Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Niechciane rozszerzenie w Google Chrome

AdeeXos 14 Lip 2017 11:49 462 4
  • CControls
  • #2 14 Lip 2017 11:53
    Kolobos
    Spec od komputerów

    Zamiesc wymagane logi z FRST w zalaczniku!

    0
  • CControls
  • #3 14 Lip 2017 11:59
    AdeeXos
    Poziom 2  

    Proszę bardzo, dodane!

    0
  • Pomocny post
    #4 14 Lip 2017 12:13
    Kolobos
    Spec od komputerów

    Programy pobieraj TYLKO z bezposrednich linkow, nie korzystac z menadzerow pobierania, ktore instaluja szkodliwe oprogramownie.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    HKU\S-1-5-21-194659487-693025534-1457267286-1000\...\ChromeHTML: -> "C:\Program Files (x86)\Easthas\Application\chrome.exe" "%1" <==== UWAGA
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Admin\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku
    ContextMenuHandlers01: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku
    ContextMenuHandlers04: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku
    Task: {0504B67A-7C1D-4583-AB74-ABDD959647A4} - System32\Tasks\{48969CD8-3D10-4F4C-8335-D4E8C8ECBDDA} => C:\Program Files (x86)\Devilboy\The Amazing Spider-Man 2\ASM2Launcher.exe
    Task: {20C4610C-D617-4154-975C-5963130D73EE} - System32\Tasks\{227AED17-2A5A-41C8-8860-84E5D9B1DDAF} => C:\Program Files\Rockstar Games\Grand Theft Auto V\scripts\GTAServer.exe
    Task: {2BA3058A-9D3D-4188-9FCB-991A59D44FDE} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2017-05-14] (Reimage®) <==== UWAGA
    Task: {2C646F28-1E96-4A07-9BD7-A2BCD41D3C6F} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe <==== UWAGA
    Task: {3028559E-68CE-4387-90D7-643230EF369D} - System32\Tasks\Anofotion Collector => C:\Program Files (x86)\Dumetain\bemition.exe
    Task: {334705FF-65E8-4307-8C12-7A96BEB2C43A} - System32\Tasks\UnregisterNonABICompliantCodeRange => C:\Program [Argument = Files (x86)\xdt9DA3\tms9DF1.bat] <==== UWAGA
    Task: {354CDBAE-B3AE-4D06-BCC2-782B1B8FF59F} - System32\Tasks\{AC9C47AA-4635-4DFE-AA27-3D366B2A0D7B} => Chrome.exe hxxp://www.skype.com/go/downloading?source=li...taller&ver=7.18.0.112&LastError=12029
    Task: {3CE2BCFB-A3A2-4359-ADF3-F2DFE595B193} - System32\Tasks\{F390F780-425C-4274-AEF3-B7885B177283} => C:\Users\Admin\Documents\MEGAsync Downloads\IGG-LEGO.MARVELs.Avengers.Deluxe.Edition.pdate.3.Incl.5DLCs\LEGOMARVELAvengers.exe




    Task: {5BA08670-3534-4F7C-947B-5593ACAC857E} - System32\Tasks\{A13F4E59-F1CC-453D-825F-9184C5C1218F} => Chrome.exe hxxp://www.skype.com/go/downloading?source=li...nstaller&ver=7.22.0.108&LastError=404
    Task: {651CFD44-807B-4DC8-B85F-87819D014C88} - System32\Tasks\{931871ED-4F61-4270-9994-F6E2AD0370B2} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/pl/abandoninstall?page=tsBing
    Task: {75572626-5A40-4869-AFEE-2A6DF125454A} - System32\Tasks\{C66F68FA-D2F0-47A3-859C-3AA5B497AE4B} => C:\Program Files (x86)\Devilboy\The Amazing Spider-Man 2\ASM2Launcher.exe
    Task: {7DADB1C0-BEAA-4352-96DC-75D2702A4F87} - System32\Tasks\InternetE => "" [Argument = http://howtobleases.xyz/kreps]
    Task: {7E575F7E-4ED5-4A92-9569-82C789169AB8} - System32\Tasks\{32647019-8139-4934-9E66-75468C56B3AE} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Just Cause\JCSetup.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Just Cause"
    Task: {86A8ECDF-EEB8-403D-B29C-EB4169A1F574} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe [2016-06-30] (Tencent) <==== UWAGA
    Task: {96D770B6-CDB3-4BF2-98B8-D0D4E37A5587} - System32\Tasks\{B8428914-4B9E-44AA-897C-FC989CFD6DE0} => Chrome.exe hxxp://www.skype.com/go/downloading?source=li...taller&ver=7.18.0.112&LastError=12029
    Task: {F3BB673E-E119-4541-B042-92138ACEC0A4} - System32\Tasks\{08FC70B2-3072-46F8-A4C5-D7ED554662CE} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/pl/abando...tall?source=lightinstaller&page=tsInstall
    Task: {F608314C-9B1D-4082-83D8-6F8243650B1C} - System32\Tasks\{BD9465C9-E1B7-46CC-9ADE-AD3BCAE70297} => C:\Program Files (x86)\Devilboy\The Amazing Spider-Man 2\ASM2Launcher.exe
    Task: {FD756907-08CF-4E92-93E6-304F5E4D97E3} - System32\Tasks\{16C1FB00-C67A-4D8E-AA54-34EE6C0DBD9C} => pcalua.exe -a "C:\Users\Admin\Desktop\Live For Speed 0.6 B + Unlocker\Live For Speed 0.6 B installer.exe" -d "C:\Users\Admin\Desktop\Live For Speed 0.6 B + Unlocker"
    ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"
    ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://www.mylucky123.com/?type=sc&ts=147...p;uid=ST1000DM003-1ER162_W4Y2XN42XXXXW4Y2XN42
    AlternateDataStreams: C:\ProgramData:NT [40]
    AlternateDataStreams: C:\ProgramData:NT2 [432]
    AlternateDataStreams: C:\Users\Admin:Heroes & Generals [38]
    AlternateDataStreams: C:\Users\All Users:NT [40]
    AlternateDataStreams: C:\Users\All Users:NT2 [432]
    AlternateDataStreams: C:\Users\Admin\Dane aplikacji:NT [40]
    AlternateDataStreams: C:\Users\Admin\Dane aplikacji:NT2 [432]
    AlternateDataStreams: C:\Users\Admin\AppData\Roaming:NT [40]
    AlternateDataStreams: C:\Users\Admin\AppData\Roaming:NT2 [432]
    AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
    AlternateDataStreams: C:\ProgramData\Application Data:NT2 [432]
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40]
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [432]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [432]
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    (Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-194659487-693025534-1457267286-1000\...\Run: [GoogleChromeAutoLaunch_A63FB945B80F00CC4E269D3E86FA1712] => "C:\Program Files (x86)\Bossseed\Application\chrome.exe" --no-startup-window /prefetch:5
    HKU\S-1-5-21-194659487-693025534-1457267286-1000\...\Run: [SteamServerBrowser] => C:\Gry\Counter-Strike 1.6 v43\SteamServerBrowser\SteamServerBrowser.exe [206848 2017-01-10] ()
    HKU\S-1-5-21-194659487-693025534-1457267286-1000\...\MountPoints2: {14f37985-607a-11e6-96fe-d0509985e866} - F:\setup.exe
    HKU\S-1-5-21-194659487-693025534-1457267286-1000\...\MountPoints2: {21ae6e03-cb3a-11e6-be50-d0509985e866} - F:\HiSuiteDownLoader.exe
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    ProxyServer: [S-1-5-21-194659487-693025534-1457267286-1000] => http=;ftp=;https=;
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...p;uid=ST1000DM003-1ER162_W4Y2XN42XXXXW4Y2XN42
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...T1000DM003-1ER162_W4Y2XN42XXXXW4Y2XN42&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...p;uid=ST1000DM003-1ER162_W4Y2XN42XXXXW4Y2XN42
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...T1000DM003-1ER162_W4Y2XN42XXXXW4Y2XN42&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-194659487-693025534-1457267286-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    HKU\S-1-5-21-194659487-693025534-1457267286-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hao.360.cn/?src=lm&ls=n4134a09b9b
    HKU\S-1-5-21-194659487-693025534-1457267286-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...T1000DM003-1ER162_W4Y2XN42XXXXW4Y2XN42&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...T1000DM003-1ER162_W4Y2XN42XXXXW4Y2XN42&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...T1000DM003-1ER162_W4Y2XN42XXXXW4Y2XN42&q={searchTerms}
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-194659487-693025534-1457267286-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-194659487-693025534-1457267286-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...T1000DM003-1ER162_W4Y2XN42XXXXW4Y2XN42&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-194659487-693025534-1457267286-1000 -> {67FB75BE-8275-4DD9-9C1E-4A8AC215AA6F} URL = hxxps://search.yahoo.com/search?fr=chr-greent...mp;ei=utf-8&ilc=12&type=435371&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-194659487-693025534-1457267286-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-194659487-693025534-1457267286-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B3EC9F696-42C2-458F-8C82-EEB99DB04C62%7D&gp=811041
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mylucky123.com/?type=sc&ts=147...p;uid=ST1000DM003-1ER162_W4Y2XN42XXXXW4Y2XN42
    FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\0plvqu0z.default\Profiles\0plvqu0z.default [nie znaleziono] <==== UWAGA
    FF NewTab: Mozilla\Firefox\Profiles\0plvqu0z.default -> hxxp://www.trotux.com/?z=b0932673857fd1905506...DM003-1ER162_W4Y2XN42XXXXW4Y2XN42&type=hp
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\0plvqu0z.default -> Поиск@Mail.Ru
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\0plvqu0z.default -> Поиск@Mail.Ru
    FF Keyword.URL: Mozilla\Firefox\Profiles\0plvqu0z.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7BE1...-8957-48A1-ADDA-5E9F4DBBFF73%7D&gp=811041
    FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0plvqu0z.default\Extensions\homepage@mail.ru [2016-11-15]
    FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0plvqu0z.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-11-15]
    FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0plvqu0z.default\searchplugins\bph0lrmv.xml [2016-09-09]
    FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0plvqu0z.default\searchplugins\mailru.xml [2016-11-15]
    CHR Extension: (Сookies Control) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkpefbllpconnkfpdgagkifmflckkdp [2017-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [8515952 2017-05-14] (Reimage®)
    2017-07-14 10:53 - 2017-07-14 10:53 - 01482663 _____ (Setitefus ) C:\Users\Admin\Downloads\CCleaner-13061-AsystentPobierania_2340681738.exe
    2017-07-14 10:30 - 2017-07-14 10:30 - 00003446 _____ C:\Windows\System32\Tasks\Reimage Reminder
    2017-07-14 10:29 - 2017-07-14 10:42 - 00000000 ____D C:\Program Files\Reimage
    2017-07-14 10:29 - 2017-07-14 10:30 - 00000000 ____D C:\ProgramData\Reimage Protector
    2017-07-14 10:29 - 2017-07-14 10:29 - 00004286 _____ C:\Windows\System32\Tasks\ReimageUpdater
    2017-07-14 10:29 - 2017-07-14 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2017-07-14 10:28 - 2017-07-14 10:30 - 00000140 _____ C:\Windows\Reimage.ini
    2017-07-14 10:28 - 2017-07-14 10:28 - 00604928 _____ (Reimage) C:\Users\Admin\Downloads\ReimageRepair.exe
    2017-07-01 18:45 - 2017-07-01 18:45 - 01487248 _____ ( ) C:\Users\Admin\Downloads\Free-Mouse-Auto-Clicker-67780-AsystentPobierania_3025350685.exe
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #5 14 Lip 2017 12:22
    AdeeXos
    Poziom 2  

    Dziękuję bardzo za pomoc, problem naprawiony :)

    0