Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chrome - DozenSearch, jak się pozbyć?

tentamtenx33 13 Lis 2016 11:25 519 9
  • Pomocny post
    #2 13 Lis 2016 11:34
    Kolobos
    Spec od komputerów

    Uwazaj na to co pobierasz i instalujesz! Yac to szkodliwy program.

    Chrome zostal podmieniony na zainfekowana wersje, lacznie z profilem. Zgraj zakladki z Chrome przed wykonaniem skryptu.

    Odinstaluj o ile bedzie to mozliwe: YAC(Yet Another Cleaner!)

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Closeprprocesses:
    Task: {226146C0-F105-4639-80C6-B6706800F9EC} - System32\Tasks\BossseedUpdateTaskMachineCore => C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe [2016-09-23] () <==== UWAGA
    Task: {3BE2B809-5B13-423F-BF44-50E66EA4AD8D} - System32\Tasks\Sherdewardcoosent Configuration => C:\Program Files (x86)\Plesege\herutain.exe [2016-09-17] (CHENGDU YIWO Tech Development Co., Ltd)
    Task: {4AE87F61-999C-43E7-BF75-D71C664877D4} - System32\Tasks\{801B685B-E77B-4455-A285-322DED02E261} => C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\The Crew (Worldwide)\TheCrewLauncher.exe
    Task: {598776D0-5106-4BDE-8C20-6EEC4DE34325} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-11-12] (AVAST Software)
    Task: {AEB93608-DEF6-4B56-89E2-FDFB1FF80B70} - System32\Tasks\BossseedUpdateTaskMachineUA => C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe [2016-09-23] () <==== UWAGA
    Shortcut: C:\Users\Hiyo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Jarhair\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Hiyo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Jarhair\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Hiyo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Jarhair\Application\chrome.exe (Google Inc.)
    ShortcutWithArgument: C:\Users\Hiyo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
    2016-09-18 15:18 - 2016-09-18 15:18 - 00142336 ____H () C:\_\local64spl.dll
    2016-09-18 15:18 - 2016-09-18 15:18 - 00142336 ____H () C:\Program Files (x86)\Youtube AdBlock_\local64spl.dll
    2016-09-18 15:18 - 2016-09-18 15:18 - 00142336 ____H () C:\Users\Hiyo\AppData\LocalLow\Youtube AdBlock_\local64spl.dll
    2016-09-18 15:18 - 2016-09-18 15:18 - 00142336 ____H () C:\Users\Hiyo\AppData\Local\Google\Chrome\User Data\local64spl.dll
    2016-09-18 15:18 - 2016-09-18 15:18 - 00142336 ____H () C:\Users\Hiyo\AppData\Local\Google\Chrome\User Data_\local64spl.dll
    2016-09-18 15:18 - 2016-09-18 15:18 - 00142336 ____H () C:\Users\Hiyo\AppData\Local\Temp_\local64spl.dll
    2016-09-18 15:18 - 2016-09-18 15:18 - 00142336 _____ () C:\Windows\Temp\local64spl.dll




    2016-09-18 15:18 - 2016-09-18 15:18 - 00142336 ____H () C:\Windows\Temp_\local64spl.dll
    2016-09-24 10:43 - 2016-09-23 07:25 - 00363904 _____ () C:\ProgramData\Bossseed\Bossseed.exe
    2016-09-17 15:16 - 2016-09-17 15:16 - 00297472 _____ () c:\program files (x86)\plesege\ckaletionbuilder.dll
    2016-09-23 14:32 - 2016-09-23 07:24 - 00340480 _____ () c:\programdata\sun\java\extension.dll
    2016-10-20 15:57 - 2016-10-12 06:43 - 01819240 _____ () C:\Program Files (x86)\Jarhair\Application\libglesv2.dll
    2016-10-20 15:57 - 2016-10-12 06:43 - 00093288 _____ () C:\Program Files (x86)\Jarhair\Application\libegl.dll
    2016-11-11 16:31 - 2016-11-11 16:31 - 17772736 _____ () C:\Users\Hiyo\AppData\Local\Jarhair\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
    2016-11-13 11:09 - 2015-05-25 11:32 - 00068432 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
    2016-11-13 11:09 - 2015-08-06 04:51 - 00582144 _____ () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
    2016-11-13 11:09 - 2015-08-21 03:02 - 00176976 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
    2016-11-13 11:09 - 2015-08-21 03:02 - 00087744 _____ () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
    2016-11-13 11:09 - 2015-01-13 05:31 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
    AlternateDataStreams: C:\ProgramData:NT [40]
    AlternateDataStreams: C:\ProgramData:NT2 [346]
    AlternateDataStreams: C:\Users\All Users:NT [40]
    AlternateDataStreams: C:\Users\All Users:NT2 [346]
    AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
    AlternateDataStreams: C:\ProgramData\Application Data:NT2 [346]
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40]
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [346]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [346]
    AlternateDataStreams: C:\Users\Hiyo\Dane aplikacji:NT [40]
    AlternateDataStreams: C:\Users\Hiyo\Dane aplikacji:NT2 [346]
    AlternateDataStreams: C:\Users\Hiyo\AppData\Roaming:NT [40]
    AlternateDataStreams: C:\Users\Hiyo\AppData\Roaming:NT2 [346]
    Hosts:
    () C:\ProgramData\Bossseed\Bossseed.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafe.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Jarhair\Application\chrome.exe
    HKU\S-1-5-21-1788997242-2265524898-2624294583-1000\...\Run: [GoogleChromeAutoLaunch_1A86E43849A41B7E3A359872DAE46C18] => C:\Program Files (x86)\Bossseed\Application\chrome.exe [1382624 2016-09-23] (Google Inc.)
    HKU\S-1-5-21-1788997242-2265524898-2624294583-1000\...\Run: [Flvto Youtube Downloader] => C:\Users\Hiyo\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.Redesign.exe [409600 2016-10-25] ()
    HKU\S-1-5-21-1788997242-2265524898-2624294583-1000\...\Run: [GoogleChromeAutoLaunch_40FFF44D3F67850183ACDC35D0C95D2A] => C:\Program Files (x86)\Jarhair\Application\chrome.exe [921192 2016-10-12] (Google Inc.)
    HKU\S-1-5-21-1788997242-2265524898-2624294583-1000\...\MountPoints2: {ed82b6fa-7cb8-11e6-9075-b888e3c88def} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-1788997242-2265524898-2624294583-1000\...\MountPoints2: {febd8aea-7745-11e6-b5a0-b888e3c88def} - E:\HiSuiteDownLoader.exe
    HKLM\...\Providers\0cglcain: C:\Users\MSUser.Default\Help_4_\local64spl.dll
    HKLM\...\Providers\1hpbc8j1: C:\Users\MSUser.Default\Help_6_\local64spl.dll
    HKLM\...\Providers\3lei8taz: C:\Users\MSUser.Default\Help_3_\local64spl.dll
    HKLM\...\Providers\7lbho7jw: C:\Users\MSUser.Default\Help_5\\local64spl.dll
    HKLM\...\Providers\8c0rrdu5: C:\Windows\Temp_\local64spl.dll [142336 2016-09-18] ()
    HKLM\...\Providers\9qfeuldl: C:\Windows\Temp\local64spl.dll [142336 2016-09-18] ()
    HKLM\...\Providers\d0mkqhx5: C:\Program Files (x86)\Youtube AdBlock_\local64spl.dll [142336 2016-09-18] ()
    HKLM\...\Providers\e3925w0a: C:\Users\Hiyo\AppData\LocalLow\Youtube AdBlock\local64spl.dll
    HKLM\...\Providers\f2c4blc2: C:\Users\Hiyo\AppData\Local\Temp_\local64spl.dll [142336 2016-09-18] ()
    HKLM\...\Providers\fny6e4ge: C:\Users\Hiyo\AppData\Local\Google\Chrome\User Data\local64spl.dll [142336 2016-09-18] ()
    HKLM\...\Providers\gfauv5u6: C:\\local64spl.dll
    HKLM\...\Providers\ke5985lq: C:\Users\MSUser.Default\Help_4\\local64spl.dll
    HKLM\...\Providers\mv6gmavm: C:\_\local64spl.dll [142336 2016-09-18] ()
    HKLM\...\Providers\niz1ikly: C:\Program Files (x86)\Youtube AdBlock\local64spl.dll
    HKLM\...\Providers\rzat7t4y: C:\Users\Hiyo\AppData\Local\Temp\local64spl.dll
    HKLM\...\Providers\v6s8tynb: C:\Users\MSUser.Default\Help_3\\local64spl.dll
    HKLM\...\Providers\wci06nv9: C:\Users\Hiyo\AppData\Local\Google\Chrome\User Data_\local64spl.dll [142336 2016-09-18] ()
    HKLM\...\Providers\xtem7hc8: C:\Users\Hiyo\AppData\LocalLow\Youtube AdBlock_\local64spl.dll [142336 2016-09-18] ()
    HKLM\...\Providers\ys2ky24g: C:\Users\MSUser.Default\Help_5_\local64spl.dll
    HKLM\...\Providers\z35n61c8: C:\Users\MSUser.Default\Help_6\\local64spl.dll
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    CHR DefaultProfile: ChromeDefaultData
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.com","hxxp://www.istartsurf.com/?type=hp&ts=1431450433&z=79123b6e232e249af744239g0z4cdgazfw8eczac1o&from=smt&uid=HGSTXHTS545050A7E380_TM85014C10SDWL10SDWLX","hxxp://www.google.com/","hxxp://www.trotux.com/?z=db38bce783cd3a242f6109bgazbmdzcg4o7gdmebce&from=isr&uid=HGSTXHTS545050A7E380_TM85014C10SDWL10SDWLX&type=hp"
    CHR Profile: C:\Users\Hiyo\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-11-13] <==== UWAGA
    R2 BossseedP; C:\ProgramData\Bossseed\Bossseed.exe [363904 2016-09-23] ()
    S2 BossseedU; C:\Program Files (x86)\Bossseed\Update\BossseedUpdate.exe [622976 2016-09-23] ()
    S2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe [76392 2016-10-16] (Google Inc.)
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-04-16] (Elex do Brasil Participações Ltda)
    R2 SherdewardcoosentConfiguration; C:\Program Files (x86)\Plesege\Ckaletionbuilder.dll [297472 2016-09-17] () [Brak podpisu cyfrowego]
    R2 W3PCC; C:\ProgramData\Sun\Java\extension.dll [340480 2016-09-23] () [Brak podpisu cyfrowego]
    S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [53568 2015-04-16] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-20] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [61832 2015-08-20] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-09-11] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [67976 2015-09-10] (Elex do Brasil Participações Ltda)
    U0 aswVmm; Brak ImagePath
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-11-13 11:09 - 2016-11-13 11:09 - 26248360 _____ (Elex do Brasil Participações Ltda) C:\Users\Hiyo\Downloads\yet_another_cleaner_sk.exe
    2016-11-13 11:09 - 2016-11-13 11:09 - 00001906 _____ C:\Users\Public\Desktop\YAC.lnk
    2016-11-13 11:09 - 2016-11-13 11:09 - 00000000 ____D C:\Users\Hiyo\AppData\Roaming\Elex-tech
    2016-11-13 11:09 - 2016-11-13 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
    2016-11-13 11:09 - 2016-11-13 11:09 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2016-11-13 11:09 - 2015-09-10 02:55 - 00067976 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2016-11-13 11:09 - 2015-04-16 09:55 - 00053568 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2016-10-21 20:04 - 2016-11-12 13:14 - 00000000 ____D C:\AdwCleaner
    2016-10-20 15:58 - 2016-10-20 15:58 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2016-10-20 15:57 - 2016-10-20 15:57 - 00000000 ____D C:\Users\Hiyo\AppData\Local\Jarhair
    2016-10-20 15:57 - 2016-10-20 15:57 - 00000000 ____D C:\Program Files (x86)\Jarhair
    2016-10-20 15:56 - 2016-10-20 15:58 - 00000003 _____ C:\Windows\SysWOW64\xaabbbbbbb
    2016-11-13 10:29 - 2016-10-08 17:34 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2016-11-08 17:29 - 2016-09-23 14:32 - 00003552 _____ C:\Windows\System32\Tasks\BossseedUpdateTaskMachineCore
    EmptyTemp:

    W FRST wybierz Napraw.


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 13 Lis 2016 14:50
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    HKU\S-1-5-21-1788997242-2265524898-2624294583-1000\...\MountPoints2: {ed82b6fa-7cb8-11e6-9075-b888e3c88def} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-1788997242-2265524898-2624294583-1000\...\MountPoints2: {febd8aea-7745-11e6-b5a0-b888e3c88def} - E:\HiSuiteDownLoader.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    Hosts:HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    SearchScopes: HKU\S-1-5-21-1788997242-2265524898-2624294583-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR Profile: C:\Users\Hiyo\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-11-13] <==== UWAGA
    S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
    U0 aswVmm; Brak ImagePath
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-11-13 11:09 - 2016-11-13 11:09 - 26248360 _____ (Elex do Brasil Participações Ltda) C:\Users\Hiyo\Downloads\yet_another_cleaner_sk.exe
    2016-11-13 11:09 - 2016-11-13 11:09 - 00000000 ____D C:\Users\Hiyo\AppData\Roaming\Elex-tech
    2016-10-21 20:04 - 2016-11-12 13:14 - 00000000 ____D C:\AdwCleaner
    2016-10-20 15:58 - 2016-10-20 15:58 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2016-10-20 15:57 - 2016-10-20 15:57 - 00000000 ____D C:\Users\Hiyo\AppData\Local\Jarhair
    2016-10-20 15:57 - 2016-10-20 15:57 - 00000000 ____D C:\Program Files (x86)\Jarhair
    2016-10-20 15:56 - 2016-10-20 15:58 - 00000003 _____ C:\Windows\SysWOW64\xaabbbbbbb
    2016-10-24 18:58 - 2016-10-24 18:58 - 0000092 _____ () C:\Users\Hiyo\AppData\Local\fusioncache.dat
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #5 13 Lis 2016 15:58
    Kolobos
    Spec od komputerów

    Nie wykonales w ogole Fixlist. Wykonaj jeszcze raz, zamiesc Fixlog, ktory sie utworzy po wykonaniu oraz nowe logi z FRST, ze skanowania lacznie z nowym addition.

    0
  • #6 13 Lis 2016 18:59
    tentamtenx33
    Poziom 3  

    Zrobiłem fixlist, tak jak napisałeś, notatnik, zapisałem jako fixlist.txt i do folderu z frst.exe. Tu daje fixloga, a co do addition, zrobić nowy skan czy wrzucić ten stary? W razie czego wrzuce ten wcześniejszy. (Miałem 2 fixlogi, więc wrzucam oboje)

    edit: sądząc po rozmiarze to są te same fixlogi.

    0
  • #7 13 Lis 2016 19:12
    krzychupar
    Poziom 40  

    Zanieść nowe logi Frst.txt i Addition.txt.

    0
  • #9 13 Lis 2016 20:12
    krzychupar
    Poziom 40  

    Jak problem ustąpił to usuń folder C:\FRST i zamknij temat.

    0