Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Analiza logów FRST - auto-instalacja programów w tle

virtuozos1q 23 Mar 2017 21:28 306 3
  • #2 23 Mar 2017 21:36
    Kolobos
    Spec od komputerów

    Odinstaluj:
    BikaQ Rss
    WinSnare

    Wykonaj Fixlist.txt dla FRST:
    Task: {49DF770C-E3AE-4CF7-9BEC-82B924E9130F} - System32\Tasks\{04EA7158-BFF8-4493-BC64-4E408D66C336} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Tampron\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Tampron\uninstall.dat" -a uninstallme FEA4041C-BBAE-4D47-A0A7-9068FEA893E0 DeviceId=79694963-8e47-9b2c-3e5e-52278edca061 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
    Task: {4AD79095-11A1-4665-9FD6-1C74A067F2B1} - System32\Tasks\Ckercet Client => C:\Program Files (x86)\Chadtain\xgofient.exe
    HKU\S-1-5-21-597563572-1711046795-3921320828-1003\...\MountPoints2: {28bcba2d-0e87-11e7-9227-4ccc6a9660e7} - "E:\Lenovo_Suite.exe"
    HKU\S-1-5-21-597563572-1711046795-3921320828-1003\...\MountPoints2: {567c363d-0ed4-11e7-922f-021c0c7e3950} - "F:\Setup.exe"
    HKU\S-1-5-21-597563572-1711046795-3921320828-1003\...\MountPoints2: {567c3644-0ed4-11e7-922f-021c0c7e3950} - "G:\setup.exe"
    HKLM\...\Providers\ahtzgc6u: C:\Program Files (x86)\Ckercet Client\local64spl.dll [306688 2017-03-22] ()
    ShellExecuteHooks: No Name - {76A7F9FA-03AD-11E7-8196-64006A5CFC23} - C:\Users\Abu\AppData\Roaming\Zozspplahether\Wugirydriwersh.dll -> No File
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> No File
    HKU\S-1-5-21-597563572-1711046795-3921320828-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...PJqt5PSVjgn5JD1TfvWj28WNlpmsbZWVQfyYOZjIed&q={searchTerms}
    HKU\S-1-5-21-597563572-1711046795-3921320828-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://feed.snapdo.com/?p=mKO_AwFzXIpYRaHdGI...Eq6rt-O_k-2b9n57oySOYf9BQz2eKu75axeHMX9_ojCfc
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    2017-03-23 21:24 - 2017-03-23 21:24 - 00000000 ____D C:\Program Files\ahtzgc6u
    2017-03-23 21:08 - 2017-03-23 21:09 - 05659269 _____ (Swearware) C:\Users\Abu\Downloads\ComboFix.exe
    2017-03-22 08:00 - 2017-03-23 21:21 - 00000000 ____D C:\AdwCleaner
    2017-03-22 07:45 - 2017-03-22 07:45 - 00003734 _____ C:\Windows\System32\Tasks\{04EA7158-BFF8-4493-BC64-4E408D66C336}
    2017-03-22 07:43 - 2017-03-22 07:43 - 00006074 _____ C:\Windows\System32\Tasks\Ckercet Client
    2017-03-22 07:43 - 2017-03-22 07:43 - 00000000 ____D C:\Program Files (x86)\Ckercet Client
    2017-03-22 07:40 - 2017-03-22 07:49 - 00000000 ____D C:\Program Files (x86)\6bc2953c-ed12-4e58-9ec6-ce57222467781490164842
    2017-03-22 07:40 - 2017-03-22 07:40 - 00000000 ____D C:\Users\Abu\AppData\Roaming\Mozilla
    C:\Program Files (x86)\Chadtain\
    EmptyTemp:

    0
  • #3 23 Mar 2017 21:51
    virtuozos1q
    Poziom 2  

    Dzięki za szybką odpowiedz jednak po wykonaniu fixlist.txt oraz restarcie znowu pojawia sie zainstalowany BikaQ Rss oraz WinSnare. Jakiś pomysł?

    0