Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Windows 7 - Redjane, oraz Great Deals, jak się tego pozbyć.

KooGaid 25 Wrz 2016 11:56 906 3
  • #1 25 Wrz 2016 11:56
    KooGaid
    Poziom 15  

    Witajcie.

    Od jakiegoś czasu wyskakują mi reklamy Great Deals, oraz domyślną przeglądarką jest mylucky123.

    Dziś zauważyłem folder Redjane, która jest klonem Chrome'a.

    Jak się pozbyć tego syfu?

    Przesyłam logi z FRST

    0 3
  • CControls
  • #2 25 Wrz 2016 19:02
    Kolobos
    Spec od komputerów

    Zamiesc logi z najnowszej wersji FRST, a nie z przestarzalej!

    0
  • CControls
  • #4 26 Wrz 2016 07:53
    Kolobos
    Spec od komputerów

    Odinstaluj McAfee Security Scan Plus

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Molek\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Brak pliku




    Task: {0FA3E6D8-0F7E-4ACA-9288-3F1D9D5DE3E9} - System32\Tasks\Hoolapp For Android => C:\Users\Molek\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: {22B600D5-83A3-405E-8835-D78A7BF06039} - System32\Tasks\Hoolapp Init => C:\Users\Molek\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== UWAGA
    Task: {355D7A47-F012-4842-B10C-3C5CC3E0CBCF} - System32\Tasks\{49EE0E03-6DB1-49C9-8330-F3C628F50EE2} => pcalua.exe -a "C:\Users\Molek\Downloads\JAF 1.98.62 PKEY Emulator.exe" -d C:\Users\Molek\Downloads
    Task: {5522FDD8-E906-469A-BA7D-1FF426B4928F} - System32\Tasks\{4E362A9D-8385-408D-A7DE-F6A07EE3C547} => pcalua.exe -a C:\Users\Molek\Downloads\MCY_U3100minidvbt_31221\MCY_U3100minidvbt_31221\setup.exe -d C:\Users\Molek\Downloads\MCY_U3100minidvbt_31221\MCY_U3100minidvbt_31221
    Task: {56F878BC-C79E-4D65-9D10-F67399BA0655} - System32\Tasks\{46A6C9A8-CFD7-44A6-A069-4DB16F6D0764} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Task: {5E1D91E0-6969-4009-9D1F-53E9863ECBC5} - System32\Tasks\{EDB4A436-1C86-4BB9-948B-9C749FC04D49} => pcalua.exe -a "D:\Euro Track\Euro track simulator (trupek2)\PcGame - Euro Truck Simulator 2008\DirectX\dxsetup.exe" -d "D:\Euro Track\Euro track simulator (trupek2)\PcGame - Euro Truck Simulator 2008\DirectX"
    Task: {6BB61AB9-3315-40BE-9AFB-8B40AFC8183A} - System32\Tasks\{C32B3D5A-8CA7-40B8-8167-4DAB94BD066E} => pcalua.exe -a C:\Users\Molek\Downloads\RegCleaner(dobreprogramy.pl).exe -d C:\Users\Molek\Downloads
    Task: {75682236-13E9-48FE-8C1A-B3F15B64895D} - System32\Tasks\RedjaneUpdateTaskMachineCore => C:\Program Files (x86)\Redjane\Update\RedjaneUpdate.exe <==== UWAGA
    Task: {76E34391-7089-4A68-89A8-271A12522C84} - System32\Tasks\{E74140F1-6ED2-40A6-88FE-31A202664FCB} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\5\SSSDUninstall.exe
    Task: {8BA73BC1-211E-494E-B622-0F38B133192D} - System32\Tasks\{650D9EA7-6650-4AA5-9DA6-67D0F5113B85} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101/pl/abandoninstall?page=tsProgressBar
    Task: {E0EE417B-075B-416B-A91E-8EFCE153956D} - System32\Tasks\{6426C6BE-9797-4A11-905B-AA8466F7E317} => C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 6\pes6.exe [2006-10-26] (KONAMI)
    Task: {F5437D73-789F-487D-A97C-9EAC9C10E437} - System32\Tasks\{C2230AF6-60A9-4A6B-AA9C-B173BC96DD6C} => pcalua.exe -a C:\Users\Molek\Downloads\MCYU3100MINI_PLUSTRC_V952022_Win7VistaWinXP\MCYU3100MINI_PLUSTRC_V952022_Win7VistaWinXP\setup.exe -d C:\Users\Molek\Downloads\MCYU3100MINI_PLUSTRC_V952022_Win7VistaWinXP\MCYU3100MINI_PLUSTRC_V952022_Win7VistaWinXP
    Task: {FCCF9E2D-BE74-4EB8-BDF9-6CC7C373E262} - System32\Tasks\RedjaneUpdateTaskMachineUA => C:\Program Files (x86)\Redjane\Update\RedjaneUpdate.exe <==== UWAGA
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:BAC2F271 [135]
    AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8 [127]
    Hosts:
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\...\Run: [MSIDLL] => C:\Windows\SysWOW64\rundll32.exe msitwt32.dll,NxBLlywhYZk
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\...\Run: [Badoo Desktop] => C:\ProgramData\Badoo\Badoo Desktop\1.6.58.1220\Badoo.Desktop.exe
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\...\Run: [Google Update] => C:\Users\Molek\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31]
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\...\Run: [] => [X]
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\...\Run: [Hoolapp Android] => "C:\Users\Molek\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\...\MountPoints2: {12b98efe-6a0e-11e1-a9a6-0019db4766db} - K:\autorun6e.exe
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\...\MountPoints2: {4bd26ec1-7f32-11e1-9928-806e6f6e6963} - J:\AUTORUN.EXE
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\...\MountPoints2: {ab6007eb-4ad7-11e6-aca8-0019db4766db} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\...\MountPoints2: {d2f052c0-7f07-11e2-b95e-806e6f6e6963} - I:\Setup.exe
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\...\MountPoints2: {f7133e55-bd4e-11e5-bf5f-0019db4766db} - F:\HTC_Sync_Manager_PC.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-09-21]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...id=WDCXWD2500AAJS-00VTA0_WD-WMART021914719147
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...id=WDCXWD2500AAJS-00VTA0_WD-WMART021914719147
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...WD2500AAJS-00VTA0_WD-WMART021914719147&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...WD2500AAJS-00VTA0_WD-WMART021914719147&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...id=WDCXWD2500AAJS-00VTA0_WD-WMART021914719147
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...id=WDCXWD2500AAJS-00VTA0_WD-WMART021914719147
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...WD2500AAJS-00VTA0_WD-WMART021914719147&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...WD2500AAJS-00VTA0_WD-WMART021914719147&q={searchTerms}
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...id=WDCXWD2500AAJS-00VTA0_WD-WMART021914719147
    HKU\S-1-5-21-3658126288-3018474546-1598903181-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...id=WDCXWD2500AAJS-00VTA0_WD-WMART021914719147
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...WD2500AAJS-00VTA0_WD-WMART021914719147&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...WD2500AAJS-00VTA0_WD-WMART021914719147&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...WD2500AAJS-00VTA0_WD-WMART021914719147&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...WD2500AAJS-00VTA0_WD-WMART021914719147&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000 -> {8A244612-A1F7-11E0-95C0-E71F4824019B} URL = hxxp://badoo.com/startpage/?source=bsb&q={searchTerms}
    Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll Brak pliku
    Toolbar: HKU\S-1-5-21-3658126288-3018474546-1598903181-1000 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll Brak pliku
    CHR HomePage: Default -> hxxp://www.mylucky123.com/?type=hp&ts=147...id=WDCXWD2500AAJS-00VTA0_WD-WMART021914719147
    CHR StartupUrls: Default -> "hxxp://www.mylucky123.com/?type=hp&ts=1474273670&z=8850f1db459b337e01a53ecg5z4m6z2o4m0cdm3e3w&from=wpm0616&uid=WDCXWD2500AAJS-00VTA0_WD-WMART021914719147"
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\ppGoogleNaClPluginChrome.dll => Brak pliku
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\pdf.dll => Brak pliku
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\gcswf32.dll => Brak pliku
    CHR Plugin: (Shockwave Flash) - C:\Users\Molek\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll => Brak pliku
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => Brak pliku
    CHR Plugin: (Skype Toolbars) - C:\Users\Molek\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => Brak pliku
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => Brak pliku
    CHR HKLM-x32\...\Chrome\Extension: [leomkkljcdgegflamofjilaekhgiiake] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome.Ela - C:\Users\Ela\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.mylucky123.com/?type=sc&ts=147...id=WDCXWD2500AAJS-00VTA0_WD-WMART021914719147
    StartMenuInternet: Google Chrome.ISJOTK6AD2HSVTFL4TLF5R56WE - C:\Users\Ela\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.mylucky123.com/?type=sc&ts=147...id=WDCXWD2500AAJS-00VTA0_WD-WMART021914719147
    R2 W3PCC; C:\ProgramData\Sun\Java\extension.dll [342528 2016-09-18] () [Brak podpisu cyfrowego]
    S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-09-19] ()
    U3 a67upg7e; C:\Windows\System32\Drivers\a67upg7e.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U3 abf195cs; C:\Windows\System32\Drivers\abf195cs.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    S3 vserial; System32\DRIVERS\vserial.sys [X]
    2016-09-21 09:59 - 2016-09-21 10:02 - 00000140 _____ C:\Windows\Reimage.ini
    2016-09-21 09:57 - 2016-09-21 09:58 - 00604960 _____ (Reimage) C:\Users\Molek\Downloads\ReimageRepair.exe
    2016-09-20 20:27 - 2016-09-20 20:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\Redjane
    2016-09-19 10:39 - 2016-09-19 10:39 - 00000000 ____C C:\autoexec.bat
    2016-09-19 10:36 - 2016-09-19 10:36 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Molek\Downloads\SpyHunter-Installer.exe
    2016-09-19 10:36 - 2016-09-19 10:36 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-09-19 10:30 - 2016-09-21 11:57 - 00000000 ____D C:\ProgramData\Redjane
    2016-09-19 10:28 - 2016-09-19 10:28 - 00003548 _____ C:\Windows\System32\Tasks\RedjaneUpdateTaskMachineCore
    2016-09-19 10:28 - 2016-09-19 10:28 - 00003462 _____ C:\Windows\System32\Tasks\RedjaneUpdateTaskMachineUA
    2016-09-19 10:28 - 2016-09-19 10:28 - 00000000 ____D C:\Users\Molek\AppData\Local\Redjane
    2016-09-19 10:27 - 2016-09-25 19:56 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2016-09-19 10:27 - 2016-09-19 10:27 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2016-09-06 15:05 - 2016-09-06 15:05 - 00000000 ____D C:\ProgramData\corss
    2016-09-01 10:37 - 2016-09-01 10:37 - 00000000 ____D C:\ProgramData\sozy
    2016-09-01 10:29 - 2016-09-01 10:29 - 00294908 _____ (GemsNet Mariusz Guć ) C:\Users\Molek\Downloads\wcamguard (1).exe
    2016-08-31 16:10 - 2016-08-31 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2013-04-06 03:51 - 2013-07-22 11:25 - 0000005 _____ () C:\Program Files (x86)\is.dat
    2013-04-06 03:52 - 2013-04-06 03:52 - 0016384 _____ () C:\Program Files (x86)\uik.dat
    2013-03-01 01:03 - 2013-03-01 01:03 - 0012393 _____ () C:\Users\Molek\AppData\Local\Bron.tok.A10.em.bin
    2013-03-01 00:58 - 2013-03-01 01:52 - 0000267 _____ () C:\Users\Molek\AppData\Local\BronFoldNetDomList.txt
    2013-06-17 21:51 - 2013-12-24 01:15 - 0004608 _____ () C:\Users\Molek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-02-19 17:45 - 2013-02-19 17:45 - 0000051 _____ () C:\Users\Molek\AppData\Local\Kosong.Bron.Tok.txt
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun wszystko co wykryje mbam.

    0