Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] adware chrome otwiera exinariuminix.info

narauszu 18 Paź 2018 20:32 111 3
  • #1 18 Paź 2018 20:32
    narauszu
    Poziom 2  

    Dobry wieczór,
    od kilku dni mam problem z jakimś adwarem, który bardzo mnie wkurza. System przeskanowany Esetem Smart Security, Adwcleaner, Spybotsd , niestety nic nie dało. Dalej podczas uruchamiania otwiera się na sekunde konsola cmd, nastepnie chrome ze strona exinariuminix.info a eset ją blokuje. Przeskanowalem FRST i coś znalazło, ale nie wiem jak zrobic fixlist. Załączam plik FRST i Addition. Prosze o pomoc. Z gory uprzejmie dziekuje

    0 3
  • Pomocny post
    #2 18 Paź 2018 21:16
    Kolobos
    Spec od komputerów

    Odinstaluj Spybot - Search & Destroy

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {0DE22517-8F69-4EB7-800F-CFD89B543E85} - System32\Tasks\{E56AF663-D385-4E37-9E65-53C4BCF6DB26} => C:\Windows\system32\pcalua.exe -a "C:\Users\hp\Desktop\pobrane\Eset.Smart.Security.8.0.304.2.PL\Eset.Smart.Security 8.0.304.2.PL\eset_8_64\FIX\FIX\box, mara-fix v1.8\Eset fix.exe" -d "C:\Users\hp\Desktop\pobrane\Eset.Smart.Security.8.0.304.2.PL\Eset.Smart.Security 8.0.304.2.PL\eset_8_64\FIX\FIX\box, mara-fix v1.8"
    Task: {14712B5C-7261-4329-9589-E806BC31089A} - System32\Tasks\{67B66243-1AF3-4FAB-9DD5-CD4AD8F1D957} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enGB --uid=battle.net --displayname="Battle.net"
    Task: {2B659DD8-ED58-4A6D-AA64-2150FD91F1A6} - System32\Tasks\hdtotal1.1-enabler => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-enabler.exe
    Task: {308C53B1-CBB4-4D55-844F-421D6C8CE9A4} - System32\Tasks\hdtotal1.1-updater => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-updater.exe
    Task: {3819C76C-354E-481B-B754-75FEBDFF77C0} - System32\Tasks\{47A32A3D-6A25-4691-9102-A7D4CEBA212F} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\hdtotal1.1\Uninstall.exe" -c /fromcontrolpanel=1
    Task: {413575C0-FAF1-41D6-917C-84BF06FF6267} - System32\Tasks\hdtotal1.1-codedownloader => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exe
    Task: {4F4F1572-6529-481A-ABCD-247FE289C160} - System32\Tasks\{85B77F6A-4D6D-4B9B-AD5B-3BEA4631C9C4} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.14.0.104&LastError=12007
    Task: {9521664D-8EF9-46AD-A08F-55EA309BF813} - System32\Tasks\{82A92E0C-155A-4D66-B7D0-A89F67E24772} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe" -c uplay://uninstall/895
    Task: {979608C1-FBC1-449C-B1B3-E924D9DBB01D} - System32\Tasks\{CBF651B1-0AC9-40FA-B699-C7F4E26A1A95} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe" -c uplay://uninstall/895
    Task: {BE9A985F-C6A5-499E-8239-AE49E966283A} - System32\Tasks\hp => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v hp /t REG_SZ /d "cmd.exe /c start www.exinariuminix.info"
    Task: {E3F0D891-0669-4872-B2F0-C26BA9B12F32} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.)




    Task: {E7E3BD54-5F45-4E2C-8F85-D993789675DC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2018-04-20] (Safer-Networking Ltd.)
    Task: {EA0205D7-0EBF-4B3D-8635-7B5E8578F47D} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
    Task: C:\WINDOWS\Tasks\hdtotal1.1-codedownloader.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exeȳ/reinstallapp /runfrom=task /agentregpath='hdtotal1.1' /appid=53360 /srcid='001287' /subid='0' /zdata='0/' /bic=EF4B018FDF3B489B94E98F53F7939628IE /verifier=9e8a51ae8f911296d1d11d7984ba4c6e /installerversion=1_34_3_6 /installerfullversion=1.34.3.6 /installationtime=1394559167 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /codedownloaddomain=hxxp:/app-static.crossrider.com /defbro=ff /allusers /autoupdateulr='hxxp:/update.srvstatsdata.com/ie_code_agent_updates/{CAMP_ID}/update.jso
    Task: C:\WINDOWS\Tasks\hdtotal1.1-enabler.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-enabler.exeȈ/enablebho /agentregpath='hdtotal1.1' /appid=53360 /srcid='001287' /subid='0' /zdata='0/' /bic=EF4B018FDF3B489B94E98F53F7939628IE /verifier=9e8a51ae8f911296d1d11d7984ba4c6e /installerversion=1_34_3_6 /installationtime=1394559167 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /bhoguid=11111111-1111-1111-1111-110511331160 /defbro=ff /useiepol /allusers /autoupdateulr='hxxp:/update.srvstatsdata.com/ie_enable_agent_updates/{CAMP_ID}/update.jso
    Task: C:\WINDOWS\Tasks\hdtotal1.1-updater.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-updater.exeɑ/runupdater /agentregpath='hdtotal1.1' /appid=53360 /srcid='001287' /subid='0' /zdata='0/' /bic=EF4B018FDF3B489B94E98F53F7939628IE /verifier=9e8a51ae8f911296d1d11d7984ba4c6e /installerversion=1_34_3_6 /installationtime=1394559167 /statsdomain=hxxp:/stats.srvstatsdata.com /errorsdomain=hxxp:/errors.srvstatsdata.com /geoserviceurl=hxxp:/ipgeoapi.com/ /updatejsondomain=hxxp:/update.srvstatsdata.com /updaterversion=2 /monetizationdomain=hxxp:/stats.mstatsserv.com /autoupdateulr='hxxp:/update.srvstatsdata.com/updater_agent_updates/{CAMP_ID}/update.jso
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForhp.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\Run: [GalaxyClient] => [X]
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [3670472 2015-07-28] (ALLPlayer Group Ltd.)
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\Run: [Napisy24Update] => "C:\Program Files (x86)\Napisy24\Napisy24Update.exe" "sleep"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [6168768 2016-09-15] (ALLPlayer Group Ltd.)
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\Run: [hp] => cmd.exe /c start www.exinariuminix.info
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {07ca78e7-4eb4-11e8-bfe1-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {0a7f894e-bf06-11e7-bfa1-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {0da14cae-108e-11e8-bfd3-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {167cf78a-5a43-11e7-bf98-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {167cfecb-5a43-11e7-bf98-8056f2257e9e} - "F:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {167d034f-5a43-11e7-bf98-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {21210bb3-92ff-11e8-bfed-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {21210f9d-92ff-11e8-bfed-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {28bf5456-118a-11e7-bf90-a0481c20ab8f} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {2db4726e-3c80-11e5-bf55-a0481c20ab8f} - "J:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {4dd82647-e8cc-11e4-bf48-a0481c20ab8f} - "F:\AutoRun.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {5cd58fdb-8e03-11e6-bf83-a0481c20ab8f} - "G:\setup.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {62bbcc55-ccd1-11e6-bf8a-a0481c20ab8f} - "F:\AutoRun.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {6dff307e-e196-11e7-bfb2-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {889e0bef-524a-11e6-bf81-a0481c20ab8f} - "J:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {889e0c22-524a-11e6-bf81-a0481c20ab8f} - "J:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {ab696845-a943-11e3-befc-001e101f7c59} - "J:\Autorun.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {b3719058-7050-11e5-8250-8056f2257e9e} - "J:\AutoRun.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {b3e7b838-4290-11e5-bf55-a0481c20ab8f} - "J:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {de9972da-55f1-11e8-bfe2-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {e813e48d-5fa7-11e5-bf5a-a0481c20ab8f} - "F:\AutoRun.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {eade8f3c-1d4f-11e8-bfda-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {edae695f-8e07-11e6-bf84-a0481c20ab8f} - "F:\setup.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {ff0e9cca-32a7-11e8-bfdf-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\...\MountPoints2: {ff0e9d41-32a7-11e8-bfdf-8056f2257e9e} - "F:\HiSuiteDownLoader.exe"
    BootExecute: autocheck autochk * sdnclean64.exe
    SearchScopes: HKLM -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...b-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...b-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-1534752614-3862795124-1614571985-1001 -> {E2BB1ED6-9457-4365-94D7-F1A1AAB8B2D4} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...b-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    BHO: hdtotal1.1 -> {11111111-1111-1111-1111-110511331160} -> Brak pliku
    FF NewTab: Mozilla\Firefox\Profiles\0b3shypk.default -> hxxps://pl.search.yahoo.com/yhs/web?hspart=lv...ebcompa__1_0__ya__hp_WCYID10269__170212__yaff
    CHR HKU\S-1-5-21-1534752614-3862795124-1614571985-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
    S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]
    S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
    S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusb_cdcacm; \SystemRoot\system32\DRIVERS\ew_cdcacm.sys [X]
    S3 hwusb_wwanecm; \SystemRoot\system32\DRIVERS\ew_wwanecm.sys [X]
    2018-10-18 20:02 - 2018-10-18 20:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2018-10-18 20:01 - 2018-10-18 20:08 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2018-10-18 20:01 - 2018-10-18 20:05 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2018-10-18 20:01 - 2018-10-18 20:01 - 000001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2018-10-18 20:01 - 2018-10-18 20:01 - 000001362 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2018-10-18 20:01 - 2018-10-18 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2018-10-18 20:01 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
    2018-10-18 20:00 - 2018-10-18 20:00 - 005660510 _____ (Swearware) C:\Users\hp\Downloads\ComboFix.exe
    2018-10-18 19:59 - 2018-10-18 19:59 - 069910960 _____ (Safer-Networking Ltd. ) C:\Users\hp\Downloads\spybotsd-2.7.64.0.exe
    2018-10-18 19:25 - 2018-10-18 19:26 - 000000000 ____D C:\AdwCleaner
    2018-09-29 20:49 - 2018-09-29 20:49 - 000003484 _____ C:\WINDOWS\System32\Tasks\hp
    2018-10-18 20:08 - 2014-03-11 19:33 - 000001510 _____ C:\WINDOWS\Tasks\hdtotal1.1-updater.job
    2018-10-18 20:08 - 2014-03-11 19:33 - 000001464 _____ C:\WINDOWS\Tasks\hdtotal1.1-codedownloader.job
    2018-10-18 20:08 - 2014-03-11 19:33 - 000001364 _____ C:\WINDOWS\Tasks\hdtotal1.1-enabler.job

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #3 18 Paź 2018 22:24
    narauszu
    Poziom 2  

    Dziekuje uprzejmie problem rozwiazany .

    0
  • #4 18 Paź 2018 22:25
    narauszu
    Poziom 2  

    Dziekuje uprzejmie problem rozwiazany .

    Dodano po 49 [sekundy]:

    fix rozwiazal problem adware usuniete

    0