Pasek wyszukiwania i złośliwy antywirus

[Karateka2303]

Dzień dobry.

 

Podczas wejścia na stronę z grą, pobrało się złośliwe oprogramowanie. Pojawia się pasek wyszukiwania na pulpicie u góry, nie można go zamknąć oraz pobrał się jakiś antywirus, lub pseudo antywirus, który spowalnia komputer i blokuje niektóre aplikacje. Załączam pliki FRST

 

Dziękuję za pomoc

Pozdrawiam

Addition.txt FRST.txt Shortcut.txt

[jessica]

1) Spróbuj odinstalować:

SEGAntivirus (HKLM-x32\...\Segurazo) (Version: 1.0.20.85 - Digital Communications Inc)
WebDiscover Browser 4.28.2 (HKLM\...\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1) (Version: 4.28.2 - WebDiscover Media) <==== UWAGA

RelevantKnowledge (HKLM-x32\...\{d08d9f98-1c78-4704-87e6-368b0023d831}) (Version: 1.3.338.320 - TMRG,  Inc.)

 

2) Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.
Otworzy się Notatnik - wklej do niego:

Spoiler

RemoveDirectory: C:\Program Files (x86)\Segurazo
RemoveDirectory: C:\Program Files\WebDiscoverBrowser
R2 SegurazoIC; C:\Program Files (x86)\Segurazo\SegurazoIC.exe [4617712 2020-05-29] (Digital Communications Inc -> Digital Communications Inc) <==== UWAGA
R2 SegurazoSvc; C:\Program Files (x86)\Segurazo\SegurazoService.exe [205808 2020-05-29] (Digital Communications Inc -> Digital Communications Inc) <==== UWAGA
R1 SEGURAZOKD; C:\Program Files (x86)\Segurazo\SegurazoKD.sys [84256 2019-12-28] (Digital Communications Inc. -> Digital Communications Inc) <==== UWAGA
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Segurazo
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Segurazo
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{fd13f4a2-b0d8-4cad-9ccf-d4128eaf25ff}_is1
ContextMenuHandlers1: [SegurazoShellExtension.FileContextMenuExt] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => C:\Program Files (x86)\Segurazo\SegurazoShell64_v102085.dll [2020-05-29] (Digital Communications Inc -> Digital Communications Inc)
ContextMenuHandlers4: [SegurazoShellExtension.FileContextMenuExt] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => C:\Program Files (x86)\Segurazo\SegurazoShell64_v102085.dll [2020-05-29] (Digital Communications Inc -> Digital Communications Inc)
ContextMenuHandlers6: [SegurazoShellExtension.FileContextMenuExt] -> {BFD98515-CD74-48A4-98E2-13D209E3EE4F} => C:\Program Files (x86)\Segurazo\SegurazoShell64_v102085.dll [2020-05-29] (Digital Communications Inc -> Digital Communications Inc)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_27_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtCtA0FyB0C0A0CyCtDtDtN0D0Tzu0StAtCtDyBtN1L2XzuyDtFtCtFtDtFtCyCzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0C0A0AtByE0EtGtBtCyD0BtGyC0BtC0FtGyByByC0DtGyDtCyE0EtAyDzzyByDtBzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1OyDtDyE1RtD1P1PtGtCyEtC1QtGyEyE1S1RtGzy1Q1PzytGyE1S1OyE1T1OyDtByD1OyCyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzytAzzyByDtBtCtD%26cr%3D2112207204%26a%3Dwsg_iorusko0_20_27_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
HKU\S-1-5-21-1154788345-2746808576-321370114-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_27_ssg00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtCtA0FyB0C0A0CyCtDtDtN0D0Tzu0StAtCtDyBtN1L2XzuyDtFtCtFtDtFtCyCzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0C0A0AtByE0EtGtBtCyD0BtGyC0BtC0FtGyByByC0DtGyDtCyE0EtAyDzzyByDtBzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1OyDtDyE1RtD1P1PtGtCyEtC1QtGyEyE1S1RtGzy1Q1PzytGyE1S1OyE1T1OyDtByD1OyCyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzytAzzyByDtBtCtD%26cr%3D2112207204%26a%3Dwsg_iorusko0_20_27_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_27_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtCtA0FyB0C0A0CyCtDtDtN0D0Tzu0StAtCtDyBtN1L2XzuyDtFtCtFtDtFtCyCzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0C0A0AtByE0EtGtBtCyD0BtGyC0BtC0FtGyByByC0DtGyDtCyE0EtAyDzzyByDtBzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1OyDtDyE1RtD1P1PtGtCyEtC1QtGyEyE1S1RtGzy1Q1PzytGyE1S1OyE1T1OyDtByD1OyCyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzytAzzyByDtBtCtD%26cr%3D2112207204%26a%3Dwsg_iorusko0_20_27_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_27_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtCtA0FyB0C0A0CyCtDtDtN0D0Tzu0StAtCtDyBtN1L2XzuyDtFtCtFtDtFtCyCzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0C0A0AtByE0EtGtBtCyD0BtGyC0BtC0FtGyByByC0DtGyDtCyE0EtAyDzzyByDtBzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1OyDtDyE1RtD1P1PtGtCyEtC1QtGyEyE1S1RtGzy1Q1PzytGyE1S1OyE1T1OyDtByD1OyCyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzytAzzyByDtBtCtD%26cr%3D2112207204%26a%3Dwsg_iorusko0_20_27_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_27_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtCtA0FyB0C0A0CyCtDtDtN0D0Tzu0StAtCtDyBtN1L2XzuyDtFtCtFtDtFtCyCzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0C0A0AtByE0EtGtBtCyD0BtGyC0BtC0FtGyByByC0DtGyDtCyE0EtAyDzzyByDtBzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1OyDtDyE1RtD1P1PtGtCyEtC1QtGyEyE1S1RtGzy1Q1PzytGyE1S1OyE1T1OyDtByD1OyCyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzytAzzyByDtBtCtD%26cr%3D2112207204%26a%3Dwsg_iorusko0_20_27_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_27_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtCtA0FyB0C0A0CyCtDtDtN0D0Tzu0StAtCtDyBtN1L2XzuyDtFtCtFtDtFtCyCzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0C0A0AtByE0EtGtBtCyD0BtGyC0BtC0FtGyByByC0DtGyDtCyE0EtAyDzzyByDtBzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1OyDtDyE1RtD1P1PtGtCyEtC1QtGyEyE1S1RtGzy1Q1PzytGyE1S1OyE1T1OyDtByD1OyCyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzytAzzyByDtBtCtD%26cr%3D2112207204%26a%3Dwsg_iorusko0_20_27_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1154788345-2746808576-321370114-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_iorusko0_20_27_ssg00&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtBtAyByEyDtCtA0FyB0C0A0CyCtDtDtN0D0Tzu0StAtCtDyBtN1L2XzuyDtFtCtFtDtFtCyCzztN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StD0C0C0A0AtByE0EtGtBtCyD0BtGyC0BtC0FtGyByByC0DtGyDtCyE0EtAyDzzyByDtBzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1OyDtDyE1RtD1P1PtGtCyEtC1QtGyEyE1S1RtGzy1Q1PzytGyE1S1OyE1T1OyDtByD1OyCyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDzytAzzyByDtBtCtD%26cr%3D2112207204%26a%3Dwsg_iorusko0_20_27_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
FirewallRules: [TCP Query User{AB4EA495-2699-42D1-8E24-990686975C0C}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe => Brak pliku
FirewallRules: [UDP Query User{E90B7D8C-F591-4705-BD8F-4C33FB42E0BC}C:\programdata\wargaming.net\gamecenter\wgc.exe] => (Allow) C:\programdata\wargaming.net\gamecenter\wgc.exe => Brak pliku
FirewallRules: [{FE6A0C7B-91B2-4082-A164-F4EEA1C56683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => Brak pliku
FirewallRules: [{4D062432-B2D6-4A9E-B4D9-5C0220AB6177}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe => Brak pliku
FirewallRules: [{480B2FBF-CD4D-4BF7-80D9-D3A638C72DB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => Brak pliku
FirewallRules: [{3ECA2C11-036F-4A12-82B6-03BF1A4E34AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => Brak pliku
FirewallRules: [{267F53F5-88DC-48A7-AEAD-271829AF1DF1}] => (Allow) C:\Users\48532\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku
FirewallRules: [{B0750F79-3779-4C58-B141-2CE4523B5737}] => (Allow) C:\Users\48532\AppData\Roaming\Zoom\bin\airhost.exe => Brak pliku
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
Task: {7169C7D6-57A5-46C3-8E3A-BF2B7BAF8D26} - System32\Tasks\WebDiscover Browser Update Task => C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe [4010720 2018-07-17] (web discover -> WebDiscover Media) [Brak podpisu cyfrowego] <==== UWAGA
Task: {D4F2CCD7-8DCB-4C6B-A7A1-9BDA780BA1B9} - System32\Tasks\WebDiscover Browser Launch Task => C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe [4010720 2018-07-17] (web discover -> WebDiscover Media) [Brak podpisu cyfrowego] <==== UWAGA
FF Extension: (Search Manager) - C:\Users\48532\AppData\Roaming\Mozilla\Firefox\Profiles\6w4hdhn4.default-release\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23}.xpi [2020-07-04] [UpdateUrl:hxxps://qupotomu.com/update?x=restype=ffjson]
CHR HKLM\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKU\S-1-5-21-1154788345-2746808576-321370114-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
CHR HKLM-x32\...\Chrome\Extension: [icmgebopaejnjlncllgmcenbbflikfjd]
2020-12-10 14:11 - 2020-12-10 14:11 - 000000008 _____ () C:\Program Files (x86)\0673F5DB.log
2020-11-25 10:59 - 2020-11-25 10:59 - 000000008 _____ () C:\Program Files (x86)\0983D59B.log
C:\Users\48532\Documents\Euro Truck Simulator 2\readme.rtf.lnk
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S.
W FRST kliknij na Fix (NAPRAW).

 

3) Zrób nowe lolgi FRST.

 

jessi

[Karateka2303]

Dziękuję

Oto logi

Addition.txt FRST.txt Shortcut.txt

[jessica]

Wg mnie - jest OK.

 

jessi