Elektroda.pl
Elektroda.pl
X

Search our partners

Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Logi OTL - bardzo zainfekowany komputer

wojkorz 27 Oct 2014 15:58 783 3
  • #1
    wojkorz
    Level 9  
    Przeczyscilem go juz ccleanerem, spy botem i mbamem. Proszę o sprawdzenie logow OTL.
  • #4
    Kolobos
    IT specialist
    Odinstaluj:
    Foxy Secure (HKLM-x32\...\Foxy Secure) (Version: 6 - )
    mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    Hosts: 54.225.95.126 bnbaolfhobbbokdcmfiplbokkokobjgc
    FF NewTab: chrome://quick_start/content/index.html
    FF DefaultSearchEngine: sweet-page
    FF SelectedSearchEngine: sweet-page
    FF Extension: Ultra Finder - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4xf9gtvl.default\Extensions\{60984d64-3925-4636-a8c2-1b22a35f133f} [2014-10-06]
    CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1414342331&from=tt4u&uid=HitachiXHTS725050A9A364_110619PCK404GLHSE4MJX
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1414342331&from=tt4u&uid=HitachiXHTS725050A9A364_110619PCK404GLHSE4MJX"
    CHR DefaultSearchKeyword: Default -> mystartsearch
    CHR Extension: (AdvanceElite) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkbbmldjcnhopjhpifcocnmkooiadpbb [2014-10-15]
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-09-29] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-09-29] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-09-29] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-09-29] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
    2014-10-27 16:15 - 2014-10-27 16:15 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Elex-tech
    2014-10-27 16:10 - 2014-10-27 16:13 - 00000000 ____D () C:\AdwCleaner
    2014-10-27 16:09 - 2014-10-27 16:09 - 01998336 _____ () C:\Users\Admin\Downloads\adwcleaner_4.002_www.INSTALKI.pl.exe
    2014-10-27 11:44 - 2014-10-27 11:44 - 00370520 _____ () C:\Users\Admin\Downloads\SoftonicDownloader_dla_spybot-search-destroy.exe
    2014-10-21 19:52 - 2014-10-21 19:52 - 00370528 _____ () C:\Users\Admin\Downloads\SoftonicDownloader_for_clean-master-for-pc.exe
    2014-10-01 11:26 - 2014-10-01 11:26 - 00747456 _____ () C:\Users\Admin\Downloads\Spybot-Search-Destroy(12546)-dp (1).exe
    2014-10-01 11:22 - 2014-10-01 11:24 - 00745996 _____ () C:\Users\Admin\Downloads\Spybot-Search-Destroy(12546)-dp.exe
    2014-10-01 11:20 - 2014-10-01 11:20 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
    2014-10-01 11:20 - 2014-09-22 13:13 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2014-10-01 11:19 - 2014-10-01 11:19 - 00896584 _____ (Elex do Brasil Participações Ltda) C:\Users\Admin\Downloads\yet_another_cleaner_gam.exe
    2014-10-01 11:08 - 2014-10-01 11:09 - 03581168 _____ (tuneuppro.com ) C:\Users\Admin\Downloads\setup.exe
    2014-09-28 10:42 - 2014-09-28 10:42 - 00896584 _____ (Elex do Brasil Participações Ltda) C:\Users\Admin\Downloads\yet_another_cleaner_reh (3).exe
    EmptyTemp:

    W FRST wybierz Fix. Usun katalog C:\Frst i to wszystko.