Keylogger

Witam jak sprawdzić, usunąć keyloggera.

Nowy log obowiązkowy - Farbar Recovery Scan Tool

Shortcut

W panelu sterowania odinstaluj:

iMacros for Chrome

EaxstRaSaaviongS

MoinnimumPorrIcee

iWebar

YouTube Accelerator

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKU\S-1-5-21-746133444-1442449813-3303746867-1000\...\Run: [GoobzoYouTubeAccelerator] => "C:\Program Files\YouTube Accelerator\YouTubeAccelerator.exe" /startup
HKU\S-1-5-21-746133444-1442449813-3303746867-1000\...\Run: [jnh32.exe] => C:\Users\Avejzi\Downloads\Tibia ElfBot v10.72\mvs64\dre32.exe
HKU\S-1-5-21-746133444-1442449813-3303746867-1000\...\Run: [iexplore] => C:\Users\Avejzi\AppData\Roaming\mksas\iexplore.exe [244728 2015-01-14] (Maximization3)
HKU\S-1-5-21-746133444-1442449813-3303746867-1000\...\Run: [MSTime] => C:\Users\Avejzi\AppData\Roaming\svchost.exe [86528 2015-01-19] ()
HKU\S-1-5-21-746133444-1442449813-3303746867-1000\...\Winlogon: [Shell] C:\Users\Avejzi\AppData\Roaming\MicrosoftServices\MicrosoftServices\computer.exe [588288 2015-01-19] (Zhqls Hxzms) <==== ATTENTION 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1419882492&from=wpc&uid=395049983_397234_76C39036&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1419882492&from=wpc&uid=395049983_397234_76C39036&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1419882492&from=wpc&uid=395049983_397234_76C39036&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1419882492&from=wpc&uid=395049983_397234_76C39036&q={searchTerms}
BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll (Goobzo Ltd.)
CHR Extension: (SahopoDrrop) - C:\Users\Avejzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdgnaidbbchfdjfdplffaghojcmaonmb [2015-01-13]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-12] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-12] (globalUpdate) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-12-29] (Cherished Technololgy LIMITED)
R2 YouTubeAcceleratorService; C:\Program Files\YouTube Accelerator\YouTubeAcceleratorService.exe [1510248 2015-01-12] (GOOBZO)
R1 {549b1cd8-769f-468a-ad93-f57bfc8402c2}Gw; C:\Windows\System32\drivers\{549b1cd8-769f-468a-ad93-f57bfc8402c2}Gw.sys [43152 2015-01-12] (StdLib)
2015-01-26 00:59 - 2015-01-26 00:59 - 00000000 ____ D () C:\Program Files\MoinnimumPorrIcee
2015-01-26 00:59 - 2015-01-26 00:59 - 00000000 ____ D () C:\Program Files\EaxstRaSaaviongS
2015-01-26 00:57 - 2015-01-26 00:57 - 00000000 ____ D () C:\ProgramData\e57bbec0000002bd
2015-01-15 01:15 - 2015-01-15 01:15 - 00000000 ____ D () C:\Users\Avejzi\AppData\Roaming\MicrosoftServices
2015-01-15 00:54 - 2015-01-15 00:54 - 00000000 ____ D () C:\Users\Avejzi\AppData\Roaming\mksas
2015-01-15 00:50 - 2015-01-13 14:38 - 00000024 _____ () C:\Users\Avejzi\AppData\Roaming\tbi72.dll
2015-01-13 11:28 - 2015-01-26 00:59 - 00000000 ____ D () C:\ProgramData\MoinnimumPorrIcee
2015-01-13 11:26 - 2015-01-26 00:59 - 00000000 ____ D () C:\ProgramData\EaxstRaSaaviongS
2015-01-12 19:18 - 2015-01-12 19:18 - 00000000 ____ D () C:\ProgramData\23405448
2015-01-12 19:16 - 2015-01-12 19:16 - 00000000 ____ D () C:\Program Files\ReguulariDeals
2015-01-12 19:10 - 2015-01-12 19:10 - 00000000 ____ D () C:\Users\Avejzi\AppData\Local\globalUpdate
2015-01-12 19:10 - 2015-01-12 19:10 - 00000000 ____ D () C:\Program Files\globalUpdate
2015-01-12 19:08 - 2015-01-12 05:39 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{549b1cd8-769f-468a-ad93-f57bfc8402c2}Gw.sys
2015-01-12 18:59 - 2015-01-12 18:59 - 00001104 _____ () C:\Users\Orkus\Desktop\YouTube Accelerator.lnk
2015-01-12 18:59 - 2015-01-12 18:59 - 00000000 ____ D () C:\Users\Public\Documents\GOOBZO
2015-01-12 18:59 - 2015-01-12 18:59 - 00000000 ____ D () C:\ProgramData\YTAHelper
2015-01-12 18:59 - 2015-01-12 18:59 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator
2015-01-09 23:17 - 2015-01-09 23:17 - 00000000 ____ D () C:\ProgramData\cgklmpaiidpcnhahpidhhmgfgiejfmhi
2015-01-06 21:35 - 2015-01-13 11:02 - 00000000 ____ D () C:\ProgramData\ReguulariDeals
2015-01-06 21:34 - 2015-01-13 11:02 - 00000000 ____ D () C:\ProgramData\DealExporEEss
2015-01-06 21:14 - 2015-01-26 00:59 - 00000000 ____ D () C:\ProgramData\db1a2c543538f7fa
2014-12-29 20:48 - 2014-12-29 20:48 - 00000000 ____ D () C:\ProgramData\IePluginServices
2014-12-29 20:44 - 2014-12-29 20:44 - 00000000 ____ D () C:\ProgramData\hkpkalhfppmkckihnjlkhcaejjiagbpd
2014-12-29 20:44 - 2014-12-29 20:44 - 00000000 ____ D () C:\ProgramData\15787980183882495994
2014-12-29 20:44 - 2014-12-29 20:44 - 00000000 ____ D () C:\Program Files\uunissaless
C:\Users\Avejzi\AppData\Roaming\*.exe
Task: {0138B06C-7850-49D0-BDB5-1CA41C9C7559} - System32\Tasks\{519BC4B7-54AF-4FA4-8326-29201D0A6969} => pcalua.exe -a "C:\Program Files\YouTube Accelerator\YTAUninstall.exe"
Task: {1573E689-28DB-43BB-835E-2C9C4D24A931} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-18] (Google Inc.)
Task: {4B63FDE2-BAF1-4E61-B263-B2B6A35B89DA} - System32\Tasks\YTAHelper => C:\Program Files\YTAHelper\YTAHelper.exe <==== ATTENTION
Task: {9438696A-931C-4C76-B013-9B3D3CFD4890} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2015-01-12] (globalUpdate) <==== ATTENTION
Task: {97AC9BFB-E5BF-400A-9503-F5799F52FDB7} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2015-01-12] (globalUpdate) <==== ATTENTION
Task: {9EE4A2BF-B56F-4EEB-BFB6-E159B2EF1ACE} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~1\YOUTUB~2\Updater.exe <==== ATTENTION
Task: {A283BDE1-F50D-4099-B9C1-E65631A79E68} - System32\Tasks\YTAUpdate => C:\PROGRA~1\YOUTUB~2\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Avejzi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Accelerator\About YouTube Accelerator.url -> hxxp://www.youtubeaccelerator.com/help/
CMD: netsh winsock reset
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

Fixlog

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

2015-01-12 18:59 - 2015-01-26 00:43 - 00000000 ____ D () C:\Program Files\YouTube Accelerator
2014-12-29 20:46 - 2015-01-26 01:20 - 00000000 ____ D () C:\Program Files\iMacros for Chrome
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Avejzi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Orkus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1419882492&from=wpc&uid=395049983_397234_76C39036
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

Fixlog

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
2015-01-26 01:22 - 2015-01-26 01:22 - 00000000 ____ D () C:\Users\Public\Documents\GOOBZO

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj Adobe Flash Player 16 ActiveX i zainstaluj Flash Player 16.0.0.296 ActiveX

Nie mogę pobrać Malwarebytes Anit-Malware

http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.4.1028.exe

Link prowadzi do strony producenta i nie jest szkodliwy.

https://www.virustotal.com/pl/url/172285c6d107f9986171a6d4fdcab66c6af21733bf4f50b82d21151720eed552/analysis/1422234975/

Przed chwilą pobrałem za pomocą najnowszej wersji Chrome i nie było żadnego komunikatu.

Aktualizuj przeglądarkę: [https://www.google.pl/chrome/browser/desktop/]https://www.google.pl/chrome/browser/desktop/]https://www.google.pl/chrome/browser/desktop/](https://www.google.pl/chrome/browser/desktop/)

 

CHR dev: Chrome dev build detected! <======= ATTENTION

Najlepiej całkowicie odinstaluj zaznaczając usunięcie danych użytkownika, bo szkodliwe programy adware przekonwertowały Chrome na dev build.

Najpierw możesz wyeksportować zakładki: https://support.google.com/chrome/answer/96816?hl=pl