76E2} => pcalua.exe -a C:\Users\pipek\AppData\Roaming\mystartsearch\Uninstall.exe
Task: {31CBA13D-1DA6-4840-8B4C-74A39DB50C17} - \pipekNonvascularSolecismV2 -> Brak pliku <==== UWAGA
Task: {7174123B-1A14-4D90-8E08-DC1F64B5B2C3} - System32\Tasks\Rersipy Client => C:\Program Files\Gruheph\igasy.exe [2016-10-21] (VideoLAN)
Task: {78EA48FB-2670-47B6-8247-FD9C230A4CC7} - System32\Tasks\{3A1C8BE3-06DD-43AB-A876-E63E321D5A4B} => pcalua.exe -a "C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Task: {96625BDD-7665-4437-A670-AD1FC8358472} - System32\Tasks\SecureUpdater => C:\Program Files\UCBrowser\Application\uclauncher.exe <==== UWAGA
Task: {D0B2FBA2-2FF5-4CD7-A7FB-FDD4EC9DAD28} - System32\Tasks\{D4B59D7D-84A9-4A3A-94ED-D39919D2E0FD} => pcalua.exe -a C:\Users\pipek\Desktop\WLAN_Intel(SP1x2HABG)_v.12.4.1.11_Win7x86x64\Win7\s32\iProDifX.exe -d C:\Users\pipek\Desktop\WLAN_Intel(SP1x2HABG)_v.12.4.1.11_Win7x86x64\Win7\s32
Task: {E7B45E32-C300-4026-8666-50F2E5B2E550} - System32\Tasks\4b61d06ef0356dc7e0a79eadfc7c48a5 => Rundll32.exe "C:\Program Files\Windows NT\jfszy2.dll",e62dc6c6547f46bda862da2d05af6862
HKU\S-1-5-21-3091924290-661932203-592501800-1004\...\RunOnce: [ALLPlayer Remote Update] => C:\Users\DAMIAN\AppData\Local\Temp\ALLRemote.exe <===== UWAGA
BootExecute: autocheck autochk /r \??\C:autocheck autochk *
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
ShortcutWithArgument: C:\Users\MATEUSZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\MATEUSZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\pipek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\pipek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\S-1-5-21-3091924290-661932203-592501800-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FirewallRules: [{86190DFD-FB7F-4222-AF5E-F5B582C4071F}] => (Allow) C:\Users\DAMIAN\AppData\Local\Temp\is-J9CCE.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{C151BD3F-3757-456B-989D-DA6306818F21}] => (Allow) C:\Program Files\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
DeleteKey: HKLM\SOFTWARE\Google\Chrome\Extensions
DeleteKey: HKLM\SOFTWARE\Microsoft\Microsoft Antimalware
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
DeleteKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x86.sys [69010]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1157922]
C:\local32spl.dll
C:\_
C:\http
C:\Program Files\7DF8AE40-1477055635-11DC-A6AD-001E68D5EA8B
C:\Program Files\DivX
C:\Program Files\GreatMaker
C:\Program Files\Gruheph
C:\Program Files\mpck
C:\Program Files\Yhid
C:\Program Files\Windows 7 Activator
C:\Program Files\Youtube AdBlock
C:\Program Files\Youtube AdBlock_
C:\Program Files\Mozilla Firefox\browser\features\local32spl.dll
C:\Program Files\Mozilla Firefox\browser\features_
C:\Program Files\Windows NT\jfszy2.dll
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\ProgramData\service.exe
C:\ProgramData\AVAST Software
C:\ProgramData\Avira
C:\ProgramData\Logic Handler
C:\ProgramData\NetworkPacketManitor
C:\ProgramData\Quoteex
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk
C:\TOSTACK
C:\uninst
C:\Users\DAMIAN\AppData\Local\ContritelyCrenated
C:\Users\DAMIAN\AppData\Local\Grisale
C:\Users\DAMIAN\AppData\Local\Google\Chrome\User Data\local32spl.dll
C:\Users\DAMIAN\AppData\Local\Google\Chrome\User Data_
C:\Users\DAMIAN\AppData\Local\Temp_
C:\Users\DAMIAN\AppData\Local\Tempfolder
C:\Users\DAMIAN\AppData\Local\UCBrowser
C:\Users\DAMIAN\AppData\LocalLow\Company
C:\Users\DAMIAN\AppData\LocalLow\Youtube AdBlock
C:\Users\DAMIAN\AppData\LocalLow\Youtube AdBlock_
C:\Users\DAMIAN\AppData\Roaming\*.*
C:\Users\DAMIAN\AppData\Roaming\Drerhty
C:\Users\DAMIAN\AppData\Roaming\Geunfy
C:\Users\DAMIAN\AppData\Roaming\GowvePitpagf
C:\Users\DAMIAN\AppData\Roaming\Milestone
C:\Users\DAMIAN\AppData\Roaming\SimpleNotepad4
C:\Users\DAMIAN\AppData\Roaming\ssn
C:\Users\DAMIAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\DAMIAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MaohaWiFi.lnk
C:\Users\DAMIAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Ореrа.lnk
C:\Users\DAMIAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk
C:\Users\DAMIAN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk
C:\Users\DAMIAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
C:\Users\DAMIAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk
C:\Users\DAMIAN\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
C:\Users\DAMIAN\AppData\Roaming\Opera Software\Opera Stable\local32spl.dll
C:\Users\DAMIAN\AppData\Roaming\Opera Software\Opera Stable_
C:\Users\DAMIAN\Desktop\AutoTime.lnk
C:\Users\MATEUSZ\AppData\Local\Google\Chrome\User Data\local32spl.dll
C:\Users\MATEUSZ\AppData\Local\Google\Chrome\User Data_
C:\Users\MATEUSZ\AppData\Local\Temp_
C:\Users\MATEUSZ\AppData\LocalLow\Youtube AdBlock
C:\Users\MATEUSZ\AppData\LocalLow\Youtube AdBlock_
C:\Users\MATEUSZ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk
C:\Users\MATEUSZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
C:\Users\MATEUSZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk
C:\Users\MATEUSZ\AppData\Roaming\Opera Software\Opera Stable\local32spl.dll
C:\Users\MATEUSZ\AppData\Roaming\Opera Software\Opera Stable_
C:\Users\pipek\AppData\Local\Google\Chrome\User Data\local32spl.dll
C:\Users\pipek\AppData\Local\Google\Chrome\User Data_
C:\Users\pipek\AppData\Local\Temp_
C:\Users\pipek\AppData\LocalLow\Youtube AdBlock
C:\Users\pipek\AppData\LocalLow\Youtube AdBlock_
C:\Users\pipek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk
C:\Users\pipek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk
C:\Users\pipek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk
C:\Users\pipek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ореrа.lnk
C:\Users\pipek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
C:\Users\pipek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk
C:\Users\pipek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WаrТhundеr.lnk
C:\Users\pipek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
C:\Users\pipek\AppData\Roaming\Opera Software\Opera Stable\local32spl.dll
C:\Users\pipek\AppData\Roaming\Opera Software\Opera Stable_
C:\Users\pipek\Desktop\Uplay.lnk
C:\Users\pipek\Desktop\WаrТhundеr.lnk
C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
C:\Users\Public\Desktop\Моzillа Firеfох.lnk
C:\Users\Public\Desktop\Ореrа.lnk
C:\Users\UpdatusUser\AppData\Local\Temp_
C:\Users\UpdatusUser\AppData\LocalLow\Youtube AdBlock
C:\Users\UpdatusUser\AppData\LocalLow\Youtube AdBlock_
C:\Windows\Temp_
C:\Windows\system\trfa
D:\Hip Hop\local32spl.dll
D:\Hip Hop_
D:\katalogi\local32spl.dll
D:\katalogi_
E:\mazury 2015\local32spl.dll
E:\mazury 2015_
E:\mazury 2 2015\local32spl.dll
E:\mazury 2 2015_
Hosts:
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Z menu Notatnika > Plik > Zapisz jako > wprowadź nazwę fixlist.txt > Kodowanie zmień na UTF-8

 

Plik fixlist.txt umieść w folderze z którego uruchamiasz FRST. Przejdź w Tryb awaryjny Windows. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu, opuść Tryb awaryjny. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

 

2. Zostały usunięte wszystkie skróty przeglądarek (zawierały ukrytą Cyrylicę) z wszystkich kont. Odtwórz ręcznie skróty w wybranych miejscach. Następnie wyczyść przeglądarki z adware:

 

Firefox:

 

Uruchom Firefox i wyeksportuj zakładki, o ile jest co eksportować... Następnie zamknij Firefox i wywołaj menedżer profilów poprzez klawisz z flagą Windows + R i wklejenie poniższej komendy w polu Uruchom i OK:

 

"C:\Program files\Mozilla Firefox\firefox.exe" -p

 

W menedżerze usuń wszystkie widoczne profile i załóż nowy, zaloguj się na niego.

 

Google Chrome:

 

Ustawienia > karta Ustawienia > Osoby > na liście powinien być widoczny profil wstawiony przez adware pod nazwą user0. Należy ten profil usunąć i założyć nowy opcją Dodaj osobę.

 

 

3. W systemie jest więcej kont i wszystkie zdają się być zainfekowane:

 

==================== Konta użytkowników: =============================

DAMIAN (S-1-5-21-3091924290-661932203-592501800-1004 - Administrator - Enabled) => C:\Users\DAMIAN
MATEUSZ (S-1-5-21-3091924290-661932203-592501800-1003 - Limited - Enabled) => C:\Users\MATEUSZ
pipek (S-1-5-21-3091924290-661932203-592501800-1000 - Administrator - Enabled) => C:\Users\pipek

 

Są potrzebne logi z wszystkich kont. Po kolei zaloguj się na każde poprzez pełny restart komputera (a nie opcje Wyloguj / Przełącz użytkownika) i na każdym zrób logi FRST z opcji Skanuj (Scan) czyli FRST.txt i Addition.txt, bez Shortcut. Na koncie limitowanym Mateusz uruchom FRST przez dwuklik, a nie Uruchom jako administrator, by nie zmienił się kontekst konta.

 

 

Dołącz też plik fixlog.txt.

Odnośnik do komentarza

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...