Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Oursurfing itd pobrałem coś i zainfekowało laptopa - Logi FRST i OTL.

Sleasch 09 Paź 2015 16:42 429 3
  • CControls
  • #2 09 Paź 2015 17:17
    Acorus 20
    Spec od komputerów

    Odinstaluj McAfee Security Scan Plus, SpyHunter 4. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {02AE0896-946C-43E4-90C9-7FE1710AD123} - System32\Tasks\NP8YZSKKETI3OECHZK2aPHlxYP => C:\Users\Beata\AppData\Roaming\NP8YZSKKETI3OECHZK2aPHlxYP.exe <==== UWAGA
    Task: {23AF9EEE-C595-4ED6-8B40-4CC92B7CD077} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-10-09] (Enigma Software Group USA, LLC.)
    Task: {44E77458-82E9-4E25-AD95-3BDB44760479} - System32\Tasks\h7ik0EfNyuCJSuD6xQjPsSTYZ => C:\Users\Beata\AppData\Roaming\h7ik0EfNyuCJSuD6xQjPsSTYZ.exe <==== UWAGA
    Task: {4EE12380-0C7A-4AD1-87AC-4C61C36889A2} - System32\Tasks\QLbEDYfRwC8lbZaQH4c => C:\Users\Beata\AppData\Roaming\QLbEDYfRwC8lbZaQH4c.exe <==== UWAGA
    Task: {A4733560-E106-4A1B-8013-51033EE84F83} - System32\Tasks\JnBQOJL => C:\Users\Beata\AppData\Roaming\JnBQOJL.exe <==== UWAGA
    Task: {C648A624-2C1B-4CAB-97E9-0CC049978290} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAGA
    Task: {DE34EF84-C19B-4E81-A41F-21B6F72B9A06} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAGA
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAGA
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAGA
    Task: C:\Windows\Tasks\h7ik0EfNyuCJSuD6xQjPsSTYZ.job => C:\Users\Beata\AppData\Roaming\h7ik0EfNyuCJSuD6xQjPsSTYZ.exe <==== UWAGA
    Task: C:\Windows\Tasks\JnBQOJL.job => C:\Users\Beata\AppData\Roaming\JnBQOJL.exe <==== UWAGA
    Task: C:\Windows\Tasks\NP8YZSKKETI3OECHZK2aPHlxYP.job => C:\Users\Beata\AppData\Roaming\NP8YZSKKETI3OECHZK2aPHlxYP.exe <==== UWAGA
    Task: C:\Windows\Tasks\QLbEDYfRwC8lbZaQH4c.job => C:\Users\Beata\AppData\Roaming\QLbEDYfRwC8lbZaQH4c.exe <==== UWAGA
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== UWAGA
    HKLM-x32\...\Run: [mbot_pl_014010109] => [X]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-12-13]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=toshibaxmk6465gsxn_51a6fg26sxx51a6fg26s




    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=toshibaxmk6465gsxn_51a6fg26sxx51a6fg26s
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts...oshibaxmk6465gsxn_51a6fg26sxx51a6fg26s&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts...oshibaxmk6465gsxn_51a6fg26sxx51a6fg26s&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=toshibaxmk6465gsxn_51a6fg26sxx51a6fg26s
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=toshibaxmk6465gsxn_51a6fg26sxx51a6fg26s
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts...oshibaxmk6465gsxn_51a6fg26sxx51a6fg26s&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts...oshibaxmk6465gsxn_51a6fg26sxx51a6fg26s&q={searchTerms}
    HKU\S-1-5-21-3336343170-2957943605-384112564-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=toshibaxmk6465gsxn_51a6fg26sxx51a6fg26s
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3336343170-2957943605-384112564-1000 -> {02369D42-0388-41CD-9B20-1F218E6AAFF7} URL = hxxp://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
    SearchScopes: HKU\S-1-5-21-3336343170-2957943605-384112564-1000 -> {13D75847-1A34-41FB-A532-766FFEC1422B} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
    SearchScopes: HKU\S-1-5-21-3336343170-2957943605-384112564-1000 -> {2FD17061-5671-408C-8251-4E127048CB4F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3336343170-2957943605-384112564-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts...oshibaxmk6465gsxn_51a6fg26sxx51a6fg26s&q={searchTerms}
    BHO: Brak nazwy -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> Brak pliku
    BHO-x32: Brak nazwy -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> Brak pliku
    FF DefaultSearchEngine: oursurfing
    FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=toshibaxmk6465gsxn_51a6fg26sxx51a6fg26s
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-10-08] (globalUpdate)
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-10-08] (globalUpdate)
    FF Plugin HKU\S-1-5-21-3336343170-2957943605-384112564-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Beata\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll Brak pliku
    FF Plugin HKU\S-1-5-21-3336343170-2957943605-384112564-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Beata\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll Brak pliku
    FF SearchPlugin: C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\lbidqopx.default-1417027650367\searchplugins\oursurfing.xml [2015-10-08]
    FF Extension: deskCut - C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\lbidqopx.default-1417027650367\Extensions\deskCutv2@gmail.com [2015-10-08]
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\lbidqopx.default-1417027650367\extensions\deskCutv2@gmail.com
    R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-10-09] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-10-09] ()
    S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    2015-10-09 16:08 - 2015-10-09 16:08 - 00003322 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2015-10-09 16:08 - 2015-10-09 16:08 - 00001094 _____ C:\Users\Beata\Desktop\SpyHunter.lnk
    2015-10-09 16:08 - 2015-10-09 16:08 - 00000000 ____D C:\Users\Beata\AppData\Roaming\Enigma Software Group
    2015-10-09 16:08 - 2015-10-09 16:08 - 00000000 ____D C:\sh4ldr
    2015-10-09 16:07 - 2015-10-09 16:07 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2015-10-09 16:07 - 2015-10-09 16:07 - 00000000 ____D C:\Program Files\Enigma Software Group
    2015-10-09 16:06 - 2015-10-09 16:07 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Beata\Downloads\sh-remover.exe
    2015-10-08 23:04 - 2015-10-08 23:04 - 00000000 ____D C:\Program Files (x86)\predm
    2015-10-08 23:03 - 2015-10-08 23:03 - 00000000 ____D C:\Program Files (x86)\globalUpdate
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Beata\AppData\Roaming\h7ik0EfNyuCJSuD6xQjPsSTYZ
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Beata\AppData\Roaming\JnBQOJL
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Beata\AppData\Roaming\NP8YZSKKETI3OECHZK2aPHlxYP
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Beata\AppData\Roaming\QLbEDYfRwC8lbZaQH4c
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw. Odinstaluj globalupdate Helper. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • CControls
  • #3 09 Paź 2015 17:52
    Sleasch
    Poziom 7  

    Chyba pomogło, a po drugim skanowaniu Adwclener nie znalazł żadnych nieprawidłowości.
    Dzięki, jeżeli to wszystko, co miałem zrobić.
    Pozdrawiam.

    0