Positive find add Jak to usunąć?

Dla specjalistów Bezpieczeństwo
#1

Witam wszystkich!

 

Mam problem, nie instalowałem nic na kompie a dzisiaj po włączeniu przeglądarki mam wszędzie tyle reklam że można oszaleć… Używam admunchera ale on tego wogóle nie blokuje… Próbowałem adwcleanera, nic nie widzi… 

#2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

#3

FRST http://wklej.org/id/1629074/

Addition http://wklej.org/id/1629075/

#4

Odinstaluj Spybot - Search & Destroy,YAC(Yet Another Cleaner!).Otwórz notatnik systemowy i wklej:

Task: {1266C8CE-67FF-4B6C-B91D-769CC4C338CE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDScan.exe
Task: {4252BF96-73E4-406E-91A2-80956573D912} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDImmunize.exe
Task: {E98E5576-B08D-491C-8797-2A5C636FA887} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDUpdate.exe
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1215762617-548569583-2457175153-1000\...\Run: [Spybot-SD Cleaning] = C:\Program Files (x86)\Spybot - Search Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
IFEO: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dtlite.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\iastorui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ifrmewrk.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\imfrmwrk.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\itfrmwrk.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\rgsclauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\sptdinst-x64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
SearchScopes: HKLM - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM-x32 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd7500bpvt-75a1yt0_wxl1cb1h4349cb1h4349ts=1423411201
SearchScopes: HKLM-x32 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd7500bpvt-75a1yt0_wxl1cb1h4349cb1h4349ts=1423411201
SearchScopes: HKU\.DEFAULT - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd7500bpvt-75a1yt0_wxl1cb1h4349cb1h4349ts=1423411201
SearchScopes: HKU\.DEFAULT - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd7500bpvt-75a1yt0_wxl1cb1h4349cb1h4349ts=1423411201
SearchScopes: HKU\S-1-5-19 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd7500bpvt-75a1yt0_wxl1cb1h4349cb1h4349ts=1423411201
SearchScopes: HKU\S-1-5-19 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd7500bpvt-75a1yt0_wxl1cb1h4349cb1h4349ts=1423411201
SearchScopes: HKU\S-1-5-20 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd7500bpvt-75a1yt0_wxl1cb1h4349cb1h4349ts=1423411201
SearchScopes: HKU\S-1-5-20 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd7500bpvt-75a1yt0_wxl1cb1h4349cb1h4349ts=1423411201
SearchScopes: HKU\S-1-5-21-1215762617-548569583-2457175153-1000 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd7500bpvt-75a1yt0_wxl1cb1h4349cb1h4349ts=1423411201
SearchScopes: HKU\S-1-5-21-1215762617-548569583-2457175153-1000 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd7500bpvt-75a1yt0_wxl1cb1h4349cb1h4349ts=1423411201
Toolbar: HKU\S-1-5-21-1215762617-548569583-2457175153-1000 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-19] (Elex do Brasil Participações Ltda)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-19] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)
S3 cpuz136; \\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-02-08 16:58 - 2015-02-08 16:58 - 00001902 _____ () C:\Users\Public\Desktop\YAC.lnk
2015-02-08 16:58 - 2015-02-08 16:58 - 00000000 ____ D () C:\Windows\system32\log
2015-02-08 16:58 - 2015-02-08 16:58 - 00000000 ____ D () C:\Users\Robo\AppData\Roaming\Elex-tech
2015-02-08 16:58 - 2015-02-08 16:58 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2015-02-08 16:58 - 2015-02-08 16:58 - 00000000 ____ D () C:\Program Files (x86)\Elex-tech
2015-02-08 16:58 - 2015-01-19 12:04 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2015-02-08 16:58 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-02-08 16:54 - 2015-02-08 17:00 - 00000000 ____ D () C:\Users\Robo\AppData\Roaming\eCyber
2015-02-08 16:53 - 2015-02-08 16:54 - 02213088 _____ (Elex do Brasil Participações Ltda) C:\Users\Robo\Downloads\yet_another_cleaner_sk.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#5

Dalej to samo… AdwCleaner nic nie znalazł ;/

 

Dodam że jak kliknę na rolkę od myszki to otwiera mi nową stronę i coś w stylu wygrałeś ipada…

 

Na IE  brak tego syfu…

 

Odinstalowałem chroma i zainstalowałem na nowo. Jak narazie odpukać działa

#6

Skasuj folder C:\FRST

Trzeba go było tylko zresetować.