Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

HP WIN XP - NOD raportuje wiele zagrożeń

alekga 27 Cze 2016 08:40 642 3
  • CControls
  • Pomocny post
    #2 27 Cze 2016 09:35
    Kolobos
    Spec od komputerów

    Nie pobieraj programow z dobrychprogramow przy pomocy ich menadzera pobirania, ktory instaluje szkodliwe oprogramownie. Uzywaj TYLKO bezposrednich linkow.

    Odinstaluj:
    qksee
    Uncheckit
    WinZip
    YAC(Yet Another Cleaner!) (W razie problemow pomin i odinstaluj po zakoneczeniu)
    yoursearching uninstall

    Uzyj AdwCleaner, opcja Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Obok frst.exe utworz pliK Fixlist.txt z podana zawartoscia i uruchom system w trybie awaryjnym.
    CloseProcesses:
    Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1434662008.job => C:\Program Files\Opera\launcher.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\UncheckitTaskMN.job => C:\Program Files\Uncheckit\cktSvc.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\UncheckitUpdateTaskC.job => C:\Program Files\Uncheckit\UncheckitUpdate.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\UncheckitUpdateTaskDB.job => C:\Program Files\Uncheckit\UncheckitUpdate.exe <==== UWAGA
    Shortcut: C:\Documents and Settings\jk projekt\Menu Start\Programy\Akcesoria\Narzędzia systemowe\Internet Explorer (bez dodatków).lnk -> hxxp://www.nuesearch.com/?type=sc&ts=1465...amp;from=wpm0613&uid=ST3250310AS_6RYB5TJB` (Brak pliku)
    2016-06-16 08:05 - 2016-05-23 04:37 - 00065696 _____ () C:\Program Files\Elex-tech\YAC\zlib1.dll
    2016-06-20 11:15 - 2016-02-15 04:21 - 00582144 _____ () C:\Program Files\qksee\curlpp.dll
    2016-06-20 11:15 - 2016-06-20 07:34 - 00065784 _____ () C:\Program Files\qksee\zlib1.dll
    2016-06-16 08:04 - 2016-05-23 04:37 - 00179200 _____ () C:\Program Files\Elex-tech\YAC\libpng.dll
    2016-06-16 08:04 - 2016-05-24 10:43 - 00068432 _____ () C:\Program Files\Uncheckit\zlib1.dll
    2016-01-08 08:36 - 2016-06-15 05:48 - 00136384 _____ () C:\Program Files\SFK\SSFK.exe
    2016-06-16 08:04 - 2016-05-25 12:28 - 00179200 _____ () C:\Program Files\Uncheckit\libpng.dll
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
    (Qksee Pvt Ltd.) C:\Program Files\qksee\qkseeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
    (© 2015 Microsoft Corporation) C:\Documents and Settings\jk projekt\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe




    (EVANGEL TECHNOLOGY (HK) LIMITED) C:\Program Files\Uncheckit\cktSvc.exe
    (tsvr.com) C:\Documents and Settings\jk projekt\Dane aplikacji\TSv\TSvr.exe
    () C:\Program Files\SFK\SSFK.exe
    (EVANGEL TECHNOLOGY (HK) LIMITED) C:\Program Files\Uncheckit\UncheckitSvc.exe
    (WFini LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\JwinpJ\WFini.exe
    (EVANGEL TECHNOLOGY (HK) LIMITED) C:\Program Files\Uncheckit\UncheckitBsn.exe
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKU\S-1-5-21-1844237615-2139871995-839522115-1003\...\Run: [BingSvc] => C:\Documents and Settings\jk projekt\Ustawienia lokalne\Dane aplikacji\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-1844237615-2139871995-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1465...amp;from=wpm0613&uid=ST3250310AS_6RYB5TJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&...m=wpm0613&uid=ST3250310AS_6RYB5TJB&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1465...amp;from=wpm0613&uid=ST3250310AS_6RYB5TJB
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&...m=wpm0613&uid=ST3250310AS_6RYB5TJB&q={searchTerms}
    HKU\S-1-5-21-1844237615-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1465...amp;from=wpm0613&uid=ST3250310AS_6RYB5TJB
    HKU\S-1-5-21-1844237615-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...=wpm01073&uid=ST3250310AS_6RYB5TJB&q={searchTerms}
    HKU\S-1-5-21-1844237615-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
    HKU\S-1-5-21-1844237615-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...=wpm01073&uid=ST3250310AS_6RYB5TJB&q={searchTerms}
    HKU\S-1-5-21-1844237615-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.wp.pl/?src01=dp120150211
    HKU\S-1-5-21-1844237615-2139871995-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1465...amp;from=wpm0613&uid=ST3250310AS_6RYB5TJB
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...m=wpm0613&uid=ST3250310AS_6RYB5TJB&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...m=wpm0613&uid=ST3250310AS_6RYB5TJB&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1844237615-2139871995-839522115-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...m=wpm0613&uid=ST3250310AS_6RYB5TJB&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1844237615-2139871995-839522115-1003 -> {0C779D49-F72A-4748-9E32-B6457D31405B} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1844237615-2139871995-839522115-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...m=wpm0613&uid=ST3250310AS_6RYB5TJB&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1844237615-2139871995-839522115-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    FF NewTab: hxxp://www.attirerpage.com/newtab/?type=nt&am...amp;from=wpm0616&uid=ST3250310AS_6RYB5TJB
    FF Homepage: hxxp://www.attirerpage.com/?type=hp&ts=14...amp;from=wpm0616&uid=ST3250310AS_6RYB5TJB
    FF SearchPlugin: C:\Documents and Settings\jk projekt\Dane aplikacji\Mozilla\Firefox\Profiles\zdsy0g23.default-1465802521187\searchplugins\attirerpage.xml [2016-06-16]
    FF Extension: Default NewTab - C:\Documents and Settings\jk projekt\Dane aplikacji\Mozilla\Firefox\Profiles\zdsy0g23.default-1465802521187\Extensions\default_newtabff@gmail.com [2016-06-16] [Brak podpisu cyfrowego]
    FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Documents and Settings\jk projekt\Dane aplikacji\Mozilla\Firefox\Profiles\ryj7937b.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Documents and Settings\jk projekt\Dane aplikacji\Mozilla\Firefox\Profiles\ryj7937b.default\extensions\yahooprotected@gmail.com => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Documents and Settings\jk projekt\Dane aplikacji\Mozilla\Firefox\Profiles\zdsy0g23.default-1465802521187\extensions\default_newtabff@gmail.com
    OPR StartupUrls: "hxxp://www.attirerpage.com/?type=hp&ts=1466067838&z=48ec2a8a0fe2bcd53196158gbzbq3q3e1qcmab0cez&from=wpm0616&uid=ST3250310AS_6RYB5TJB"
    R2 cktSvc; C:\Program Files\Uncheckit\cktSvc.exe [274688 2016-06-15] (EVANGEL TECHNOLOGY (HK) LIMITED)
    S2 DeskTop_F; C:\Documents and Settings\All Users\Dane aplikacji\desktopfind\desktop114.exe [236728 2016-03-16] (DeskTopService)
    R2 IhPul; C:\Documents and Settings\jk projekt\Dane aplikacji\TSv\TSvr.exe [371464 2016-06-13] (tsvr.com)
    R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-23] (Elex do Brasil Participações Ltda)
    R2 qkseeService; C:\Program Files\qksee\qkseeSvc.exe [752376 2016-06-20] (Qksee Pvt Ltd.) [Brak podpisu cyfrowego]
    R2 SSFK; C:\Program Files\SFK\SSFK.exe [136384 2016-06-15] ()
    R2 UncheckitSvc; C:\Program Files\Uncheckit\UncheckitSvc.exe [247552 2016-06-15] (EVANGEL TECHNOLOGY (HK) LIMITED)
    R2 WdMan; C:\Documents and Settings\All Users\Dane aplikacji\JwinpJ\WFini.exe [210152 2016-06-16] (WFini LIMITED)
    S2 winzipersvc; C:\Program Files\WinZipper\winzipersvc.exe [X] <==== UWAGA
    R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [50280 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [67288 2016-05-19] (Elex do Brasil Participações Ltda)
    U4 epfw; system32\DRIVERS\epfw.sys [X]
    U4 epfwtdi; system32\DRIVERS\epfwtdi.sys [X]
    2016-06-20 11:15 - 2016-06-20 11:15 - 00000000 ____D C:\Program Files\qksee
    2016-06-17 12:41 - 2016-06-17 12:41 - 00000837 _____ C:\Documents and Settings\jk projekt\Pulpit\Install Adobe Flash Player.lnk
    2016-06-16 11:05 - 2016-06-16 11:05 - 00000072 _____ C:\WINDOWS\system32\EN_14569218.html
    2016-06-16 11:05 - 2016-06-16 11:05 - 00000072 _____ C:\WINDOWS\system32\EN_14564046.html
    2016-06-16 11:05 - 2016-06-16 11:05 - 00000072 _____ C:\WINDOWS\system32\EN_14562656.html
    2016-06-16 11:05 - 2016-06-16 11:05 - 00000072 _____ C:\WINDOWS\system32\EN_14546015.html
    2016-06-16 11:05 - 2016-06-16 11:05 - 00000072 _____ C:\WINDOWS\system32\EN_14545750.html
    2016-06-16 11:04 - 2016-06-16 11:04 - 00000072 _____ C:\WINDOWS\system32\EN_14531343.html
    2016-06-16 11:04 - 2016-06-16 11:04 - 00000072 _____ C:\WINDOWS\system32\EN_14531031.html
    2016-06-16 11:04 - 2016-06-16 11:04 - 00000072 _____ C:\WINDOWS\system32\EN_14529578.html
    2016-06-16 11:04 - 2016-06-16 11:04 - 00000072 _____ C:\WINDOWS\system32\EN_14529312.html
    2016-06-16 11:04 - 2016-06-16 11:04 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\JwinpJ
    2016-06-16 11:03 - 2016-06-16 11:03 - 00000072 _____ C:\WINDOWS\system32\pl_14472328.html
    2016-06-16 11:03 - 2016-06-16 11:03 - 00000072 _____ C:\WINDOWS\system32\EN_14473750.html
    2016-06-16 08:05 - 2016-05-23 04:41 - 00050280 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
    2016-06-16 08:05 - 2016-05-19 08:42 - 00067288 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
    2016-06-16 08:04 - 2016-06-25 08:45 - 00000286 _____ C:\WINDOWS\Tasks\UncheckitUpdateTaskDB.job
    2016-06-16 08:04 - 2016-06-25 08:25 - 00000284 _____ C:\WINDOWS\Tasks\UncheckitUpdateTaskC.job
    2016-06-16 08:04 - 2016-06-24 08:05 - 00000268 _____ C:\WINDOWS\Tasks\UncheckitTaskMN.job
    2016-06-16 08:04 - 2016-06-16 08:04 - 00000000 ____D C:\Program Files\Elex-tech
    2016-06-16 08:04 - 2016-06-16 08:04 - 00000000 ____D C:\Documents and Settings\NetworkService\Dane aplikacji\Uncheckit
    2016-06-16 08:04 - 2016-06-16 08:04 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji\Uncheckit
    2016-06-16 08:04 - 2016-06-16 08:04 - 00000000 ____D C:\Documents and Settings\jk projekt\Dane aplikacji\Elex-tech
    2016-06-16 08:04 - 2016-06-16 08:04 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Uncheckit
    2016-06-16 08:04 - 2016-06-16 08:04 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Uncheckit
    2016-06-16 08:03 - 2016-06-16 08:05 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\uckt
    2016-06-16 08:03 - 2016-06-16 08:04 - 00000000 ____D C:\Program Files\Uncheckit
    2016-06-16 08:03 - 2016-06-16 08:03 - 00000000 ____D C:\Documents and Settings\jk projekt\Dane aplikacji\Uncheckit
    2016-06-13 20:38 - 2016-06-13 20:38 - 00001938 _____ C:\Documents and Settings\All Users\Pulpit\APB Software.lnk
    2016-06-13 09:10 - 2016-06-13 09:10 - 00000072 _____ C:\WINDOWS\system32\EN_7395968.html
    2016-06-13 09:10 - 2016-06-13 09:10 - 00000072 _____ C:\WINDOWS\system32\EN_7393843.html
    2016-06-13 09:10 - 2016-06-13 09:10 - 00000072 _____ C:\WINDOWS\system32\EN_7393593.html
    2016-06-13 09:09 - 2016-06-26 18:09 - 00000001 _____ C:\WINDOWS\system32\pl.html
    2016-06-13 09:09 - 2016-06-16 11:03 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\pwinpp
    2016-06-13 09:09 - 2016-06-16 08:03 - 00000000 ____D C:\Documents and Settings\jk projekt\Dane aplikacji\qksee
    2016-06-13 09:09 - 2016-06-13 09:09 - 00000072 _____ C:\WINDOWS\system32\EN_7344593.html
    2016-06-13 09:09 - 2016-06-13 09:09 - 00000072 _____ C:\WINDOWS\system32\EN_7344359.html
    2016-06-13 09:09 - 2016-06-13 09:09 - 00000072 _____ C:\WINDOWS\system32\EN_7338421.html
    2016-06-13 09:09 - 2016-06-13 09:09 - 00000072 _____ C:\WINDOWS\system32\EN_7338015.html
    2016-06-13 09:09 - 2016-06-13 09:09 - 00000072 _____ C:\WINDOWS\system32\EN_7337593.html
    2016-06-13 09:09 - 2016-06-13 09:09 - 00000072 _____ C:\WINDOWS\system32\EN_7337359.html
    2016-06-13 09:09 - 2016-06-13 09:09 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\qksee
    2016-06-13 09:08 - 2016-06-13 09:08 - 00000072 _____ C:\WINDOWS\system32\pl_7270750.html
    2016-06-13 09:08 - 2016-06-13 09:08 - 00000072 _____ C:\WINDOWS\system32\EN_7307171.html
    2016-06-13 09:08 - 2016-06-13 09:08 - 00000072 _____ C:\WINDOWS\system32\EN_7306875.html
    2016-06-13 09:08 - 2016-06-13 09:08 - 00000072 _____ C:\WINDOWS\system32\EN_7272156.html
    2016-06-26 18:11 - 2016-01-08 08:36 - 00000000 ____D C:\Program Files\SFK
    2016-06-26 18:09 - 2015-06-18 23:13 - 00000442 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1434662008.job
    2016-06-26 18:09 - 2015-02-20 21:45 - 00000232 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
    2016-06-16 11:03 - 2016-03-17 14:05 - 00000000 ____D C:\WINDOWS\system32\_tWm
    2016-06-13 09:09 - 2016-01-08 08:35 - 00000000 ____D C:\Documents and Settings\jk projekt\Dane aplikacji\TSv
    2016-06-08 15:00 - 2015-02-20 21:45 - 00000226 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job
    2015-12-11 22:20 - 2015-12-11 22:20 - 0962128 _____ (Installer Soft Program ) C:\Program Files\ALLPlayer-13217-dp.exe
    2016-03-11 12:56 - 2016-03-11 12:57 - 2459593 _____ (tBank) C:\Program Files\SSFK.exe
    2016-01-08 08:33 - 2016-03-17 14:07 - 0000146 _____ () C:\Documents and Settings\All Users\Dane aplikacji\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun to co wykryje.

    0
  • CControls
  • #3 27 Cze 2016 19:03
    alekga
    Poziom 5  

    Zrobione jak napisałeś.
    Wygląda że jest Ok
    Dziękuję

    0
  • #4 27 Cze 2016 23:01
    RADU23
    Moderator - Komputery Serwis

    Usuń folder C:\FRST i to wszystko.
    HP WIN XP - NOD raportuje wiele zagrożeń

    0