Połączenie nie jest prywatne Hakerzy mogą próbować wykraść Twoje dane z www.google.com (np. hasła, wiadomości lub informacje o karcie kredytowej)

Dla specjalistów Bezpieczeństwo
#1

Żadna strona w google chrome mi nie działa i jest taki komunikat

Połączenie nie jest prywatne

Hakerzy mogą próbować wykraść Twoje dane z  www.google.com  (np. hasła, wiadomości lub informacje o karcie kredytowej).

 

Logi:

http://wklej.org/id/1636143/

http://wklej.org/id/1636144/

#2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

#3

http://wklej.org/id/1636143/

http://wklej.org/id/1636144/

 

#4

Odinstaluj LonghandBoost,PriceFountain (remove only),QuasarControl,Remote Desktop Access (VuuPC),Scrollbar Anywhere,unIIsales,Update for PriceFountain,youtubeadblocker.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Pokaż nowe logi z FRST.

#5

Nie mogłem odinstalować QuasarControl i LonghandBoost.

http://wklej.org/id/1636189/

#6

Pomiń to i wykonaj resztę.

#7

Wykonałem resztę.

#8

Pokaż nowe logi z FRST.

#9

http://wklej.org/id/1636189/

#10

Czesc

Data aktualna?

#11

Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] = C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCEPServiceManager] = C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-3454444925-2661119575-1567376034-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpts=1422117572from=amtuid=WDCXWD10EZEX-08M2NA0_WD-WCC3FPRKJNLSKJNLS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.thesearchpage.info/?pid=3900r=2015/01/24hid=13628065196238016515lg=ENcc=PLunqvl=74
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1422117572from=amtuid=WDCXWD10EZEX-08M2NA0_WD-WCC3FPRKJNLSKJNLSq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1422117572from=amtuid=WDCXWD10EZEX-08M2NA0_WD-WCC3FPRKJNLSKJNLS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1422117572from=amtuid=WDCXWD10EZEX-08M2NA0_WD-WCC3FPRKJNLSKJNLSq={searchTerms}
HKU\S-1-5-21-3454444925-2661119575-1567376034-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={963C885E-29E2-487F-9D58-117F0353F726}mid=3cf8914fb2da47cda42cd147ae00cc2b-2700d2251236d7f83be7408f9d2355f495a2380alang=plds=AVGcoid=avgtbavgcmpid=pr=frd=2014-12-06 11:42:47v=4.0.6.10pid=wtusg=sap=hp
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1422117572from=amtuid=WDCXWD10EZEX-08M2NA0_WD-WCC3FPRKJNLSKJNLSq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1422117572from=amtuid=WDCXWD10EZEX-08M2NA0_WD-WCC3FPRKJNLSKJNLSq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1q={searchTerms}pid=3900r=2015/01/24hid=13628065196238016515lg=ENcc=PLunqvl=74
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1422117572from=amtuid=WDCXWD10EZEX-08M2NA0_WD-WCC3FPRKJNLSKJNLSq={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.thesearchpage.info/?l=1q={searchTerms}pid=3900r=2015/01/24hid=13628065196238016515lg=ENcc=PLunqvl=74
FF Extension: MultiApp - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uar6rvcw.default\Extensions\jid1-HCpx97i0Fm6S9Q@jetpack.xpi [2015-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{d9a96531-b093-4d07-9e4c-9704a365c441}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{d9a96531-b093-4d07-9e4c-9704a365c441}
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\uar6rvcw.default\extensions\fftoolbar2014@etech.com
CHR HomePage: Default - hxxp://isearch.omiga-plus.com/?type=hpts=1422117572from=amtuid=WDCXWD10EZEX-08M2NA0_WD-WCC3FPRKJNLSKJNLS
CHR StartupUrls: Default - "hxxp://isearch.omiga-plus.com/?type=hpts=1422117572from=amtuid=WDCXWD10EZEX-08M2NA0_WD-WCC3FPRKJNLSKJNLS"
S2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [X]
S3 catchme; \\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \\E:\NTIOLib_X64.sys [X]
2015-02-15 15:44 - 2015-02-15 15:45 - 00000000 ____ D () C:\AdwCleaner
2015-02-15 14:32 - 2015-02-15 14:43 - 00000000 ____ D () C:\Qoobox
2015-02-15 14:32 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-15 14:32 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-15 14:32 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-15 14:32 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-15 14:32 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-15 14:32 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-15 14:32 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-15 14:32 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.4.1028.exe

#12

Pisze no fixlist found The fixlist should be in the same folder /directory the tool is located. A są w tym samym folderze.

#13

Ma być tam gdzie FRST czyli C:\Users\admin\Downloads

#14

Nie działa :stuck_out_tongue:

#15

A w jakim go uruchamiasz?Może FRST przeniosłeś w inne miejsce.

#16

Urochamiami go jako Administrator w folderze pobrane