Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Lenovo Z50 - Trojan.Yontoo 2775 i Adware.Mutabaha.481 i Adware.Mutabaha 384

bartek0808 16 Lis 2015 21:46 1407 5
  • #1 16 Lis 2015 21:46
    bartek0808
    Poziom 17  

    Witam.

    Na laptopie mojej dziewczyny Dr Web wykrył mi takie wirusy Trojan.Yontoo 2775 i Adware.Mutabaha.481 i Adware.Mutabaha 384 i pomimo ich usunięcia praktycznie nadal nie da się korzystać z przeglądarki internetowej - wyskakują duże ilości reklam oraz przekierowania na inne strony. Proszę o analizę logów z FRST.

    0 5
  • Pomocny post
    #2 16 Lis 2015 22:08
    Kolobos
    Spec od komputerów

    Uwazaj co sciagasz z internetu.

    Odinstaluj:
    Jungle Net (HKLM-x32\...\Jungle Net) (Version: 2.0.5739.15678 - Jungle Net) <==== UWAGA
    Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.2.9 - ClientConnect LTD) <==== UWAGA
    mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== UWAGA
    Picexa (HKLM-x32\...\Picexa) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
    WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.118 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== UWAGA
    YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== UWAGA

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    (Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\Picexa\picexasvc.exe
    (Taiwan Shui Mu Chih Ching Technology Limited) C:\Program Files (x86)\WinZipper\winzipersvc.exe
    (tsvr.com) C:\Users\Karolina\AppData\Roaming\TSv\TSvr.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    (DTools LIMITED) C:\ProgramData\rWMiniPror\WMiniPro.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    (MiniLite system) C:\Program Files (x86)\MiniLite\ProtectService.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\8\Plugin.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\2\Plugin.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\6\Plugin.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\Plugin.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\10\Plugin.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\3\Plugin.exe
    () C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\updater.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\5\Plugin.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\7\Plugin.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\7\Plugin.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\12\Plugin.exe
    () C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugins\3\Plugin.exe
    AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => Brak pliku
    AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => Brak pliku




    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1445272233&...;z=5fc5ca57d74e72943bc938ag2zfz5w8obm2odocqde
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1445272233&...;z=5fc5ca57d74e72943bc938ag2zfz5w8obm2odocqde
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445272233&...;z=5fc5ca57d74e72943bc938ag2zfz5w8obm2odocqde
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445272233&...;z=5fc5ca57d74e72943bc938ag2zfz5w8obm2odocqde
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1445272233&...;z=5fc5ca57d74e72943bc938ag2zfz5w8obm2odocqde
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445272233&...;z=5fc5ca57d74e72943bc938ag2zfz5w8obm2odocqde
    HKU\S-1-5-21-1281250480-27250051-3828723694-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com/?type=hp&ts=1445272233&...;z=5fc5ca57d74e72943bc938ag2zfz5w8obm2odocqde
    HKU\S-1-5-21-1281250480-27250051-3828723694-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?type=hp&ts=1445272233&...;z=5fc5ca57d74e72943bc938ag2zfz5w8obm2odocqde
    HKU\S-1-5-21-1281250480-27250051-3828723694-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    HKU\S-1-5-21-1281250480-27250051-3828723694-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.lenovo.com
    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKLM -> {C314FEB1-34FF-4F1F-8BD3-E16777C1C015} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfXNND14dRHtGNA==&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14452722...ca57d74e72943bc938ag2zfz5w8obm2odocqde&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14452722...ca57d74e72943bc938ag2zfz5w8obm2odocqde&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1281250480-27250051-3828723694-1002 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14452722...ca57d74e72943bc938ag2zfz5w8obm2odocqde&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1281250480-27250051-3828723694-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1281250480-27250051-3828723694-1002 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14452722...ca57d74e72943bc938ag2zfz5w8obm2odocqde&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1281250480-27250051-3828723694-1002 -> {C314FEB1-34FF-4F1F-8BD3-E16777C1C015} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfXNND14dRHtGNA==&q={searchTerms}
    BHO-x32: Treasure Track -> {30ee14ec-1867-4389-8543-fb83602eab61} -> C:\Program Files (x86)\Treasure Track\Extensions\30ee14ec-1867-4389-8543-fb83602eab61.dll => Brak pliku
    CHR HomePage: Default -> hxxp://s.piesearch.com/?type=chhp
    CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVJQ0LBQFBGRgTdwAITA1CQgUOeVxaVhQTGFRGdQsJAg5IFQAFIk0FA1oDB0VXfV5bFElXTwhpNVdfDVw/REE="
    CHR StartupUrls: Default -> "hxxp://www.v9.com?type=hp&ts=1445272233&from=mych123&uid=wdcxwd10jpcx-24ue4t0_wd-wx71a15nd8zhnd8zh&z=5fc5ca57d74e72943bc938ag2zfz5w8obm2odocqde"
    CHR DefaultSearchURL: Default -> hxxp://www.v9.com/web?type=ds&ts=14452722...ca57d74e72943bc938ag2zfz5w8obm2odocqde&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> v9
    CHR Extension: (Smart Search) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj [2015-10-01]
    CHR Extension: (Jungle Net) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\njmkmehngelganceldfpaiklkamoohab [2015-11-16] [UpdateUrl: hxxp://cdn.mightyjunglenet.com/update] <==== UWAGA
    CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKLM\...\Chrome\Extension: [ljnfelhdldlokjkohcmjpogkdjgbgjpj] - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj.crx [2015-10-01]
    CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKLM-x32\...\Chrome\Extension: [ljnfelhdldlokjkohcmjpogkdjgbgjpj] - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj.crx [2015-10-01]
    R2 IHProtect Service; C:\Program Files (x86)\MiniLite\ProtectService.exe [127488 2015-10-30] (MiniLite system) [Brak podpisu cyfrowego]
    R2 IhPul; C:\Users\Karolina\AppData\Roaming\TSv\TSvr.exe [396944 2015-10-26] (tsvr.com)
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-08-19] (Elex do Brasil Participações Ltda)
    R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [725640 2015-10-13] (Taiwan Shui Mu Chih Ching Technology Limited)
    R2 Service Mgr JungleNet; C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de\plugincontainer.exe [639192 2015-11-16] () <==== UWAGA
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [169632 2015-10-10] (TODO: <公司名>)
    R2 Update Mgr JungleNet; C:\Program Files (x86)\Common Files\31f7a620-acbd-4f84-82db-5e231b8ad5de\updater.exe [546008 2015-11-16] () <==== UWAGA
    R2 WdsManPro; C:\ProgramData\rWMiniPror\WMiniPro.exe [295424 2015-10-30] (DTools LIMITED) [Brak podpisu cyfrowego]
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [707760 2015-10-23] (Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2015-08-19] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-19] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2015-08-19] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-08-19] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-06-30] (Elex do Brasil Participações Ltda)
    S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
    S1 wafd_1_10_0_19; system32\drivers\wafd_1_10_0_19.sys [X]
    2015-11-16 21:30 - 2015-11-16 21:31 - 00000000 ____D C:\Users\Karolina\Downloads\FRST-OlderVersion
    2015-11-16 21:25 - 2015-06-30 03:50 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
    2015-10-30 10:23 - 2015-10-30 10:24 - 00000000 ____D C:\ProgramData\UWMiniProU
    2015-10-30 10:06 - 2015-10-30 10:07 - 00000000 ____D C:\ProgramData\rWMiniPror
    2015-10-30 07:51 - 2015-10-30 07:53 - 00000000 ____D C:\ProgramData\SWMiniProS
    2015-10-30 07:47 - 2015-10-30 07:49 - 00000000 ____D C:\ProgramData\eWMiniProe
    2015-10-30 07:42 - 2015-10-30 07:43 - 00000000 ____D C:\ProgramData\JWMiniProJ
    2015-10-30 07:36 - 2015-10-30 07:38 - 00000000 ____D C:\ProgramData\4WMiniPro4
    2015-10-30 07:31 - 2015-10-30 07:33 - 00000000 ____D C:\ProgramData\WWMiniProW
    2015-10-30 07:27 - 2015-10-30 07:28 - 00000000 ____D C:\ProgramData\pWMiniProp
    2015-10-30 07:22 - 2015-10-30 07:23 - 00000000 ____D C:\ProgramData\7WMiniPro7
    2015-10-30 07:17 - 2015-10-30 07:18 - 00000000 ____D C:\ProgramData\ZWMiniProZ
    2015-10-30 07:12 - 2015-10-30 07:14 - 00000000 ____D C:\ProgramData\yWMiniProy
    2015-10-30 07:06 - 2015-10-30 07:07 - 00000000 ____D C:\ProgramData\9WMiniPro9
    2015-10-30 06:59 - 2015-10-30 07:00 - 00000000 ____D C:\ProgramData\FWMiniProF
    2015-10-30 06:53 - 2015-10-30 06:54 - 00000000 ____D C:\ProgramData\tWMiniProt
    2015-10-30 06:49 - 2015-11-16 21:31 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2015-10-30 06:49 - 2015-10-30 06:49 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\WinZipper
    2015-10-30 06:49 - 2015-10-30 06:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
    2015-10-30 06:47 - 2015-10-30 06:48 - 00000000 ____D C:\ProgramData\8WMiniPro8
    2015-10-30 06:46 - 2015-11-01 07:17 - 00000000 ____D C:\ProgramData\MailUpdate
    2015-10-30 06:46 - 2015-10-30 06:46 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\MailUpdate
    2015-11-16 21:31 - 2015-10-15 14:37 - 00000000 ____D C:\Program Files (x86)\Picexa
    2015-11-16 21:30 - 2015-09-18 18:00 - 00000000 ____D C:\ProgramData\31f7a620-acbd-4f84-82db-5e231b8ad5de
    2015-11-16 21:25 - 2015-03-12 22:36 - 00000000 ____D C:\ProgramData\McAfee
    2015-11-16 21:21 - 2015-06-29 11:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
    2015-10-30 23:00 - 2015-08-25 11:54 - 00000000 ____D C:\ProgramData\update
    2015-10-30 22:58 - 2015-10-09 18:08 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-10-30 22:58 - 2015-08-25 11:54 - 00000000 ____D C:\Program Files (x86)\MiniLite
    2015-10-30 22:57 - 2015-10-09 18:08 - 00000000 ____D C:\Users\Karolina\AppData\Roaming\TSv
    2015-10-30 22:57 - 2015-08-25 11:54 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Usun katalog C:\FRST.

    0
  • #4 18 Lis 2015 16:00
    bartek0808
    Poziom 17  

    Po wykonaniu wszystkich czynności komputer działa prawidłowo dziękuje za pomoc :) Temat uważam za zamknięty

    0
  • #5 19 Lis 2015 08:34
    Domino_2
    Pomocny dla użytkowników

    Możesz skasować folder C:\FRST.

    0