Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Samowłączające sie różne strony na Chrome.

Marcus18 05 Mar 2016 18:51 483 7
  • #2 05 Mar 2016 19:05
    Kolobos
    Spec od komputerów

    Odinstaluj:
    IrfanView Packages
    Java Runtime Environment Packages

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {A44A5EFD-B42B-417E-B2FE-F8F76700ED20} - System32\Tasks\{6D46C776-EB9A-4717-9288-4519CFD36526} => pcalua.exe -a C:\Ross-Tech\VCDS\VCDSA.exe -d C:\Ross-Tech\VCDS\
    AlternateDataStreams: C:\Users\adam\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 [368]
    HKU\S-1-5-21-2127705839-2230975066-2515825855-1000\...\Run: [TIDAL] => [X]
    HKU\S-1-5-21-2127705839-2230975066-2515825855-1000\...\MountPoints2: {58c356fb-68c5-11e4-9cd9-e0cb4ebabcf7} - G:\autorun.exe
    HKU\S-1-5-21-2127705839-2230975066-2515825855-1000\...\MountPoints2: {e7cd1dbf-816f-11e5-a863-e0cb4ebabcf7} - I:\LG_PC_Programs.exe
    AutoConfigURL: [S-1-5-21-2127705839-2230975066-2515825855-1000] => hxxp://un-stop.com/wpad.dat?5537752c88fdb4101719bdbb2d1eca6b6769080
    ManualProxies: 0hxxp://un-stop.com/wpad.dat?5537752c88fdb4101719bdbb2d1eca6b6769080
    CHR HomePage: Default -> hxxp://www.key-find.com/?type=hp&ts=14234...om=cor&uid=SAMSUNGXHD103SJ_S246J90Z359411
    CHR DefaultSearchKeyword: Default -> google.com_
    R1 {81711fd0-60e8-45bb-a4ff-3004058b32b4}Gw64; C:\Windows\System32\drivers\{81711fd0-60e8-45bb-a4ff-3004058b32b4}Gw64.sys [48784 2015-02-07] (StdLib)
    R1 {8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw64; C:\Windows\System32\drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw64.sys [48784 2015-03-06] (StdLib)
    R1 {9449d7f6-6f2b-4280-9a4d-eb2b42a31f67}Gw64; C:\Windows\System32\drivers\{9449d7f6-6f2b-4280-9a4d-eb2b42a31f67}Gw64.sys [48784 2015-02-14] (StdLib)
    R1 {c9a465a5-420c-4acc-b1be-3ac71ae80fda}Gw64; C:\Windows\System32\drivers\{c9a465a5-420c-4acc-b1be-3ac71ae80fda}Gw64.sys [48784 2015-03-03] (StdLib)
    R1 {d0194130-21b3-4618-b5c8-b6dfe1e0bb88}Gw64; C:\Windows\System32\drivers\{d0194130-21b3-4618-b5c8-b6dfe1e0bb88}Gw64.sys [48784 2015-02-11] (StdLib)
    U3 agdeqb1f; C:\Windows\System32\Drivers\agdeqb1f.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    S3 ALSysIO; \??\C:\Users\adam\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 AODDriver2; \??\C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [X]
    2016-03-05 18:23 - 2016-03-05 18:28 - 00000000 ____D C:\AdwCleaner
    2016-02-27 10:05 - 2016-02-27 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karmian
    2016-02-27 10:05 - 2016-02-27 10:05 - 00000000 ____D C:\Program Files (x86)\Karmian
    2016-02-27 09:53 - 2016-03-05 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\LuckyBrowse
    2016-02-27 09:53 - 2016-03-05 18:28 - 00000000 ____D C:\ProgramData\LuckyBrowse
    2016-02-27 09:53 - 2016-02-27 09:53 - 00000000 ____D C:\Users\adam\AppData\Roaming\SimpleFiles
    2016-02-27 09:53 - 2016-02-27 09:53 - 00000000 ____D C:\Program Files (x86)\LuckyBrowse
    2016-03-05 18:28 - 2015-07-11 14:33 - 00000104 _____ C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk
    2016-03-05 18:28 - 2015-02-08 14:10 - 00000000 ____D C:\Program Files (x86)\XTab
    2016-03-05 18:28 - 2015-02-08 14:09 - 00000000 ____D C:\Users\adam\AppData\Roaming\key-find
    2016-03-05 18:28 - 2015-02-08 14:09 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
    EmptyTemp:

    W FRST wybierz napraw.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 05 Mar 2016 19:23
    Kolobos
    Spec od komputerów

    > Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    Log z wykonania skryptu jest zbedny.

    0
  • Pomocny post
    #6 05 Mar 2016 19:39
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {875C91BD-36EE-4FA1-8013-EFDF2D7328CD} - System32\Tasks\Core Temp Autostart adam => C:\Users\adam\AppData\Local\Temp\Rar$EXa0.644\Core Temp.exe <==== UWAGA
    HKU\S-1-5-21-2127705839-2230975066-2515825855-1000\...\MountPoints2: {58c356fb-68c5-11e4-9cd9-e0cb4ebabcf7} - G:\autorun.exe
    AutoConfigURL: [S-1-5-21-2127705839-2230975066-2515825855-1000] => hxxp://un-stop.com/wpad.dat?5537752c88fdb4101719bdbb2d1eca6b6769080
    ManualProxies: 0hxxp://un-stop.com/wpad.dat?5537752c88fdb4101719bdbb2d1eca6b6769080
    CHR HomePage: Default -> hxxp://www.key-find.com/?type=hp&ts=14234...om=cor&uid=SAMSUNGXHD103SJ_S246J90Z359411
    U3 a3ppswc7; C:\Windows\System32\Drivers\a3ppswc7.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #7 05 Mar 2016 19:58
    Marcus18
    Poziom 12  

    Dzieki pomogło

    0