Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

dziwny wirus którego kaspersky nie wykrywa

teken020 08 Mar 2017 18:00 555 4
  • #1 08 Mar 2017 18:00
    teken020
    Poziom 11  

    Witam.
    Przy otwieraniu nowej zakładki wyskakuje komunikat jak na załączonym screenie.
    Problem występuje chyba tylko na przeglądarce chrome. Jak się tego pozbyć ?

    0 4
  • #4 08 Mar 2017 19:06
    Kolobos
    Spec od komputerów

    Odinstaluj Performancer

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    HKLM-x32\...\Run: [fst_pl_89] => [X]
    HKU\S-1-5-21-1273628551-1461741676-2688762820-1001\...\MountPoints2: {ca2c7f27-a704-11e6-af2c-448a5b2f650d} - I:\AutoRun.exe
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_re...ndex.jsp?lg=pl&pid=NS&pvid=22.0.0.110
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_re...ndex.jsp?lg=pl&pid=NS&pvid=22.0.0.110
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_re...ndex.jsp?lg=pl&pid=NS&pvid=22.0.0.110
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll => No File
    BHO-x32: No Name -> {f9b0dee4-c19a-48f5-a772-545772efda27} -> No File
    FF user.js: detected! => C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\07b2lp8x.default\user.js [2015-04-05]
    FF Extension: (Goblin Keeper Helper) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\07b2lp8x.default\Extensions\coust@gkhelper.pl.xpi [2014-04-24] [not signed]
    FF Extension: (Fresh Outlook 1.0.1) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\07b2lp8x.default\Extensions\firefox@freshestoutlook.com.xpi [2016-01-18] [not signed]




    FF Extension: (Mega Manager Integration) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\07b2lp8x.default\Extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6} [2014-03-17] [not signed]
    FF Extension: (SweetPacks Toolbar for Firefox) - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\07b2lp8x.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-05-14] [not signed]
    FF SearchPlugin: C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\07b2lp8x.default\searchplugins\utorrentcontrolv2-customized-web-search.xml [2014-03-26]
    CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
    U3 af686qdq; C:\Windows\System32\Drivers\af686qdq.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder)
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2017-03-08 18:48 - 2017-03-08 18:51 - 00000000 ____D C:\AdwCleaner
    Task: {0818A34E-7864-44C2-B5B6-509AC07BBEFB} - System32\Tasks\{1234F4E7-36F6-44D7-917B-32D63D1A7256} => pcalua.exe -a "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\ApplicationInstaller.exe" -d C:\Users\Ja\Desktop -c "C:\Users\Ja\Desktop\ovi_maps_installer_3.06 - Kopia.sis"
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • #5 08 Mar 2017 19:29
    teken020
    Poziom 11  

    Dzięki za pomoc. nie wiem skąd tego syfa złapałem.

    0