Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Szkodliwe oprogramowanie (dziwne reklamy itp.)

Rickos220 02 Gru 2017 12:29 216 3
  • #1 02 Gru 2017 12:29
    Rickos220
    Poziom 5  

    Witam, mam problem ze złośliwym programami i dziwnymi reklamami w Chrome na komputerze. Przeskanowałem go przy pomocy Malwarebytes Anti-Malware i Adwcleaner, ale nie pomogło. :cry:
    Załączam pliki ze skanu FRST.
    Z góry dzięki. :)

    0 3
  • Pomocny post
    #2 02 Gru 2017 12:41
    Kolobos
    Spec od komputerów

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie.

    Wykonaj Fixlist.txt dla FRST:
    CustomCLSID: HKU\S-1-5-21-1997593485-580226111-402908437-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\WINDOWS\system32\igfxEM.exe" => Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Brak pliku
    ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku
    ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku
    ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> Brak pliku
    Task: {3509AC8B-B6AA-4805-ADB9-D4BBEADD7C0E} - System32\Tasks\{68D918CD-6EF7-F11F-A63A-15EA0474BF03} => C:\Users\Kamil\AppData\Roaming\{68D91~1\SYNHEL~1 [Argument = /Check] <==== UWAGA
    Task: {7EBF694D-5765-4BE3-A4F3-357CBF8E1B6B} - System32\Tasks\{FDFF708E-D54C-4B4B-B90A-D865C6499B1C} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe" -c /InstallType:MACHINE
    Task: {9917AE07-A5DE-4369-BE61-0971F6C50D4F} - System32\Tasks\{E892A98A-F323-4FBA-94FA-F3373B70DE53} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Kamil\Desktop\EET-master\setup-EET.exe -d C:\Users\Kamil\Desktop\EET-master
    Task: {D5E68B1E-C95F-4A63-9D6D-82E1425ACD42} - System32\Tasks\{09C9BA91-0235-4D8F-BD07-79F75E31C754} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe" -c --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{31390329-FFF0-11E4-85AD-AF2C4143F080}"
    Task: C:\WINDOWS\Tasks\{68D918CD-6EF7-F11F-A63A-15EA0474BF03}.job => C:\Users\Kamil\AppData\Roaming\{68D91~1\SYNHEL~1/Checkpckamil\Kamil0)֠< <==== UWAGA
    C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Боковая панель - Комета\Панель запуска.lnk
    Shortcut: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Боковая панель - Комета\Панель запуска.lnk -> C:\Users\Kamil\AppData\Local\Kometa\Panel\KometaLaunchPanel.exe (Brak pliku) <==== Cyrillic




    C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Боковая панель - Комета\Удалить панель запуска.lnk
    Shortcut: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Боковая панель - Комета\Удалить панель запуска.lnk -> C:\Users\Kamil\AppData\Local\Kometa\Panel\1.0.0.775\panelremove.exe (Brak pliku) <==== Cyrillic
    HKLM\...\Command Processor: C:\Windows <==== UWAGA
    HKU\S-1-5-21-1997593485-580226111-402908437-1001\...\MountPoints2: {c29daa57-299d-11e6-829f-d050995af6f2} - "I:\setup.exe"
    HKU\S-1-5-21-1997593485-580226111-402908437-1001\...\MountPoints2: {c7cdfa76-e58a-11e5-8297-d050995af6f2} - "G:\setup.exe"
    Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PUSH Wallpaper.lnk [2016-11-11]
    ShortcutTarget: PUSH Wallpaper.lnk -> C:\Program Files\PUSH Entertainment\Video Wallpaper\pushvideowallpaper.exe (Brak pliku)
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    Tcpip\..\Interfaces\{A2262170-FA72-404D-90A7-700E8983C469}: [DhcpNameServer] 7.254.254.254
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-1997593485-580226111-402908437-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-1997593485-580226111-402908437-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\.DEFAULT -> DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
    SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
    FF Homepage: Mozilla\Firefox\Profiles\anq1nfgr.default -> hxxp://mail.ru/cnt/10445?gp=832415
    FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\anq1nfgr.default\Extensions\homepage@mail.ru.xpi [2017-11-18]
    FF Extension: (Поиск@Mail.Ru) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\anq1nfgr.default\Extensions\search@mail.ru.xpi [2017-11-18] [Przestarzałe]
    C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\anq1nfgr.default\Extensions\homepage@mail.ru.xpi
    C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\anq1nfgr.default\Extensions\search@mail.ru.xpi
    FF Extension: (QuickJava) - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\anq1nfgr.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-10-29] [Przestarzałe]
    CHR StartupUrls: Profile 2 -> "hxxps://www.google.pl/?gws_rd=cr&ei=iWzuUvLeLYrD4gT_3oHwDg","hxxp://www.yoursearching.com/?type=hp&ts=1453502541&z=6049c3da0206745796191afg2zaw5c4w6e5o6wbz8g&from=exp1&uid=st3250620as_6qe0r7x9xxxx6qe0r7x9","hxxp://mail.ru/cnt/10445?gp=832406","hxxps://www.google.com/"
    C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hljlcojjbmffoecdmhomhgfjhkllhknp
    CHR Extension: (Easy Timer) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hljlcojjbmffoecdmhomhgfjhkllhknp [2017-11-23]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    2017-11-18 17:39 - 2017-11-18 17:39 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Боковая панель - Комета
    2017-11-18 17:39 - 2017-11-18 17:39 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\curl
    2017-11-18 17:37 - 2017-11-18 17:39 - 000000000 ____D C:\AdwCleaner
    2017-11-18 17:32 - 2017-11-18 17:40 - 000000000 ____D C:\Users\Kamil\AppData\Roaming\MediaPlayerApplication
    2017-11-15 21:48 - 2017-11-15 21:49 - 000000000 ____D C:\Program Files (x86)\GUMDD89.tmp
    2017-11-09 16:41 - 2017-11-09 16:41 - 000000000 ____D C:\Program Files (x86)\GUM8B53.tmp
    2017-12-02 00:41 - 2016-07-06 18:41 - 000000282 _____ C:\WINDOWS\Tasks\{68D918CD-6EF7-F11F-A63A-15EA0474BF03}.job
    2016-07-06 23:50 - 2016-07-06 23:50 - 240397312 _____ () C:\Users\Kamil\AppData\Roaming\Launcher.dat
    2016-07-08 14:05 - 2016-07-17 18:31 - 000000316 _____ () C:\Users\Kamil\AppData\Roaming\redirect2.dat
    2016-07-06 23:50 - 2016-07-06 23:50 - 000000009 _____ () C:\Users\Kamil\AppData\Roaming\update.dat
    2016-07-06 23:51 - 2016-07-17 18:31 - 000000004 _____ () C:\Users\Kamil\AppData\Roaming\Microsoft\notaut.txt
    2016-07-17 20:22 - 2016-07-17 20:22 - 000000004 _____ () C:\Users\Kamil\AppData\Roaming\Microsoft\notautfbb.txt

    Po wykonaniu sprawdz czy jest ok, jezeli nie to zgraj zakladki z Chrome i usun katalog profilu przegladarki.

    0
  • #3 02 Gru 2017 14:06
    Rickos220
    Poziom 5  

    Dzięki za pomoc. Problem rozwiązany. :)
    Temat do zamknięcia.

    0
  • #4 02 Gru 2017 22:23
    RADU23
    Moderator - Komputery Serwis

    Usuń folder C:\FRST i to wszystko.
    Szkodliwe oprogramowanie (dziwne reklamy itp.)

    0