Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Google Chrome - initialpage 123 - logi frst windows 10

vw98 01 Cze 2017 22:11 522 11
  • #5 01 Cze 2017 22:39
    vw98
    Poziom 7  

    Usuwanie z chrome nic nie daje, wraca po ponownym otwarciu przegladarki.

    0
  • #6 01 Cze 2017 22:40
    Kolobos
    Spec od komputerów

    Zrob kopie zakladek z Chrome, skrypt usunie katalog profilu przegladarki utworzony przez infekcje.
    Usun tez dane synchronizacji Chrome z konta google: https://support.google.com/chrome/answer/6386691?hl=pl

    Odinstaluj: Driver Booster 4.0

    Wykonaj Fixlist.txt dla FRST:
    Online Application (x32 Version: 2.6.0 - Microleaves) Hidden <==== UWAGA

    Po wykonaniu odinstaluj Online Application.

    Wykonaj kolejny Fixlist.txt:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-930145276-819030296-2450678878-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\HALSKI\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-930145276-819030296-2450678878-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\HALSKI\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-930145276-819030296-2450678878-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\HALSKI\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku
    Task: {34C52B44-EF5B-42C4-8FAF-0EB54C048050} - System32\Tasks\Microsoft\Windows\DeviceSettings\Shivesewfe => msiexec.exe /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/oc...3219913727_263875_2E898AA1&amp;d=20170601 /q <==== UWAGA
    Task: {3F1BADA9-E37F-4395-9330-755167781B08} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {64DB3EBA-1C5A-4B83-9999-09549BA242FB} - System32\Tasks\Nogisphaniing Log => C:\Program Files (x86)\Droludom\yaupdcache.exe [2017-06-01] ()
    Task: {6972ACDF-0555-4865-88B5-F94FF987F740} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {797F57E1-763B-495B-8E9B-E4E975BBCB7F} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {84DCB0FA-E057-4927-8D82-4E744D2A7C17} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\Scheduler.exe [2016-09-20] (IObit)
    Task: {95C5E252-5190-4B53-8AA6-F5845912DBBE} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - HALSKI) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {AC32FF48-E69B-4F18-A503-5810FD7D9288} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== UWAGA




    Task: {EAE74449-F7B0-4445-B70A-0595CE61A626} - System32\Tasks\Driver Booster SkipUAC (HALSKI) => C:\Program Files (x86)\IObit\Driver Booster\4.0.4\DriverBooster.exe [2016-10-09] (IObit)
    Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - HALSKI).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\HALSKI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9f2e11d859bacf42\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=conaingtitckly
    2017-06-01 14:11 - 2017-06-01 14:11 - 00308224 _____ () C:\Program Files (x86)\Nogisphaniing Log\local64spl.dll
    e2017-04-26 00:06 - 2017-04-26 00:06 - 01573888 _____ () C:\Users\HALSKI\AppData\Roaming\vnlgp\vnlgp.exe
    () C:\Users\HALSKI\AppData\Roaming\vnlgp\vnlgp.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
    HKLM\...\Run: [vnlgp] => C:\Users\HALSKI\AppData\Roaming\vnlgp\vnlgp.exe [1573888 2017-04-26] () <===== UWAGA
    HKLM\...\Providers\hfwq7pvx: C:\Program Files (x86)\Nogisphaniing Log\local64spl.dll [308224 2017-06-01] ()
    ShellExecuteHooks: Brak nazwy - {D6C8E98A-41E2-11E7-8F95-64006A5CFC23} - C:\Users\HALSKI\AppData\Roaming\Chugophwabory\Dhesyserberward.dll -> Brak pliku
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    CHR DefaultProfile: conaingtitckly
    CHR HomePage: conaingtitckly -> hxxp://www.google.pl/
    CHR StartupUrls: conaingtitckly -> "hxxp://www.initialpage123.com/?z=d87bff92fb5f060bf89844bg7z3t5q7c1g3t3e2b5t&from=wak&uid=3219913727_263875_2E898AA1&type=hp"
    CHR Profile: C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly [2017-06-01] <==== UWAGA
    C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly
    CHR Extension: (Prezentacje Google) - C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-01]
    CHR Extension: (Dokumenty Google) - C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-01]
    CHR Extension: (Dysk Google) - C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-01]
    CHR Extension: (YouTube) - C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-01]
    CHR Extension: (Arkusze Google) - C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-01]
    CHR Extension: (Dokumenty Google offline) - C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-01]
    CHR Extension: (Backspace to go Back) - C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly\Extensions\nlffgllnjjkheddehpolbanogdeaogbc [2016-10-03]
    CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
    CHR Extension: (Gmail) - C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-01]
    CHR Extension: (Chrome Media Router) - C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\conaingtitckly\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-14]
    2017-06-01 20:32 - 2017-06-01 20:32 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
    2017-06-01 20:32 - 2017-06-01 20:32 - 00003644 _____ C:\WINDOWS\System32\Tasks\Milimili
    2017-06-01 20:32 - 2017-06-01 20:32 - 00000000 ____D C:\Users\HALSKI\AppData\Roaming\WinSAPSvc
    2017-06-01 20:32 - 2017-06-01 20:32 - 00000000 ____D C:\Users\HALSKI\AppData\Local\glory
    2017-06-01 20:32 - 2017-06-01 20:32 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-06-01 20:32 - 2017-06-01 20:32 - 00000000 ____D C:\Program Files (x86)\BJBMD
    2017-06-01 14:16 - 2017-06-01 14:16 - 00000000 ____D C:\ProgramData\Microleaves
    2017-06-01 14:13 - 2017-06-01 14:14 - 00000406 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
    2017-06-01 14:13 - 2017-06-01 14:14 - 00000374 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
    2017-06-01 14:13 - 2017-06-01 14:14 - 00000374 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
    2017-06-01 14:13 - 2017-06-01 14:14 - 00000374 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
    2017-06-01 14:13 - 2017-06-01 14:13 - 00003300 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
    2017-06-01 14:13 - 2017-06-01 14:13 - 00003264 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
    2017-06-01 14:13 - 2017-06-01 14:13 - 00003264 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
    2017-06-01 14:13 - 2017-06-01 14:13 - 00003264 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
    2017-06-01 14:13 - 2017-06-01 14:13 - 00002560 _____ C:\WINDOWS\system32\Drivers\201761_141353892_CheckPoint_Dump.txt
    2017-06-01 14:13 - 2017-06-01 14:13 - 00000256 _____ C:\WINDOWS\system32\Drivers\201761_141353892_SHIM_Dump.txt
    2017-06-01 14:13 - 2017-06-01 14:13 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-06-01 14:12 - 2017-06-01 14:12 - 00000000 ____D C:\Users\HALSKI\AppData\Roaming\Microleaves
    2017-06-01 14:12 - 2017-06-01 14:12 - 00000000 ____D C:\Users\HALSKI\AppData\Local\AdvinstAnalytics
    2017-06-01 14:11 - 2017-06-01 20:34 - 00000000 ____D C:\Users\HALSKI\AppData\Roaming\Chugophwabory
    2017-06-01 14:11 - 2017-06-01 19:35 - 00000000 ____D C:\Program Files (x86)\Droludom
    2017-06-01 14:11 - 2017-06-01 14:12 - 00000000 ____D C:\Users\HALSKI\AppData\Local\Tajtanozosp
    2017-06-01 14:11 - 2017-06-01 14:11 - 00006120 _____ C:\WINDOWS\System32\Tasks\Nogisphaniing Log
    2017-06-01 14:11 - 2017-06-01 14:11 - 00000000 ____D C:\Users\HALSKI\AppData\Roaming\vnlgp
    2017-06-01 14:11 - 2017-06-01 14:11 - 00000000 ____D C:\Program Files (x86)\Nogisphaniing Log
    2017-06-01 12:16 - 2017-06-01 20:47 - 00003034 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (HALSKI)
    2017-06-01 12:16 - 2017-06-01 12:16 - 00002780 _____ C:\WINDOWS\System32\Tasks\SlimCleaner Plus (Scheduled Scan - HALSKI)
    2017-06-01 12:16 - 2017-06-01 12:16 - 00002564 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • #7 01 Cze 2017 23:05
    vw98
    Poziom 7  

    po uruchomieniu przegladarki wskakuje google ale w ustawieniach dalej widnieje initialpage123. Nie wiem jak to calkowicie usunac.

    0
  • #9 01 Cze 2017 23:07
    Kolobos
    Spec od komputerów

    Usunales dane synchronizacji z konta google?

    Odinstaluj Chrome, usun katalog profilu z C:\Users\HALSKI\AppData\Local\Google\Chrome\User Data\
    Usun skrot, ktorym uruchamiasz Chrome i zainstaluj Chrome ponownie.

    0
  • #10 01 Cze 2017 23:09
    vw98
    Poziom 7  

    tak, synchronizacja usunieta.

    0
  • #11 01 Cze 2017 23:12
    Kolobos
    Spec od komputerów

    Zrob tak jak napisalem.

    0
  • #12 01 Cze 2017 23:23
    vw98
    Poziom 7  

    Jest ok. W ustawieniach juz tego nie ma. Co prawada nie widze tego adresu, ktory podales ale jest ok jak na razie. Dzieki pozdrawiam.

    0