Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Samoinstalujące się programy - Amulec, amisites

dolab 22 Lut 2017 15:53 585 4
  • #1 22 Lut 2017 15:53
    dolab
    Poziom 2  

    Cześć, mam problem z samoinstalującymi się co jakiś czas programami i przeglądarkami (amuleC, amisites)
    Użyłam juz programu adw cleaner, ale problem powraca. Proszę o pomoc!
    W załączniku przesyłam logi FRST

    0 4
  • CControls
  • Pomocny post
    #2 22 Lut 2017 16:43
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Java(TM) 6 Update 22 (64-bit)
    Java(TM) 6 Update 22
    McAfee Security Scan Plus

    Uzyj: https://sourceforge.net/projects/adobeflashup...an%20Remover/RemoveMcAfee_silent.exe/download

    Zrob kopie zakladek z Chrome, skrypt usunie katalog profilu.

    Wykonaj Fixlist.txt dla FRST:
    Traffic Exchange (x32 Version: 2.0.0 - Microleaves) Hidden <==== UWAGA

    Po wykonaniu odinstaluj Traffic Exchange i napisz czy udalo sie odinstalowac ten program.

    Wykonaj nastepnie taki Fixlist.txt:
    Task: {29AB59D5-B6C8-4BEC-8397-89A1784EB0F3} - System32\Tasks\Prdather Configuration => C:\Program Files (x86)\Daletictain\cuuph.exe [2017-01-31] (Glarysoft Ltd)
    Task: {3865563E-3745-45BD-9473-23D4040AD296} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {499BA9FE-F953-43B7-B738-E31E0E5E18DD} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {82CC7714-51B8-48D2-AE18-D217D114741D} - System32\Tasks\Puderingkajik => msiexec /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel....5JJ5T0_WD-WXF1A81F5695F5695&amp;v=2017131 /q
    Task: {C3D679AF-B87A-41C3-8B18-F1B7730156A3} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {FD6A2A84-9A80-409A-B7A7-8F2E12E37327} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRssReader\BikaQ.exe
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Beata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    ShortcutWithArgument: C:\Users\Beata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695




    ShortcutWithArgument: C:\Users\Beata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Fishjane\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    ShortcutWithArgument: C:\Users\Beata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Fishjane\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    ShortcutWithArgument: C:\Users\Beata\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3774b154c8ee0e69\Google Chrome.lnk -> C:\Program Files (x86)\Fishjane\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Fishjane\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    2017-02-21 16:22 - 2017-02-21 09:11 - 00111616 _____ () c:\programdata\apple\apple application support\support.dll
    2017-01-31 16:33 - 2017-01-31 16:33 - 00147968 _____ () c:\program files (x86)\daletictain\plrmapper.dll
    2017-02-21 16:22 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Fishjane\Application\libglesv2.dll
    2017-02-21 16:22 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Fishjane\Application\libegl.dll
    (IEC) C:\Config.Msi\400ca.rbf
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
    HKU\S-1-5-21-1791929653-3363623737-1175070374-1000\...\MountPoints2: {bf88f6f4-c2a8-11e6-87e2-9439e5c28518} - "E:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1791929653-3363623737-1175070374-1000\...\MountPoints2: {bf88f721-c2a8-11e6-87e2-9439e5c28518} - "E:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1791929653-3363623737-1175070374-1000\...\MountPoints2: {c8062cee-28de-11e6-87cb-9439e5c28518} - "G:\OInstall.exe"
    HKU\S-1-5-21-1791929653-3363623737-1175070374-1000\...\MountPoints2: {c8fed465-4dd6-11e6-87d1-9439e5c28518} - "E:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    HKLM\...\Providers\8gfhpci5: C:\Program Files (x86)\Prdather Configuration\local64spl.dll
    ShellExecuteHooks: Brak nazwy - {48F04F78-DE45-11E6-8A81-64006A5CFC23} - C:\Users\Beata\AppData\Roaming\Cligutainqerotain\Devaiedduberch.dll -> Brak pliku
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-31]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
    Hosts: 0.0.0.1 mssplus.mcafee.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...D3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...D3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...D3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...D3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695&q={searchTerms}
    HKU\S-1-5-21-1791929653-3363623737-1175070374-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...D3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695&q={searchTerms}
    HKU\S-1-5-21-1791929653-3363623737-1175070374-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    HKU\S-1-5-21-1791929653-3363623737-1175070374-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    HKU\S-1-5-21-1791929653-3363623737-1175070374-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com
    HKU\S-1-5-21-1791929653-3363623737-1175070374-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...D3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1791929653-3363623737-1175070374-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...D3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1791929653-3363623737-1175070374-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...D3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1791929653-3363623737-1175070374-1000 -> {ACBCD680-E054-4F06-9217-33786A9CAE29} URL = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    Edge HomeButtonPage: HKU\S-1-5-21-1791929653-3363623737-1175070374-1000 -> hxxp://www.amisites.com/?type=hp&ts=14863...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    FF Homepage: Mozilla\Firefox\Profiles\v5cmy9re.default-1486401507960 -> hxxp://www.startpageing123.com/?type=hp&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\v5cmy9re.default-1486401507960\features\{36b391f8-3e13-4bbe-afa3-438f161d3dd4}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
    FF SearchPlugin: C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\v5cmy9re.default-1486401507960\searchplugins\startpageing123.xml [2017-02-22]
    FF Homepage: Firefox\Firefox\Profiles\v5cmy9re.default-1486401507960 -> hxxp://www.searchinme.com/?type=hp&ts=148...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    FF Extension: (SimilarWeb) - C:\Users\Beata\AppData\Roaming\Firefox\Firefox\Profiles\v5cmy9re.default-1486401507960\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-02-21] [Brak podpisu cyfrowego]
    FF Extension: (FF Adr) - C:\Users\Beata\AppData\Roaming\Firefox\Firefox\Profiles\v5cmy9re.default-1486401507960\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-21] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\Beata\AppData\Roaming\Firefox\Firefox\Profiles\v5cmy9re.default-1486401507960\searchplugins\searchinme.xml [2017-02-21]
    CHR DefaultProfile: Profile 1
    CHR HomePage: Profile 1 -> hxxp://www.startpageing123.com/?type=hp&t...d=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695
    CHR StartupUrls: Profile 1 -> "hxxp://www.startpageing123.com/?type=hp&ts=1487767138&z=6e2e40fad320ada2ae12ad5g6zebcm1m5qam0gcc8t&from=che0812&uid=WDCXWD3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695"
    CHR DefaultSearchURL: Profile 1 -> hxxp://www.startpageing123.com/search/?type=d...D3200BPVT-55JJ5T0_WD-WXF1A81F5695F5695&q={searchTerms}
    CHR DefaultSearchKeyword: Profile 1 -> startpageing123
    CHR Profile: C:\Users\Beata\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-21] <==== UWAGA
    C:\Users\Beata\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    R2 Apple_Cfg; C:\ProgramData\Apple\Apple Application Support\Support.dll [111616 2017-02-21] () [Brak podpisu cyfrowego]
    R2 Lufgerodupy; C:\Program Files (x86)\Daletictain\Plrmapper.dll [147968 2017-01-31] () [Brak podpisu cyfrowego]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
    2017-02-22 15:01 - 2017-02-22 15:02 - 00000016 _____ C:\Users\Public\Documents\temp.dat
    2017-02-21 16:24 - 2017-02-21 16:24 - 00000000 ____D C:\Users\Beata\AppData\Roaming\Firefox
    2017-02-21 16:24 - 2017-02-21 16:24 - 00000000 ____D C:\Users\Beata\AppData\Local\Firefox
    2017-02-21 16:22 - 2017-02-21 16:22 - 00000219 _____ C:\Users\Public\Desktop\Google Chrome.url
    2017-02-21 16:22 - 2017-02-21 16:22 - 00000000 ____D C:\Users\Beata\AppData\Local\Fishjane
    2017-02-21 16:22 - 2017-02-21 16:22 - 00000000 ____D C:\Program Files (x86)\Fishjane
    2017-02-20 12:37 - 2017-02-20 12:37 - 00000000 ____D C:\Program Files (x86)\amuleCexx
    2017-02-20 12:34 - 2017-02-22 15:05 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader
    2017-02-20 12:34 - 2017-02-20 12:34 - 00003332 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
    2017-02-07 16:01 - 2017-02-22 14:55 - 00000000 ____D C:\AdwCleaner
    2017-02-04 10:45 - 2017-02-20 12:33 - 00000000 ____D C:\Program Files (x86)\8gfhpci5
    2017-01-31 16:38 - 2017-01-31 21:34 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
    2017-01-31 16:38 - 2017-01-31 21:34 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
    2017-01-31 16:38 - 2017-01-31 21:34 - 00000332 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
    2017-01-31 16:38 - 2017-01-31 16:38 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
    2017-01-31 16:38 - 2017-01-31 16:38 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
    2017-01-31 16:38 - 2017-01-31 16:38 - 00003220 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
    2017-01-31 16:37 - 2017-01-31 16:37 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-01-31 16:37 - 2017-01-31 16:37 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-01-31 16:35 - 2017-01-31 16:35 - 00003754 _____ C:\WINDOWS\System32\Tasks\Puderingkajik
    2017-01-31 16:35 - 2017-01-31 16:35 - 00000000 ____D C:\ProgramData\Avira
    2017-01-31 16:35 - 2017-01-31 16:35 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-01-31 16:33 - 2017-02-21 11:12 - 00000000 ____D C:\Program Files (x86)\Daletictain
    2017-01-31 16:33 - 2017-02-10 23:39 - 00000000 ____D C:\Program Files (x86)\Prdather Configuration
    2017-01-31 16:33 - 2017-02-01 16:45 - 00000000 ____D C:\Users\Beata\AppData\Roaming\Cligutainqerotain
    2017-01-31 16:33 - 2017-01-31 16:38 - 00000000 ____D C:\Users\Beata\AppData\Local\Hajerlepherbuing
    2017-01-31 16:33 - 2017-01-31 16:33 - 00006164 _____ C:\WINDOWS\System32\Tasks\Prdather Configuration
    2017-01-31 11:24 - 2017-01-31 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    EmptyTemp:

    W FRST wybierz Napraw.

    Zainstaluj http://ninite.com/java/

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • CControls
  • Pomocny post
    #4 22 Lut 2017 21:03
    Kolobos
    Spec od komputerów

    Zostala jeszcze stara wersja javy do usuniecia: Java(TM) 6 Update 22

    Nowy Fixlist.txt dla FRST:
    2017-02-22 19:48 - 2017-02-22 19:48 - 00000000 ____D C:\Users\Beata\AppData\Local\AdvinstAnalytics
    2017-02-22 19:29 - 2016-04-17 20:19 - 00000000 ____D C:\Program Files (x86)\McAfee
    2017-02-22 19:29 - 2016-03-12 21:46 - 00000000 ____D C:\ProgramData\McAfee

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #5 22 Lut 2017 21:07
    dolab
    Poziom 2  

    Zrobione, OGROMNIE dziękuję za pomoc! Pozdrawiam ;)

    0