Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Virusy w komputerze - Wyskakujące reklamy- logi frst.

zem666 31 Paź 2016 16:38 762 4
  • #1 31 Paź 2016 16:38
    zem666
    Poziom 3  

    Witam


    Mam problem z reklamami i wyszukiwarką w chrome- nie dają się usunąć.
    Proszę o pomoc, załączam logi.

    ADW jedną rzecz usunął a problem dalej jest.


    Z góry dziękuje za pomoc

    0 4
  • #2 31 Paź 2016 17:23
    Acorus 20
    Spec od komputerów

    Odinstaluj ContentPush, mpck version 1.1, Reimage Repair. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {5359DF04-949A-44D0-AF6C-6BDA1E2A789B} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-09-28] (Reimage®) <==== UWAGA
    Task: {861D0C68-9ED3-46E3-AD40-0846509C76CB} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-09-29] (Reimage ltd.) <==== UWAGA
    Task: {A48CD7D2-9608-4FFA-A024-2E9B5645AE84} - System32\Tasks\84dfcb870e53030f6ecbb58e72455ebd => Rundll32.exe "C:\Program Files (x86)\Raptr Inc\nu6ubv.dll",e62dc6c6547f46bda862da2d05af6862 <==== UWAGA
    Task: {C52753DB-82F1-42AD-B970-F8C6F0F755B0} - System32\Tasks\{8E964199-C349-45D8-AF1A-39AEA4F1715D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Lamzap\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Lamzap\uninstall.dat" -a uninstallme 25C4866B-FC76-4517-BC23-21CD6E5B4DCB DeviceId=587e0069-1002-a000-60ac-f62813d61452 BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
    Task: {FBB66E50-6160-4660-9516-455FB6114445} - System32\Tasks\Pherjight Module => C:\Program Files (x86)\Ghapoly\cerbatain.exe [2016-10-31] (VideoLAN)
    ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    AlternateDataStreams: C:\ProgramData:4B751A46CE795362 [217]
    AlternateDataStreams: C:\Users\All Users:4B751A46CE795362 [217]
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:4B751A46CE795362 [217]
    AlternateDataStreams: C:\ProgramData\Microsoft:3INr8U0jki39j4G5RX0JbIWNdDREFJ [2394]
    AlternateDataStreams: C:\ProgramData\Microsoft:9zt4KyvrcmBpDFVxN30bIv [2206]
    AlternateDataStreams: C:\ProgramData\Microsoft:ly9OqUKFKh2176JdvNmOsBK [2238]
    AlternateDataStreams: C:\ProgramData\Microsoft:qHK6BfjoirKOX9i3FeBmekE9hXg [1908]
    AlternateDataStreams: C:\ProgramData\Microsoft:YAeJGVXVpXlHPpEYb97Fl [2250]
    AlternateDataStreams: C:\Users\Damian\Ustawienia lokalne:S1uxKQMVYM55c4r3iPZusBq4LM [2066]
    AlternateDataStreams: C:\Users\Damian\AppData\Local:S1uxKQMVYM55c4r3iPZusBq4LM [2066]
    AlternateDataStreams: C:\Users\Damian\AppData\Local\Dane aplikacji:S1uxKQMVYM55c4r3iPZusBq4LM [2066]




    AlternateDataStreams: C:\Users\Damian\AppData\Local\Temp:EdWd5txyUJ59oj5fEQr [2050]
    AlternateDataStreams: C:\Users\Damian\AppData\Local\Temporary Internet Files:yK8E9RnvZ8Z4wQrWEK6LW0DBkL [2404]
    Hosts:
    HKLM\...\Run: [WINCOMS1G] => C:\Program Files (x86)\mpck\wincom_S1G.exe [4246528 2016-10-31] ()
    HKLM\...\Run: [gplyra] => C:\Users\Damian\AppData\Roaming\gplyra\gplyra.exe [1579008 2016-10-27] ()
    HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58584 2016-09-28] (Raptr, Inc)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [293768 2016-06-17] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe [221264 2016-10-24] ()
    HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\badu\Uninst.exe
    HKLM\...\RunOnce: [OTUTPRODUCT_SDXS4] => C:\Program Files (x86)\mpck\o_network.exe [533504 2016-10-31] (AV)
    HKU\S-1-5-21-3902372225-2549095647-1099467573-1001\...\Run: [svchost0] => C:\Program Files (x86)\badu\uc.exe [221264 2016-10-24] ()
    HKU\S-1-5-21-3902372225-2549095647-1099467573-1001\...\MountPoints2: {32d1430e-5e3e-11e6-be8a-f46d04665e58} - "D:\SETUP.EXE"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3902372225-2549095647-1099467573-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...8D5SZ95vY7FUKl7p0qfspEaet2W8jbnb4heQ,,&q={searchTerms}
    HKU\S-1-5-21-3902372225-2549095647-1099467573-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%..._jOPbUpgfUd4AQBH5f8VQziIZe9kdADDkxAtOQOjI1A,,,,
    HKU\S-1-5-21-3902372225-2549095647-1099467573-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...8D5SZ95vY7FUKl7p0qfspEaet2W8jbnb4heQ,,&q={searchTerms}
    HKU\S-1-5-21-3902372225-2549095647-1099467573-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...8D5SZ95vY7FUKl7p0qfspEaet2W8jbnb4heQ,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...8D5SZ95vY7FUKl7p0qfspEaet2W8jbnb4heQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3902372225-2549095647-1099467573-1001 -> {DDA3E9BA-33B6-412F-A902-586F420BC5CA} URL = hxxps://search.yahoo.com/search?fr=chr-greent...mp;ei=utf-8&ilc=12&type=435371&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3902372225-2549095647-1099467573-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...8D5SZ95vY7FUKl7p0qfspEaet2W8jbnb4heQ,,&q={searchTerms}
    CHR HomePage: ChromeDefaultData -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...Oli0L50pGBibaRDeGwaCdfgrAb5-IbA3O0O6xjwW3IA,,,,
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...77_IaIH1xMmyJDX9DI_B__Ha3O_eDr4gl6FA,,&q={searchTerms}
    CHR DefaultSearchKeyword: ChromeDefaultData -> feed.sonic-search.com
    CHR DefaultSuggestURL: ChromeDefaultData -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR Profile: C:\Users\Damian\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-31] <==== UWAGA
    CHR HKU\S-1-5-21-3902372225-2549095647-1099467573-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3902372225-2549095647-1099467573-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    R2 Mosusypososy; C:\Program Files (x86)\Ghapoly\drizutainshupkCld.dll [275968 2016-10-31] () [Brak podpisu cyfrowego]
    S4 netupodtep; C:\Users\Damian\AppData\Local\Lajoyla.exe [82944 2015-12-25] () [Brak podpisu cyfrowego]
    R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7953776 2016-09-28] (Reimage®)
    S2 FinwarmSvc; C:\Users\Damian\AppData\Local\Temp\hQG3Rx\runner.exe [X]
    R2 tovynyty; C:\Program Files (x86)\2587BFA0-1477924293-11D9-8508-F46D04665E58\knsgD7ED.tmpfs [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    2016-10-31 16:23 - 2016-10-31 16:25 - 00000000 ____D C:\rei
    2016-10-31 16:23 - 2016-10-31 16:24 - 00000140 _____ C:\WINDOWS\Reimage.ini
    2016-10-31 16:23 - 2016-10-31 16:24 - 00000000 ____D C:\ProgramData\Reimage Protector
    2016-10-31 16:23 - 2016-10-31 16:24 - 00000000 ____D C:\Program Files\Reimage
    2016-10-31 16:23 - 2016-10-31 16:23 - 00604928 _____ (Reimage) C:\Users\Damian\Downloads\ReimageRepair.exe
    2016-10-31 16:23 - 2016-10-31 16:23 - 00001984 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
    2016-10-31 16:23 - 2016-10-31 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2016-10-31 16:19 - 2016-10-31 16:19 - 00000000 ____D C:\WINDOWS\system32\€‡§J;
    2016-10-31 16:16 - 2016-10-31 16:16 - 00003732 _____ C:\WINDOWS\System32\Tasks\{8E964199-C349-45D8-AF1A-39AEA4F1715D}
    2016-10-31 15:49 - 2016-10-31 15:49 - 00000000 ____D C:\WINDOWS\system32\€‡3^Ń
    2016-10-31 15:47 - 2016-10-31 15:47 - 00000000 ____D C:\WINDOWS\system32\€‡uZí
    2016-10-31 15:47 - 2016-10-31 15:47 - 00000000 ____D C:\WINDOWS\system32\€‡©Ď×
    2016-10-31 15:38 - 2016-10-31 15:38 - 00000000 ____D C:\WINDOWS\system32\€‡…Ô_
    2016-10-31 15:35 - 2016-10-31 15:35 - 00000000 ____D C:\WINDOWS\system32\€‡”ŻŐ
    2016-10-31 15:33 - 2016-10-31 15:33 - 00027456 _____ C:\WINDOWS\system32\Drivers\bsdpf64.sys
    2016-10-31 15:33 - 2016-10-31 15:33 - 00026944 _____ C:\WINDOWS\system32\Drivers\bsdpr64.sys
    2016-10-31 15:33 - 2016-10-31 15:33 - 00006084 _____ C:\WINDOWS\System32\Tasks\Pherjight Module
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\Users\Public\Thunder Network
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\Users\Damian\AppData\Roaming\Hemkajdoa
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\Users\Damian\AppData\Roaming\AzigcWig
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\Users\Damian\AppData\LocalLow\Company
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\Users\Damian\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\Users\Damian\AppData\Local\tuto_monetize_120161031
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\Users\Damian\AppData\Local\Tempfolder
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\uninst
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\ProgramData\Thunder Network
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\ProgramData\Avira
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\ProgramData\Avg
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\Program Files\AiduwbUn
    2016-10-31 15:33 - 2016-10-31 15:33 - 00000000 ____D C:\Program Files\Aiduwb
    2016-10-31 15:32 - 2016-10-31 16:17 - 00000000 ____D C:\Users\Damian\AppData\Roaming\Pjotion
    2016-10-31 15:32 - 2016-10-31 15:40 - 00000000 ____D C:\Program Files (x86)\Ghapoly
    2016-10-31 15:32 - 2016-10-31 15:33 - 00000000 ____D C:\Users\Damian\AppData\Roaming\gplyra
    2016-10-31 15:32 - 2016-10-31 15:33 - 00000000 ____D C:\Users\Damian\AppData\Local\Viroch
    2016-10-31 15:32 - 2016-10-31 15:33 - 00000000 ____D C:\Users\Damian\AppData\Local\2587BFA0-1477927945-11D9-8508-F46D04665E58
    2016-10-31 15:32 - 2016-10-31 15:33 - 00000000 ____D C:\Program Files (x86)\mpck
    2016-10-31 15:32 - 2016-10-31 15:32 - 00003656 _____ C:\WINDOWS\System32\Tasks\84dfcb870e53030f6ecbb58e72455ebd
    2016-10-31 15:31 - 2016-10-31 15:32 - 00000000 ____D C:\Program Files (x86)\2587BFA0-1477924293-11D9-8508-F46D04665E58
    2016-10-31 15:31 - 2016-10-31 15:31 - 00000000 ____D C:\Users\Damian\AppData\Roaming\ContentPush
    2016-10-31 15:31 - 2016-10-31 15:31 - 00000000 _____ C:\TOSTACK
    2016-10-31 15:30 - 2016-10-31 15:32 - 00000000 ____D C:\Program Files (x86)\ContentPush
    2016-10-31 15:30 - 2016-10-31 15:32 - 00000000 ____D C:\Program Files (x86)\badu
    2016-10-31 15:29 - 2016-10-31 16:16 - 00000000 ____D C:\ProgramData\Quoteex
    2016-10-31 15:29 - 2016-10-31 15:29 - 07294976 _____ C:\Users\Damian\AppData\Roaming\agent.dat
    2016-10-31 15:29 - 2016-10-31 15:29 - 01903931 _____ C:\Users\Damian\AppData\Roaming\Faxtrax.tst
    2016-10-31 15:29 - 2016-10-31 15:29 - 01897571 _____ C:\Users\Damian\AppData\Roaming\Hotlatlab.bin
    2016-10-31 15:29 - 2016-10-31 15:29 - 00190394 _____ C:\Users\Damian\AppData\Roaming\Viva-Tom.bin
    2016-10-31 15:29 - 2016-10-31 15:29 - 00126464 _____ C:\Users\Damian\AppData\Roaming\noah.dat
    2016-10-31 15:29 - 2016-10-31 15:29 - 00070704 _____ C:\Users\Damian\AppData\Roaming\Config.xml
    2016-10-31 15:29 - 2016-10-31 15:29 - 00018432 _____ C:\Users\Damian\AppData\Roaming\Main.dat
    2016-10-31 15:29 - 2016-10-31 15:29 - 00005568 _____ C:\Users\Damian\AppData\Roaming\md.xml
    2016-10-31 15:29 - 2016-10-31 15:29 - 00002397 _____ C:\WINDOWS\SysWOW64\findit.xml
    2016-10-31 15:29 - 2016-10-31 15:29 - 00000000 ____D C:\ProgramData\Quoteexs
    2016-10-31 15:29 - 2016-10-31 15:29 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
    2016-10-31 15:29 - 2016-10-31 15:29 - 00000000 ____D C:\ProgramData\Logic Handler
    2016-10-31 15:29 - 2016-10-31 15:28 - 00710656 _____ C:\Users\Damian\AppData\Roaming\Faxtrax.exe
    2016-10-31 15:28 - 2016-10-31 15:28 - 00140288 _____ C:\Users\Damian\AppData\Roaming\Installer.dat
    2016-10-31 15:28 - 2016-10-31 15:28 - 00016224 _____ C:\Users\Damian\AppData\Roaming\InstallationConfiguration.xml
    2016-10-31 16:13 - 2016-01-01 13:12 - 00000000 ____D C:\AdwCleaner
    2016-10-31 15:33 - 2016-08-11 14:47 - 00065344 _____ C:\WINDOWS\system32\Drivers\cherimoya.sys
    2016-10-31 15:29 - 2016-10-31 15:29 - 7294976 _____ () C:\Users\Damian\AppData\Roaming\agent.dat
    2016-10-31 15:29 - 2016-10-31 15:29 - 0070704 _____ () C:\Users\Damian\AppData\Roaming\Config.xml
    2016-10-31 15:29 - 2016-10-31 15:28 - 0710656 _____ () C:\Users\Damian\AppData\Roaming\Faxtrax.exe
    2016-10-31 15:29 - 2016-10-31 15:29 - 1903931 _____ () C:\Users\Damian\AppData\Roaming\Faxtrax.tst
    2016-10-31 15:29 - 2016-10-31 15:29 - 1897571 _____ () C:\Users\Damian\AppData\Roaming\Hotlatlab.bin
    2016-10-31 15:28 - 2016-10-31 15:28 - 0016224 _____ () C:\Users\Damian\AppData\Roaming\InstallationConfiguration.xml
    2016-10-31 15:28 - 2016-10-31 15:28 - 0140288 _____ () C:\Users\Damian\AppData\Roaming\Installer.dat
    2016-10-31 15:29 - 2016-10-31 15:29 - 0018432 _____ () C:\Users\Damian\AppData\Roaming\Main.dat
    2016-10-31 15:29 - 2016-10-31 15:29 - 0005568 _____ () C:\Users\Damian\AppData\Roaming\md.xml
    2016-10-31 15:29 - 2016-10-31 15:29 - 0126464 _____ () C:\Users\Damian\AppData\Roaming\noah.dat
    2016-10-31 15:29 - 2016-10-31 15:29 - 0032038 _____ () C:\Users\Damian\AppData\Roaming\uninstall_temp.ico
    2016-10-31 15:29 - 2016-10-31 15:29 - 0190394 _____ () C:\Users\Damian\AppData\Roaming\Viva-Tom.bin
    2015-12-25 19:50 - 2015-12-25 20:48 - 0082944 _____ () C:\Users\Damian\AppData\Local\Lajoyla.exe
    2015-12-25 19:50 - 2015-12-25 19:50 - 0000187 _____ () C:\Users\Damian\AppData\Local\Lajoyla.exe.config
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

    0
  • #3 31 Paź 2016 18:07
    zem666
    Poziom 3  

    Nie mogę odinstalować tego ContentPush.

    Resztę zrobiłem tak jak powiedziałeś. Dalej mi wyskakują jakieś syfy instalacje, przeglądarki.

    Instaluje mi sam ten virus programy np teraz przeglądarkę jakąś Chińską.

    0
  • Pomocny post
    #4 31 Paź 2016 18:11
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0
  • #5 09 Lis 2016 11:56
    zem666
    Poziom 3  

    Acorus 20


    Dzięki wielkie za pomoc, pewnie w końcu by się udało ale potem już nie byłem w stanie zrobić nic tak zblokowało pc że nie mogłem kliknąć nawet w ikonkę windows, strony też się nie włączały.

    Skończyło się na reinstalacji systemu.

    Ale dzięki tak czy tak!

    0