Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Infekcja Price Fountain - plik FRST

Buraczek123 29 Kwi 2016 14:22 477 3
  • Pomocny post
    #3 29 Kwi 2016 14:45
    Kolobos
    Spec od komputerów

    Zainstaluj aktualizacje z https://support.microsoft.com/pl-pl/kb/2545227

    Wykonaj Fixlist.txt dla FRST:
    Task: {027F4757-BB2A-4904-A822-C6E0BCC04A65} - System32\Tasks\{04549CC5-66D5-4935-9559-6D8508134656} => pcalua.exe -a "C:\Program Files (x86)\Deluxe Ski Jump 3\Setup.exe" -d "C:\Program Files (x86)\Deluxe Ski Jump 3"
    Task: {44CF860A-DFA4-40B2-AF4C-7F991A429162} - System32\Tasks\{FD604595-8B16-4DFB-9285-6CE172A9FE36} => C:\Users\User\Desktop\settlers\install.exe
    Task: {7FE1FA9A-AE7C-417F-80A6-AF1B32BFD568} - System32\Tasks\{8D70C106-6210-4EC6-A1D9-A434DBB77823} => C:\Users\User\Desktop\settlers\sett.exe
    Task: {8DEDBB39-1437-4326-B5D1-0387E18845F3} - System32\Tasks\{E0998A77-947C-4993-93E6-26B6721DEEF7} => C:\Users\User\Desktop\settlers\install.exe
    Task: {C563F98D-5A6A-4E92-A455-2DD648B74693} - System32\Tasks\UserJournalesePyrethrinV2 => Rundll32.exe TrademarkApnoea.dll,main 7 1 <==== UWAGA
    Task: {CE90EADE-36BE-4E83-BA54-46B3312E17D1} - System32\Tasks\{43E3A76B-60CB-4B8D-BD02-DB682A705BC1} => C:\Users\User\Desktop\settlers\install.exe
    Task: {DD93B416-AA8E-4817-8670-85B70657BA55} - System32\Tasks\{3CDF4BD5-6316-411C-B7A1-7A6366CE4044} => C:\Users\User\Desktop\settlers\sett.exe
    IE trusted site: HKU\S-1-5-21-1211508390-791602381-3303072202-1000\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-1211508390-791602381-3303072202-1000\...\webcompanion.com -> hxxp://webcompanion.com
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1211508390-791602381-3303072202-1000\...\MountPoints2: G - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1211508390-791602381-3303072202-1000\...\MountPoints2: {01145bcc-26be-11e3-9a12-806e6f6e6963} - E:\start.exe
    HKU\S-1-5-21-1211508390-791602381-3303072202-1000\...\MountPoints2: {913b47d2-26bb-11e3-997d-806e6f6e6963} - E:\ASRSetup.exe
    HKU\S-1-5-21-1211508390-791602381-3303072202-1000\...\MountPoints2: {91c967e9-5578-11e5-a30c-bc5ff4ab32fb} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1211508390-791602381-3303072202-1000\...\MountPoints2: {c7dd5f22-6015-11e3-a413-bc5ff4ab32fb} - F:\AutoRun.exe
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop_12100945.lnk [2013-12-10]
    ShortcutTarget: lollipop_12100945.lnk -> C:\Users\User\AppData\Local\Lollipop\lollipop_12100945.exe (Brak pliku)
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop_12100945.lnk
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...j8Ulp1HVK4BF2gOmDviZ2wJWAvH958k4zG7zcgBTjz0Y,,
    U3 a7qm7kbg; C:\Windows\System32\Drivers\a7qm7kbg.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U3 amczz3kt; C:\Windows\System32\Drivers\amczz3kt.sys [0 ] (Intel Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    2016-04-29 13:48 - 2013-12-10 12:31 - 00000000 ____D C:\AdwCleaner
    2016-02-11 22:44 - 2016-02-11 22:44 - 7767040 _____ () C:\Users\User\AppData\Roaming\agent.dat
    2016-02-11 22:44 - 2016-02-11 22:44 - 0062976 _____ () C:\Users\User\AppData\Roaming\Config.xml
    2016-02-11 22:43 - 2016-02-11 22:43 - 0010944 _____ () C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
    2016-02-11 22:43 - 2016-02-11 22:43 - 0126976 _____ () C:\Users\User\AppData\Roaming\Installer.dat
    2016-02-11 22:44 - 2016-02-11 22:44 - 0018432 _____ () C:\Users\User\AppData\Roaming\Main.dat
    2016-02-11 22:44 - 2016-02-11 22:44 - 0005568 _____ () C:\Users\User\AppData\Roaming\md.xml
    2016-02-11 22:44 - 2016-02-11 22:44 - 0126464 _____ () C:\Users\User\AppData\Roaming\noah.dat
    2016-02-11 22:44 - 2016-02-11 22:44 - 1827586 _____ () C:\Users\User\AppData\Roaming\Tempstock.tst
    2016-02-11 22:44 - 2016-02-11 22:44 - 0032038 _____ () C:\Users\User\AppData\Roaming\uninstall_temp.ico
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    0
  • #4 29 Kwi 2016 18:45
    Buraczek123
    Poziom 2  

    Radu23 - dzięki za radę, ale ADWcleanerem próbowałem. Przy tym syfie to nie pomaga :)

    Kolobos - dziękuję serdecznie za pomoc! Teraz jest ok.

    Zamykam temat :)

    0