Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Reimage repair chrome - Podczas uruchomienia chrome wyskakuje aby reimage repair

laser1991 14 Sty 2017 14:12 1053 3
  • #2 14 Sty 2017 14:23
    Kolobos
    Spec od komputerów

    Zainfekowales system we wrzesniu i dopiero teraz zaczelo Ci to przeszkadzac?

    Odinstaluj:
    amuleC
    Bing Bar
    McAfee Security Scan Plus
    UvConverter

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Uzyj: https://sourceforge.net/projects/adobeflashup...an%20Remover/RemoveMcAfee_silent.exe/download

    Uruchom firefox z przelacznikiem -P (Wpisz w uruchom: firefox.exe -P) i usun profil qq2xqfq7.default oraz ustaw jako domyslny: nqpt7qvn.default-1484300276091
    W Chrome zgraj zakladki, profil rowniez bedzie trzeba usunac.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {38496303-417D-4165-9BE9-C0C3C4246874} - System32\Tasks\{CE9D7065-DBDC-435A-B0DB-5DF3FDC5CF6E} => C:\Program Files (x86)\Deluxe Ski Jump 3\DSJ3.exe
    Task: {3A9FA482-095A-41F0-A6DE-1D7167E1F4D2} - System32\Tasks\{FD6322F8-924A-4954-BFC7-52748C470299} => C:\Program Files (x86)\Deluxe Ski Jump 3\DSJ3.exe
    Task: {47313D53-39C1-416E-9F4B-F8AA9849A031} - System32\Tasks\ecad421d8308f7f4d205a75011225840 => Rundll32.exe "C:\Program Files (x86)\Smart Professional Surveillance System\f1io05.dll",e62dc6c6547f46bda862da2d05af6862 <==== UWAGA
    Task: {8B5DCF90-BD73-462A-8572-77484740233E} - System32\Tasks\{1D4CB568-BA46-484B-9374-DD158F0E4DF0} => C:\Program Files (x86)\Deluxe Ski Jump 3\DSJ3.exe
    2016-11-20 21:28 - 2016-11-20 21:28 - 00276480 _____ () c:\program files (x86)\tolackcebersh\absegrermughtlnc.dll
    2016-09-01 14:52 - 2016-09-01 08:07 - 00280576 _____ () c:\program files (x86)\common files\apps\hkhlp.dll
    Hosts:
    (© 2015 Microsoft Corporation) C:\Users\Dell02\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\Run: [BingSvc] => C:\Users\Dell02\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-25] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: F - F:\Autorun.exe
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: H - H:\SETUP.EXE
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {2ba9e693-afb9-11e6-bbee-74da380c5a23} - F:\Autorun.exe
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {3f32bcc9-a255-11e6-819e-74da380c5a23} - G:\SETUP.EXE
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {4f593b08-661c-11e6-bdd9-842b2b9b357b} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {629d0d17-b65f-11e5-bff7-842b2b9b357b} - F:\.\autorun.exe




    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {67204d03-c61d-11e6-a06e-74da380c5a23} - F:\Autorun.exe
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {756ab4c5-ad9e-11e6-9d53-74da380c5a23} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {8ea9e4b6-47f5-11e6-819c-842b2b9b357b} - F:\LGAutoRun.exe
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {9f51d223-c8b4-11e5-bf0c-842b2b9b357b} - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {c59c69c7-a4b6-11e6-81ae-74da380c5a23} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {ca6bdd19-bddc-11e6-9f39-74da380c5a23} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {d31a6738-b5fd-11e5-aeed-842b2b9b357b} - F:\.\autorun.exe
    HKU\S-1-5-21-3870025410-1436547581-3050429169-1000\...\MountPoints2: {db66419e-8eae-11e6-9709-74da380c5a23} - F:\Setup.bat
    HKLM\...\Providers\mf1io05b: C:\Program Files (x86)\MSBuild\\local64spl.dll [142848 2016-11-22] ()
    ShellExecuteHooks: Brak nazwy - {2BA2613E-A5BE-11E6-BD30-64006A5CFC23} - C:\Users\Dell02\AppData\Roaming\Atogey\Ricarytacusp.dll -> Brak pliku
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-03]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    AutoConfigURL: [S-1-5-21-3870025410-1436547581-3050429169-1000] => hxxp://none-stops.net/wpad.dat?35843a082869d29967592317dbebc64e20451953
    ManualProxies: 0hxxp://none-stops.net/wpad.dat?35843a082869d29967592317dbebc64e20451953
    RemoveProxy:
    BHO: Youtube AdBlock -> {95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} -> C:\Program Files (x86)\Youtube AdBlock\IEEF\bAyX3UFZ.dll => Brak pliku
    FF ProfilePath: C:\Users\Dell02\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\qq2xqfq7.default\Profiles\qq2xqfq7.default [nie znaleziono]
    FF Homepage: Firefox\Firefox\Profiles\nqpt7qvn.default-1484300276091 -> hxxp://www.searchinme.com/?type=hp&ts=148...id=WDCXWD2500AAJS-75M0A0_WD-WMAV2EZ6496564965
    FF Extension: (SimilarWeb) - C:\Users\Dell02\AppData\Roaming\Firefox\Firefox\Profiles\nqpt7qvn.default-1484300276091\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-01-13] [Brak podpisu cyfrowego]
    FF Extension: (FF Adr) - C:\Users\Dell02\AppData\Roaming\Firefox\Firefox\Profiles\nqpt7qvn.default-1484300276091\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-01-13] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\Dell02\AppData\Roaming\Firefox\Firefox\Profiles\nqpt7qvn.default-1484300276091\searchplugins\searchinme.xml [2017-01-13]
    FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2016-11-20] [Brak podpisu cyfrowego]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\131260021.js [2016-11-20] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\131260021.cfg [2016-11-20] <==== UWAGA
    CHR DefaultProfile: ChromeDefaultData
    C:\Users\Dell02\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR Profile: C:\Users\Dell02\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-14] <==== UWAGA
    CHR Extension: (SupJill ) - C:\Users\Dell02\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jcimfcbfeehjhbhihnkljaeikobglkdb [2016-12-28]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    R2 Dergesyghujase; C:\Program Files (x86)\Tolackcebersh\absegrermughtlnc.dll [276480 2016-11-20] () [Brak podpisu cyfrowego]
    C:\Program Files (x86)\Tolackcebersh\
    R2 Hkhlp; C:\Program Files (x86)\Common Files\Apps\Hkhlp.dll [280576 2016-09-01] () [Brak podpisu cyfrowego]
    S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2016-11-30] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-11-30] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-11-30] (McAfee, Inc.)
    R2 WinSnare; C:\Users\Dell02\AppData\Roaming\WinSnare\WinSnare.dll [775168 2017-01-06] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
    2017-01-13 10:46 - 2017-01-14 10:37 - 00000000 ____D C:\AdwCleaner
    2017-01-09 12:06 - 2017-01-09 12:06 - 00000000 ____D C:\Users\Dell02\AppData\Roaming\WinSnare
    2016-12-19 12:05 - 2017-01-13 16:14 - 00000000 ____D C:\ProgramData\wintools
    2017-01-14 10:24 - 2016-11-24 11:58 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-01-13 16:14 - 2016-09-29 10:05 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-01-12 07:58 - 2016-04-17 19:53 - 00000000 ____D C:\Program Files (x86)\McAfee
    2017-01-12 07:57 - 2016-04-17 19:44 - 00000000 ____D C:\Program Files\TrueKey
    2017-01-11 20:08 - 2016-04-17 19:55 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
    2017-01-09 12:06 - 2016-11-22 14:47 - 00000000 ____D C:\Program Files (x86)\5nkdc338
    2017-01-09 12:06 - 2016-11-20 21:28 - 00000000 ____D C:\Program Files (x86)\Tolackcebersh
    2017-01-14 12:44 - 2017-01-14 12:44 - 0000020 ___SH () C:\Users\Dell02\AppData\Roaming\1816CA7466166.ind
    2017-01-14 12:44 - 2017-01-14 12:44 - 0000020 ___SH () C:\Users\Dell02\AppData\Roaming\Programs8187ConfigDB.dat
    C:\Program Files (x86)\Common Files\Apps\

    EmptyTemp:

    W FRST wybierz napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 14 Sty 2017 15:48
    Kolobos
    Spec od komputerów

    amulec to tylko pusty wpis, mozesz go usunac przy pomocy regedit z klucza uninstall albo zostawic jak jest.

    Nowy Fixlist.txt dla FRST:
    CHR DefaultProfile: ChromeDefaultData
    2017-01-14 15:02 - 2016-04-17 19:53 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2017-01-14 14:51 - 2016-02-07 16:16 - 00000000 ____D C:\ProgramData\McAfee

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0