Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Logi FRST, ciągle otwierające się nowe zakładki z reklamami

Marcin00712 06 Paź 2017 20:57 228 1
  • #2 06 Paź 2017 21:33
    Kolobos
    Spec od komputerów

    Zainfekowany router, wykonaj:
    https://www.elektroda.pl/rtvforum/topic2874173.html

    Nie uzywaj combofix.

    Fixlist.txt dla FRST:
    Task: {9033C5B4-7F5E-4B28-96BA-1F4712065ECB} - System32\Tasks\Opera scheduled Autoupdate 1507267774 => C:\Program Files\Opera\launcher.exe [2017-10-02] (Opera Software)
    Task: {9EDAD7F3-2153-433B-88E8-50A80B085984} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-08-19] (SlimWare Utilities, Inc.)
    Task: {AB58D4E3-ACB2-4518-9E7A-FF90C9823BE7} - System32\Tasks\{0354EEFB-1072-4AA8-AEAB-E09BDDA6500C} => C:\Riot Games\League of Legends\lol.launcher.exe
    Task: {D3BBB76C-3126-48EF-B68D-CFAE14587840} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-10-10] ()
    Task: {D6E1B9ED-EAFB-4F9E-A238-7EFCEE2DD503} - \GoogleUpdateTaskUserS-1-5-21-1392063857-4265473023-2983984777-500UA -> Brak pliku <==== UWAGA
    Task: {DAF40E8A-55C2-42E0-952E-4A696338388E} - \GoogleUpdateTaskUserS-1-5-21-1392063857-4265473023-2983984777-500Core -> Brak pliku <==== UWAGA
    Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> Brak pliku <==== UWAGA
    Task: {F7194D3E-E02F-40CE-8212-D76B9B9872F8} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - pc) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - pc).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
    HKU\S-1-5-21-1392063857-4265473023-2983984777-1000\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
    GroupPolicy: Ograniczenia <==== UWAGA
    Tcpip\Parameters: [DhcpNameServer] 185.162.9.197 8.8.4.4
    Tcpip\..\Interfaces\{CB88D898-EF8B-43AA-BF59-E98CD7576794}: [DhcpNameServer] 185.162.9.197 8.8.4.4
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => Brak pliku
    CHR Extension: (Brak nazwy) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-10-05]
    C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
    CHR HKU\S-1-5-21-1392063857-4265473023-2983984777-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    U0 aswVmm; Brak ImagePath
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2017-10-05 20:33 - 2017-10-05 21:13 - 000000000 ____D C:\ComboFix
    2017-10-05 20:33 - 2017-10-05 20:33 - 000000000 ____D C:\Qoobox
    2017-10-05 20:33 - 2011-06-26 08:45 - 000256000 _____ C:\Windows\PEV.exe
    2017-10-05 20:33 - 2010-11-07 19:20 - 000208896 _____ C:\Windows\MBR.exe
    2017-10-05 20:33 - 2009-04-20 06:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2017-10-05 20:33 - 2000-08-31 02:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2017-10-05 20:33 - 2000-08-31 02:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2017-10-05 20:33 - 2000-08-31 02:00 - 000098816 _____ C:\Windows\sed.exe
    2017-10-05 20:33 - 2000-08-31 02:00 - 000080412 _____ C:\Windows\grep.exe
    2017-10-05 20:33 - 2000-08-31 02:00 - 000068096 _____ C:\Windows\zip.exe
    2017-10-05 20:32 - 2017-10-05 20:32 - 000000000 ____D C:\Windows\erdnt
    2017-10-05 20:30 - 2017-10-05 20:32 - 005660147 ____R (Swearware) C:\Users\pc\Downloads\ComboFix.exe

    0