jeszcze nie przeglądałem logów, ale mogę się założyć, że to chińska infekcja.
1) Otwórz Notatnik i wklej w nim:
Task: {B42C78A1-FE81-4273-9548-C97EAC717F83} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-11-16] (UCWeb Inc) <==== ATTENTION
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
RemoveDirectory: C:\Program Files (x86)\UCBrowser
C:\Program Files (x86)\KuaiZip
C:\Users\Gaspard\AppData\Roaming\Riperseseterty
c:\program files (x86)\anakury
Tcpip\..\Interfaces\{58F805F0-975F-4875-B45D-CA65C4DB06FB}: [NameServer] 188.120.239.115,8.8.8.8
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450]
FirewallRules: [{B1F74C73-8567-41D8-8858-E3824435714A}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{FE3774F3-F942-47C7-8D33-BB823D25697F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
2016-11-06 21:24 - 2016-11-21 15:48 - 00000000 ____D C:\Program Files (x86)\Anakury_
2016-11-06 21:24 - 2016-11-06 21:27 - 00000000 ____D C:\Program Files (x86)\Anakury
2016-11-06 21:24 - 2016-11-06 21:24 - 00000000 ____D C:\Users\Gaspard\AppData\Roaming\Riperseseterty
2016-11-06 21:24 - 2016-11-06 21:24 - 00000000 ____D C:\Users\Gaspard\AppData\Local\Atahitaincoutain
2016-11-06 21:23 - 2016-11-06 21:23 - 00000000 _____ C:\TOSTACK
2016-11-08 22:49 - 2016-11-08 22:49 - 00000000 ____D C:\Users\Gaspard\AppData\LocalLow0143C920
2016-11-08 11:10 - 2016-11-08 11:10 - 00000000 ____D C:\WINDOWS\system32\zedl
2016-11-08 10:40 - 2016-11-21 15:48 - 00000000 ____D C:\Users\Gaspard\AppData\LocalLow\Company
2016-11-08 10:40 - 2016-11-08 10:40 - 00000000 ____D C:\Users\Gaspard\AppData\Local\Tempfolder
2016-11-08 01:24 - 2016-11-21 15:49 - 00000000 ___HD C:\Users\Gaspard\AppData\Local\Temp1
2016-11-08 01:24 - 2016-11-21 15:49 - 00000000 ___HD C:\Program Files (x86)\Youtube AdBlock1
2016-11-08 01:24 - 2016-11-08 01:24 - 00000000 ___HD C:\WINDOWS\Temp1
2016-11-08 01:24 - 2016-11-08 01:24 - 00000000 ___HD C:\Users\Gaspard\AppData\LocalLow\Youtube AdBlock1
2016-11-06 22:03 - 2016-11-07 09:35 - 00001567 _____ C:\Users\Gaspard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
2016-11-06 22:03 - 2016-11-07 09:35 - 00000000 ____D C:\Users\Gaspard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
2016-11-06 21:59 - 2016-11-21 16:29 - 00000484 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2016-11-06 21:59 - 2016-11-21 16:15 - 00003440 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2016-11-06 21:59 - 2016-11-21 15:28 - 00000000 ____D C:\Program Files (x86)\KuaiZip
2016-11-06 21:59 - 2016-11-17 09:42 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-11-06 21:59 - 2016-11-06 21:59 - 00000000 ____D C:\Users\Gaspard\AppData\Local\UCBrowser
2016-11-06 21:58 - 2016-11-06 21:58 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
R2 Drccult; C:\Program Files (x86)\Anakury\ShezergeDbg.dll [273408 2016-11-06] () [Fichier non signé]
SearchScopes: HKU\S-1-5-21-3097350620-3087235598-687270976-1001 -> DefaultScope {522C369C-1876-49CA-87F3-DDA5BE7FDC33} URL =
SearchScopes: HKU\S-1-5-21-3097350620-3087235598-687270976-1001 -> {522C369C-1876-49CA-87F3-DDA5BE7FDC33} URL =
ShortcutTarget: helper.lnk -> C:\Users\Gaspard\AppData\Roaming\WindowsServices\helper.vbs (Pas de fichier)
GroupPolicy: Restriction - Chrome <======= ATTENTION
ShellExecuteHooks: - {46094C54-9CE1-11E6-9FFD-64006A5CFC23} - C:\Users\Gaspard\AppData\Roaming\Riperseseterty\Linelystowusp.dll [146944 2016-11-06] ()
HKU\S-1-5-21-3097350620-3087235598-687270976-1001\...\Run: [BingSvc] => C:\Users\Gaspard\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
C:\Users\Gaspard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
C:\Users\Gaspard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
C:\Users\Gaspard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\UC浏览器.lnk
ShortcutWithArgument: C:\Users\Gaspard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器\卸载UC浏览器.lnk -> C:\Program Files (x86)\UCBrowser\Application\Uninstall.exe (UCWeb Inc.) -> --uninstall
HOSTS:
EmptyTemp:
>>Menu Notatnika >> Plik >>
>>Zapisz jako >>
Nazwa pliku:
fixlistZapisz jako typ:
Dokumenty tekstoweKodowanie:
UTF -8>>Zapisz
Plik umieść w folderze D:\Nouveau dossier
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
2) Użyj
RepairDNS >
http://www.fixitpc.pl/topic/8-dezynfekcja-zbi%C3%B3r-narz%C4%99dzi-usuwaj%C4%85cych/#entry172749Link zapasowy > http://www.mediafire.com/download/yedejtr7p4q36zm/RepairDNS.zip
Daj z tego raport.
3) Zrób nowe logi FRST.
.