Pomoc z malware

[tachion]

Uruchom FRST. Z klawiatury CTRL+Y, zostanie otworzony plik fixlist.txt. Wklej do pliku następującą treść:

Kod:

CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-661999521-1470042451-2146426113-1001\...\Run: [YoutubeDownloader_upd] => C:\Users\Czacha\AppData\Roaming\YoutubeDownloader_upd\python\pythonw.exe [95904 2018-08-01] (Python Software Foundation) <==== UWAGA
HKU\S-1-5-21-661999521-1470042451-2146426113-1001\...\Run: [YoutubeDownloader] => C:\Users\Czacha\AppData\Roaming\YoutubeDownloader\python\pythonw.exe [95904 2018-08-01] (Python Software Foundation) <==== UWAGA
HKU\S-1-5-21-661999521-1470042451-2146426113-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7368480 2018-08-19] (Lavasoft)
ShortcutTarget: GamerHash.lnk -> C:\Users\Czacha\AppData\Local\GamerHash\GamerHashLauncher.exe (Brak pliku)
HKU\S-1-5-21-661999521-1470042451-2146426113-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-661999521-1470042451-2146426113-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
HKU\S-1-5-21-661999521-1470042451-2146426113-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-661999521-1470042451-2146426113-1001 -> DefaultScope {578ABA60-4607-4998-910A-C2BB53A5630E} URL =
SearchScopes: HKU\S-1-5-21-661999521-1470042451-2146426113-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180606__yaie&p={searchTerms}
CHR DefaultSearchURL: Default -> hxxps://defaultsearch.co/?q={searchTerms}
CHR DefaultSearchKeyword: Default -> Adaware Secure
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
R2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-06-25] () [Brak podpisu cyfrowego] <==== UWAGA
R2 Update Service; C:\Program Files\fik Branton Updater\Branton.exe [788480 2018-08-17] () [Brak podpisu cyfrowego]
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25888 2018-08-19] ()
S2 WMPNetworkAcSvc; C:\Users\Czacha\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [3920896 2018-08-16] () [Brak podpisu cyfrowego] <==== UWAGA
S2 SysSvc; "C:\Users\Czacha\AppData\Local\NtvHost\syssvc.exe" [X]
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37344 2017-04-29] (Wellbia.com Co., Ltd.)
C:\Users\Czacha\AppData\Local\Host App Service
C:\Users\Czacha\AppData\Roaming\WMPNetworkAcSvc
C:\Users\Czacha\AppData\Roaming\YoutubeDownloader_upd
C:\Users\Czacha\AppData\Roaming\YoutubeDownloader
C:\$GetCurrent
C:\Users\Czacha\AppData\Local\NtvHost
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerSnowie\PokerSnowie.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerSnowie\Uninstall PokerSnowie.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fik Branton Updater\fik Branton Updater.lnk
C:\Users\Czacha\Desktop\All\Action!.lnk
C:\Users\Czacha\Desktop\All\Resident Evil 7 Biohazard.lnk
C:\Users\Czacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks\CodeBlocks.lnk
C:\Users\Czacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager\Uninstall.lnk
C:\Users\Czacha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager\IL Download Manager.lnk
CustomCLSID: HKU\S-1-5-21-661999521-1470042451-2146426113-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => Brak pliku
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavShx64.dll -> Brak pliku
ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavShx64.dll -> Brak pliku
ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavShx64.dll -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.0\BavShx64.dll -> Brak pliku
Task: {0CDB49B5-8E83-4D69-A66D-434B211DB5F3} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
Task: {18DCC78E-77E5-4A15-9386-C3DD6EC2D558} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-12-07] ()
Task: {300728C3-4E22-431D-97AB-DF564E569C6B} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2015-09-30] (CyberLink Corp.)
Task: {4172A665-722A-4DDA-B924-C490408FFA46} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5af18994-3607-480e-9931-e58ef646d7eb => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {627C59FA-55F6-4537-80D0-AC40BF3A4E8D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4e7647c2-9ad4-400e-bd05-4bf43f2e4a75 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {62AF6B0D-3808-443D-AD9B-246E4FBB20C1} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {64CC61A3-C8BF-4BC0-BDE7-DAE9BA97DA97} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
Task: {76EC2303-A475-4960-919B-CF0A792BD2EF} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-12-07] (Lenovo)
Task: {7C9A8075-FEBA-4468-AB30-62CEC7DB9FB7} - System32\Tasks\{1D7A1174-6311-4C15-A5E9-67C044994D35} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Czacha\Desktop\sd4hide.exe -d C:\Users\Czacha\Desktop
Task: {86749754-B2A2-4CD8-B350-509AA3826C5B} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-12-07] (Lenovo)
Task: {9EA479B7-BF50-4329-A181-7383FBF16065} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c5b796a5-534a-4e15-9759-2df6d708fea7 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {A7C01690-8C02-47AF-A66F-9EDBFF822921} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-05-16] (Lenovo Group Limited)
Task: {B7F55486-4D14-44ED-9D9B-357B187871C0} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {B9581D3E-C790-4819-A866-92A832128947} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {CB94BAC8-BCC5-47F2-AAD9-7C8839B2A316} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-12-07] (Lenovo)
Task: {CE5ACB0D-4424-49D7-B726-03A0CF09B961} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\24e89678-48f4-4b2e-ad95-163ea84799d8 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {F463AC03-F7D1-4989-B25A-ACA7F71B464F} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\webAgent.exe [2015-06-12] (Lenovo)
Task: {32BF558B-FE77-43CF-A59E-AD04254EA090} - System32\Tasks\App Explorer => C:\Users\Czacha\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2018-05-29] (SweetLabs, Inc) <==== UWAGA
Task: {3C5FA4D6-6062-485E-ABC7-4CD9C9809FA6} - System32\Tasks\Branton => C:\Program Files\Branton\Branton.exe [2018-08-17] ()
Task: {4DBEC474-127E-498B-8BDF-49DCBDF0AEF0} - System32\Tasks\YoutubeDownloader_upd => C:\Users\Czacha\AppData\Roaming\YoutubeDownloader_upd\python\pythonw.exe [2018-08-01] (Python Software Foundation) <==== UWAGA
Task: {7C9A8075-FEBA-4468-AB30-62CEC7DB9FB7} - System32\Tasks\{1D7A1174-6311-4C15-A5E9-67C044994D35} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Czacha\Desktop\sd4hide.exe -d C:\Users\Czacha\Desktop
Task: {A0D5F37E-4AAC-40D4-B285-5B2BD615EDAE} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {B85BE224-BCCB-44E4-B872-6C3B6D583FAC} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2017-01-17] ()
Task: {D1A73875-9A16-4918-8A43-183229C8991B} - System32\Tasks\Branton Launcher => C:\Program Files\Branton\Branton.exe [2018-08-17] ()
Task: {E5097C10-7D91-454E-A900-6E860E40C2A5} - System32\Tasks\YoutubeDownloader => C:\Users\Czacha\AppData\Roaming\YoutubeDownloader\python\pythonw.exe [2018-08-01] (Python Software Foundation) <==== UWAGA
Task: {F41B1503-01A3-45BC-807E-103B24FDA8CB} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
AlternateDataStreams: C:\Users\Public\AppData:CSM [239]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Odinstaluj:
Branton version 1.5
IL Download Manager (skoro już nie ma głównego programu)
Lenovo App Explorer
Lenovo Photo Master
Lenovo PowerDVD12
Lenovo QuickOptimizer
Lenovo Solution Center
Metric Collection SDK 35
PokerSnowie
REACHit
User Manuals
Web Companion (Hijacker) oprogramowanie chyba poszło w inną stronę.

Odinstaluj rozszerzenia w Google Chrome (Hijacker)
CHR Extension: (Adaware Ad Block) - C:\Users\Czacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmllgdnjnkbapbchnebiedipojhmnjej [2018-08-18]
CHR Extension: (Adaware Secure) - C:\Users\Czacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj [2018-08-16]
CHR Extension: (Adaware Web Protection) - C:\Users\Czacha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnooggpliipegmffiolegeppbgkclbpi [2018-08-18]

Odinstaluj reklamotwórczy µTorrent i zacznij korzystac z qbittorrent

[Aby zobaczyć linki, zarejestruj się tutaj]

Ściągnij program

[Aby zobaczyć linki, zarejestruj się tutaj]

uruchom, kliknij Skanuj teraz i następnie Oczyść
Pokaż raport z tego działania.

Na komputerze jak i na routerze podaj takie dnsy:
podstawowy - 1.1.1.1 
pomocniczy - 1.0.0.1

Zrób nowe logi i przedstaw z FRST.txt > Addition.txt > Shortcut.txt