Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o sprawdzenie loga. Ciagłe przekierowanie z google na rambler..

ivanbohun 09 Paź 2016 00:13 540 9
  • #1 09 Paź 2016 00:13
    ivanbohun
    Poziom 9  

    Wyszukiwarka google wciąż przekierowuje mnie na albo mail.ru.. SpyHunter4 znalazł Gen:Variant.Kazy.188957 i nie mogę pozbyć się tej infekcji.
    Wyszukuje je również Emisoft emergency kit i Kaspersky Virus Removal Tool. Część jest w kwarantannie a cześć cholerra wie, słabo sobie radze z takimi infekcjami.
    Log z kwarantanny Emisoft
    Help.

    0 9
  • Pomocny post
    #3 09 Paź 2016 00:37
    Kolobos
    Spec od komputerów

    Odinstaluj SpyHunter.

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Dopiero po wykonaniu zamiesc w zalaczniku logi z FRST (Frst.txt oraz Addition.txt):
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

    0
  • Pomocny post
    #5 09 Paź 2016 02:08
    Kolobos
    Spec od komputerów

    Odinstaluj: Yandex

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {05ABE6B0-5A2E-42B1-823E-B3F8910345A4} - System32\Tasks\{1CF54A2D-234E-4F1E-9930-378311F671CB} => pcalua.exe -a "E:\dysk D z w520\SWTOOLS\DRIVERS\PMDriver\Setup.exe" -d "E:\dysk D z w520\SWTOOLS\DRIVERS\PMDriver"
    Task: {12AB776F-3084-4280-823D-6F77E0AA39E6} - System32\Tasks\Opera scheduled Autoupdate 1454951189 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-23] (Opera Software)
    Task: {657895EE-533A-400B-8240-31E43A51A741} - System32\Tasks\Opera scheduled Autoupdate 1435349295 => C:\Program Files (x86)\TC UP\PLUGINS\Media\Opera
    Task: {9B74EBB2-F47A-48F8-BCB0-6B0BFCF4C409} - \Обновление Браузера Яндекс -> Brak pliku <==== UWAGA
    Shortcut: C:\Users\idzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
    Shortcut: C:\Users\idzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex\Yаndех.lnk -> C:\Users\idzi\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) <===== Cyrillic
    Shortcut: C:\Users\idzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
    Shortcut: C:\Users\idzi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
    Shortcut: C:\Users\idzi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yаndех.lnk -> C:\Users\idzi\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (YANDEX LLC) <===== Cyrillic
    Shortcut: C:\Users\idzi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ореrа.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) <===== Cyrillic
    AlternateDataStreams: C:\ProgramData\Microsoft:e4R20rxoiH5SDJZOdg [2362]
    AlternateDataStreams: C:\ProgramData\Microsoft:eNkMmlqNz2tCjI0K7QfUTh6kmK [2278]




    AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [256]
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
    AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [352]
    AlternateDataStreams: C:\Users\idzi\Ustawienia lokalne:TYLHLfwotKNjKCoLVQneGb3ik [2024]
    AlternateDataStreams: C:\Users\idzi\AppData\Local:TYLHLfwotKNjKCoLVQneGb3ik [2024]
    AlternateDataStreams: C:\Users\idzi\AppData\Local\Dane aplikacji:TYLHLfwotKNjKCoLVQneGb3ik [2024]
    AlternateDataStreams: C:\Users\idzi\AppData\Local\Temporary Internet Files:GM0tQRIPjGj8nRaUNLUO7o5JiP [2230]
    (YANDEX LLC) C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20937\service_update.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3857136357-1449777649-1404370862-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    FF NetworkProxy: Mozilla\Firefox\Profiles\512idygz.default -> gopher", ""
    FF NetworkProxy: Mozilla\Firefox\Profiles\512idygz.default -> gopher_port", 0
    FF NetworkProxy: Mozilla\Firefox\Profiles\512idygz.default -> http", "localhost"
    FF NetworkProxy: Mozilla\Firefox\Profiles\512idygz.default -> http_port", 9666
    FF NetworkProxy: Mozilla\Firefox\Profiles\512idygz.default -> socks", "localhost"
    FF NetworkProxy: Mozilla\Firefox\Profiles\512idygz.default -> socks_port", 9050
    FF NetworkProxy: Mozilla\Firefox\Profiles\512idygz.default -> socks_remote_dns", true
    FF NetworkProxy: Mozilla\Firefox\Profiles\512idygz.default -> ssl", "localhost"
    FF NetworkProxy: Mozilla\Firefox\Profiles\512idygz.default -> ssl_port", 9666
    FF NetworkProxy: Mozilla\Firefox\Profiles\512idygz.default -> type", 0
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\512idygz.default -> Yahoo®
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\512idygz.default -> Yahoo®
    CHR Extension: (Zabarw) - C:\Users\idzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmpfkbodapjhlehcmdekpmffmngmoieo [2016-02-08]
    CHR Extension: (Fast search) - C:\Users\idzi\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-10-02]
    CHR HKU\S-1-5-21-3857136357-1449777649-1404370862-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx
    OPR Extension: (VKontakte.ru Downloader) - C:\Users\idzi\AppData\Roaming\Opera Software\Opera Stable\Extensions\fhicdenadipegbnnjbaojhjddgdmdhpd [2016-04-08]
    OPR Extension: (Вконтакте Музыка Скачать 2015) - C:\Users\idzi\AppData\Roaming\Opera Software\Opera Stable\Extensions\fjkfodkgajmiepbcffmlbikbfimnncee [2016-08-30]
    OPR Extension: (Fast search) - C:\Users\idzi\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-10-02]
    R2 YandexBrowserService; C:\Program Files (x86)\Yandex\YandexBrowser\16.7.1.20937\service_update.exe [768320 2016-08-08] (YANDEX LLC)
    S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
    S3 a2acc; \??\C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [X]
    S1 A2DDA; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [X]
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
    S3 intaud_WaveExtensible; system32\drivers\intelaud.sys [X]
    S3 iwdbus; system32\DRIVERS\iwdbus.sys [X]
    S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
    2016-10-09 00:48 - 2016-10-09 00:54 - 00000000 ____D C:\AdwCleaner
    2016-10-08 21:19 - 2016-10-09 01:07 - 00000452 _____ C:\Windows\Tasks\Yandex Browser system update.job
    2016-10-08 21:17 - 2016-10-08 19:09 - 00008192 _____ C:\shldr.mbr
    2016-10-08 21:17 - 2012-11-02 15:23 - 00285747 _____ C:\shldr
    2016-10-08 20:20 - 2016-10-09 00:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015
    2016-10-08 20:20 - 2016-10-08 20:20 - 00000000 ____D C:\Users\idzi\AppData\LocalLow\Spyware Terminator
    2016-10-08 15:56 - 2016-10-08 20:38 - 00000000 ____D C:\Program Files (x86)\PC Tools Security
    2016-10-08 15:50 - 2016-10-09 01:06 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
    2016-10-08 15:50 - 2016-10-09 00:44 - 00000000 ____D C:\Windows\46B04D534E344388B6EE80FAB66AEF9B.TMP
    2016-10-08 02:53 - 2016-10-08 02:53 - 00000000 _____ C:\autoexec.bat
    2016-10-07 23:59 - 2016-10-08 00:54 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2016-10-07 23:59 - 2016-10-08 00:53 - 00043487 _____ C:\Windows\ZAM_Guard.krnl.trace
    2016-10-07 23:59 - 2016-10-08 00:19 - 00076406 _____ C:\Windows\ZAM.krnl.trace
    2016-10-07 23:58 - 2016-10-07 23:58 - 00000000 ____D C:\Users\idzi\AppData\Local\Zemana
    2016-10-07 21:59 - 2016-10-07 21:59 - 00036100 _____ C:\ComboFix.txt
    2016-10-07 21:00 - 2016-10-07 22:00 - 00000000 ____D C:\Qoobox
    2016-10-07 21:00 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-10-07 21:00 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-10-07 21:00 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-10-07 21:00 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-10-07 21:00 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-10-07 21:00 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
    2016-10-07 21:00 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
    2016-10-07 21:00 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
    2016-10-07 20:39 - 2016-07-31 00:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-10-02 22:41 - 2016-02-13 17:21 - 00000000 ____D C:\Users\idzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • #8 09 Paź 2016 10:57
    ivanbohun
    Poziom 9  

    zrobione.
    zniknął AdwCleaner i coś jeszcze..

    0
  • Pomocny post
    #9 09 Paź 2016 11:03
    Acorus 20
    Spec od komputerów

    To wszystko.

    0
  • #10 09 Paź 2016 11:04
    ivanbohun
    Poziom 9  

    Dzieki..
    Jesteście Mega Mocni! ;)

    0