Problem z samoinstalującymi się aplikacjami, przeglądarkami, samoustwiającymi się stronami startowymi przeglądarek


(Krycha012345) #1

Witam
Mam problem z samoinstalującymi się aplikacjami, przeglądarkami, toolbarami. Wykonałem czyszczenie AdwCleanerem jednak nie wszystko zostało usunięte. Poniżej wklejam logi z programu FRST. Bardzo proszę o porady i przeanalizowanie problemu.

Logi z FRST.

http://www.wklej.org/id/3059250/ - FRST.txt
http://www.wklej.org/id/3059251/ - Shortcut.txt
http://www.wklej.org/id/3059252/ - Addition.txt


(Acorus) #2

Odinstaluj 911 Operator version 1.0,Akamai NetSession Interface,ASUS WebStorage,YAC(Yet Another Cleaner!).Otwórz notatnik systemowy i wklej:

CloseProcesses:
Task: {592A1AF3-CC12-4857-84E9-01565C8549F2} - System32\Tasks\DLL-files.com Fixer_UPDATES => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-04-11] (Dll-FIles.Com)
Task: {8E84B525-19B0-4BC4-93D8-104839092036} - System32\Tasks\DLL-files.com Fixer_MONTHLY => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-04-11] (Dll-FIles.Com)
Task: {C2B9B0C4-E459-4F27-85F1-9EBFC7B232AF} - System32\Tasks\Cuputyperwoent Host => C:\Program Files (x86)\Ckozadomvesse\daeied.exe [2017-02-23] (Glarysoft Ltd)
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job => C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Shortcut: C:\Users\Krystian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxBatch.lnk -> D:\Gry\Max Payne\MaxBatch.bat (Brak pliku)
HKU\S-1-5-21-2181229126-520312840-773499086-1001…\Run: [iTunesHelper] => wscript.exe //B “C:\Users\Krystian\AppData\Local\Temp\iTunesHelper.vbe” <===== UWAGA
HKU\S-1-5-21-2181229126-520312840-773499086-1001…\Policies\Explorer: []
HKU\S-1-5-21-2181229126-520312840-773499086-1001…\MountPoints2: {4ed20314-cea5-11e2-b6f6-9cb70d3f9080} - F:\MicroLauncher.exe
HKU\S-1-5-21-2181229126-520312840-773499086-1001…\MountPoints2: {517dc7ec-2f21-11e2-ae6a-9cb70d3f9080} - H:\LGAutoRun.exe
HKU\S-1-5-21-2181229126-520312840-773499086-1001…\MountPoints2: {af025e4f-37a4-11e5-98a5-9cb70d3f9080} - I:\install.exe
HKU\S-1-5-21-2181229126-520312840-773499086-1001…\MountPoints2: {d36cbd9b-d351-11e1-a9ef-9cb70d3f9080} - G:\Setup.exe
HKU\S-1-5-18…\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKLM…\Providers\82wxbuuk: C:\Program Files (x86)\Cuputyperwoent Host\local64spl.dll [308736 2017-02-23] ()
ShellExecuteHooks: Brak nazwy - {94DF68D0-F44A-11E6-BF8E-64006A5CFC23} - C:\Program Files (x86)\Ckozadomvesse\Pperghtnerqisy.dll [145920 2017-02-23] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1488976751&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1488976751&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488976751&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488976751&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2181229126-520312840-773499086-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1488976751&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX
HKU\S-1-5-21-2181229126-520312840-773499086-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488976751&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488976751&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488976751&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488976751&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488976751&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2181229126-520312840-773499086-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2181229126-520312840-773499086-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2181229126-520312840-773499086-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488976751&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2181229126-520312840-773499086-1001 -> {CF87EE5F-0520-4AE0-B862-7B88DFAFCF26} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=D9F1A53A-1EEA-4DBE-BF30-EA7EC2E33225&apn_sauid=7F02E52E-9C04-4CB8-89CE-2AF8EB40784A
FF SearchPlugin: C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\j52coffe.default-1391725279766\searchplugins\startpageing123.xml [2017-03-08]
FF SearchPlugin: C:\Users\Krystian\AppData\Roaming\Firefox\Firefox\Profiles\j52coffe.default-1391725279766\searchplugins\searchinme.xml [2017-03-01]
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=7704c918a756468541b0fffgbz2b0m9bfbag6m9tam&from=icb&uid=HitachiXHTS547575A9E384_J2140054JX5UVAJX5UVAX&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-08] <==== UWAGA
CHR HKLM-x32…\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32…\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
U3 a13nvgia; C:\Windows\System32\Drivers\a13nvgia.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
U3 ata1ov9d; C:\Windows\System32\Drivers\ata1ov9d.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
S3 atillk64; ??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
U4 secdrv; Brak ImagePath
S3 WinRing0_1_2_0; ??\D:\programy\Game Booster 3\Driver\WinRing0x64.sys [X]
U2 WinSnare; Brak ImagePath
2017-03-08 15:50 - 2016-05-19 07:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2017-03-08 13:38 - 2017-03-08 13:38 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-08 13:33 - 2017-03-08 13:36 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-07 00:18 - 2017-03-08 15:56 - 00000000 ____D C:\AdwCleaner
2017-03-06 20:21 - 2017-03-07 00:22 - 00000000 ____D C:\Program Files\f09er35s
2017-03-06 16:20 - 2017-03-08 13:32 - 00000000 ____D C:\Program Files\82wxbuuk
2017-03-01 13:51 - 2017-03-01 13:51 - 00000000 ____D C:\Users\Krystian\AppData\Roaming\Elex-tech
2017-03-01 13:51 - 2017-03-01 13:51 - 00000000 ____D C:\Program Files (x86)\Elex-tech
2017-02-23 21:30 - 2017-03-08 13:32 - 00000000 ____D C:\Program Files (x86)\Ckozadomvesse
2017-02-23 21:30 - 2017-02-23 21:32 - 00000000 ____D C:\Users\Krystian\AppData\Local\Nijale
2017-02-23 21:30 - 2017-02-23 21:30 - 00006002 _____ C:\Windows\System32\Tasks\Cuputyperwoent Host
2017-02-23 21:30 - 2017-02-23 21:30 - 00000000 ____D C:\Program Files (x86)\Cuputyperwoent Host
C:\Users\Krystian\FTL_v1.5.4_Install.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Uruchom jako administrator FRST i kliknij w Fix/Napraw.
Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/


(Krycha012345) #3

Wykonałem wszystkie polecenia do momentu wykonania fix/napraw w FRST. FRST wygenerował Fixlog, jednak nie przerwał pracy i ciągle próbuje “naprawiać”. Mam wrażenie, że się zaciął, chociaż w menadżerze zadań nie ma statusu “brak odpowiedzi”. Pamięć wykorzystywana do “naprawy” ma stałą wartość i się nie zmienia. W Fixlogu jest wzmianka o jakimś błędzie. Całość naprawy/fix trwa już ponad 2h, przerwać czy kontynuować ?

W międzyczasie jak fix/naprawa “trwa” wykonałem również skan przy pomocy progr. Malwarebytes Anti-Malware.

http://wklej.org/id/3059391/ - Fixlog
http://wklej.org/id/3059409/ - raport progr. Malwarebytes Anti-Malware.


(Krycha012345) #4

Temat do zamknięcia, już sobie poradziłem. Dzięki za pomoc !


(Acorus) #5

Pokaż nowy raport z FRST bez Addition i Shortcut.