Problem z wyskakującymi reklamami

[buli84]

Witam mam problem z wyskakujacymi reklamami czy kto pomoze mi stworzyc fixlist ??

 

oto moje pliki

z góry bardzo dziekuje

Addition.txt

FRST.txt

Shortcut.txt

[picasso]

Tutaj działania muszą być o wiele szersze niż tylko "fixlist". Masz m.in. aktywną infekcję DNS i zainfekowane pliki systemowe dnsapi oraz podstawione fałszywe Google Chrome. Działania do przeprowadzenia:

 

1. Klawisz z flagą Windows + X > Programy i funkcje > odinstaluj adware/PUP: ByteFence Anti-Malware, cloudfront - Uninstall (2 pozycje), qksee, WinZip, YellowSend.

 

2. Uruchom RepairDNS. Na Pulpicie powstanie log RepairDNS.txt.

 

3. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
R2 IhPul; C:\Users\Iza\AppData\Roaming\TSv\TSvr.exe [475416 2016-05-23] (tsvr.com)
R2 LegpatDL; C:\Users\Iza\AppData\Local\Temp\istFD41.tmp\tools\chr.exe [432536 2016-05-26] ()
S2 LegpatU; C:\Program Files (x86)\Legpat\Update\LegpatUpdate.exe [532888 2016-05-26] ()
R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [764432 2016-05-24] (Qksee Pvt Ltd.)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254264 2016-05-17] ()
R2 xorefetyzbt; C:\Program Files (x86)\F2AC1917-1464097197-11E2-901F-45B25C000023\knsu8C09.tmp [198144 2016-05-26] () [brak podpisu cyfrowego]
S2 DB6D9089-EF58-40AA-99B5-DA0A33D70B30; "C:\Program Files\Seypafybw\Wegkart.exe" [X]
S2 JakutBoffaa; "C:\Program Files\Seypafybw\JakutBoffaa.exe" [X]
S2 prhMngSrv; "C:\Program Files (x86)\Prehuph\prhMngSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
S2 Rikajep; "C:\Users\Iza\AppData\Roaming\BuimUnib\Soewegov.exe" -cms [X]
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S1 ckuusufs; \??\C:\WINDOWS\system32\drivers\ckuusufs.sys [X]
U3 idsvc; Brak ImagePath
U3 wpcsvc; Brak ImagePath
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => ""="Driver"
Task: {0110F5ED-BA6E-4BF0-9293-A698D2C512D1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {01613D3E-6C1A-4DFF-9613-F72BDC998DAF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {02D9C395-EC9C-4816-84CC-C7EFB7F79314} - System32\Tasks\IzaMantlepieceFrancasV2 => Rundll32.exe InsurerSequestrating.dll,main 7 1 
Task: {0994E51D-C15C-4417-85D3-87C2BEA8FD16} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {0DBBE9DB-8C9A-4C79-B624-CD9F3E62FEB4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {0F7752F8-AAEF-49AD-B5EC-807DA4D95A28} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {172C5F4C-51FD-4C34-98AA-E6E678B9B359} - System32\Tasks\IzaCoiffureArduousV2 => Rundll32.exe PrefermentFugged.dll,main 7 1 
Task: {18DAC1D1-AF9F-4F92-B801-A9E6C3E123E8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku 
Task: {213144E8-301C-4EDC-BE6A-81439A04769B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {254C570A-E1DF-4D77-9707-D7BB09C9F81E} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {294FF178-7B5D-4243-BDDB-7A6C40A40E2E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2E36D073-1F7B-468F-A448-6CACF1328779} - System32\Tasks\LegpatUpdateTaskMachineCore => C:\Program Files (x86)\Legpat\Update\LegpatUpdate.exe [2016-05-26] ()
Task: {3143B5E6-F286-4123-B586-00195D6D8F34} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku 
Task: {330B3549-3474-4491-8195-E005D5E62CDD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku 
Task: {35A60A8E-773F-4F5E-9C61-7518DF1C6281} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {3AE2F5FD-3028-4D09-B0A7-8A294F3AB3A4} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {4DC77857-5373-49E5-AC8D-E2750223014F} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-03-29] (Byte Technologies LLC) 
Task: {5ED014F8-7612-4592-8C62-51EDB1783D34} - System32\Tasks\Microsoft\Windows\Multimedia\FreeVPN => C:\Users\Iza\AppData\Roaming\FreeVPN\FreeVPN.exe 
Task: {72813F96-F5EA-4472-B454-FEC2E37B4385} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {77689255-58C2-4376-9503-6606E37BA476} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {78465056-4D8E-452B-86FE-ED890FCF1949} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku 
Task: {788AF193-BD89-4664-9A77-7DCF2342271F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {7DDA3376-B970-4FF0-B1AB-302C857ECAB2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku 
Task: {82EC55C3-4BCE-47F8-8995-E5621BD05FED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {88B93671-784F-4CDA-BBFF-20CB91D7542C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {8ABCBDDD-FDB6-4CC8-9318-D318B737408E} - System32\Tasks\LegpatUpdateTaskMachineUA => C:\Program Files (x86)\Legpat\Update\LegpatUpdate.exe [2016-05-26] ()
Task: {92F39211-1056-48C4-9352-9A4382D9B4D5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {A27565BD-0590-4DFB-8DD6-FB526C70D8DA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku 
Task: {AB7CABFB-28FF-4DFF-9973-847C3D8E565B} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\9295E8A9A28D69FB27564111359A61FB\Update\BrowserUpdate.exe 
Task: {AEA624E5-32E4-43B6-ABCB-6107F05819FF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku 
Task: {B7302643-D127-4F72-989C-11E8E6DC8361} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B80950CA-6D49-403C-828D-1DED8EE273E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku 
Task: {BD4D94BF-CC7C-485A-BEE0-D11D34AB7D38} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {BECECB53-9B81-4B56-B21E-C6D780584970} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku 
Task: {C5019ADB-7B90-4A3F-99E4-7F84E467D12D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {CCF65405-99F8-4E3E-8DB0-25DFA57D73D6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D14C2391-16A0-4C4C-A246-A1EA3C153856} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku 
Task: {D51F2D90-5E2A-4E86-A984-5D3A254E8481} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku 
Task: {D7EC235E-1404-4930-987D-F50E03514507} - System32\Tasks\Prehuph Manager => C:\Program Files (x86)\Prehuph\prhMngTsk.exe 
Task: {E39C6D5D-20D7-4B76-AD1F-CF39E83C62DD} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-03-29] (Byte Technologies LLC) 
Task: {ECCFC06B-6AF0-48CC-8017-3888BA0AE2D5} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F21F6514-638C-4A5E-86D5-63149D7217E3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku 
Task: {F3C9A86E-F329-4A7E-9E8C-B73D325B06D4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {FAA6C005-FBEE-4F65-9F1A-EDE96B0CE27E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {FABCEADE-AB6C-4586-8B28-5728E1D87AC8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku 
HKLM\...\Run: [spaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [csrssf.exe -start] => C:\ProgramData\csrssf.exe -start
HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe [221274 2016-05-22] ()
URLSearchHook: [s-1-5-21-4143302999-612070894-3059051479-1000] UWAGA => Brak domyślnego URLSearchHook
BHO: Seypafybw -> {238ABED6-FCA0-43E1-8E1B-0B668E477959} -> C:\Program Files\Seypafybw\Nekje64.dll => Brak pliku
BHO-x32: Seypafybw -> {238ABED6-FCA0-43E1-8E1B-0B668E477959} -> C:\Program Files\Seypafybw\Nekje.dll => Brak pliku
Tcpip\..\Interfaces\{8c5e9906-00aa-44cf-afdb-1cb89ec869d2}: [DhcpNameServer] 10.69.0.1 10.69.0.2
Tcpip\..\Interfaces\{2a517bdb-d22e-11e5-965d-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{2bd54341-3c34-4734-bcfe-c24b471228bc}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{885df29c-0d62-11e6-9661-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8c5e9906-00aa-44cf-afdb-1cb89ec869d2}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{953cd1b7-161a-45c5-97f0-d7f3bc995de5}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{dada748f-0fdf-4bb9-9b20-fe43f8b63eac}: [NameServer] 104.197.191.4
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKCU\Software\Mozilla
DeleteKey: HKCU\Software\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center
DeleteKey: HKLM\SOFTWARE\Mozilla
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla
DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
C:\extensions
C:\Program Files\ByteFence
C:\Program Files\Seypafybw
C:\Program Files\SeypafybwUn
C:\Program Files\SpaceSoundPro
C:\Program Files (x86)\badu
C:\Program Files (x86)\F2AC1917-1464097197-11E2-901F-45B25C000023
C:\Program Files (x86)\Legpat
C:\Program Files (x86)\Prehuph
C:\Program Files (x86)\qksee
C:\Program Files (x86)\QQBrowser
C:\Program Files (x86)\WinZipper
C:\ProgramData\xldl.dll
C:\ProgramData\4winp4
C:\ProgramData\ByteFence
C:\ProgramData\download
C:\ProgramData\Tencent
C:\ProgramData\Thunder Network
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
C:\uninst
C:\Users\Iza\AppData\Local\CoiffureArduous
C:\Users\Iza\AppData\Local\MantlepieceFrancas
C:\Users\Iza\AppData\LocalLow00BB65C0
C:\Users\Iza\AppData\LocalLow00B87638
C:\Users\Iza\AppData\LocalLow00DA5D28
C:\Users\Iza\AppData\LocalLow0115CEC0
C:\Users\Iza\AppData\LocalLow000001CA239224C8
C:\Users\Iza\AppData\LocalLow000001F4E61A7138
C:\Users\Iza\AppData\LocalLow000001D1AD4C5748
C:\Users\Iza\AppData\LocalLow000001AA940C46C8
C:\Users\Iza\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
C:\Users\Iza\AppData\LocalLow\Company
C:\Users\Iza\AppData\Roaming\{0E548921-66CF-EFD3-110A-29DDAF17A8B0}
C:\Users\Iza\AppData\Roaming\BuimUnib
C:\Users\Iza\AppData\Roaming\cpuminer
C:\Users\Iza\AppData\Roaming\eCyber
C:\Users\Iza\AppData\Roaming\Eeaxa
C:\Users\Iza\AppData\Roaming\FreeVPN
C:\Users\Iza\AppData\Roaming\gplyra
C:\Users\Iza\AppData\Roaming\TSv
C:\Users\Iza\AppData\Roaming\qksee
C:\Users\Iza\AppData\Roaming\Tencent
C:\Users\Iza\AppData\Roaming\Thinstall
C:\Users\Iza\AppData\Roaming\WinZiper
C:\Users\Iza\AppData\Roaming\YSPackage
C:\Users\Iza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\Iza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
C:\Users\Iza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk
C:\Users\Iza\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
C:\Users\Iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
C:\Users\Iza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage
C:\Users\Iza\Desktop\SpaceSoundPro.lnk
C:\Users\Public\Desktop\Google Chrome.lnk
C:\Users\Public\Documents\report.dat
C:\Users\Public\Thunder Network
C:\WINDOWS\Reimage.ini
C:\WINDOWS\ehome
C:\WINDOWS\system32\iku
C:\WINDOWS\system32\Drivers\etc\hp.bak
C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center
C:\WINDOWS\SysWOW64\*.tmp
C:\WINDOWS\SysWOW64\pl.html
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
Folder: C:\Users\Iza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions
Folder: C:\Users\Public\Documents\chrome
Hosts:
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt w folderze z którego uruchamiasz FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

4. Przeinstaluj Google Chrome od zera:

• Odinstaluj Google Chrome. Przy deinstalacji zaznacz opcję Usuń także dane przeglądarki.
• Zainstaluj najnowsze Google Chrome ze strony domowej. Podczas instalacji potwierdź ustawienie przeglądarki jako domyślnej.

5. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z zaznaczonym polem Addition. Dołącz też pliki fixlog.txt i RepairDNS.txt. Edytowane 11 Lipca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso