Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

win10 - zainfekowany Adware.Mutabaha.481, Program.Freemake.3, Adware.Ghokswa

kot-one 23 Lut 2017 13:31 636 5
  • CControls
  • #2 23 Lut 2017 14:01
    krzychupar
    Poziom 40  

    Odinstaluj:
    Superfish Inc. VisualDiscovery (HKLM-x32\...\Superfish Inc. VisualDiscovery) (Version: 1.0.0.1 - Superfish) <==== UWAGA
    WinSnare (HKLM-x32\...\{54A54A73-D8CF-4EBF-BEA7-AD6507ACE4C5}) (Version: 4.1.0 - WinSnare) <==== UWAGA
    youndoo - Uninstall (HKLM-x32\...\{FE8D22E8-AAD0-4EF0-AB64-F25628202635}) (Version: - ) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    Task: {086098E0-FD7E-4EA8-A1D8-035024844DB7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {1F896692-43A4-4071-B5EA-156F132B36B3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {463B1836-4D5B-45F8-B843-1F60B33D83C1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {4EE3AEB9-20AB-4B58-94E9-9AED6E124D3A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {67506705-7A2B-47BF-B145-1B02B193FF26} - \WPD\SqmUpload_S-1-5-21-831441598-3580422230-474571488-1002 -> Brak pliku <==== UWAGA
    Task: {B27E99D7-4BD9-4033-8B45-D4968FFC1AE1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {CB9F2E13-0E60-413B-9B2C-280D299C6231} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {D70CB923-85F4-455D-B223-5D8495C7DD81} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {F06C15EA-DD0F-44AB-B2CA-8B1AC39FA99F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {F32434E6-5038-40BF-965D-697AD6CE2482} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {F7AA47DE-C980-406C-9648-76B3C883B8B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {FDE9A94B-0983-4046-851C-47E5ECC41AE0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\Mateusz\AppData\Local\Prerzeinganesoght\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
    ShortcutWithArgument: C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
    ShortcutWithArgument: C:\Users\Mateusz\AppData\Local\Eggness\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
    HKU\S-1-5-21-831441598-3580422230-474571488-1002\...\MountPoints2: {24ef5756-bb0e-11e6-829a-d07e352dada1} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-831441598-3580422230-474571488-1002\...\MountPoints2: {24ef5767-bb0e-11e6-829a-d07e352dada1} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-831441598-3580422230-474571488-1002\...\MountPoints2: {b6911a78-f42f-11e6-82a5-d07e352dada1} - "F:\startme.exe"




    HKU\S-1-5-21-831441598-3580422230-474571488-1002\...\MountPoints2: {e2a7e828-d92f-11e4-8266-d07e352dada1} - "H:\iLinker.exe"
    ShellExecuteHooks: Brak nazwy - {31A158E4-DE3E-11E6-8239-64006A5CFC23} - -> Brak pliku
    Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - .lnk [2017-02-17]
    Startup: C:\Users\Mateusz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Officejet Pro 8100 (sieć).lnk [2017-02-23]
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=14865...uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&t...000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&t...000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=14865...uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&t...000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&t...000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM&q={searchTerms}
    HKU\S-1-5-21-831441598-3580422230-474571488-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=14865...uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-831441598-3580422230-474571488-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM&q={searchTerms}
    FF ProfilePath: C:\Users\Mateusz\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\2j4sh7dk.default\Profiles\2j4sh7dk.default [nie znaleziono]
    FF ProfilePath: C:\Users\Mateusz\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\2j4sh7dk.default\Profiles\2j4sh7dk.default [nie znaleziono]
    FF NewTab: Mozilla\Firefox\Profiles\2j4sh7dk.default -> hxxp://www.youndoo.com/?z=8299795c4c33db25e4c...014-SSHD-8GB_W770MHKMXXXXW770MHKM&type=hp
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\2j4sh7dk.default -> youndoo
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\2j4sh7dk.default -> youndoo
    FF Homepage: Mozilla\Firefox\Profiles\2j4sh7dk.default -> hxxp://www.youndoo.com/?z=8299795c4c33db25e4c...014-SSHD-8GB_W770MHKMXXXXW770MHKM&type=hp
    FF NewTab: Firefox\Firefox\Profiles\2j4sh7dk.default -> hxxp://www.youndoo.com/?z=8299795c4c33db25e4c...014-SSHD-8GB_W770MHKMXXXXW770MHKM&type=hp
    FF DefaultSearchEngine: Firefox\Firefox\Profiles\2j4sh7dk.default -> youndoo
    FF SelectedSearchEngine: Firefox\Firefox\Profiles\2j4sh7dk.default -> youndoo
    FF Homepage: Firefox\Firefox\Profiles\2j4sh7dk.default -> hxxp://www.searchinme.com/?type=hp&ts=148...uid=ST1000LM014-SSHD-8GB_W770MHKMXXXXW770MHKM
    CHR Profile: C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-13] <==== UWAGA
    S2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
    R2 WinSnare; C:\Users\Mateusz\AppData\Roaming\WinSnare\WinSnare.dll [778752 2017-02-06] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]

    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda)
    S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda)
    S1 emqtwlzo; \??\C:\WINDOWS\system32\drivers\emqtwlzo.sys [X]
    S1 nvlmloeb; \??\C:\WINDOWS\system32\drivers\nvlmloeb.sys [X]
    S1 pultipjg; \??\C:\WINDOWS\system32\drivers\pultipjg.sys [X]
    S1 qwdmybik; \??\C:\WINDOWS\system32\drivers\qwdmybik.sys [X]
    2017-02-23 13:01 - 2017-02-23 13:01 - 00000000 ____D C:\Users\Mateusz\Doctor Web
    2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Elex-tech
    2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Program Files (x86)\Eggness
    2017-02-09 17:50 - 2016-05-23 03:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
    2017-02-09 12:45 - 2017-02-09 12:45 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.0)
    2017-02-07 09:12 - 2017-02-16 14:34 - 00003654 _____ C:\WINDOWS\System32\Tasks\Milimili
    2017-02-07 09:12 - 2017-02-13 09:50 - 00000000 ____D C:\Program Files (x86)\WinArcher
    2017-02-07 09:12 - 2017-02-10 18:10 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\WinSnare
    2017-02-07 09:12 - 2017-02-09 17:49 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-02-07 09:12 - 2017-02-09 12:45 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.0.9)
    2017-02-07 09:09 - 2017-02-07 09:09 - 00000000 ____D C:\Program Files (x86)\8qj1ollm
    2017-01-26 09:13 - 2017-01-26 09:13 - 00003780 _____ C:\WINDOWS\System32\Tasks\Lengegrawoward
    2017-01-26 09:13 - 2017-01-26 09:13 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
    2017-01-26 09:13 - 2017-01-26 09:13 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Disc_Soft_Ltd
    2017-01-26 09:13 - 2017-01-26 09:13 - 00000000 ____D C:\ProgramData\Avira
    2017-01-26 09:13 - 2017-01-26 09:13 - 00000000 ____D C:\ProgramData\Avg
    2017-01-26 09:12 - 2017-02-13 10:01 - 00000000 ____D C:\Program Files (x86)\Zugowardghaqght
    2017-01-26 09:12 - 2017-02-13 09:54 - 00000000 ____D C:\Program Files (x86)\Atervuther Launcher
    2017-01-26 09:12 - 2017-02-13 09:53 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Muvitapicult
    2017-01-26 09:12 - 2017-01-26 09:13 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Prerzeinganesoght
    2017-01-26 09:12 - 2017-01-26 09:12 - 00006174 _____ C:\WINDOWS\System32\Tasks\Atervuther Launcher
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #4 23 Lut 2017 14:44
    Kolobos
    Spec od komputerów

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/
    Moze usunie ten pusty wpis -> youndoo - Uninstall.
    Mozesz go usunac np. przy pomocy regedit, z klucza uninstall, w ccleaner tez powinna byc opcja usuniecia tego wpisu.

    Nowy Fixlist.txt dla FRST:
    HKU\S-1-5-21-831441598-3580422230-474571488-1002\...\ChromeHTML: -> "C:\Program Files (x86)\Eggness\Application\chrome.exe" "%1" <==== UWAGA
    Task: {32E8724C-A197-47B0-AB0D-CD759BCF330D} - \Milimili -> Brak pliku <==== UWAGA
    Task: {8C291CA6-F147-4048-9979-B71E10DD382C} - \Atervuther Launcher -> Brak pliku <==== UWAGA
    Task: {A05F2ADE-BBED-477E-B892-0BA2DE38C5B4} - System32\Tasks\SweetLabs App Platform => C:\Users\Mateusz\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-11-16] (Pokki)
    Task: {E8AE652D-9504-430E-B425-6BA3008F2518} - \Lengegrawoward -> Brak pliku <==== UWAGA
    HKLM\...\Providers\8qj1ollm: C:\Program Files (x86)\Atervuther Launcher\local64spl.dll
    R2 MS_TASK_SVR; C:\ProgramData\Apple\Apple Application Support\ErrorReport.dll [519168 2017-02-09] () [Brak podpisu cyfrowego]
    R2 WinSAPSvc; C:\Users\Mateusz\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-02-15] (TODO: <Company name>) [Brak podpisu cyfrowego]
    S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X]
    2017-02-16 14:34 - 2017-02-23 13:06 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\WinSAPSvc
    2017-02-13 09:47 - 2017-02-13 09:47 - 00000040 _____ C:\Program Files (x86)\settings.dat
    2017-02-13 09:47 - 2017-02-13 09:47 - 00000000 ____D C:\Program Files (x86)\reports
    2017-02-13 09:47 - 2017-02-13 09:47 - 00000000 _____ C:\Program Files (x86)\metadata
    2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Users\Mateusz\AppData\Roaming\Firefox
    2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Firefox
    2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\Users\Mateusz\AppData\Local\Eggness
    2017-02-09 17:50 - 2017-02-09 17:50 - 00000000 ____D C:\ProgramData\Apple
    2017-02-09 17:49 - 2017-02-23 14:14 - 00000068 _____ C:\Users\Public\Documents\temp.dat
    2017-02-09 17:49 - 2017-02-13 11:30 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-02-13 09:47 - 2017-02-13 09:47 - 0000000 _____ () C:\Program Files (x86)\metadata
    2017-02-13 09:47 - 2017-02-13 09:47 - 0000040 _____ () C:\Program Files (x86)\settings.dat

    0
  • #6 24 Lut 2017 09:28
    Kolobos
    Spec od komputerów

    Wszystko wyglada ok.

    Usun katalog C:\FRST oraz C:\AdwCleaner i to wszystko.

    0