thegoodcaster

[tachion]

Do notatnika wklej:

Kod:

CloseProcesses:
CreateRestorePoint:
HKLM\...\RunOnce: [fo0a2tt0kvj] => C:\Program Files (x86)\Bathou\844478514.exe [481280 2019-11-23] (Merit) [Brak podpisu cyfrowego]
HKLM\...\RunOnce: [pst1jqysw2k] => C:\Program Files (x86)\Bathou\317253759.exe [481280 2019-11-23] (Merit) [Brak podpisu cyfrowego]
HKLM\...\RunOnce: [q2b3plsg22w] => C:\Program Files (x86)\Bathou\817915740.exe [481280 2019-11-23] (Merit) [Brak podpisu cyfrowego]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-2858759977-1372284025-741021665-1001\...\Run: [6495628] => C:\Users\paula\AppData\Local\Temp\is-PH4IE.tmp\Coursers.exe [738579 2019-11-22] ( ) [Brak podpisu cyfrowego] <==== UWAGA
HKU\S-1-5-21-2858759977-1372284025-741021665-1001\...\Run: [7464317] => C:\Users\paula\AppData\Local\Temp\is-IOF0N.tmp\Coursers.exe [738579 2019-11-22] ( ) [Brak podpisu cyfrowego] <==== UWAGA
HKU\S-1-5-21-2858759977-1372284025-741021665-1001\...\Run: [1409931] => C:\Users\paula\AppData\Local\Temp\is-LF3IV.tmp\Coursers.exe [738579 2019-11-22] ( ) [Brak podpisu cyfrowego] <==== UWAGA
HKU\S-1-5-21-2858759977-1372284025-741021665-1001\...\Run: [7947509] => "C:\Users\paula\AppData\Local\Temp\is-SUB50.tmp\Coursers.exe" /VERYSILENT <==== UWAGA
HKU\S-1-5-21-2858759977-1372284025-741021665-1001\...\Run: [2316180] => C:\Users\paula\AppData\Roaming\zq1dre1tro3\anug5mbc1sc.exe [4330381 2019-11-25] ( ) [Brak podpisu cyfrowego]
AppInit_DLLs: C:\ProgramData\Quoteex\Damjob.dll => C:\ProgramData\Quoteex\Damjob.dll [342528 2019-11-24] () [Brak podpisu cyfrowego]
AppInit_DLLs-x32: C:\ProgramData\Quoteex\Ronzimnix.dll => Brak pliku
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
Task: {1A050D5F-3A43-4D45-BEE3-DFC651F7C340} - System32\Tasks\RyVdMRuJrFpvTQ => rundll32 "C:\Program Files (x86)\FEoZIHJcyOcU2\LtyNFqrghvDym.dll",#1
Task: {2E056063-0F86-4FD9-950F-0DC18DB69802} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
Task: {4078A3FB-7011-4565-9A20-1C86BD1951AF} - System32\Tasks\gvVywgorzMDAb2 => C:\Windows\system32\wscript.exe "C:\ProgramData\KzqIhdLMAbFSuYVB\zkTrZAC.wsf"
Task: {4C48B546-F6D9-453A-8985-C43DDB046E49} - System32\Tasks\OZuycACZFPpjRdw2 => rundll32 "C:\Program Files (x86)\malhLxIDU\mAEHxg.dll",#1
Task: {6DD48B93-0A11-4F68-847F-D27299F19641} - System32\Tasks\fMbKWJvlURLuzEMtb2 => rundll32 "C:\Program Files (x86)\RbAMuAKQlBOkrQZUeUR\njxwxvc.dll",#1
Task: {F6FE7CB9-882B-4C1A-A5CB-1F446E41221C} - System32\Tasks\FtWAaXskhGyPkYAgsQK2 => rundll32 "C:\Program Files (x86)\njcqHiQFWuxsC\NUyCdlW.dll",#1
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\Windows\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\Windows\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\Windows\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
HKU\S-1-5-21-2858759977-1372284025-741021665-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYpEu3QWpfYxwNGsiS5Sz4pbehwe7cONIzJZJgtGiyRJV-qHKJD-0NDBv6AP83p-C9x0x-CDWwYtLTcPhxdjmiIr65D_OG_7co3yPfpSvtNfiQRrJjOFpFsY_VmlnotDxVf9JQ-Nlj9may4hj5gnV6GLIE5dn-p&q={searchTerms}
HKU\S-1-5-21-2858759977-1372284025-741021665-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYpEu3QWpfYxwNGsiS5Sz4pbehwe7cONIzJZJgtGiyRJV-qHKJD-0NDBv6AP83p-C99eNNeTYqRhbg1RHOgeROFllbHwx7KixeoM7hJmF5LUQopywWzbBzCGE3PsOKIL6stYjIB2YMqEVMvqDH8E8jLBDEDE1Wa
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYpEu3QWpfYxwNGsiS5Sz4pbehwe7cONIzJZJgtGiyRJV-qHKJD-0NDBv6AP83p-C9x0x-CDWwYtLTcPhxdjmiIr65D_OG_7co3yPfpSvtNfiQRrJjOFpFsY_VmlnotDxVf9JQ-Nlj9may4hj5gnV6GLIE5dn-p&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2858759977-1372284025-741021665-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYpEu3QWpfYxwNGsiS5Sz4pbehwe7cONIzJZJgtGiyRJV-qHKJD-0NDBv6AP83p-C9x0x-CDWwYtLTcPhxdjmiIr65D_OG_7co3yPfpSvtNfiQRrJjOFpFsY_VmlnotDxVf9JQ-Nlj9may4hj5gnV6GLIE5dn-p&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2858759977-1372284025-741021665-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGk3GzeHhcr-ccYpEu3QWpfYxwNGsiS5Sz4pbehwe7cONIzJZJgtGiyRJV-qHKJD-0NDBv6AP83p-C9x0x-CDWwYtLTcPhxdjmiIr65D_OG_7co3yPfpSvtNfiQRrJjOFpFsY_VmlnotDxVf9JQ-Nlj9may4hj5gnV6GLIE5dn-p&q={searchTerms}
BHO: YoutubeAdBlock -> {1C77EC69-5EA3-4241-87D8-AC5A3B0ADAD1} -> C:\Program Files (x86)\DleyWJGFVIE\teQuruW.dll => Brak pliku
BHO-x32: YoutubeAdBlock -> {1C77EC69-5EA3-4241-87D8-AC5A3B0ADAD1} -> C:\Program Files (x86)\DleyWJGFVIE\k3RMwvtS.dll => Brak pliku
S2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2019-11-24] () [Brak podpisu cyfrowego] <==== UWAGA
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11776224 2019-11-24] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 EventSvc; C:\ProgramData\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [519904 2019-11-24] (EnigmaSoft Limited -> EnigmaSoft Limited)
R3 EnigmaFileMonDriver; C:\Windows\System32\drivers\EnigmaFileMonDriver.sys [68424 2019-11-25] (EnigmaSoft Limited -> EnigmaSoft Limited)
C:\Program Files\XOA8L2ZESJ
C:\Program Files\ADHNT25FRF
C:\Program Files\4EA0HTD2Q0
C:\Users\paula\AppData\Roaming\qydosc0fukc
C:\Users\paula\AppData\Roaming\dj3ef3bj2h3
C:\Users\paula\AppData\Roaming\zq1dre1tro3
C:\ProgramData\KzqIhdLMAbFSuYVB
C:\Program Files (x86)\Bathou
C:\ProgramData\Quoteexs
C:\ProgramData\Quoteex
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
HKU\S-1-5-21-2858759977-1372284025-741021665-1001\...\StartupApproved\Run: => "7947509"
HKU\S-1-5-21-2858759977-1372284025-741021665-1001\...\StartupApproved\Run: => "1409931"
HKU\S-1-5-21-2858759977-1372284025-741021665-1001\...\StartupApproved\Run: => "7464317"
HKU\S-1-5-21-2858759977-1372284025-741021665-1001\...\StartupApproved\Run: => "6495628"
CMD: ipconfig /flushdns
CMD: netsh advfirewall set allprofiles state Off
CMD: netsh advfirewall reset
CMD: netsh int ipv4 reset all
CMD: netsh int ipv6 reset all
CMD: netsh int httpstunnel reset all
CMD: netsh int portproxy reset all
CMD: netsh int tcp reset all
CMD: ipconfig /release
CMD: ipconfig /renew
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Zapisz jako fixlist.txt i umieść obok FRST
Następnie w programie kliknij Fix, po wykonaniu pokaż raport z tego działania.

Odinstaluj:
Online Application
SpyHunter 5
YoutubeAdBlock



Następnie pobierz i zainstaluj: 

[Aby zobaczyć linki, zarejestruj się tutaj]

Uruchom klik skanuj i pokaż po skanowaniu plik dziennika.