Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Odmulenie komputera, syf w przeglądarce (newsearch123) i złośliwe oprogramowanie

smiglo5 03 Cze 2016 15:44 765 8
  • CControls
  • #2 03 Cze 2016 17:14
    krzychupar
    Poziom 40  

    Odinstaluj:
    qksee (HKLM-x32\...\qksee) (Version: - Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
    Search App by Ask (HKLM-x32\...\{4254522D-5350-006A-76A7-A75C790C1B00}) (Version: 12.27.0.1059 - APN, LLC) <==== UWAGA
    YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== UWAGA

    Otwórz notatnik i wklej:
    Task: {01180F93-D78C-4A8B-A245-2CDCC78EEAAA} - System32\Tasks\crxbroBrowserUpdateUA => C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe [2016-01-28] () <==== UWAGA
    Task: {1994419D-EDB7-4146-ADA4-F484043888F3} - System32\Tasks\crxbroCheckTask => C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe [2016-01-28] () <==== UWAGA
    Task: {1E3A2591-2003-4570-B8C9-58345C3F226E} - System32\Tasks\{6DA0C22A-29DB-4FDD-9969-CB592E66B5DA} => pcalua.exe -a C:\Users\kuba\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cornl
    Task: {30C253AA-8104-43F2-B66E-80FEB600A0FE} - System32\Tasks\crxbroBrowserUpdateCore => C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe [2016-01-28] () <==== UWAGA
    Task: {D3793FF3-AF59-4CA3-ABDC-F60B8E8505A2} - System32\Tasks\{ECB7BA43-D031-42DF-AFB0-FB7DDF1BA3A3} => pcalua.exe -a C:\Users\kuba\Downloads\DAEMON-Tools-Lite-12708-dp.cpl
    Shortcut: C:\Users\kuba\Desktop\Nowy folder\Google Chrome.lnk -> C:\Program Files (x86)\crxbro Browser\crxbro\chrome.exe (The crxbro Authors)
    Shortcut: C:\Users\kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\crxbro Browser\crxbro\chrome.exe (The crxbro Authors)
    Shortcut: C:\Users\kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\crxbro Browser\crxbro\chrome.exe (The crxbro Authors)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\crxbro Browser\crxbro\chrome.exe (The crxbro Authors)
    Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\crxbro Browser\crxbro\chrome.exe (The crxbro Authors)
    2016-01-28 09:55 - 2016-01-28 06:28 - 00505984 _____ () C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe
    2016-02-19 17:41 - 2016-01-07 08:26 - 00582144 _____ () C:\Program Files (x86)\qksee\curlpp.dll
    2016-02-19 17:41 - 2016-01-07 08:26 - 00065752 _____ () C:\Program Files (x86)\qksee\zlib1.dll
    2015-11-10 12:50 - 2015-12-30 07:34 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll
    2015-11-10 12:50 - 2016-01-26 10:27 - 00066560 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll
    2016-05-26 14:03 - 2016-05-24 10:43 - 00068432 _____ () C:\Program Files (x86)\Uncheckit\zlib1.dll
    Hosts:
    () C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe
    HKLM-x32\...\Run: [Opera] => C:\Program Files (x86)\Opera\launcher.exe




    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\...\Run: [MyImgur] => C:\Users\kuba\AppData\Local\Temp\dll.exe.exe [1510400 2015-01-06] (MyImgur Programming Team.) <===== UWAGA
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\...\Run: [Innkeeper] => C:\Users\kuba\AppData\Local\Innkeeper\Update.exe --processStart Innkeeper.exe --process-start-args="-startup"
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\...\MountPoints2: {0097a2ce-d58d-11e4-9077-84863fffeacb} - F:\Startme.exe
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\...\MountPoints2: {5bd183f5-d1a3-11e5-90dd-8c79b98cf6b5} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\...\MountPoints2: {5bd1842d-d1a3-11e5-90dd-8c79b98cf6b5} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\...\MountPoints2: {ec678599-dbe1-11e5-946a-a65d1c5a80fc} - F:\Setup.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1447...mp;from=wpm07163&uid=ST9500420AS_5VJ5R9L9
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1447...mp;from=wpm07163&uid=ST9500420AS_5VJ5R9L9
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1427...;from=cor&uid=ST9500420AS_5VJ5R9L9&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1447...mp;from=wpm07163&uid=ST9500420AS_5VJ5R9L9
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1447...mp;from=wpm07163&uid=ST9500420AS_5VJ5R9L9
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1427...;from=cor&uid=ST9500420AS_5VJ5R9L9&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...FP-fluT0cGaj7QQ1qvGiFyKxrFEBMw4CoX8g,,&q={searchTerms}
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=dspp&ts=14...;from=cor&uid=ST9500420AS_5VJ5R9L9&q={searchTerms}
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.omniboxes.com/?type=hp&ts=1447...mp;from=wpm07163&uid=ST9500420AS_5VJ5R9L9
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...FP-fluT0cGaj7QQ1qvGiFyKxrFEBMw4CoX8g,,&q={searchTerms}
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...FP-fluT0cGaj7QQ1qvGiFyKxrFEBMw4CoX8g,,&q={searchTerms}
    HKU\S-1-5-21-3393093044-3527182090-3600628894-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.omniboxes.com/?type=hp&ts=1447...mp;from=wpm07163&uid=ST9500420AS_5VJ5R9L9
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...FP-fluT0cGaj7QQ1qvGiFyKxrFEBMw4CoX8g,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3393093044-3527182090-3600628894-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3393093044-3527182090-3600628894-1000 -> {037EB583-B5A3-4FEA-BC98-10DB072346BB} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3393093044-3527182090-3600628894-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...FP-fluT0cGaj7QQ1qvGiFyKxrFEBMw4CoX8g,,&q={searchTerms}
    BHO-x32: Brak nazwy -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> Brak pliku
    BHO-x32: Brak nazwy -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Brak pliku
    BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku
    BHO-x32: Assist Point -> {dc727a8c-7582-483c-a1c2-2b885f099bb5} -> C:\Program Files (x86)\Assist Point\Extensions\dc727a8c-7582-483c-a1c2-2b885f099bb5.dll => Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=14...mp;from=wpm05203&uid=ST9500420AS_5VJ5R9L9
    CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
    CHR StartupUrls: Default -> "","hxxp://www.google.pl/","hxxp://isearch.omiga-plus.com/?type=hp&ts=1418669544&from=cor&uid=ST9500420AS_5VJ5R9L9","hxxp://do-search.com/?type=hp&ts=1427226557&from=cor&uid=ST9500420AS_5VJ5R9L9","hxxp://www.yoursites123.com/?type=hp&ts=1450092922&z=0d6dfea4e4945cd7fcef892g4z6wde8e3t6o6t3c4e&from=wpm07173&uid=ST9500420AS_5VJ5R9L9"
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Internet Download Manager\IDMGCExt.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Internet Download Manager\IDMGCExt.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1068088 2016-05-26] (Winziper Pvt Ltd.) <==== UWAGA
    S2 WSModules; C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe [505984 2016-01-28] ()
    S2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-03] ()
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-19] (Elex do Brasil Participações Ltda)
    S1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2015-08-19] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-08-19] (Elex do Brasil Participações Ltda)
    S1 wfdrvr_vt_1_10_0_25; system32\drivers\wfdrvr_vt_1_10_0_25.sys [X]
    2016-06-03 15:18 - 2015-12-22 16:49 - 00000000 ____D C:\Program Files (x86)\crxbro Browser
    2015-12-24 10:04 - 2015-12-24 10:04 - 2770377 _____ (iBank) C:\Program Files (x86)\SSFK.exe
    2016-06-03 00:22 - 2015-11-10 12:50 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-06-03 00:22 - 2016-02-19 17:41 - 00000000 ____D C:\Program Files (x86)\qksee
    2015-10-25 20:24 - 2016-01-12 10:42 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    C:\Users\kuba\AppData\Local\Temp\dll.exe.e
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 03 Cze 2016 17:17
    smiglo5
    Poziom 3  

    Wszystko ręcznie odinstalować i wkleić tylko temp?
    Czy na dwa razy

    0
  • #4 03 Cze 2016 17:20
    krzychupar
    Poziom 40  

    Jeżeli te programy są w Programach i Funkcje to je odinstaluj i resztę wykonaj jak jest napisane.

    0
  • #5 03 Cze 2016 18:03
    smiglo5
    Poziom 3  

    Wybaczcie, sprawdzałem odpowiedź na telefonie a tam formatowanie było po prostu broken, biorę się do roboty :D

    Dodano po 39 [minuty]:
    newsearch123 niestety został

    0
  • #6 03 Cze 2016 18:37
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0
  • #8 03 Cze 2016 19:51
    Acorus 20
    Spec od komputerów

    Odinstaluj Java 8 Update 31, WinZip. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Hosts:
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
    CHR HKLM\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\kuba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    CHR HKLM-x32\...\Chrome\Extension: [jdiejbegdjikmehflknhkbieocmnogcf] - C:\Users\kuba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdiejbegdjikmehflknhkbieocmnogcf.crx [2015-11-07]
    S2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [X]
    R1 {c2812e93-4fef-423f-98ce-9a06fe4e2372}Gw64; C:\Windows\System32\drivers\{c2812e93-4fef-423f-98ce-9a06fe4e2372}Gw64.sys [48792 2015-03-24] (StdLib)


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • #9 04 Cze 2016 09:32
    smiglo5
    Poziom 3  

    Wszystko działa jak należy, wykonałem również dezynfekcję delfixem, dzięki raz jeszcze!
    Odmulenie komputera, syf w przeglądarce (newsearch123) i złośliwe oprogramowanie

    0