Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Infekcja komputerowa - Infekcja: Win32:browseFox-GA [PUP]

14 Sty 2015 19:51 861 4
  • Spec od komputerów
    Odinstaluj:
    Foxit PDF Creator Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION
    Foxit PDF Creator Toolbar Updater (HKU\S-1-5-21-1454471165-343818398-1417001333-1003\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
    Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216039FF}) (Version: 6.0.390 - Oracle)
    Windows Searchqu Toolbar (HKLM\...\Searchqu 101 MediaBar) (Version: 2.5.0.101919 - Bandoo Media Inc) <==== ATTENTION
    WindowsMangerProtect20.0.0.502 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.502 - WindowsProtect LIMITED) <==== ATTENTION

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun:
    http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner


    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1454471165-343818398-1417001333-1003\...\Run: [AdobeBridge] => [X]
    AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll => c:\progra~1\wi9130~1\datamngr\datamngr.dll File Not Found
    AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\iebho.dll => c:\progra~1\wi9130~1\datamngr\iebho.dll File Not Found
    Startup: C:\Documents and Settings\domek\Menu Start\Programy\Autostart\Adobe Media Player.lnk
    ShortcutTarget: Adobe Media Player.lnk -> C:\Program Files\Adobe Media Player\Adobe Media Player.exe (No File)
    ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => No File
    ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => No File
    ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => No File
    ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => No File
    CHR HKU\S-1-5-21-1454471165-343818398-1417001333-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts...om=cor&uid=MaxtorX6V200E0_V40CT86G&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts...om=cor&uid=MaxtorX6V200E0_V40CT86G&q={searchTerms}
    HKU\S-1-5-21-1454471165-343818398-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://start.mysearchdial.com/?f=2&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCyEzzyD0EyEzy0EyEtC0A0FzytCtN0D0Tzu0CyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1643389671&ir=" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.sweetim.com/search.asp?src=6&ptr=100&q={searchTerms}&crg=3.1010006.10029&barid={C4F40FA1-D690-11E2-874A-001485E49E41}
    SearchScopes: HKLM -> {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
    SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCyEzzyD0EyEzy0EyEtC0A0FzytCtN0D0Tzu0CyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1643389671&ir=
    SearchScopes: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.sweetim.com/search.asp?src=6&ptr=100&q={searchTerms}&crg=3.1010006.10029&barid={C4F40FA1-D690-11E2-874A-001485E49E41}
    SearchScopes: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCyEzzyD0EyEzy0EyEtC0A0FzytCtN0D0Tzu0CyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1643389671&ir=
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO: No Name -> {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -> No File
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    S3 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [X]
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    EmptyTemp:

    W FRST wybierz Fix. Po wykonaniu usun katalog C:\FRST i to wszystko.
  • Spec od komputerów
    Odinstaluj Foxit PDF Creator Toolbar,Foxit PDF Creator Toolbar Updater,Windows Searchqu Toolbar,WindowsMangerProtect20.0.0.502.Otwórz notatnik systemowy i wklej:

    Cytat:
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [249856 2005-08-11] (Macrovision Corporation)
    HKU\S-1-5-21-1454471165-343818398-1417001333-1003\...\Run: [AdobeBridge] => [X]
    AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll => c:\progra~1\wi9130~1\datamngr\datamngr.dll File Not Found
    AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\iebho.dll => c:\progra~1\wi9130~1\datamngr\iebho.dll File Not Found
    Startup: C:\Documents and Settings\domek\Menu Start\Programy\Autostart\Adobe Media Player.lnk
    ShortcutTarget: Adobe Media Player.lnk -> C:\Program Files\Adobe Media Player\Adobe Media Player.exe (No File)
    ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => No File
    ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => No File
    ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => No File
    ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => No File
    CHR HKU\S-1-5-21-1454471165-343818398-1417001333-1003\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts...om=cor&uid=MaxtorX6V200E0_V40CT86G&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts...om=cor&uid=MaxtorX6V200E0_V40CT86G&q={searchTerms}
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://start.mysearchdial.com/?f=2&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCyEzzyD0EyEzy0EyEtC0A0FzytCtN0D0Tzu0CyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1643389671&ir=" <======= ATTENTION
    SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.sweetim.com/search.asp?src=6&ptr=100&q={searchTerms}&crg=3.1010006.10029&barid={C4F40FA1-D690-11E2-874A-001485E49E41}
    SearchScopes: HKLM -> {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
    SearchScopes: HKLM -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCyEzzyD0EyEzy0EyEtC0A0FzytCtN0D0Tzu0CyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1643389671&ir=
    SearchScopes: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
    SearchScopes: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.sweetim.com/search.asp?src=6&ptr=100&q={searchTerms}&crg=3.1010006.10029&barid={C4F40FA1-D690-11E2-874A-001485E49E41}
    SearchScopes: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} URL = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtCyEzzyD0EyEzy0EyEtC0A0FzytCtN0D0Tzu0CyBtCyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1643389671&ir=
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO: No Name -> {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} -> No File
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    Toolbar: HKLM - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKU\S-1-5-21-1454471165-343818398-1417001333-1003 -> No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    S4 IntelIde; No ImagePath
    S0 mv91xx; No ImagePath
    S3 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [X]
    U1 WS2IFSL; No ImagePath
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.
  • Poziom 2  
    Zrobiłam wszystko co napisaliście, jednak problem nadal jest. Przy skanowaniu pełnym przy uruchomieniu systemu nadal win32:browseFox-GA [PUP] jest wykrywalny w katalogu windows
  • Spec od komputerów
    To moze go usun? Jezeli jest z tym jakis problem to podaj nazwe pliku oraz jego dokladna lokalizacje.