Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

CWS, SearchInMe, QkSee

kermit20033 12 Sie 2016 19:49 990 2
  • CControls
  • #2 12 Sie 2016 20:15
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Spybot - Search & Destroy
    WinZip

    Zainstaluj http://ninite.com/java/

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {005E8F34-4EB0-436E-A858-2789AB100FE2} - System32\Tasks\{63F77200-6A5D-4D44-AD87-148DA7892F8D} => pcalua.exe -a "D:\BACKUP\Backup - software\Słownik synonimów EN TL+\cd_en1lt_sy\cd_en1lt_sy\setup.exe" -d "D:\BACKUP\Backup - software\Słownik synonimów EN TL+\cd_en1lt_sy\cd_en1lt_sy"
    Task: {35D2D14B-B6C7-464F-AA1D-801F1AE052A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {82FF0DC0-4D8E-4EC1-A8B9-A8FD8D00AB84} - System32\Tasks\{2EEA7580-C04C-4A9D-8492-8A0A668E9368} => pcalua.exe -a E:\setup.exe -d E:\
    Task: {924556A8-4BCD-4865-9E50-BB861E48E4BC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {A953F3DE-B628-4826-9848-9A9050FBA4C2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {BE0B13A2-E650-4F89-976F-C8652DB48F10} - System32\Tasks\HisarahUpdateTaskMachineUA => C:\Program Files (x86)\Hisarah\Update\HisarahUpdate.exe <==== UWAGA
    Task: {CAF4615A-28B6-4010-98FB-34FB3C182EFB} - System32\Tasks\HisarahUpdateTaskMachineCore => C:\Program Files (x86)\Hisarah\Update\HisarahUpdate.exe <==== UWAGA
    Task: {CDA5D4C2-1612-4A7E-B9B1-A15A05C9C66C} - System32\Tasks\NobeanUpdateTaskMachineCore => C:\Program Files (x86)\Nobean\Update\NobeanUpdate.exe <==== UWAGA
    Task: {D1FA8F81-D245-400B-8045-36ED1CDA2D2E} - \WinTaske -> Brak pliku <==== UWAGA
    Task: {E58C9169-CEBA-4E9A-AFE2-4E9746861E7A} - System32\Tasks\NobeanUpdateTaskMachineUA => C:\Program Files (x86)\Nobean\Update\NobeanUpdate.exe <==== UWAGA
    Task: {F61EA674-3833-4047-90F1-5B2FC491E7FB} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\FB0789065213F03EE7F0A025C29B9C9F\Update\BrowserUpdate.exe <==== UWAGA
    2016-06-22 09:07 - 2016-06-21 09:51 - 00428416 _____ () C:\ProgramData\Nobean\Nobean.exe
    2016-05-31 10:42 - 2015-12-30 07:34 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll
    2016-05-31 10:42 - 2016-01-26 10:27 - 00066560 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll
    AlternateDataStreams: C:\Windows:netNLSPreferences [0]




    AlternateDataStreams: C:\Windows:nlsPreferences [386]
    (ExWzp Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
    (Trend Corp.) C:\Users\Jacek\AppData\Roaming\TSv\TSvr.exe
    () C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe
    () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
    () C:\ProgramData\Nobean\Nobean.exe
    (Trend Micro Inc.) C:\Users\Jacek\Downloads\HijackThis.exe
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-2830874865-2028769550-757551508-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-2830874865-2028769550-757551508-1000\...\MountPoints2: F - F:\AutoRun.exe
    C:\ProgramData\Nobean\
    HKU\S-1-5-21-2830874865-2028769550-757551508-1000\...\MountPoints2: {84f4d70b-af9e-11e5-9f6a-c485088e36ee} - F:\AutoRun.exe
    HKU\S-1-5-21-2830874865-2028769550-757551508-1000\...\MountPoints2: {fca356ed-ae28-11e5-9be8-e8039ae35ca4} - F:\AutoRun.exe
    HKU\S-1-5-21-2830874865-2028769550-757551508-1000\...\MountPoints2: {fca356fc-ae28-11e5-9be8-e8039ae35ca4} - F:\AutoRun.exe
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nuesearch.com/?type=hp&ts=1467...uid=SamsungXSSDX850XEVOX250GB_S21PNSAG723837F
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&...sungXSSDX850XEVOX250GB_S21PNSAG723837F&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nuesearch.com/?type=hp&ts=1467...uid=SamsungXSSDX850XEVOX250GB_S21PNSAG723837F
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&...sungXSSDX850XEVOX250GB_S21PNSAG723837F&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2830874865-2028769550-757551508-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
    HKU\S-1-5-21-2830874865-2028769550-757551508-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?pc=UE07&ocid=UE07DHP
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...sungXSSDX850XEVOX250GB_S21PNSAG723837F&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...sungXSSDX850XEVOX250GB_S21PNSAG723837F&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...sungXSSDX850XEVOX250GB_S21PNSAG723837F&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&...sungXSSDX850XEVOX250GB_S21PNSAG723837F&q={searchTerms}
    FF Homepage: hxxp://www.nuesearch.com/?type=hp&ts=1470...uid=SamsungXSSDX850XEVOX250GB_S21PNSAG723837F
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nuesearch.com/?type=sc&ts=1470...uid=SamsungXSSDX850XEVOX250GB_S21PNSAG723837F
    CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - <Brak Path/update_url>
    R2 CommandHandler; C:\Program Files (x86)\Firefox\bin\FirefoxCommand.exe [253824 2016-08-02] ()
    R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [499072 2016-08-02] ()
    R2 IhPul; C:\Users\Jacek\AppData\Roaming\TSv\TSvr.exe [210128 2016-08-08] (Trend Corp.)
    R2 NobeanP; C:\ProgramData\Nobean\Nobean.exe [428416 2016-06-21] ()
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1018488 2016-08-01] (ExWzp Pvt Ltd.) <==== UWAGA
    S2 cktSvc; "C:\Program Files (x86)\Uncheckit\cktSvc.exe" {92E162D7-70FD-48F7-A779-91154F8FD518} [X]
    S2 HisarahP; "C:\ProgramData\Hisarah\Hisarah.exe" [X]
    S2 HisarahU; "C:\Program Files (x86)\Hisarah\Update\HisarahUpdate.exe" [X]
    S2 NobeanU; "C:\Program Files (x86)\Nobean\Update\NobeanUpdate.exe" [X]
    S2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe -s [X]
    S2 WdMan; C:\ProgramData\DwinpD\WFini.exe -svr [X]
    2016-08-12 19:18 - 2016-08-12 19:18 - 00532480 _____ (Trend Micro Incorporated) C:\Users\Jacek\Downloads\cwshredder.exe
    2016-08-09 08:46 - 2016-08-09 08:46 - 00000000 _____ C:\Windows\SysWOW64\tmp8.html
    2016-08-08 14:19 - 2016-08-12 15:59 - 00000001 _____ C:\Windows\SysWOW64\pl.html
    C:\Windows\SysWOW64\pl_*.html
    C:\Windows\SysWOW64\EN_*.html
    2016-08-03 12:54 - 2016-08-03 12:55 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\eCyber
    2016-07-25 14:47 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
    2016-07-25 14:45 - 2016-07-25 15:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-07-25 14:45 - 2016-07-25 14:45 - 00001397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-07-25 14:45 - 2016-07-25 14:45 - 00001385 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-07-25 14:45 - 2016-07-25 14:45 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
    2016-07-25 14:45 - 2016-07-25 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-07-25 14:45 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2016-07-25 14:44 - 2016-07-25 14:47 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-07-25 14:42 - 2016-07-25 14:42 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jacek\Downloads\spybot-2.4.exe
    2016-07-25 14:41 - 2016-07-25 14:41 - 00978840 _____ (Rura ) C:\Users\Jacek\Downloads\Spybot-Search-Destroy-12546-dp.exe
    2016-07-25 14:36 - 2016-08-08 14:18 - 00000000 ____D C:\Windows\SysWOW64\_SSpm
    2016-07-22 10:25 - 2016-07-22 10:25 - 00000000 _____ C:\Windows\SysWOW64\tmp1.html
    2016-07-14 11:41 - 2016-08-02 13:46 - 00000000 _____ C:\Users\Public\Documents\report1.dat
    2016-07-14 11:41 - 2016-07-19 11:56 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\Temp
    2016-07-14 11:40 - 2016-08-04 10:21 - 00000000 ____D C:\Program Files (x86)\WinSaber
    2016-08-12 19:04 - 2016-03-24 14:00 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-08-08 14:16 - 2016-06-13 10:30 - 00000000 ____D C:\Program Files (x86)\SFK
    2016-08-08 14:16 - 2016-04-14 08:42 - 00000000 ____D C:\Users\Jacek\AppData\Roaming\TSv
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • CControls
  • #3 26 Sie 2016 13:44
    kermit20033
    Poziom 2  

    Bardzo dziękuję za pomoc! Wszystko pięknie działa jak trzeba;)
    PS> Przepraszam za opóźnienie w odpowiedzi.
    Jeszcze raz dziękuję!!!

    0