Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Problem z mail.ru - po skanach w AdwCleaner, frst,

Puchcio 14 Sty 2018 19:32 219 1
  • #1 14 Sty 2018 19:32
    Puchcio
    Poziom 1  

    Witam
    również i ja złapałem to ruskie g..., :)
    proszę o pomoc , niestety AdwCleaner nie dał sobie rady.

    Wykonałem skan w FRST.
    na dole zamieszam logi z programu.

    Prosze bnardzo o pomoc

    ps. wiem ze dużo śmieci mam poinstalowane, cóz bedę musiał w końcu się tym zająć :)

    0 1
  • #2 14 Sty 2018 19:40
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Driver Booster 4.4
    Reimage Repair

    Wykonaj Fixlist.txt dla FRST:
    Task: {11F0A314-6E1E-42CA-A70A-C5259F303FD0} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    Task: {3209B161-1D4A-431F-AC30-651323F6E611} - System32\Tasks\dzopercomjhar => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" dzoper.com/jhar <==== UWAGA
    Task: {333F4753-7E87-4D9D-934B-0FB8C49E0960} - System32\Tasks\Driver Booster SkipUAC (KanaMaxBit) => C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe [2017-05-03] (IObit)
    Task: {33CE3467-B3DE-444B-9D31-89769CB18323} - System32\Tasks\EvHoOeiaME => C:\Users\KanaMaxBit\oAgnwIe.exe [2017-09-29] (Microsoft Corporation)
    Task: {42A63F90-CE64-4B29-AC16-08F0D92DCC48} - System32\Tasks\curls => C:\Users\KanaMaxBit\AppData\Roaming\curl\curl.exe <==== UWAGA
    Task: {53E6B4E4-E8EB-4C22-9781-EE07BA0E4EBF} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-09-11] (Reimage®) <==== UWAGA
    Task: {AB27921E-B222-4B1E-AAA6-CD52DE3D9EFC} - System32\Tasks\curl => C:\Users\KanaMaxBit\AppData\Roaming\curl\curl_7_54.exe [2018-01-06] (curl, hxxps://curl.haxx.se/) <==== UWAGA
    Task: {B0AB0147-837C-43C9-B7B3-CF03F517C9A4} - System32\Tasks\HqOwmaOlpA => C:\Program Files (x86)\ZoghAv.bat [2017-09-29] () <==== UWAGA
    Task: {B9E411E6-7983-4AF9-AB1B-46B5BBCFC23C} - System32\Tasks\naAYEAoWUpZ => C:\WINDOWS\SysWOW64\UPZYIqEoEIzf.bat [2017-09-29] () <==== UWAGA
    () C:\Windows\Microsoft\svchost.exe
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    HKLM\...\Winlogon: [Userinit] C:\Users\KanaMaxBit\AppData\Local\Kometa\StartButton\kometastartvx64.exe,C:\Windows\system32\userinit.exe,
    HKU\S-1-5-21-604998330-1221812479-3377751354-1001\...\Run: [ycAutoLaunch_871E5F0FBC5F1675E1AB795583546579] => "C:\Users\KanaMaxBit\AppData\Local\yc\Application\yc.exe" /prefetch:5
    HKU\S-1-5-21-604998330-1221812479-3377751354-1001\...\Run: [fqciudxwwz] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=9099E5AF3FC78E1646489A9115986333&utm_d=20180106" <==== UWAGA
    HKU\S-1-5-21-604998330-1221812479-3377751354-1001\...\MountPoints2: {27a316b4-f4ed-11e7-9f11-d8cb8ac5221e} - "J:\setup.exe"
    HKU\S-1-5-21-604998330-1221812479-3377751354-1001\...\MountPoints2: {2d30df3a-35e4-11e7-9ecf-d8cb8ac5221e} - "E:\setup.exe"
    GroupPolicy: Ograniczenia <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    Tcpip\..\Interfaces\{263d2145-d471-46ce-bb97-8ff1ae7ce1e7}: [NameServer] 35.177.46.238,46.101.28.31,82.202.226.203,62.21.99.94,62.21.99.95
    HKU\S-1-5-21-604998330-1221812479-3377751354-1001\Software\Microsoft\Internet Explorer\Main,Start Page =




    HKU\S-1-5-21-604998330-1221812479-3377751354-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKU\S-1-5-21-604998330-1221812479-3377751354-1001 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-604998330-1221812479-3377751354-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B805E04B0-6F44-4D10-AA68-D64FDD6DB521%7D&gp=811142
    FF Homepage: Mozilla\Firefox\Profiles\cvm4ogjl.default -> hxxp://mail.ru/cnt/10445?gp=811141
    FF Extension: (Домашняя страница Mail.Ru) - C:\Users\KanaMaxBit\AppData\Roaming\Mozilla\Firefox\Profiles\cvm4ogjl.default\Extensions\homepage@mail.ru.xpi [2018-01-14]
    C:\Users\KanaMaxBit\AppData\Roaming\Mozilla\Firefox\Profiles\cvm4ogjl.default\Extensions\homepage@mail.ru.xpi
    C:\Users\KanaMaxBit\AppData\Roaming\Mozilla\Firefox\Profiles\cvm4ogjl.default\Extensions\search@mail.ru.xpi
    FF Extension: (Mail.Ru) - C:\Users\KanaMaxBit\AppData\Roaming\Mozilla\Firefox\Profiles\cvm4ogjl.default\Extensions\search@mail.ru.xpi [2018-01-14]
    C:\Users\KanaMaxBit\AppData\Roaming\Mozilla\Firefox\Profiles\cvm4ogjl.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi
    FF Extension: (Пульт) - C:\Users\KanaMaxBit\AppData\Roaming\Mozilla\Firefox\Profiles\cvm4ogjl.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi [2018-01-14]
    FF HKU\S-1-5-21-604998330-1221812479-3377751354-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => nie znaleziono
    CHR HomePage: Default -> inline.go.mail.ru
    CHR DefaultSearchURL: Default -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.23
    CHR DefaultSearchKeyword: Default -> inline.go.mail.ru
    CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [bhjhnafpiilpffhglajcaepjbnbjemci] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dijfnbhlogmffhgpelodglnnkncadnbi] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hcadgijmedbfgciegjomfpjcdchlhnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [indjgiebmakhmnaplnlnanodkfiejfjd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ligncphnohhjkgekjkghahajihclailj] - hxxps://clients2.google.com/service/update2/crx
    R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8602992 2017-09-11] (Reimage®)
    R2 SvcHost Service Host; C:\Windows\Microsoft\svchost.exe [0 ] () <==== UWAGA (zerobajtowy plik/folder)
    2018-01-14 19:17 - 2018-01-14 19:22 - 000000000 ____D C:\Users\KanaMaxBit\Downloads\FRST-OlderVersion
    2018-01-14 19:02 - 2018-01-14 19:02 - 000004362 _____ C:\WINDOWS\System32\Tasks\ReimageUpdater
    2018-01-14 19:01 - 2018-01-14 19:02 - 000000140 _____ C:\WINDOWS\Reimage.ini
    2018-01-14 19:01 - 2018-01-14 19:02 - 000000000 ____D C:\rei
    2018-01-14 19:01 - 2018-01-14 19:02 - 000000000 ____D C:\ProgramData\Reimage Protector
    2018-01-14 19:01 - 2018-01-14 19:01 - 000605424 _____ (Reimage) C:\Users\KanaMaxBit\Downloads\ReimageRepair.exe
    2018-01-14 19:01 - 2018-01-14 19:01 - 000001886 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
    2018-01-14 19:01 - 2018-01-14 19:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2018-01-14 19:01 - 2018-01-14 19:01 - 000000000 ____D C:\Program Files\Reimage
    2018-01-14 18:32 - 2018-01-14 18:32 - 000016448 _____ C:\Users\KanaMaxBit\Downloads\[torrenty.to] RegRun Security Suite Platinum 8 20 0 520 [ENG] [FULL].torrent
    2018-01-14 06:05 - 2018-01-14 06:05 - 000000000 ____D C:\Users\KanaMaxBit\AppData\LocalLow\Empyrean
    2018-01-14 05:56 - 2018-01-14 18:52 - 000003582 _____ C:\WINDOWS\System32\Tasks\HqOwmaOlpA
    2018-01-14 05:56 - 2018-01-14 17:56 - 000003388 _____ C:\WINDOWS\System32\Tasks\naAYEAoWUpZ
    2018-01-14 05:56 - 2018-01-14 06:00 - 000000000 ____D C:\Users\KanaMaxBit\AppData\LocalLow\Unity
    2018-01-14 05:56 - 2018-01-14 06:00 - 000000000 ____D C:\Users\KanaMaxBit\AppData\Local\Unity
    2018-01-14 05:56 - 2018-01-14 05:56 - 000003728 _____ C:\WINDOWS\System32\Tasks\EvHoOeiaME
    2018-01-14 05:56 - 2018-01-14 05:56 - 000000001 _____ C:\Users\KanaMaxBit\AppData\Local\WMI.ini
    2018-01-14 05:56 - 2018-01-14 05:56 - 000000000 ____D C:\Users\KanaMaxBit\AppData\Local\Go!
    2018-01-14 05:56 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Users\KanaMaxBit\oAgnwIe.exe
    2018-01-14 05:56 - 2017-09-29 14:42 - 000001169 _____ C:\WINDOWS\SysWOW64\siFcTABw
    2018-01-14 05:56 - 2017-09-29 14:42 - 000001082 _____ C:\WINDOWS\SysWOW64\IoMuOsJoqjuCI
    2018-01-14 05:56 - 2017-09-29 14:42 - 000000063 _____ C:\WINDOWS\SysWOW64\UPZYIqEoEIzf
    2018-01-14 05:56 - 2017-09-29 14:42 - 000000058 _____ C:\Program Files (x86)\ZoghAv
    2018-01-14 05:55 - 2018-01-14 05:55 - 000022624 _____ C:\Users\KanaMaxBit\Downloads\house-flipper-v0_1_2_34239.torrent
    2018-01-14 05:55 - 2018-01-14 05:55 - 000003726 _____ C:\WINDOWS\System32\Tasks\dzopercomjhar
    2018-01-14 05:54 - 2018-01-14 05:54 - 000000500 _____ C:\Users\KanaMaxBit\Downloads\house-flipper-v0_1_2_34239_O7SAKC.torrent
    2018-01-06 20:27 - 2018-01-14 18:50 - 000000000 ____D C:\AdwCleaner
    2018-01-06 20:25 - 2018-01-06 20:25 - 001609929 _____ (Nohonan ) C:\Users\KanaMaxBit\Downloads\AdwCleaner 7.0.6.0_0173833501 (1).exe
    2018-01-06 20:24 - 2018-01-06 20:24 - 001609929 _____ (Nohonan ) C:\Users\KanaMaxBit\Downloads\ComboFix 17.12.11.1_2735539549 (1).exe
    2018-01-06 20:23 - 2018-01-06 20:23 - 001609929 _____ (Nohonan ) C:\Users\KanaMaxBit\Downloads\AdwCleaner 7.0.6.0_0173833501.exe
    2018-01-06 16:30 - 2018-01-06 16:30 - 005659243 _____ (Swearware) C:\Users\KanaMaxBit\Downloads\ComboFix 17.12.11.1.exe
    2018-01-06 16:29 - 2018-01-06 16:30 - 001609929 _____ (Nohonan ) C:\Users\KanaMaxBit\Downloads\ComboFix 17.12.11.1_2735539549.exe
    2018-01-06 15:45 - 2018-01-06 23:43 - 000000008 __RSH C:\Users\KanaMaxBit\ntuser.pol
    2018-01-06 08:58 - 2018-01-12 10:06 - 000000000 ____D C:\Users\KanaMaxBit\AppData\Roaming\curl
    2018-01-06 08:58 - 2018-01-06 08:58 - 000003640 _____ C:\WINDOWS\System32\Tasks\curl
    2018-01-06 08:58 - 2018-01-06 08:58 - 000003430 _____ C:\WINDOWS\System32\Tasks\curls
    2018-01-06 08:56 - 2018-01-06 08:56 - 000978888 _____ C:\WINDOWS\system32\AppFrameHost.exe~deleted
    2018-01-06 08:54 - 2018-01-06 20:34 - 000000000 ____D C:\Users\KanaMaxBit\AppData\Local\indexer
    2018-01-06 08:50 - 2018-01-06 23:42 - 000000008 __RSH C:\ProgramData\ntuser.pol
    2018-01-14 05:56 - 2017-09-29 14:42 - 000059904 _____ (Microsoft Corporation) C:\Users\KanaMaxBit\oAgnwIe.exe
    2018-01-14 05:56 - 2017-09-29 14:42 - 000000058 _____ () C:\Program Files (x86)\ZoghAv
    2017-09-29 14:42 - 2017-09-29 14:42 - 000000058 _____ () C:\Program Files (x86)\ZoghAv.bat
    2018-01-14 05:56 - 2017-09-29 14:42 - 000174592 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\hpBijGe.exe
    2017-10-05 20:07 - 2017-10-06 10:38 - 000007602 _____ () C:\Users\KanaMaxBit\AppData\Local\resmon.resmoncfg
    2018-01-14 05:56 - 2018-01-14 05:56 - 000000001 _____ () C:\Users\KanaMaxBit\AppData\Local\WMI.ini
    EmptyTemp:

    Usun katalog C:\FRST po wykonaniu.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0