Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Nie mogę usunąć programu chińskiego

bobo 44 25 Maj 2017 17:44 414 8
  • #1 25 Maj 2017 17:44
    bobo 44

    Poziom 17  

    Nie moge usunąć programu jakiegoś chińskiego nie wiem jak to sie wgrało ale jest przy próbie deinstalacji prosi o klucz który jest po chińsku i tu problem ponadto coś się wgrało do przegladarki.

    0 8
  • #2 25 Maj 2017 17:54
    Kolobos
    Spec od komputerów

    Zamiesc w zalaczniku wymagane logi z FRST, tak jak wszyscy!

    0
  • #5 25 Maj 2017 18:14
    Kolobos
    Spec od komputerów

    Wystarczy przeczytac podwieszone watki w dziale, w ktorym napisales, nie mowiac juz o uzyciu google.

    0
  • #6 25 Maj 2017 18:17
    bobo 44

    Poziom 17  

    czy to co podalem wyżej wystarczy?

    0
  • #7 25 Maj 2017 18:27
    Kolobos
    Spec od komputerów

    Zrob kopie zakladek z Chrome (o ile uzywasz) oraz z Firefox'a.

    Odinstaluj:
    YAC(Yet Another Cleaner!)
    Firefox (po wykonaniu wszystkiego bedziesz mogl zainstalowac FF ponownie)

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {11C462A5-6C92-45E0-A2A5-63AC39A89015} - System32\Tasks\4bop7Editor => Rundll32.exe "C:\Program Files\4bop7Editor\4bop7Editor.dll",lbDRFxwuPkdU
    Task: {36789785-3D5B-4E6B-967E-AE97547F68CF} - \Microsoft\Windows\DeviceSettings\Grihish -> Brak pliku <==== UWAGA
    Task: {59E8B6FC-27F7-4858-BC0C-F06675586CD7} - \Milimili -> Brak pliku <==== UWAGA
    Task: {6D906982-F459-45EC-8E41-321F8CCDDD3A} - \Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic -> Brak pliku <==== UWAGA
    Task: {CD95F92B-0B4B-41F3-9B83-DD3DB9FB11C2} - System32\Tasks\Womuck Monitor => C:\Program Files (x86)\Solescoohut\plojek.exe [2017-05-20] (Google Inc.)
    ShortcutWithArgument: C:\Users\bobo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Hippig\Application\chrome.exe (Google Inc.) ->
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Hippig\Application\chrome.exe (Google Inc.) ->
    2017-05-20 17:07 - 2017-05-20 17:07 - 00308224 _____ () C:\Program Files (x86)\Womuck Monitor\local64spl.dll
    2017-05-25 16:50 - 2016-05-23 04:41 - 00097872 ____N () C:\Program Files (x86)\Elex-tech\YAC\iDskDllPatch64.dll
    2017-05-20 17:07 - 2017-05-20 17:07 - 00341192 ____N () C:\ProgramData\tw5138797.exe
    2017-05-25 16:50 - 2017-05-25 04:52 - 00098456 ____N () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
    2017-05-25 16:50 - 2017-05-02 08:55 - 00373416 ____N () C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    2017-05-25 16:49 - 2017-04-06 04:25 - 01419576 _____ () C:\Users\bobo\AppData\Local\background_fault\aswRD.exe
    2017-05-24 15:21 - 2017-05-24 15:21 - 01887232 _____ () c:\users\bobo\appdata\roaming\winsapsvc\winsap.dll
    2017-05-24 15:21 - 2017-05-25 03:59 - 01811968 ____N () c:\programdata\bit\bit.dll
    2017-05-25 16:50 - 2017-05-15 04:48 - 01055576 ____N () C:\Program Files (x86)\Elex-tech\YAC\iSafeBase.dll
    2017-05-25 16:50 - 2016-05-23 04:37 - 00393216 ____N () C:\Program Files (x86)\Elex-tech\YAC\sqlite3.dll
    2017-05-25 16:50 - 2016-05-23 04:37 - 00875472 ____N () C:\Program Files (x86)\Elex-tech\YAC\MSVCR110.dll
    2017-05-25 16:50 - 2017-05-05 08:16 - 00130896 ____N () C:\Program Files (x86)\Elex-tech\YAC\isafepxy.dll
    2017-05-25 16:50 - 2016-05-23 04:37 - 00535008 ____N () C:\Program Files (x86)\Elex-tech\YAC\MSVCP110.dll
    2017-05-25 16:50 - 2017-05-05 08:14 - 00993296 ____N () C:\Program Files (x86)\Elex-tech\YAC\iImportLib.dll
    2017-05-25 16:50 - 2016-05-23 04:37 - 00306368 ____N () C:\Program Files (x86)\Elex-tech\YAC\libcurl.dll




    2017-05-25 16:50 - 2016-05-23 04:37 - 01187000 ____N () C:\Program Files (x86)\Elex-tech\YAC\LIBEAY32.dll
    2017-05-25 16:50 - 2016-05-23 04:37 - 00281648 ____N () C:\Program Files (x86)\Elex-tech\YAC\SSLEAY32.dll
    2017-05-25 16:50 - 2016-05-23 04:37 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
    2017-05-25 16:50 - 2015-08-06 05:51 - 00582144 ____N () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
    2017-05-25 16:50 - 2017-05-05 08:16 - 00129360 ____N () C:\Program Files (x86)\Elex-tech\YAC\isaferpt.dll
    2017-05-25 16:50 - 2017-05-05 08:15 - 00043104 ____N () C:\Program Files (x86)\Elex-tech\YAC\isafemc.dll
    2017-05-25 16:50 - 2017-05-23 03:57 - 01965224 ____N () C:\Program Files (x86)\Elex-tech\YAC\ouilibx.dll
    2017-05-25 16:50 - 2016-05-23 04:37 - 00179200 ____N () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
    2017-05-25 16:50 - 2017-05-15 04:48 - 00467016 ____N () C:\Program Files (x86)\Elex-tech\YAC\iCommon.dll
    2017-05-25 16:50 - 2017-05-05 08:18 - 00067472 ____N () C:\Program Files (x86)\Elex-tech\YAC\iCommu.dll
    2017-05-25 16:50 - 2017-05-15 04:49 - 00228528 ____N () C:\Program Files (x86)\Elex-tech\YAC\iTPNodisturb.dll
    2017-05-25 16:50 - 2017-05-05 08:16 - 00420728 ____N () C:\Program Files (x86)\Elex-tech\YAC\iTPProtect.dll
    2017-05-25 16:50 - 2017-05-15 04:49 - 00244704 ____N () C:\Program Files (x86)\Elex-tech\YAC\iTPDesk.dll
    2017-05-25 16:50 - 2017-05-15 04:49 - 00709088 ____N () C:\Program Files (x86)\Elex-tech\YAC\iTPFloaty.dll
    2017-05-25 16:50 - 2017-05-15 04:49 - 00266960 ____N () C:\Program Files (x86)\Elex-tech\YAC\iTPPush.dll
    2017-05-25 16:50 - 2017-05-15 04:49 - 00245664 ____N () C:\Program Files (x86)\Elex-tech\YAC\iTPMsgCenter.dll
    2017-05-25 16:50 - 2017-05-15 04:49 - 00122584 ____N () C:\Program Files (x86)\Elex-tech\YAC\iTPAutoClean.dll
    2017-05-25 16:49 - 2017-05-25 08:47 - 00347648 _____ () C:\Users\bobo\AppData\Local\background_fault\bf.dll
    () C:\ProgramData\tw5138797.exe
    () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
    () C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    () C:\Users\bobo\AppData\Local\background_fault\aswRD.exe
    ManualProxies:
    RemoveProxy:
    FF ProfilePath: C:\Users\bobo\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\h6amnxkt.default\Profiles\h6amnxkt.default [nie znaleziono]
    FF user.js: detected! => C:\Users\bobo\AppData\Roaming\Mozilla\Firefox\Profiles\h6amnxkt.default\user.js [2016-12-16]
    FF NewTab: Mozilla\Firefox\Profiles\h6amnxkt.default -> hxxp://www.initialsite123.com/?z=ee992c0bf6d8...BAXMK1676GSX_32FZT0E0TXX32FZT0E0T&type=hp
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\h6amnxkt.default -> initialsite123
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\h6amnxkt.default -> initialsite123
    FF SearchPlugin: C:\Users\bobo\AppData\Roaming\Mozilla\Firefox\Profiles\h6amnxkt.default\searchplugins\qx551bb0.xml [2017-05-20]
    FF ProfilePath: C:\Users\bobo\AppData\Roaming\Firefox\Firefox\Profiles\h6amnxkt.default [2017-05-25]
    FF user.js: detected! => C:\Users\bobo\AppData\Roaming\Firefox\Firefox\Profiles\h6amnxkt.default\user.js [2016-12-16]
    FF NewTab: Firefox\Firefox\Profiles\h6amnxkt.default -> hxxp://www.initialsite123.com/?z=ee992c0bf6d8...BAXMK1676GSX_32FZT0E0TXX32FZT0E0T&type=hp
    FF SelectedSearchEngine: Firefox\Firefox\Profiles\h6amnxkt.default -> initialsite123
    FF Extension: (Fast search) - C:\Users\bobo\AppData\Roaming\Firefox\Firefox\Profiles\h6amnxkt.default\Extensions\amcontextmenu@loucypher [2017-05-25]
    CHR DefaultProfile: ChromeDefaultData
    CHR Profile: C:\Users\bobo\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-20] <==== UWAGA
    C:\Users\bobo\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR Extension: (Docs) - C:\Users\bobo\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-23]
    CHR Extension: (Dysk Google) - C:\Users\bobo\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-23]
    OPR Extension: (Fast search) - C:\Users\bobo\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-05-20]
    R2 BIT; C:\ProgramData\BIT\BIT.dll [1811968 2017-05-25] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 DsSvc; C:\ProgramData\Package Cache\{00C5024D-925C-4E9E-A8E6-F9B84ABE0DA0}\packages\Win81_SDK\9bcb3fab78e80d68be28892ea7ad46c3.msp:dp [212994 ] () [Brak podpisu cyfrowego] <==== UWAGA
    S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [130512 2017-05-22] () [Brak podpisu cyfrowego]
    S2 snare; C:\Users\bobo\AppData\Local\snare\Snare.dll [898048 2017-05-25] (IntertSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] () [Brak podpisu cyfrowego] <==== UWAGA
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] () [Brak podpisu cyfrowego] <==== UWAGA
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] () [Brak podpisu cyfrowego] <==== UWAGA
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X] <==== UWAGA
    R1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X] <==== UWAGA
    2017-05-25 16:52 - 2017-05-25 16:52 - 00000000 ____D C:\Users\bobo\AppData\Roaming\Firefox
    2017-05-25 16:52 - 2017-05-25 16:52 - 00000000 ____D C:\Users\bobo\AppData\Local\Firefox
    2017-05-25 16:51 - 2017-05-25 17:34 - 00002146 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-05-25 16:51 - 2017-05-25 16:51 - 00000000 ____D C:\Users\bobo\AppData\Local\Hippig
    2017-05-25 16:50 - 2017-05-25 16:50 - 00000000 ____D C:\Users\Public\Documents\Google
    2017-05-25 16:50 - 2017-05-25 16:50 - 00000000 ____D C:\Users\bobo\AppData\Roaming\Elex-tech
    2017-05-25 16:50 - 2017-05-25 16:50 - 00000000 ____D C:\Program Files (x86)\Hippig
    2017-05-25 16:50 - 2017-05-25 16:50 - 00000000 ____D C:\Program Files (x86)\Firefox
    2017-05-25 16:50 - 2017-05-25 16:50 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2017-05-25 16:49 - 2017-05-25 17:28 - 00000000 ____D C:\Users\bobo\AppData\Local\background_fault
    2017-05-25 16:49 - 2017-05-25 17:01 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-05-25 16:49 - 2017-05-25 16:51 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-05-25 16:21 - 2017-05-25 16:23 - 00000132 _____ C:\ProgramData\log.binb
    2017-05-24 15:21 - 2017-05-25 16:48 - 00000000 ____D C:\Users\bobo\AppData\Local\snare
    2017-05-24 15:21 - 2017-05-24 15:21 - 00000000 ____D C:\Users\bobo\AppData\Roaming\WinSAPSvc
    2017-05-24 15:21 - 2017-05-24 15:21 - 00000000 ____D C:\ProgramData\BIT
    2017-05-24 15:21 - 2017-05-24 15:21 - 00000000 ____D C:\Program Files\qx551bb0
    2017-05-20 17:07 - 2017-05-25 17:27 - 00000000 ____D C:\ProgramData\VideoMemoryDiagnostic
    2017-05-20 17:07 - 2017-05-25 17:27 - 00000000 ____D C:\Program Files (x86)\Womuck Monitor
    2017-05-20 17:07 - 2017-05-25 17:20 - 00000000 ____D C:\Users\bobo\AppData\Roaming\Starech
    2017-05-20 17:07 - 2017-05-25 16:21 - 00001054 _____ C:\ProgramData\log.ewbt
    2017-05-20 17:07 - 2017-05-25 16:21 - 00000128 _____ C:\ProgramData\log.ewbb
    2017-05-20 17:07 - 2017-05-24 15:21 - 00000000 ____D C:\Program Files (x86)\Solescoohut
    2017-05-20 17:07 - 2017-05-20 17:08 - 00005998 _____ C:\Windows\System32\Tasks\Womuck Monitor
    2017-05-20 17:07 - 2017-05-20 17:08 - 00000000 ____D C:\Users\bobo\AppData\Local\Gerckfisosh
    2017-05-20 17:07 - 2017-05-20 17:07 - 00341192 ____N C:\ProgramData\tw5138797.exe
    2017-05-20 17:07 - 2017-05-20 17:07 - 00016708 _____ C:\Windows\System32\Tasks\4bop7Editor
    2017-05-20 17:07 - 2017-05-20 17:07 - 00000000 ____D C:\Windows\Azart
    2017-05-20 17:06 - 2017-05-20 17:06 - 01418757 _____ C:\Users\bobo\Downloads\FileViewPro_1.rar
    2017-05-20 16:52 - 2017-05-20 16:52 - 00000000 ____D C:\Users\bobo\AppData\Roaming\IsolatedStorage
    2017-05-20 16:52 - 2017-05-20 16:52 - 00000000 ____D C:\ProgramData\IsolatedStorage
    2017-05-20 16:51 - 2017-05-20 17:11 - 00000000 ____D C:\Users\bobo\AppData\Local\IIIQF
    2017-05-20 16:51 - 2017-05-20 16:51 - 00000000 ____D C:\Spacekace
    2017-05-20 16:50 - 2017-05-20 16:50 - 01838144 _____ (Solvusoft) C:\Users\bobo\Downloads\Setup_FileViewPro_2016.exe
    2017-05-25 16:21 - 2017-05-25 16:23 - 0000132 _____ () C:\ProgramData\log.binb
    2017-05-20 17:07 - 2017-05-25 16:21 - 0000128 _____ () C:\ProgramData\log.ewbb
    2017-05-20 17:07 - 2017-05-25 16:21 - 0001054 _____ () C:\ProgramData\log.ewbt
    2017-05-20 17:07 - 2017-05-20 17:07 - 0341192 ____N () C:\ProgramData\tw5138797.exe
    C:\ProgramData\tw5138797.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    Czy to jakis Twoj program:
    2017-05-20 15:59 - 2017-05-20 15:59 - 00000000 ____D C:\Users\bobo\AppData\Local\Pro-Project
    2017-05-20 15:52 - 2017-05-25 17:34 - 00001128 _____ C:\Users\Public\Desktop\Pro-Control.lnk
    2017-05-20 15:52 - 2017-05-20 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro-Project
    Czy tez czesc infekcji?

    0
  • #9 25 Maj 2017 20:13
    Kolobos
    Spec od komputerów

    Wszystko wyglada ok. Usun katalog C:\FRST i to wszystko.

    0