Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Zawirusowany Chrome, logi z FRST

LoboTaker2 21 Cze 2017 14:52 348 1
  • #1 21 Cze 2017 14:52
    LoboTaker2
    Poziom 1  

    Witam, bardzo proszę o pomoc w przeanalizowaniu logów z FRST pod kątem usunięcia z Chrome wtyczki Cookies ON OFF która blokuje dostęp do wielu rzeczy, z góry bardzo dziękuje za pomoc

    0 1
  • #2 21 Cze 2017 15:33
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    Task: {1A48AAD2-7F02-45AF-BF05-61D6B9D81683} - System32\Tasks\{652EE0A9-C45E-4646-BB44-8729087FEB0A} => pcalua.exe -a C:\Users\Ada\Downloads\lide60vst6411111a_64pl\SetupSG.exe -d C:\Users\Ada\Downloads\lide60vst6411111a_64pl
    Task: {26FFE25E-E3BB-4118-B47E-D99140A48069} - System32\Tasks\{E8102C72-CB60-4597-8797-B4119387EAED} => pcalua.exe -a C:\Users\Ada\Downloads\dotnetfx30SP1setup.exe -d C:\Users\Ada\Downloads
    Task: {3CF4A858-CD9D-41F6-AEFC-970B54ED36A0} - System32\Tasks\Driver Booster SkipUAC (Ada) => C:\Program Files (x86)\IObit\Driver Booster\4.0.3\DriverBooster.exe
    Task: {46317EAD-FED2-4B48-911D-4C1895DC282A} - System32\Tasks\{A9C1911D-BCD6-4F40-80C2-23D2A7F8FCD6} => pcalua.exe -a C:\Users\Ada\Downloads\dotnetfx35.exe -d C:\Users\Ada\Downloads
    Task: {4D55C950-8802-49CE-9972-AA9715AE6888} - System32\Tasks\{BA9367FC-10AE-45B5-A83F-6203E60979A5} => C:\Users\Ada\Downloads\lide60vst6411111a_64en\SetupSG.exe
    Task: {53404E37-A8B4-40BB-9A34-500505510CB5} - System32\Tasks\{506F30E0-6FC3-439A-86F2-89DC578B588D} => C:\Users\Ada\Downloads\lide60vst6411111a_64en\SetupSG.exe
    Task: {8CC5C2FC-7D63-4D24-B289-BC88B9356227} - System32\Tasks\{0E11FAEC-3D7E-40EE-86E8-10089808A8F1} => pcalua.exe -a C:\Users\Ada\Downloads\lide60vst6411111a_64en\SetupSG.exe -d C:\Users\Ada\Downloads\lide60vst6411111a_64en
    Task: {972E6565-4963-4D1E-A957-668E3598AF76} - System32\Tasks\{517289EF-55BB-4DFF-B3D5-C56A6B84DBDC} => pcalua.exe -a C:\Users\Ada\Downloads\Win7_Win8_Win81_Win10_R279.exe -d C:\Users\Ada\Downloads
    Task: {A812D1C1-E5CC-474A-A028-890968DE1F79} - System32\Tasks\{0997C55C-20D6-48E9-97E9-969577635AEB} => pcalua.exe -a C:\Users\Ada\Downloads\dotnetfx3.exe -d C:\Users\Ada\Downloads
    Task: {B5D27FA5-F468-4E69-B924-957DBC6B428F} - System32\Tasks\{8063776C-4B0B-44F8-9882-DADEE2AA1E91} => pcalua.exe -a C:\Users\Ada\Downloads\dotnetfx(dobreprogramy.pl).exe -d C:\Users\Ada\Downloads
    Task: {B7B8A534-E354-4622-B7A8-322F9C9B6CA6} - System32\Tasks\{5EAFD0F4-E34E-44FA-8F85-7EBF7E3FB33A} => pcalua.exe -a "C:\Users\Ada\Downloads\dotNetFx35setup (1).exe" -d C:\Users\Ada\Downloads
    Task: {E0CE2835-9727-492A-8095-F2AD6C97E284} - System32\Tasks\{2FFC1AE9-FC16-4CE0-AB99-F9991D42B29F} => pcalua.exe -a C:\Users\Ada\Downloads\NetFx20SP2_ia64.exe -d C:\Users\Ada\Downloads
    Task: {EC913C11-160D-4ED4-9AB1-59747B32D6C1} - System32\Tasks\{15376639-BF06-4F2B-AFAE-04A61CA28366} => pcalua.exe -a C:\Users\Ada\Downloads\lide60vst11110a_xppl\SetupSG.exe -d C:\Users\Ada\Downloads\lide60vst11110a_xppl
    ShortcutWithArgument: C:\Users\Ada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=qTxQHKjchxx8XWlTe...e9zRiuJK7IagbpdrJ915H%2FwNQWKABCQFRIpLw%3D%3D




    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=qTxQHKjchxx8XWlTe...e9zRiuJK7IagbpdrJ915H%2FwNQWKABCQFRIpLw%3D%3D
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-3687799069-866016709-1559646174-1001\...\MountPoints2: E - E:\AutoRun.exe
    HKU\S-1-5-21-3687799069-866016709-1559646174-1001\...\MountPoints2: {3301e370-50e7-11e6-846f-806e6f6e6963} - E:\AutoRun.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...cieWLTphjWz2QbW_OCBUEBdTgZr5BqCgG7vnnVYEbrg,,,,
    CHR Extension: (Cookies On-Off) - C:\Users\Ada\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceidjjhomnclmfgflmjaomohekdgdgb [2017-06-20]
    CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0