Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chrome - rosyjska wyszukiwarka

seba22tdo 28 Lut 2016 12:48 957 6
  • #1 28 Lut 2016 12:48
    seba22tdo
    Poziom 2  

    Mam problem z Chromem. Przez głupotę pozwoliłem zainstalować się jakiemuś rosyjskiemu softowi i teraz nie mogę zmienić domyślnej wyszukiwarki w Chrome. Proszę o pomoc.

    0 6
  • CControls
  • #2 28 Lut 2016 13:27
    Kolobos
    Spec od komputerów

    MPC Cleaner dosc ciezko usunac.

    Odinstaluj:
    AVG (HKLM\...\AvgZen) (Version: 1.41.1.56922 - AVG Technologies)
    AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
    AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.518 - AVG Technologies)
    G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.3 - G DATA Software AG)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
    YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: 6.7.141 - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== UWAGA

    Uruchom system w trybie awaryjnym i tam:

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {0131F8D4-C44A-4C42-A9D4-B9D0C54019BC} - System32\Tasks\0615tbUpdateInfo => C:\ProgramData\Avg_Update_0615tb\0615tb_{028AFFB0-6151-4797-B0B6-6F6EC6BDF72E}.exe
    Task: {04A83888-7E4E-435D-9848-30BCCD735C57} - System32\Tasks\{CBF491C8-63AB-458E-8C0A-3E5FC9A329AC} => C:\Users\Seba\Downloads\Full version\Full version\Fifa 16 Trainer\Fifa 16 Trainer.exe
    Task: {1D3919A1-22C2-41D1-BB1C-8417F0AE836F} - System32\Tasks\Gucdudd => C:\PROGRA~1\SHOPPE~1\Ehyxwhl.bat
    Task: {3454E691-27F6-4C4E-90E4-2F15D7D68E06} - System32\Tasks\{1A6A166D-5867-4673-AD2C-6A48D51266F4} => C:\Users\Seba\Downloads\Fifa 16 Trainer - 1.0.0.3\Full version\Fifa 16 Trainer\Fifa 16 Trainer.exe
    Task: {458519C5-0439-40B1-835A-B599813A04F8} - System32\Tasks\{530D5C53-AAB8-4CDD-8323-5DA87C1B853A} => pcalua.exe -a C:\Users\Seba\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
    Task: {55EBEE37-FE47-4525-8925-E75EE75F2DA9} - System32\Tasks\{7533DA70-3B96-416D-B61C-D3E84406E2BE} => C:\Users\Seba\Downloads\Full version\Full version\Fifa 16 Trainer\Fifa 16 Trainer.exe
    Task: {5D368850-D149-4B8A-B97B-994F554C1938} - System32\Tasks\{F7EEB3F1-C582-4AE7-8F9E-5597B33974CB} => pcalua.exe -a "C:\ProgramData\G Data\Setups\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}\setup.exe" -c /InstallMode=Uninstall /_DoNotShowChange=true
    Task: {7F68366E-0C05-42D8-9200-931FE6399F9C} - System32\Tasks\{F0F716E6-FB46-483D-90B3-2E145CF50B18} => C:\Users\Seba\Downloads\Full version\Full version\Fifa 16 Trainer\Fifa 16 Trainer.exe
    Task: {A0470FAF-32A6-4817-A265-79C90DDCC20A} - System32\Tasks\Elouwqy => C:\PROGRA~1\GROOVE~1\Tegdi.bat
    Task: {E57CC713-9726-468D-9F38-9D2946B519AD} - System32\Tasks\{74530D70-A49B-4431-BB2F-E14D34DEE1E0} => C:\Users\Seba\Downloads\blender-2.76b-windows64\blender.exe
    Task: C:\Windows\Tasks\0615tbUpdateInfo.job => C:\ProgramData\Avg_Update_0615tb\0615tb_{028AFFB0-6151-4797-B0B6-6F6EC6BDF72E}.exe
    HKU\S-1-5-21-1061406382-1603571310-670297268-1000\Software\Classes\.exe: exefile => "%1" %* <===== UWAGA
    HKU\S-1-5-21-1061406382-1603571310-670297268-1000\Software\Classes\exefile: "%1" %* <===== UWAGA
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe




    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exeice.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe
    HKU\S-1-5-19\...\Winlogon: [Shell] explorer.exe <==== UWAGA
    HKU\S-1-5-20\...\Winlogon: [Shell] explorer.exe <==== UWAGA
    HKU\S-1-5-21-1061406382-1603571310-670297268-1000\...\Run: [C] => C:\Windows\system32\GroupPolicy\Machine\Registry.pol [750 2016-02-27] ()
    HKU\S-1-5-21-1061406382-1603571310-670297268-1000\...\MountPoints2: E - E:\setup.exe
    HKU\S-1-5-21-1061406382-1603571310-670297268-1000\...\MountPoints2: {d49b943a-cb2e-11e5-b195-d43d7eee669d} - F:\autorun.exe
    HKU\S-1-5-21-1061406382-1603571310-670297268-1000\...\MountPoints2: {dff64e70-4720-11e4-bc65-d43d7eee669d} - E:\LG_PC_Programs.exe
    HKU\S-1-5-21-1061406382-1603571310-670297268-1000\...\Winlogon: [Shell] explorer.exe <==== UWAGA
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-09-22] (Microsoft Corporation)
    HKU\S-1-5-18\...\Winlogon: [Shell] explorer.exe <==== UWAGA
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    Hosts:
    URLSearchHook: HKU\S-1-5-21-1061406382-1603571310-670297268-1000 - (Brak nazwy) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - Brak pliku
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wl1500gsa6454g_wocl2500132872328723&ts=1456657881
    SearchScopes: HKU\S-1-5-21-1061406382-1603571310-670297268-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=wl1500gsa6454g_wocl2500132872328723&ts=1456657881
    SearchScopes: HKU\S-1-5-21-1061406382-1603571310-670297268-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    Toolbar: HKU\S-1-5-21-1061406382-1603571310-670297268-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    FF SearchPlugin: C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\deoro3q1.default-1425680771671\searchplugins\google-avast.xml [2016-02-28]
    FF Extension: xRocket Toolbar - C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\deoro3q1.default-1425680771671\extensions\arthurj8283@gmail.com [2016-02-28] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\deoro3q1.default-1425680771671\extensions\arthurj8283@gmail.com
    FF HKU\S-1-5-21-1061406382-1603571310-670297268-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [Brak podpisu cyfrowego]
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-04-16] (Elex do Brasil Participações Ltda)
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [348640 2016-02-27] (DotC United Inc)
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [53568 2015-04-16] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-20] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [61832 2015-08-20] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-11-27] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [67976 2015-09-10] (Elex do Brasil Participações Ltda)
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [59112 2016-02-27] (DotC United Inc)
    S1 {57d1dcff-a1bc-4bc1-aeb5-b9ecf33d5ab3}Gw64; C:\Windows\System32\drivers\{57d1dcff-a1bc-4bc1-aeb5-b9ecf33d5ab3}Gw64.sys [48464 2016-02-18] (StdLib)
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    2016-02-28 12:22 - 2016-02-28 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-02-28 12:11 - 2016-02-28 12:11 - 00001893 _____ C:\Users\Public\Desktop\YAC Desktop.lnk
    2016-02-28 12:11 - 2016-02-28 12:11 - 00000000 ____D C:\Users\Seba\AppData\Roaming\eCyber
    2016-02-28 12:03 - 2016-02-28 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
    2016-02-28 12:03 - 2016-02-28 12:03 - 00001902 _____ C:\Users\Public\Desktop\YAC.lnk
    2016-02-28 12:03 - 2015-09-10 02:55 - 00067976 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2016-02-28 12:03 - 2015-04-16 09:55 - 00053568 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2016-02-28 12:02 - 2016-02-28 12:02 - 00000000 ____D C:\Users\Seba\AppData\Roaming\Elex-tech
    2016-02-28 12:02 - 2016-02-28 12:02 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2016-02-28 11:57 - 2016-02-28 12:00 - 27989848 _____ (Elex do Brasil Participações Ltda) C:\Users\Seba\Downloads\yet_another_cleaner_sk_8774621.exe
    2016-02-28 11:47 - 2016-02-28 12:22 - 00001729 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-02-27 22:29 - 2016-02-27 22:29 - 00003338 _____ C:\Windows\System32\Tasks\Gucdudd
    2016-02-27 22:29 - 2016-02-27 22:29 - 00000000 ____D C:\Windows\system32\asi
    2016-02-27 22:29 - 2016-02-27 22:29 - 00000000 ____D C:\Users\Seba\AppData\Roaming\GasraPumovi
    2016-02-27 21:49 - 2016-02-27 21:49 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    2016-02-27 21:48 - 2016-02-27 21:48 - 00003334 _____ C:\Windows\System32\Tasks\Elouwqy
    2016-02-27 21:48 - 2016-02-27 21:48 - 00000000 ____D C:\Windows\system32\ramc
    2016-02-27 21:48 - 2016-02-27 21:48 - 00000000 ____D C:\Users\Seba\AppData\LocalLow\Company
    2016-02-27 21:48 - 2016-02-27 21:48 - 00000000 ____D C:\uninst
    2016-02-27 21:47 - 2016-02-28 12:31 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-02-27 21:47 - 2016-02-27 22:29 - 00000000 ____D C:\Users\Seba\AppData\Local\Tempfolder
    2016-02-27 21:47 - 2016-02-27 21:50 - 00059112 ____N (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-02-27 21:47 - 2016-02-27 21:47 - 00000000 ____D C:\Users\Seba\AppData\Roaming\BargooFidd
    2016-02-27 21:45 - 2016-02-27 21:45 - 00000096 _____ C:\Windows\SysWOW64\L
    2015-03-24 23:16 - 2015-03-24 23:16 - 0260876 _____ (VuuPC Limited) C:\Users\Seba\AppData\Local\nsc7799.tmp
    2015-03-24 23:22 - 2015-03-24 23:22 - 0613255 _____ (CMI Limited) C:\Users\Seba\AppData\Local\nsu6D59.tmp
    CMD: fltmc instances
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc fixlog.txt, ktory sie utworzy oraz nowe logi z FRST, ze skanowania.

    0
  • CControls
  • #3 28 Lut 2016 13:38
    dules
    Poziom 2  

    Przeskanuj spy hunterem , mi pomógł kilka razy w beznadziejnych sytuacjach (długo to trwało, ale się opłaciło).

    Moderowany przez dt1:

    Proszę o powstrzymanie się od tego typu porad, poniżej Kolega Kolobos wyjaśnił dokładnie dlaczego.

    0
  • #4 28 Lut 2016 13:40
    Kolobos
    Spec od komputerów

    @dules SpyHunter to platny program o watpliwej reputacji, wykrywa bzdury starajac sie zmusic uzytkownika do zakupu. Ostatnio wytoczyli proces bleeping za to, ze napisali negatywna opinie o programie. Wystepuja tez problemy z odinstalowaniem programu, a nawet jak sie juz uda to zostaja nieusuniete skladniki (w tym usluga).
    Nie mowiac juz o calej masie "falszywych" stron z poradnikami jak usunac dany typ infekcji, strony takie zostaly utworzone tylko i wylacznie w celu oszukania uzytkownika i naklonienia go do instalacji SpyHuntera.

    Do tego nie usunie tej infekcji. Dlatego zachowaj dla siebie takie szkodliwe porady.

    Warto poczytac:
    http://www.bleepingcomputer.com/announcement/...lp-bleepingcomputer-defend-freedom-of-speech/
    http://news.softpedia.com/news/makers-of-spyh...puter-because-of-negative-review-499818.shtml
    https://www.reddit.com/r/news/comments/43pj5y...ingcomputer_is_being_sued_by_enigma_software/

    1
  • #5 28 Lut 2016 14:12
    dules
    Poziom 2  

    Poradę zamiesciłem w dobrej wierze, nie wiedząc o powyższych faktach, dziekuję za ostrzeżenie mnie i innych użytkowników.

    0
  • #7 28 Lut 2016 14:43
    Kolobos
    Spec od komputerów

    Wyszukiwarka nie ma znaczenia, masz pelno szkodliwych programow.

    Miales odinstalowac to co podalem, dlaczego tego nie wykonales?
    Odinstaluj:
    AVG
    AVG 2015
    AVG PC TuneUp 2015
    G DATA INTERNET SECURITY
    McAfee Security Scan Plus
    YAC(Yet Another Cleaner!)

    Nowy Fixlist.txt dla FRST:
    CMD: fltmc detach MPCKpt C: "NPminifilter Instance"
    CMD: fltmc detach MPCKpt G: "NPminifilter Instance"
    CMD: fltmc detach MPCKpt \Device\Mup "NPminifilter Instance"
    CMD: fltmc detach MPCKpt \Device\HarddiskVolume1 "NPminifilter Instance"
    CMD: fltmc instances
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
    FF SearchPlugin: C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\deoro3q1.default-1425680771671\searchplugins\google-.xml [2016-02-28]
    FF Extension: Brak nazwy - C:\Users\Seba\AppData\Roaming\Mozilla\Firefox\Profiles\deoro3q1.default-1425680771671\extensions\arthurj8283@gmail.com [nie znaleziono]
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [348640 2016-02-27] (DotC United Inc)
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [59112 2016-02-27] (DotC United Inc)
    2016-02-28 14:27 - 2016-02-28 14:27 - 00001729 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-02-28 14:27 - 2016-02-28 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-02-27 21:47 - 2016-02-28 12:31 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-02-27 21:47 - 2016-02-27 21:50 - 00059112 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys


    Po wykonaniu zamiesc fixlog.txt, nowe logi z FRST, lacznie z nowym Addition.txt.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0