Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirus/amulec/ - Wirusy amuleC i Firefox

piotr1232514 24 Lut 2017 22:05 516 3
  • #1 24 Lut 2017 22:05
    piotr1232514
    Poziom 2  

    Witam, mam problem z wciąż instalującym się samoczynnie programem amuleC oraz Firefox . Po usunięciu programu, po jakimś czasie programy same się ponownie instalują. Dołączam logi z programu FRST. Proszę o pomoc
    Załączniki:

    0 3
  • CControls
  • CControls
  • #3 24 Lut 2017 22:16
    piotr1232514
    Poziom 2  

    Okej tak zrobię

    0
  • #4 24 Lut 2017 23:27
    Kolobos
    Spec od komputerów

    Zgraj zakladki z Chrome, katalog profilu zostanie usuniety.

    Odinstaluj Chrome.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    C:\Program Files (x86)\Mapbob\
    Task: {085FE1C7-F657-4871-8DFE-899E6A30F921} - System32\Tasks\{B0CF33DA-6D7F-4849-BC3A-65AC70938B73} => pcalua.exe -a "C:\Users\Piotr\AppData\Local\Kingsoft\WPS Office\10.1.0.5458\utility\uninst.exe"
    Task: {099E753D-DF9F-4951-A75A-AFC568006E2F} - System32\Tasks\IHeeaWABrowserUpdateCore => C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe <==== UWAGA
    Task: {1A6338E1-801C-43A8-8B05-6F66588CDAB1} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Brak pliku <==== UWAGA
    Task: {1AD829D5-9EDB-404E-A93B-79630E0F5233} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {1B950B1F-B525-4A40-B68D-22620F8970C7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {3B0795FB-89EF-4988-B266-5FE3B6613343} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA
    Task: {3DA1EB92-FF23-4C81-92AD-D6EF741D1F07} - System32\Tasks\IHeeaWACheckTask => C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe <==== UWAGA
    Task: {42EC5BA2-23B9-4E52-BE17-CD61954FD872} - System32\Tasks\{00A48DFB-0B44-429B-AE29-68CF137FA449} => pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
    Task: {45EDDB69-52D7-4C36-878B-0428E54A8F87} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {4623C47E-B344-4E45-A8AB-A1D2CC5F2EEF} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
    Task: {47524233-F356-4449-ABD4-A720C76BEB55} - System32\Tasks\{C1D21830-6B63-47BA-AD84-F4D8D0E306D5} => pcalua.exe -a C:\Users\Piotr\AppData\Local\PPTAssist\utility\uninst.exe
    Task: {47E7F892-645C-4D1C-949E-B7F143C50FE5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {4A356A77-505B-401D-A4B1-671B14AB1077} - System32\Tasks\Cnsythuker Collector => C:\Program Files (x86)\Meqaculthalek\simerty.exe [2017-01-24] (Glarysoft Ltd)
    Task: {60C6D03B-926F-4B49-91B3-8E03C0BFA487} - System32\Tasks\{A4599371-B9C4-403C-9957-19526F1E0DF1} => pcalua.exe -a "C:\Users\Piotr\AppData\Local\Kingsoft\WPS Office\10.1.0.5458\utility\uninst.exe"
    Task: {60F617BE-20AD-48B5-9A42-D78DE308EFD4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {66EA4296-42D7-42AF-B6A8-1127219FC5D3} - System32\Tasks\IHeeaWABrowserUpdateUA => C:\Program Files (x86)\IHeeaWA\IHeeaWA\bin\IHeeaWA_server.exe <==== UWAGA
    Task: {79BE03C3-053A-41C9-A24D-A13ACEB6671D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {9023D43B-4165-420B-9C01-A103E3FB19D3} - System32\Tasks\Opera scheduled Autoupdate 1443948770 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-20] (Opera Software)




    Task: {9E44418D-FBD3-4CEF-8233-98E8BADBD6CF} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2016-12-28] ()
    Task: {ADFCE9E1-98EA-4EB8-991D-A3E6E33C2DA0} - System32\Tasks\{9B5808C6-6345-42E4-9C1A-22FB08742480} => pcalua.exe -a C:\Users\Piotr\AppData\Local\Temp\jre-8u71-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== UWAGA
    Task: {BD37A0BA-9B1C-4B64-81C7-812E4B886DD2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {C99C276E-A476-4953-A85D-A8A8F118F79F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {CB23F06C-D2EC-41B9-A9A5-80F47186A12D} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
    Task: {DE9BDC65-2F7F-4DA0-81CE-B4E6EA07F0AC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {E1E17370-C75B-4CE5-9A94-774D139A1FE0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {ECAFF91A-CC7A-402D-8B42-C7676966BA63} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: {ED49ACFE-5B44-443F-B0E6-C2F8C4D31502} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Piotr\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.)
    HKU\S-1-5-21-1835884706-849631142-4127316233-1000\...\MountPoints2: {77ba1159-c47c-11e6-9e9f-902b34a90b31} - "F:\HiSuiteDownLoader.exe"
    HKLM\...\Providers\gkag881u: C:\Program Files (x86)\Cnsythuker Collector\local64spl.dll [289792 2017-01-24] ()
    ShellExecuteHooks: Brak nazwy - {17FEF462-DE3D-11E6-96EE-64006A5CFC23} - -> Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...id=WDCXWD3200AVVS-63L2B0_WD-WCAV1055062950629
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...id=WDCXWD3200AVVS-63L2B0_WD-WCAV1055062950629
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...WD3200AVVS-63L2B0_WD-WCAV1055062950629&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...id=WDCXWD3200AVVS-63L2B0_WD-WCAV1055062950629
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...id=WDCXWD3200AVVS-63L2B0_WD-WCAV1055062950629
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...WD3200AVVS-63L2B0_WD-WCAV1055062950629&q={searchTerms}
    HKU\S-1-5-21-1835884706-849631142-4127316233-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...WD3200AVVS-63L2B0_WD-WCAV1055062950629&q={searchTerms}
    HKU\S-1-5-21-1835884706-849631142-4127316233-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...id=WDCXWD3200AVVS-63L2B0_WD-WCAV1055062950629
    HKU\S-1-5-21-1835884706-849631142-4127316233-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...id=WDCXWD3200AVVS-63L2B0_WD-WCAV1055062950629
    HKU\S-1-5-21-1835884706-849631142-4127316233-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...WD3200AVVS-63L2B0_WD-WCAV1055062950629&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    Edge HomeButtonPage: HKU\S-1-5-21-1835884706-849631142-4127316233-1000 -> hxxp://www.amisites.com/?type=hp&ts=14861...id=WDCXWD3200AVVS-63L2B0_WD-WCAV1055062950629
    FF Extension: (SimilarWeb) - C:\Users\Piotr\AppData\Roaming\Firefox\Firefox\Profiles\u2mq3b9l.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-02-22] [Brak podpisu cyfrowego]
    FF Extension: (FF Adr) - C:\Users\Piotr\AppData\Roaming\Firefox\Firefox\Profiles\u2mq3b9l.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-04] [Brak podpisu cyfrowego]
    CHR DefaultProfile: ChromeDefaultData
    CHR HomePage: ChromeDefaultData -> hxxp://www.startpageing123.com/?type=hp&t...id=WDCXWD3200AVVS-63L2B0_WD-WCAV1055062950629
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.startpageing123.com/?type=hp&ts=1487773466&z=88661d19042b26f752ec12cgcz9bcmembmfc6z1qfq&from=ggg0221&uid=WDCXWD3200AVVS-63L2B0_WD-WCAV1055062950629"
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.amisites.com/search/?type=ds&t...WD3200AVVS-63L2B0_WD-WCAV1055062950629&q={searchTerms}
    CHR DefaultSearchKeyword: ChromeDefaultData -> amisites
    CHR Profile: C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-02-22] <==== UWAGA
    C:\Users\Piotr\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    R2 Grerzuied; C:\Program Files (x86)\Meqaculthalek\BoforyMng.dll [147968 2017-01-24] () [Brak podpisu cyfrowego]
    R2 MSCFG_SVR; C:\ProgramData\Microsoft\Office\office_update.dll [486912 2017-02-04] () [Brak podpisu cyfrowego]
    R2 WinSAPSvc; C:\Users\Piotr\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-02-24] (TODO: <Company name>) [Brak podpisu cyfrowego]
    R2 WinSnare; C:\Users\Piotr\AppData\Roaming\WinSnare\WinSnare.dll [778752 2017-02-24] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    2017-02-24 21:27 - 2017-02-24 21:27 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\WinSnare
    2017-02-24 21:26 - 2017-02-24 21:27 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-02-24 21:26 - 2017-02-24 21:26 - 00003662 _____ C:\WINDOWS\System32\Tasks\Milimili
    2017-02-24 21:26 - 2017-02-24 21:26 - 00000000 ____D C:\WINDOWS\SysWOW64\{7712874D-92A0-47DF-99A4-3162E967A8CC}
    2017-02-24 21:26 - 2017-02-24 21:26 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\WinSAPSvc
    2017-02-24 21:22 - 2017-02-24 21:23 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-02-04 15:04 - 2017-02-04 15:04 - 00000000 _____ C:\Program Files (x86)\metadata
    2017-02-04 12:57 - 2017-02-04 12:57 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Firefox
    2017-02-04 12:57 - 2017-02-04 12:57 - 00000000 ____D C:\Users\Piotr\AppData\Local\Mapbob
    2017-02-04 12:57 - 2017-02-04 12:57 - 00000000 ____D C:\Users\Piotr\AppData\Local\Firefox
    2017-02-04 12:56 - 2017-02-04 12:56 - 00000000 ____D C:\Program Files (x86)\Mapbob
    2017-01-25 10:02 - 2017-02-06 17:56 - 00000000 ____D C:\Program Files (x86)\gkag881u
    2017-01-25 09:58 - 2017-02-20 13:17 - 00000000 ____D C:\Program Files\gkag881u
    2017-02-24 21:22 - 2016-05-10 22:22 - 00000000 ____D C:\AdwCleaner
    2017-02-11 09:18 - 2017-01-24 16:39 - 00000000 ____D C:\Users\Piotr\AppData\Roaming\Vaterentphoser
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu zainstaluj Chrome ponownie.

    0