my pc is infected

[anton sklad 0]

my pc is infected

Addition.txt

FRST.txt

scan_160405-172622.txt

[Kevin Zoll 309]

Anton,

Do the following:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-21-2225552365-1728644619-3293170878-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = 
R1 condef; C:\Windows\System32\drivers\condef.sys [56112 2015-12-11] ()
2015-11-12 19:14 - 2015-11-12 19:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-17 19:47 - 2015-11-17 19:47 - 0000268 _____ () C:\ProgramData\fontcacheev1.dat
Shortcut: C:\Users\user\Desktop\chrome - Ярлык.lnk -> C:\ProgramData\xwLfYVsns\EeTXsFI0.bat ()
Shortcut: C:\Users\user\Desktop\Рабочий стол\Мадагаскар (TM).lnk -> C:\ProgramData\kZlSshrGZqkBvn\hToAHQSobcfsyH3.bat ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\ProgramData\edsXuElFyXubD\YZWxUyaWi5.bat ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\ProgramData\edsXuElFyXubD\YZWxUyaWi5.bat ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\ProgramData\aJVfRecaG\pSkuaGOJoar0.bat ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\ProgramData\edsXuElFyXubD\YZWxUyaWi5.bat ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome - Ярлык (2).lnk -> C:\ProgramData\xwLfYVsns\EeTXsFI0.bat ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome - Ярлык.lnk -> C:\ProgramData\LHLHKRc\COQmbjjXaFVDtd0.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\ProgramData\OaYjqRa\PIMLtoMhAr4.bat ()
C:\Windows\System32\Drivers\condef.sys

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

[anton sklad 0]

Super! Thanks a lot.

[Kevin Zoll 309]

I will need to review the log generated by the FRST fix.

[anton sklad 0]

Fixlog

Fixlog.txt

[Kevin Zoll 309]

Let's take a fresh look.

Run fresh scans with Emsisoft Emergency Kit (EEK) and FRST, attach the new EEK and FRST scans to your reply.

Be sure to let me know how things are running?

[anton sklad 0]

everything works fine, I think

scan_160412-181413.txt

Addition.txt

FRST.txt

[Kevin Zoll 309]

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

R1 condef; C:\Windows\System32\drivers\condef.sys [56112 2015-12-11] ()
2015-11-12 19:14 - 2015-11-12 19:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-11-17 19:47 - 2015-11-17 19:47 - 0000268 _____ () C:\ProgramData\fontcacheev1.dat
C:\ProgramData\fontcacheev1.dat
C:\Users\Все пользователи\fontcacheev1.dat
C:\Windows\System32\Drivers\condef.sys
Shortcut: C:\Users\user\Desktop\Рабочий стол\Мадагаскар (TM).lnk -> C:\ProgramData\kZlSshrGZqkBvn\hToAHQSobcfsyH3.bat ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\ProgramData\edsXuElFyXubD\YZWxUyaWi5.bat ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\ProgramData\edsXuElFyXubD\YZWxUyaWi5.bat ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\ProgramData\aJVfRecaG\pSkuaGOJoar0.bat ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\ProgramData\edsXuElFyXubD\YZWxUyaWi5.bat ()
Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome - Ярлык.lnk -> C:\ProgramData\LHLHKRc\COQmbjjXaFVDtd0.bat (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\ProgramData\OaYjqRa\PIMLtoMhAr4.bat ()

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

[Kevin Zoll 309]

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread.