Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus, już raz temu zaradziliście

snajper_0497 09 Sty 2017 21:40 333 1
  • #1 09 Sty 2017 21:40
    snajper_0497
    Poziom 9  

    Witam,
    podepnę się pod temat, ponieważ nie chcę zaśmiecać forum. Problem ten sam co u kolegi. wklejam logi z FRST.

    Moderowany przez RADU23:

    Wydzieliłem jako nowy temat.
    Nie podpinaj się pod cudze wątki. Powoduje to bałagan na forum.

    0 1
  • CControls
  • Pomocny post
    #2 09 Sty 2017 22:08
    Kolobos
    Spec od komputerów

    Odinstaluj: YAC(Yet Another Cleaner!)

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    HKU\S-1-5-21-890557682-677114090-2666761762-1000\...\ChromeHTML: -> "C:\Program Files\Jarhair\Application\chrome.exe" "%1" <==== UWAGA
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.21.135\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.25.5\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.27.5\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.23.9\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.30.3\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.31.5\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.28.1\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.21.145\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.21.123\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.21.153\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.28.13\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.29.5\psuser.dll => Brak pliku




    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.24.15\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.21.149\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.22.3\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.21.165\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.26.9\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.29.1\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.25.11\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.28.15\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.22.5\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.21.111\psuser.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-890557682-677114090-2666761762-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Madzia\AppData\Local\Google\Update\1.3.24.7\psuser.dll => Brak pliku
    Task: {EABDB97E-8F18-41E7-9788-608FB9D1E86C} - System32\Tasks\{3F54A0FF-8083-404E-8B06-A6520F8BCCD8} => pcalua.exe -a "C:\Users\Madzia\Local Settings\Application Data\Bundled software uninstaller\biSetup40999.exe" -c /affid uninstall /id uninstall /name "Bundled software uninstaller"
    GroupPolicy: Ograniczenia ? <======= UWAGA
    GroupPolicyScripts: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-890557682-677114090-2666761762-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...HitachiXHTS543225L9A300_090709FB8D00LJCUH9RAX
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-890557682-677114090-2666761762-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-890557682-677114090-2666761762-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...HitachiXHTS543225L9A300_090709FB8D00LJCUH9RAX
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...XHTS543225L9A300_090709FB8D00LJCUH9RAX&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...XHTS543225L9A300_090709FB8D00LJCUH9RAX&q={searchTerms}
    SearchScopes: HKLM -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=...ND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-890557682-677114090-2666761762-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...XHTS543225L9A300_090709FB8D00LJCUH9RAX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-890557682-677114090-2666761762-1000 -> {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=...ND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-890557682-677114090-2666761762-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    FF user.js: detected! => C:\Users\Madzia\AppData\Roaming\Mozilla\Firefox\Profiles\bfx4njvw.default\user.js [2017-01-08]
    FF NewTab: Mozilla\Firefox\Profiles\bfx4njvw.default -> hxxp://www.luckysearch123.com?type=hp&ts=...;z=7d8d448587085a017b959begczdb9efz2z0zbe7ecz
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\bfx4njvw.default -> nice
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\bfx4njvw.default -> nice
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\bfx4njvw.default -> nice
    FF Homepage: Mozilla\Firefox\Profiles\bfx4njvw.default -> hxxp://www.luckysearch123.com?type=hp&ts=...;z=7d8d448587085a017b959begczdb9efz2z0zbe7ecz
    FF Extension: (Widget context) - C:\Users\Madzia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-01-30] [Brak podpisu cyfrowego]
    CHR HomePage: Default -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=39fde2feb2586f23dcfd3f3g5z1mcw3t2oat9m2e8w
    CHR StartupUrls: Default -> "hxxp://www.nicesearches.com/?type=hp&ts=1475929702&from=fb081008&uid=hitachixhts543225l9a300_090709fb8d00ljcuh9rax&z=39fde2feb2586f23dcfd3f3g5z1mcw3t2oat9m2e8w", "hxxps://mail.google.com/mail/ca/u/2/#search/centrum+p%C5%82ywania/156d2a9c7313cdad?projector=1", "hxxp://allegro.pl/show_item.php?item=6512941928&msg=Tw%C3%B3j+e-mail+zosta%C5%82+wys%C5%82any.&msgtoken=048a25b10f8bf5405c1e387864ffa85323220a1444b540a86acf77d00be2ff62", "hxxps://www.google.pl/search?q=targi+mt&oq=targi+mt&aqs=chrome..69i57j69i59j0l4.3002j0j8&sourceid=chrome&ie=UTF-8#safe=off&q=targi+eurolab+wyk%C5%82ady", "hxxp://www.targieurolab.pl/index.php?option=com_content&view=article&id=72&Itemid=73&lang=pl", "hxxp://www.targieurolab.pl/index.php?option=com_content&view=article&id=182&Itemid=665&lang=pl", "hxxp://kongresfarmaceutyczny.pl/konferencja/info/15-16-17-listopada-2016r-8-kongres-swiata-przemyslu-farmaceutycznego", "hxxp://www.slawex.com.pl/node/337", "hxxp://allegro.pl/listing/user/listing.php?sm=0&us_id=25722542&order=qd&string=kalendarz&search_scope=userItems-25722542&bmatch=base-relevance-cul-1-3-0613", "hxxps://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fgroups%2F1596283010647246%2F%3Ffref%3Dts", "chrome-search://local-ntp/local-ntp.html"
    CHR DefaultSearchURL: Default -> hxxp://www.nicesearches.com/search.php?type=d...d5eec3a6bf7a979625bg5zfmcbdw3t3m1c3qcw&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> nice
    S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] () [Brak podpisu cyfrowego]
    S2 .EsetTrialReset; C:\Windows\system32\regedt32.exe /s C:\Windows\esettrialreset.reg
    R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [59152 2016-05-19] (Elex do Brasil Participações Ltda)
    R3 catchme; \??\C:\Users\Madzia\AppData\Local\Temp\catchme.sys [X]
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    U3 mbr; \??\C:\ComboFix\mbr.sys [X]
    2017-01-08 15:54 - 2013-05-31 17:05 - 00000000 ____D C:\Qoobox
    C:\Program Files\Elex-tech\
    EmptyTemp:

    W FRST wybierz Napraw.

    0