Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirusy - w przegladarce - logi

terrages 21 Sty 2016 09:11 603 1
  • #2 21 Sty 2016 09:24
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Bing Bar
    PC Tools Registry Mechanic 11.0
    Premiumplay Codec-C

    Zainstaluj: https://support.microsoft.com/en-us/kb/2545227

    W ustawieniach Chrome usun przywracanie zestawu stron po starcie przegladarki.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-730381330-2167148678-916178347-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\funmi\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File




    Task: {0F5CFDEA-D7A7-488A-A7AE-CE74A35231D0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-730381330-2167148678-916178347-1000Core => C:\Users\funmi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-14] (Facebook Inc.)
    Task: {27A0ED7E-FFDB-48E1-B1B9-9566B3008D25} - System32\Tasks\{E58BF529-C634-4FF4-86FE-6A741776C758} => Chrome.exe
    Task: {35BF93EA-9504-4A0A-AA5A-FEA8C38805D8} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2012-02-03] (PC To
    Task: {C347C42B-A02D-4FBF-94EA-2813A859E871} - System32\Tasks\{7D7E0447-050C-040B-0911-7A040F0F110F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand
    Task: {C5109F5E-6D51-4F92-B43A-559F61640369} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-730381330-2167148678-916178347-1000UA => C:\Users\funmi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-14] (Facebook Inc.)
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-730381330-2167148678-916178347-1000Core.job => C:\Users\funmi\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-730381330-2167148678-916178347-1000UA.job => C:\Users\funmi\AppData\Local\Facebook\Update\FacebookUpdate.exe
    AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-730381330-2167148678-916178347-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    URLSearchHook: HKU\S-1-5-21-730381330-2167148678-916178347-1000 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {C1907578-7257-4E85-9460-99855BE21853} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UT...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {C1907578-7257-4E85-9460-99855BE21853} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UT...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
    SearchScopes: HKU\S-1-5-21-730381330-2167148678-916178347-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-730381330-2167148678-916178347-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-730381330-2167148678-916178347-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKU\S-1-5-21-730381330-2167148678-916178347-1000 -> {C1907578-7257-4E85-9460-99855BE21853} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UT...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-730381330-2167148678-916178347-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKU\S-1-5-21-730381330-2167148678-916178347-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
    Toolbar: HKLM-x32 - No Name - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - No File
    Toolbar: HKU\S-1-5-21-730381330-2167148678-916178347-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    CHR HomePage: Profile 1 -> hxxp://www.istartpageing.com/?type=hp&ts=...p;uid=toshibaxmk1059gsmp_z17ap3witxxz17ap3wit
    CHR StartupUrls: Profile 1 -> "hxxp://www.istartpageing.com/?type=hp&ts=1451210654&z=f3c45264d2151ff93206165g6z5w5g5o6g8edqawfz&from=cor&uid=toshibaxmk1059gsmp_z17ap3witxxz17ap3wit"
    CHR Extension: (Discovery App) - C:\Users\funmi\AppData\Local\Google\Chrome\User Data\Default\Extensions\daihhikmdckadnpcegaochhkllcpbbmk [2015-12-27] [UpdateUrl: hxxp://cdn.ratediscoverymarket.com/update] <==== ATTENTION
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2016-01-20 05:01 - 2016-01-20 05:03 - 00000000 ____D C:\AdwCleaner
    2016-01-20 05:01 - 2016-01-20 05:01 - 00025158 _____ C:\ComboFix.txt
    2016-01-20 04:27 - 2016-01-20 05:01 - 00000000 ____D C:\Qoobox
    2016-01-20 04:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-01-20 04:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-01-20 04:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-01-20 04:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-01-20 04:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-01-20 04:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2016-01-20 04:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2016-01-20 04:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    2016-01-20 04:25 - 2016-01-20 04:26 - 05650673 ____R (Swearware) C:\Users\funmi\Downloads\ComboFix.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    PS. Nie uzywaj wiecej combofix.

    0