Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Coś zamyka przeglądarke po wpisaniu hasła malwarebytes oraz wyświetla reklamy

bready19 07 Lip 2018 13:28 255 3
  • #1 07 Lip 2018 13:28
    bready19
    Poziom 2  

    Witam,

    Od około tygodnia mam następujące objawy na laptopie: wyświetlanie reklam, zamykanie przeglądarki po wpisaniu hasła trojan, malwarebytes itp.
    Program 360 TS wykrywa co jakiś czas jakiś plik unzip.exe, jednak nie potrafi go skutecznie usunąć. Prawdopodobnie wirus dostał się przez torrenta.

    Załączam logi z FRST.

    0 3
  • Pomocny post
    #2 07 Lip 2018 13:56
    dt1
    Moderator - Komputery Serwis

    Witaj,
    fixlist.txt dla Ciebie:

    Code:
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\Run: [BingSvc] => C:\Users\Patryk\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {29dc23d6-c886-11e6-83ea-1008b1d8c868} - "G:\setup.exe"
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {306c9193-8e37-11e7-87cf-1008b1d8c868} - "F:\stp-fm2017.exe"
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {5269de7b-8aa5-11e7-87bf-1008b1d8c868} - "F:\setup.exe"
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {618e5372-042d-11e7-8518-1008b1d8c868} - "F:\setup.exe"
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {69ceecb1-4787-11e6-8274-1008b1d8c868} - "F:\AutoRun.exe"
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {7be4d56a-64c1-11e8-8b0f-f0761c6b6e32} - "F:\setup.exe"
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {808523b3-58eb-11e7-870e-1008b1d8c868} - "F:\AutoRun.exe"
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {808523cd-58eb-11e7-870e-1008b1d8c868} - "F:\AutoRun.exe"
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {ab29851d-8194-11e7-879c-1008b1d8c868} - "F:\setup.exe"
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {c0f5a540-8e34-11e7-87ce-1008b1d8c868} - "F:\stp-fm2017.exe"
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {ddd15f64-805e-11e7-8797-1008b1d8c868} - "F:\setup.exe"
    HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\...\MountPoints2: {e3eff420-2050-11e6-826f-1008b1d8c868} - "F:\LG_PC_Programs.exe"
    CHR HKU\S-1-5-21-1554955662-3308273061-3184802696-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
    S2 ReiBootAdService; C:\Program Files (x86)\Tenorshare ReiBoot\AdService.exe [X]
    S2 WsDrvInst; C:\Program Files (x86)\iph\Library\DriverInstaller\DriverInstall.exe [X]
    S3 AndnetBus; \SystemRoot\System32\drivers\lgandnetbus64.sys [X]
    U3 aswbdisk; Brak ImagePath
    2018-07-07 13:01 - 2018-01-02 23:11 - 000000000 ____D C:\ProgramData\IObit




    2018-07-07 12:53 - 2014-12-24 05:24 - 000000000 ____D C:\ProgramData\Temp
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} =>  -> Brak pliku
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
    Task: {083C8AD6-1861-4236-830E-ADA0D117309C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {12259743-E0B0-41FF-BDEB-98E330180562} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-07-01] (AVAST Software)
    Task: {1EC548F2-BBFE-4901-823D-39CEF2A98325} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-06-29] (Microsoft Corporation)
    Task: {2E38A469-5C45-4B0A-AABE-AA3CCBAE5612} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-06-26] (AVG Technologies CZ, s.r.o.)
    Task: {3B1E7048-5DA0-4BB5-BC40-B1023DD680E1} - \WPD\SqmUpload_S-1-5-21-1554955662-3308273061-3184802696-1001 -> Brak pliku <==== UWAGA
    Task: {461F5AEA-261D-4F2A-8FD2-09DAC249034C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {64E329FE-50F4-4178-A2A4-F381D9279E56} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {72F4EA5B-A5A7-4CB1-B5EC-4A091530AC54} - \{0DB8E4FF-25DC-D78E-6BB4-77178C2AC8CE} -> Brak pliku <==== UWAGA
    Task: {7FB84E2B-662C-4981-96A2-5E3F30CC068E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
    Task: {94905507-1A27-4A99-A1E8-829F15909F88} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-06-29] (Microsoft Corporation)
    Task: {B922CAC8-EB46-4D5B-B367-FC94AA167EAC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {D3DEF37F-7C16-4915-838C-3BCCA9E72C0B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
    Task: {DF0F0685-6639-4428-9CD4-76DBFB2A07BA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {EF31B1E0-21DA-4B1D-8ED0-962834CF3038} - \{FDE5F788-8C9A-26AF-FE74-A38DD4C021E0} -> Brak pliku <==== UWAGA
    FirewallRules: [{CDBD36EC-0C06-47DE-A5C6-DF8BDC2CA3FB}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
    FirewallRules: [{06E54593-70E4-4A87-8944-DCAF09B65EC9}] => (Allow) C:\WINDOWS\SysWOW64\EeHSISeqDoA.exe
    FirewallRules: [{D7B13838-99C8-45E2-9A3B-CCE255BCC6DC}] => (Allow) C:\Users\Patryk\OeKuYvtAY.exe
    FirewallRules: [{10254B38-9B37-4DEA-98DB-649439C76B37}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{59D3BA6C-71CA-4BB0-9739-33F046CCE325}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{6C1320CE-F918-4C49-8229-03C398AECFCB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{4FB15314-F3A5-4AD2-8F34-76B632B8D1A3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{8274776E-8D4E-499C-BE61-EA3A71A5DA86}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{A631986D-CE06-49CF-8B17-CE2430398992}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{007B0881-2937-4FA0-88D9-AB6B4F633E76}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{725AC49F-118D-41F4-96F2-D48C86D29066}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{31744656-138F-4943-8757-F0E94C78245A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{DDFCDA2B-259F-4F79-B3BF-A25018D60564}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{BBA4F178-4B21-4047-B16E-41ACB5C641A0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{1A5EEFA2-C52F-4F71-B13F-D3CE4C7F2A3B}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
    FirewallRules: [{54B0161A-0F87-4E35-B78D-84AC0D49AAB6}] => (Allow) C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe
    FirewallRules: [{84074C9A-4695-4928-B8DF-B0F8718370C4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{844DD3FF-096F-4B66-8892-BAD9C011ABF0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{3311990C-460D-48C4-B34E-DF74466DF901}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{A5F7BF22-88D1-4334-B095-9E7298D0B532}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C1FECAC7-BE50-4233-AB85-7FA8F42D4E8D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{94C619B5-0844-4BD6-93D2-37EFD1E169A0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{0898DFEE-BE83-47C8-BA5F-9BA589E602B1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{9C87DEEA-2A46-4BD1-A06F-860D2D9BEAF9}] => (Allow) C:\Program Files (x86)\Avast\AvEmUpdate.exe
    FirewallRules: [{251E6F08-3616-4453-8CEB-EF09A10972B6}] => (Allow) C:\Program Files (x86)\Avast\AvEmUpdate.exe
    FirewallRules: [{9D80ADE5-A797-471E-BE43-C976F98C264F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{09893777-964B-476E-8FD3-1B858E6E79CE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C06AA66E-D680-42B5-AC17-EBE974398429}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{4DBB7E42-CD4A-4BDC-BBB5-7A6CB62614B3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{55630CC1-3949-40CF-9696-3AF5FCDD9C45}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{F9A67DB3-8FE8-4B64-83DF-77DC46BD7EF4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{3BCA7AEB-70F9-4B5E-942B-789AE55B3146}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C451DC8F-69C8-40AE-B626-6DCA21EE80D4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{6E00877A-07CE-44BF-BCEA-A500F3AB629B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{38C891E7-2E24-4F3D-92B7-2B1DC1092C7C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C7D5A82A-D60E-45E0-8629-43A4753CE6D0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{9CF281D7-76AD-424C-B070-F1E1CDE43125}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{7C6CB409-6356-4F46-920C-D1F84AB82AAF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{AC431048-4FC3-473C-A54A-24DBFBBED7D3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{632FBD83-738F-4195-81D4-413CAE4160AE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{8175D27E-8E3F-4586-94D1-B8B471DA1E34}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{F6D2D3DA-B5EF-4A8C-8B3C-CDDBAC07D853}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{BFFE2C7B-DE5D-4010-906C-A377665B1367}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{7C0D0899-0A97-4302-8ED4-6A385BEF1BA4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{7EC24B1D-5442-45AE-81D9-F32EC1F7D8C1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{1BD5AB71-430A-4910-BEEB-80A18C94984F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{B5630E00-E1AC-4AE3-B8C5-2DB78F81A6CD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{58BA72AB-6104-4873-BFDF-F9FCF30ED926}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{16F46FB8-96D2-4348-8455-946B5F66F7EA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{3A0F6C4C-0D52-4185-995F-02EA24391F3B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{9D642705-E41D-4A94-A28D-FD0B32116741}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{ED470E85-BA9E-429B-B46E-5F3CBE8A1590}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{CC55E6A6-CE83-4829-81C5-6E632348478F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{7C849BC9-85C4-43F2-AE36-39E21D068442}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{EFC9E9AF-01E5-426A-87CE-D5F219E9C747}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    EmptyTemp:

    0
  • #3 07 Lip 2018 14:29
    bready19
    Poziom 2  

    Wszystko wróciło do normy, Dziękuję za pomoc :)

    0
  • #4 07 Lip 2018 15:00
    safbot1st
    Poziom 43  

    Usuń C:\FRST i to wszystko.

    0