Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Reklamiarz - Wirus reklamiarz :(

Rafney 06 Gru 2015 16:09 816 3
  • CControls
  • #2 06 Gru 2015 16:30
    Kolobos
    Spec od komputerów

    Heh, dwa razy pobrales Daemon Tools z dobrychprogramow i dwa razy zainfekowales systemem...
    Nie pobieraj programow dp, tym bardziej przy pomocy menadzera pobierania, ktory instaluje szkodliwe dodatki.

    Odinstaluj:
    Bronze Aid
    istartpageing uninstall
    SafeFinder
    WordFly 1.10.0.28

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {2B3093A2-7E72-4451-A0F0-EE0A20577E3E} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Pending Update => C:\Program Files\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== UWAGA
    Task: {824B4302-F3FD-4738-A8BA-CC16D0538E14} - System32\Tasks\WordFly Auto Updater 1.10.0.28 Core => C:\Program Files\WordFly_1.10.0.28\Update\WordflyAutoUpdateClient.exe [2015-10-30] (WF) <==== UWAGA
    Task: {C8911109-DDCA-4244-B7B8-E29EBAED1AE6} - System32\Tasks\Opera scheduled Autoupdate 1449403140 => C:\Program Files\Opera\launcher.exe [2015-11-16] (Opera Software)
    ShortcutWithArgument: C:\Users\Rafał\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartpageing.com/?type=sc&ts=...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181 <==== UWAGA
    ShortcutWithArgument: C:\Users\Rafał\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartpageing.com/?type=sc&ts=...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181 <==== UWAGA
    ShortcutWithArgument: C:\Users\Rafał\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) -> hxxp://www.istartpageing.com/?type=sc&ts=...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181 <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) -> hxxp://www.istartpageing.com/?type=sc&ts=...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181 <==== UWAGA




    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartpageing.com/?type=sc&ts=...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181 <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartpageing.com/?type=sc&ts=...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181 <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) -> hxxp://www.istartpageing.com/?type=sc&ts=...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181 <==== UWAGA
    () C:\ProgramData\Lightzap\Lightzap.exe
    (WF) C:\Program Files\WordFly_1.10.0.28\Service\wfsrvc.exe
    () C:\ProgramData\Lightzap\Lightzap.exe
    () C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\PluginContainer.exe
    () C:\Program Files\Common Files\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\Updater.exe
    (Sysinternals process Explorer) C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe
    () C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\plugins\8\Plugin.exe
    () C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\plugins\2\Plugin.exe
    () C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\plugins\10\Plugin.exe
    () C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\plugins\3\Plugin.exe
    () C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\plugins\7\Plugin.exe
    () C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\plugins\7\Plugin.exe
    () C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\plugins\3\Plugin.exe
    () C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\plugins\12\Plugin.exe
    () C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\plugins\12\Plugin.exe
    () C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\plugins\5\Plugin.exe
    AppInit_DLLs: C:\ProgramData\Lightzap\Quading.dll => C:\ProgramData\Lightzap\Quading.dll [320512 2015-12-06] ()
    HKU\S-1-5-21-1563502560-4148162376-1144429390-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...jCxWD8iwRMGSx4ZPtJ-BGmzP52GhrVF48cRA,,&q={searchTerms}
    HKU\S-1-5-21-1563502560-4148162376-1144429390-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...6paJDqqPNc_YAnu2KjfHdKIBUb-oE5npCNaQYnEPVrg,,,,
    HKU\S-1-5-21-1563502560-4148162376-1144429390-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...jCxWD8iwRMGSx4ZPtJ-BGmzP52GhrVF48cRA,,&q={searchTerms}
    HKU\S-1-5-21-1563502560-4148162376-1144429390-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...jCxWD8iwRMGSx4ZPtJ-BGmzP52GhrVF48cRA,,&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...jCxWD8iwRMGSx4ZPtJ-BGmzP52GhrVF48cRA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1563502560-4148162376-1144429390-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...jCxWD8iwRMGSx4ZPtJ-BGmzP52GhrVF48cRA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1563502560-4148162376-1144429390-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...jCxWD8iwRMGSx4ZPtJ-BGmzP52GhrVF48cRA,,&q={searchTerms}
    BHO: Bronze Aid -> {a5bfd1d3-18b6-4fc3-b3f9-262ae3552dbe} -> C:\Program Files\Bronze Aid\Extensions\a5bfd1d3-18b6-4fc3-b3f9-262ae3552dbe.dll [2015-12-06] ()
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181
    CHR HomePage: Default -> hxxp://www.istartpageing.com/?type=hp&ts=...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181
    CHR StartupUrls: Default -> "hxxp://www.istartpageing.com/?type=hp&ts=1449406520&z=5b77d11e53c28f0a32864f4g0z8z5tbz5ecq1w8g1t&from=cor&uid=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181"
    CHR DefaultSearchURL: Default -> hxxp://www.istartpageing.com/web/?type=ds&...WD2500AAJS-75M0A0_WD-WMAV2DL5118151181&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> istartpageing
    StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.istartpageing.com/?type=sc&ts=...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe hxxp://www.istartpageing.com/?type=sc&ts=...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2DL5118151181
    R2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe [406016 2015-12-06] () [Brak podpisu cyfrowego]
    R2 Service Mgr BronzeAid; C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\plugincontainer.exe [730336 2015-12-06] () <==== UWAGA
    R2 Update Mgr BronzeAid; C:\Program Files\Common Files\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974\updater.exe [608992 2015-12-06] () <==== UWAGA
    R2 wfsrvc_1.10.0.28; C:\Program Files\WordFly_1.10.0.28\Service\wfsrvc.exe [301632 2015-10-30] (WF)
    R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-06] (Sysinternals process Explorer) <==== UWAGA
    R1 wfdrvr_vt_1_10_0_28; C:\Windows\System32\drivers\wfdrvr_vt_1_10_0_28.sys [56432 2015-10-30] (WF)
    2015-12-06 16:04 - 2015-12-06 16:04 - 00069300 _____ C:\Users\Rafał\Downloads\OTL.Txt
    2015-12-06 16:04 - 2015-12-06 16:04 - 00025280 _____ C:\Users\Rafał\Downloads\Extras.Txt
    2015-12-06 15:19 - 2015-12-06 15:19 - 00602112 _____ (OldTimer Tools) C:\Users\Rafał\Downloads\OTL_www.INSTALKI.pl.exe
    2015-12-06 13:55 - 2015-12-06 13:56 - 00000000 ____D C:\ProgramData\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974
    2015-12-06 13:55 - 2015-12-06 13:55 - 00000000 ____D C:\Users\Rafał\AppData\Roaming\istartpageing
    2015-12-06 13:55 - 2015-12-06 13:55 - 00000000 ____D C:\ProgramData\Tmp0x0x
    2015-12-06 13:55 - 2015-12-06 13:55 - 00000000 ____D C:\Program Files\Common Files\f7dd9bd0-5ea8-4002-b65f-bc21d39fe974
    2015-12-06 13:55 - 2015-12-06 13:55 - 00000000 ____D C:\Program Files\Bronze Aid
    2015-12-06 13:54 - 2015-12-06 13:54 - 00962128 _____ (Installer Soft Program ) C:\Users\Rafał\Downloads\DAEMON-Tools-Lite-12708-dp (1).exe
    2015-12-06 13:46 - 2015-12-06 13:46 - 00002377 _____ C:\Windows\system32\findit.xml
    2015-12-06 13:46 - 2015-12-06 13:46 - 00000000 ____D C:\ProgramData\Lightzaps
    2015-12-06 13:45 - 2015-12-06 13:51 - 00000000 ____D C:\ProgramData\Lightzap
    2015-12-06 13:45 - 2015-12-06 13:45 - 00962128 _____ (Installer Soft Program ) C:\Users\Rafał\Downloads\DAEMON-Tools-Lite-12708-dp.exe
    2015-12-06 13:45 - 2015-12-06 13:45 - 00000000 ____D C:\Program Files\WordFly_1.10.0.28
    2015-12-06 13:45 - 2015-12-06 13:45 - 00000000 ____D C:\Program Files\Common Files\Truegolex
    2015-11-26 10:34 - 2015-12-06 13:40 - 9545216 _____ () C:\Users\Rafał\AppData\Roaming\agent.dat
    2015-11-26 10:34 - 2015-12-06 13:40 - 0058272 _____ () C:\Users\Rafał\AppData\Roaming\Config.xml
    2015-11-26 18:40 - 2015-11-19 14:27 - 0000428 _____ () C:\Users\Rafał\AppData\Roaming\ham.txt
    2015-11-26 10:34 - 2015-12-06 13:40 - 0017920 _____ () C:\Users\Rafał\AppData\Roaming\Main.dat
    2015-11-26 18:39 - 2015-12-03 14:29 - 0005568 _____ () C:\Users\Rafał\AppData\Roaming\md.xml
    2015-12-03 14:30 - 2015-12-03 14:29 - 0043008 _____ () C:\Users\Rafał\AppData\Roaming\Moses.dat
    2015-11-26 18:37 - 2015-12-06 13:40 - 0406016 _____ () C:\Users\Rafał\AppData\Roaming\moses.exe
    2015-11-26 18:40 - 2015-11-19 14:26 - 0004134 _____ () C:\Users\Rafał\AppData\Roaming\shem.jpg
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    0
  • CControls
  • #3 06 Gru 2015 17:17
    Rafney
    Poziom 2  

    Dziękuję bardzo, wygląda na to że wszystko działa. Odinstalowałem te wszystkie programy, następnie pobrałem adw cleaner, który poprosił o uruchomienie ponownie komputera po skanowaniu i usunięciu. Jak uruchomił się ponownie to już wszystko było w porządku z tym że, nie pojawił mi się żaden plik frst.exe. Próbowałem dać logi FRST te pierwsze do jednego folderu z fixlist, ale gdy dawałem napraw pojawił się komunikat że nie odnaleziono fixlist.txt

    0
  • #4 06 Gru 2015 17:22
    Kolobos
    Spec od komputerów

    Nic nie pisalem o logach.

    W katalogu C:\Users\Rafał\Downloads masz utworzyc plik fixlist.txt z podana zawartoscia, zapisac, uruchomic FRST i nacisnac Napraw.

    0