Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Log FRST -prośba .chromesearch.win

szamot8319 13 Gru 2017 13:51 210 6
  • Pomocny post
    #2 13 Gru 2017 14:11
    Kolobos
    Spec od komputerów

    Zmien Adobe Reader 9.1 na Foxit: http://ninite.com/foxit/

    Wykonaj Fixlist.txt dla FRST:
    Task: {17BAD323-A095-4EDC-89A8-1BC29C50AAAD} - \TuneUpUtilities_Task_BkGndMaintenance2013 -> Brak pliku <==== UWAGA
    Task: {2A1B9B2E-BDD3-4976-8BD4-FAF74A828C3A} - \Microsoft_MKC_Logon_Task_itype.exe -> Brak pliku <==== UWAGA
    Task: {3C90BE6F-6328-4210-8DB9-C1285005F97F} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> Brak pliku <==== UWAGA
    Task: {6A87801F-D509-47EC-A686-508B0B42071C} - \Microsoft_Hardware_Launch_ipoint_exe -> Brak pliku <==== UWAGA
    Task: {6CED2CA4-C273-45CC-9D8F-5AA2F1DDEDCB} - System32\Tasks\Opera scheduled Autoupdate 1403001701 => C:\Program Files (x86)\Opera\launcher.exe [2017-11-23] (Opera Software)
    Task: {7D3357C4-B8A7-4A92-BD9D-52EBE2EDD0F4} - \Java Update Schedule -> Brak pliku <==== UWAGA
    Task: {B3004C69-E036-4A0B-8346-6144FD2ADA43} - \Microsoft_MKC_Logon_Task_ipoint.exe -> Brak pliku <==== UWAGA
    Task: {CB7D4B7E-EE4A-4ED4-81B1-52E8DD85E20E} - \Microsoft_Hardware_Launch_itype_exe -> Brak pliku <==== UWAGA
    Task: {DB555C50-CB3A-482C-BA74-1FCFE97442B1} - \SUPBackground -> Brak pliku <==== UWAGA
    Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> Brak pliku <==== UWAGA
    HKU\S-1-5-21-3059471005-3827207629-177107165-1001\...\Run: [DriverAgentPlusHelper] => C:\ProgramData\DriverAgentPlus\DriverAgentPlusHelper\DriverAgentPlusHelper.exe
    HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
    HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
    BootExecute: PCloudBroom64.exe \systemroot\system32\BroomData.bitautocheck autochk *
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    GroupPolicyScripts-x32: Ograniczenia <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    CHR HomePage: Profile 1 -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl
    CHR StartupUrls: Profile 1 -> "hxxp://mail.ru/cnt/10445?gp=811138"
    CHR NewTab: Profile 1 -> Not-active:"chrome-extension://honeoiacmpjnbchlccbcbogafdfjgnim/newtab.html", Not-active:"chrome-extension://dgldcllfgcheelimlbmilnkilnamlhbd/newtab.html"
    CHR DefaultSearchURL: Profile 1 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
    CHR DefaultSearchKeyword: Profile 1 -> bing.com
    C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    CHR Extension: (Brak nazwy) - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]




    CHR Extension: (Brak nazwy) - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
    C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
    C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
    CHR Extension: (Brak nazwy) - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
    C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apfkjncelobloojfkbmendgmfgnfmbla
    CHR Extension: (Check-Weather for Chrome) - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apfkjncelobloojfkbmendgmfgnfmbla [2017-12-13]
    C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccjleegmemocfpghkhpjmiccjcacackp
    CHR Extension: (Chrome Cleaner Pro) - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ccjleegmemocfpghkhpjmiccjcacackp [2017-12-13]
    C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk
    CHR Extension: (Adblock dla serwisu Youtube™) - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-12-07]
    C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd
    CHR Extension: (All-in-One Office - New Tab) - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dgldcllfgcheelimlbmilnkilnamlhbd [2017-12-13]
    C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\honeoiacmpjnbchlccbcbogafdfjgnim
    CHR Extension: (Cat Start - New Tab Page) - C:\Users\Daria\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\honeoiacmpjnbchlccbcbogafdfjgnim [2017-12-13]
    CHR HKU\S-1-5-21-3059471005-3827207629-177107165-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ccjleegmemocfpghkhpjmiccjcacackp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
    OPR Extension: (Super Radio) - C:\Users\Daria\AppData\Roaming\Opera Software\Opera Stable\Extensions\icpgdmbkannfhajbcinkekegjlcbcibl [2015-07-04]
    C:\Users\Daria\AppData\Roaming\Opera Software\Opera Stable\Extensions\icpgdmbkannfhajbcinkekegjlcbcibl
    S2 LDrvSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL)
    S2 LDrvSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== UWAGA (Brak ServiceDLL)
    U3 al0ia99p; C:\Windows\System32\Drivers\al0ia99p.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 cpuz138; \??\C:\Users\Daria\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== UWAGA
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    S3 DrvAgent64; \??\C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [X]
    S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
    2017-12-13 10:04 - 2017-12-13 10:04 - 019015091 _____ C:\Users\Daria\Downloads\RAR Password Unlocker 5.0.0.0 Crack - SceneDL.zip
    2017-12-10 19:44 - 2017-12-10 19:44 - 000581622 _____ ( ) C:\Users\Daria\Downloads\Rome_Medieval_Kingdoms.torrent.exe
    2017-12-03 12:38 - 2017-12-03 12:38 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
    2017-12-03 12:35 - 2017-12-03 12:37 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\Daria\Downloads\spybotsd-2.6.46.exe
    2017-12-03 11:50 - 2017-12-03 11:50 - 001618384 _____ (eSupport.com, Inc ) C:\Users\Daria\Downloads\drvagentrsplus-4187340365.exe
    2017-11-29 13:38 - 2017-11-29 13:38 - 001653404 _____ ( ) C:\Users\Daria\Downloads\downloader_for_Alcohol120_FE_2.0.3.9902_0246612405.exe
    2017-11-28 14:14 - 2017-11-28 14:14 - 009966089 _____ C:\Users\Daria\Downloads\Driver Booster 2.0.3 PL Serial do 2017r.rar
    2017-11-27 18:58 - 2017-11-27 18:58 - 000015275 _____ C:\ComboFix.txt
    2017-11-27 18:34 - 2017-11-27 18:58 - 000000000 ____D C:\ComboFix
    2017-11-27 18:34 - 2011-06-26 07:45 - 000256000 _____ C:\Windows\PEV.exe
    2017-11-27 18:34 - 2010-11-07 18:20 - 000208896 _____ C:\Windows\MBR.exe
    2017-11-27 18:34 - 2009-04-20 05:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2017-11-27 18:34 - 2000-08-31 01:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2017-11-27 18:34 - 2000-08-31 01:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2017-11-27 18:34 - 2000-08-31 01:00 - 000098816 _____ C:\Windows\sed.exe
    2017-11-27 18:34 - 2000-08-31 01:00 - 000080412 _____ C:\Windows\grep.exe
    2017-11-27 18:34 - 2000-08-31 01:00 - 000068096 _____ C:\Windows\zip.exe
    2017-11-27 18:32 - 2017-11-27 18:58 - 000000000 ____D C:\Qoobox
    2017-11-27 18:30 - 2017-11-27 18:31 - 005659763 ____R (Swearware) C:\Users\Daria\Downloads\ComboFix.exe
    2017-11-27 13:28 - 2017-12-13 13:19 - 000000000 ____D C:\AdwCleaner
    2016-01-08 13:09 - 2016-01-08 13:11 - 000000560 _____ () C:\Program Files (x86)\Global.sw
    2017-11-27 13:04 - 2009-07-14 02:14 - 000001124 _____ () C:\Users\Daria\AppData\Local\axrJBrMX
    2009-07-14 02:14 - 2009-07-14 02:14 - 000001124 _____ () C:\Users\Daria\AppData\Local\axrJBrMX.bat
    2017-11-27 13:04 - 2009-07-14 02:14 - 000000963 _____ () C:\Users\Daria\AppData\Local\dvvfMDW
    2009-07-14 02:14 - 2009-07-14 02:14 - 000000963 _____ () C:\Users\Daria\AppData\Local\dvvfMDW.bat
    2017-11-27 13:04 - 2009-07-14 02:14 - 000000067 _____ () C:\Users\Daria\AppData\Local\hnIvh
    2009-07-14 02:14 - 2009-07-14 02:14 - 000000067 _____ () C:\Users\Daria\AppData\Local\hnIvh.bat
    2014-06-25 17:54 - 2017-11-27 18:06 - 000007608 _____ () C:\Users\Daria\AppData\Local\Resmon.ResmonCfg
    2017-11-27 13:04 - 2009-07-14 02:14 - 000000066 _____ () C:\Users\Daria\AppData\Local\tmWcoKsBB
    2009-07-14 02:14 - 2009-07-14 02:14 - 000000066 _____ () C:\Users\Daria\AppData\Local\tmWcoKsBB.bat
    2017-11-27 13:04 - 2017-11-27 13:04 - 000000001 _____ () C:\Users\Daria\AppData\Local\WMI.ini

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    Nie uzywaj wiecej combofix, nie pobieraj programow przy pomocy menadzerow pobierania, nie mowiac juz o takich plikach:
    C:\Users\Daria\Downloads\Rome_Medieval_Kingdoms.torrent.exe

    0
  • Pomocny post
    #4 13 Gru 2017 17:38
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #5 13 Gru 2017 17:47
    szamot8319
    Poziom 3  

    Wielkie dzięki ,żadne anty malware nie dawały rady .MBAM dawał raport ,że strona szkodliwa i nie dało rady wyszukiwać. Co to był za szkodnik ,jeśli można?

    0
  • Pomocny post
    #6 13 Gru 2017 17:51
    Kolobos
    Spec od komputerów

    Ta infekcja blokuje modyfikacje ustawien chrome przy pomocy zasad grupy, wystarczy usunac wpis i mozna zmienic wyszukiwarke.

    0
  • #7 13 Gru 2017 18:32
    szamot8319
    Poziom 3  

    Dzięki pomocy kolegi Kolobos rozwiązałem problem z domyślna wyszukiwarką w Google Chrome. chromesearch.win nie dało się zmienić na inną wyszukiwarkę,nie radziły sobie MBAM,ADWCleaner ,Emisoft coś tam i kilka innych.

    0