Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Komputer próbuje samodzielnie instalować jakies programy

xangel 15 Lis 2015 21:23 786 4
  • CControls
  • #2 16 Lis 2015 09:27
    Kolobos
    Spec od komputerów

    Samo sie nic nie robi. Yac tez sie sam nie zainstalowal...

    Odinstaluj:
    Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== UWAGA
    YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: 6.7.136 - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== UWAGA

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== UWAGA
    Task: {4126437F-3380-4DAE-8C33-5F5DE8B1CD64} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-4 => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-4.exe <==== UWAGA
    Task: {8785D5EA-0AE2-4E2E-907A-66B447B953D8} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-6 => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe [2015-11-15] (Cinema PlusV09.11) <==== UWAGA
    Task: {CDE7CD29-C36D-4109-8199-E83CA9BBF817} - System32\Tasks\temp_40db1533-f551-4998-8bca-934da85073e3-1-6 => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe [2015-11-15] (Cinema PlusV09.11) <==== UWAGA
    Task: {F9568624-FEB4-465A-81EA-F7F4B5DEC95F} - System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-7 => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-7.exe <==== UWAGA
    Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-6.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe <==== UWAGA
    Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-7.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-7.exe <==== UWAGA
    Task: C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-4.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-4.exe <==== UWAGA
    Task: C:\Windows\Tasks\GNOK.job => C:\Users\Paweł\AppData\Roaming\GNOK.exe <==== UWAGA
    Task: C:\Windows\Tasks\temp_40db1533-f551-4998-8bca-934da85073e3-1-6.job => C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe <==== UWAGA
    () C:\Program Files (x86)\66409C00-1447542361-81E3-2000-AC220BB06F3A\knsi4218.tmpfs
    (Cinema PlusV09.11) C:\Program Files (x86)\CinemaP-1.9cV09.11\40db1533-f551-4998-8bca-934da85073e3-1-6.exe
    () C:\Users\Paweł\AppData\Roaming\NetService\netservice.exe
    () C:\Program Files (x86)\66409C00-1447542361-81E3-2000-AC220BB06F3A\hnsi8D14.tmp
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    HKLM-x32\...\Run: [gmsd_pl_005010146] => [X]
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA




    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1541845642-1613069899-2540770070-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts...xhts541010a9e680_jd4000chg8lwnpg8lwnpx&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts...xhts541010a9e680_jd4000chg8lwnpg8lwnpx&q={searchTerms}
    FF NewTab: chrome://quick_start/content/index.html
    FF DefaultSearchEngine: oursurfing
    FF SelectedSearchEngine: Поиск@Mail.Ru
    FF Keyword.URL: hxxp://go.mail.ru/search?fr=ntg&q=
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\epa1hste.default-1437154955026\extensions\deskCutv2@gmail.com => nie znaleziono
    S3 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [271464 2015-11-10] ()
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-04-16] (Elex do Brasil Participações Ltda)
    R2 NetTcpHandler; C:\Users\Paweł\AppData\Roaming\NetService\netservice.exe [173088 2015-07-09] ()
    R2 piromemi; C:\Program Files (x86)\66409C00-1447542361-81E3-2000-AC220BB06F3A\hnsi8D14.tmp [561152 2015-11-15] () [Brak podpisu cyfrowego]
    S4 CachemanService; C:\Program Files (x86)\Cacheman\CachemanServ.exe [X]
    R2 fihydicu; C:\Program Files (x86)\66409C00-1447542361-81E3-2000-AC220BB06F3A\knsi4218.tmpfs [X]
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [53568 2015-04-16] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-20] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [61832 2015-08-20] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-10-29] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [67976 2015-09-10] (Elex do Brasil Participações Ltda)
    U3 acri6gvu; C:\Windows\System32\Drivers\acri6gvu.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
    S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
    S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]
    S1 tcfd_vt_1_10_0_21; system32\drivers\tcfd_vt_1_10_0_21.sys [X]
    2015-11-15 20:49 - 2015-11-15 20:49 - 00001908 _____ C:\Users\Public\Desktop\YAC.lnk
    2015-11-15 20:49 - 2015-11-15 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
    2015-11-15 20:49 - 2015-11-15 20:49 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2015-11-15 20:49 - 2015-09-10 02:55 - 00067976 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2015-11-15 20:49 - 2015-04-16 09:55 - 00053568 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2015-11-15 20:48 - 2015-11-15 20:48 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\Elex-tech
    2015-11-15 20:47 - 2015-11-15 20:47 - 00895744 _____ () C:\Users\Paweł\Downloads\yet_another_cleaner_sk_7546432.exe
    2015-11-15 19:40 - 2015-11-15 19:40 - 00000000 ____D C:\32788R22FWJFW
    2015-11-15 19:38 - 2015-11-15 19:40 - 00000000 ____D C:\Program Files (x86)\GUPlayer
    2015-11-15 19:38 - 2015-11-15 19:38 - 01380352 _____ (Cinema PlusV16.03) C:\Users\Paweł\AppData\Roaming\GNOK.exe
    2015-11-15 19:38 - 2015-11-15 19:38 - 00001334 _____ C:\Windows\Tasks\GNOK.job
    2015-11-15 18:04 - 2015-11-15 20:13 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\RunDir
    2015-11-15 18:04 - 2015-11-15 18:04 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\NetService
    2015-11-15 18:04 - 2015-11-15 18:04 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\cpuminer
    2015-11-15 10:23 - 2015-11-15 10:23 - 00025625 _____ C:\ComboFix.txt
    2015-11-15 00:06 - 2015-11-15 21:13 - 00000000 ____D C:\Program Files (x86)\CinemaP-1.9cV09.11
    2015-11-15 00:06 - 2015-11-15 21:06 - 00003132 _____ C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-6.job
    2015-11-15 00:06 - 2015-11-15 20:28 - 00004152 _____ C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-4.job
    2015-11-15 00:06 - 2015-11-15 20:27 - 00003132 _____ C:\Windows\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-7.job
    2015-11-15 00:06 - 2015-11-15 10:19 - 00000000 ____D C:\Program Files (x86)\66409C00-1447542361-81E3-2000-AC220BB06F3A
    2015-11-15 00:06 - 2015-11-15 02:00 - 00003036 _____ C:\Windows\Tasks\temp_40db1533-f551-4998-8bca-934da85073e3-1-6.job
    2015-11-15 00:06 - 2015-11-15 00:06 - 00007182 _____ C:\Windows\System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-4
    2015-11-15 00:06 - 2015-11-15 00:06 - 00006162 _____ C:\Windows\System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-7
    2015-11-15 00:06 - 2015-11-15 00:06 - 00006160 _____ C:\Windows\System32\Tasks\40db1533-f551-4998-8bca-934da85073e3-1-6
    2015-11-15 00:06 - 2015-11-15 00:06 - 00005168 _____ C:\Windows\System32\Tasks\temp_40db1533-f551-4998-8bca-934da85073e3-1-6
    2015-11-15 00:06 - 2015-09-05 01:56 - 00000027 _____ C:\Windows\system32\Drivers\etc\hp.bak
    2015-11-15 00:04 - 2015-11-15 00:04 - 00000000 ____D C:\Program Files (x86)\RayDld
    2015-11-14 12:55 - 2015-11-14 12:55 - 00000000 ____D C:\Users\Paweł\REACHit
    2015-11-14 12:55 - 2015-11-14 12:55 - 00000000 ____D C:\Users\Paweł\AppData\Local\Lenovo
    2015-11-14 12:54 - 2015-11-14 12:56 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
    2015-11-14 12:54 - 2015-11-14 12:56 - 00000000 ____D C:\Program Files (x86)\Lenovo
    2015-11-14 12:54 - 2015-11-14 12:53 - 01822048 _____ (BitTorrent Inc.) C:\Users\Paweł\Downloads\uTorrent.exe
    2015-11-12 10:24 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-11-15 10:23 - 2015-07-17 19:27 - 00000000 ____D C:\Qoobox
    2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Paweł\AppData\Roaming\GNOK
    2015-11-15 19:38 - 2015-11-15 19:38 - 1380352 _____ (Cinema PlusV16.03) C:\Users\Paweł\AppData\Roaming\GNOK.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Odinstaluj globalupdate Helper.

    Usun katalog C:\FRST.

    Ps. Nie uzywaj wiecej combofix!

    0
  • CControls
  • Pomocny post
    #4 16 Lis 2015 09:50
    Kolobos
    Spec od komputerów

    Yac to szkodliwy program, niech kolega lepiej uwaza co sciaga i instaluje.

    0