Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirus Motious w przeglądarce, plus cse.google.pl

Oriquinnal 07 Mar 2017 19:05 408 1
  • #2 07 Mar 2017 19:41
    Kolobos
    Spec od komputerów

    Odinstaluj: Google Toolbar for Internet Explorer

    W ustawieniach Chrome usun przywracanie zestawu stron po starcie przegladarki.

    Wykonaj Fixlist.txt dla FRST:
    CustomCLSID: HKU\S-1-5-21-3601599095-2227877795-4258012782-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3601599095-2227877795-4258012782-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-3601599095-2227877795-4258012782-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileSyncShell64.dll => No File
    Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
    () C:\Users\test\AppData\Roaming\Microsoft\taskmgr\taskmgr.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\Codecs\CodecUACManager.exe [60416 2015-10-07] ()
    HKU\S-1-5-21-3601599095-2227877795-4258012782-1001\...\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [3709896 2015-11-04] (Napisy24.pl)
    HKU\S-1-5-21-3601599095-2227877795-4258012782-1001\...\Run: [Napisy24.pl] => C:\Program Files (x86)\Napisy24\Napisy24.exe [6592512 2016-11-11] (Napisy24.pl)
    HKU\S-1-5-21-3601599095-2227877795-4258012782-1001\...\Run: [GalaxyClient] => [X]
    HKU\S-1-5-21-3601599095-2227877795-4258012782-1001\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\Codecs\UpdateChecker.exe"
    HKU\S-1-5-21-3601599095-2227877795-4258012782-1001\...\Winlogon: [Shell] C:\Users\test\AppData\Roaming\Microsoft\taskmgr\taskmgr.exe [15728640 2017-02-05] () <==== ATTENTION
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll -> No File
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File




    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\test\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\test\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\test\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    SearchScopes: HKU\S-1-5-21-3601599095-2227877795-4258012782-1001 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-2391167849269628:2065933993&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
    SearchScopes: HKU\S-1-5-21-3601599095-2227877795-4258012782-1001 -> {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-2391167849269628:2065933993&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> D:\Star Trek Online\Arc\plugins\NPSWF32.dll [No File]
    CHR HKU\S-1-5-21-3601599095-2227877795-4258012782-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    HKU\S-1-5-21-3601599095-2227877795-4258012782-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.motious.com/
    CHR HomePage: Default -> hxxp://www.motious.com/
    CHR StartupUrls: Default -> "hxxp://www.motious.com/"
    CHR DefaultSearchURL: Default -> hxxp://www.google.com/?cx=partner-pub-2391167849269628%3A2065933993&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.motious.com%2F&ref=&ss=
    CHR DefaultSearchKeyword: Default -> motious.com
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]
    S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [x]
    2017-01-16 19:58 - 2017-01-16 19:58 - 374428160 _____ () C:\Users\test\AppData\Roaming\Launcher.dat
    2017-02-24 15:21 - 2017-03-07 17:33 - 3145728 _____ () C:\Users\test\AppData\Roaming\m.fjk
    2017-01-16 19:58 - 2017-01-16 19:58 - 0000009 _____ () C:\Users\test\AppData\Roaming\update.dat
    2017-01-16 19:59 - 2017-01-18 15:27 - 0000004 _____ () C:\Users\test\AppData\Roaming\Microsoft\notaut.txt
    EmptyTemp:


    Po wykonaniu usun katalog C:\FRST.

    0