Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus, który uniemożliwia wpisanie "malwarebytes" w przeglądarce

abcd1337 26 Lip 2018 02:26 174 4
  • CControls
  • Pomocny post
    #2 26 Lip 2018 09:06
    Kolobos
    Spec od komputerów

    Nie uruchamiaj programow z cache przegladarki! ->
    (Farbar) C:\Users\polska\AppData\Local\Microsoft\Windows\INetCache\IE\CIJRSRDJ\FRST64[1].exe
    Zapisuj np. na pulpicie i dopiero uruchamiaj.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-941383810-3428670716-580500901-1002_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-163663212D50}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-941383810-3428670716-580500901-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\polska\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-941383810-3428670716-580500901-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\polska\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-941383810-3428670716-580500901-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\polska\AppData\Local\Microsoft\OneDrive\18.025.0204.0009\amd64\FileSyncShell64.dll => Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ContextMenuHandlers1_S-1-5-21-941383810-3428670716-580500901-1002: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku
    ContextMenuHandlers4_S-1-5-21-941383810-3428670716-580500901-1002: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku
    ContextMenuHandlers5_S-1-5-21-941383810-3428670716-580500901-1002: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku
    Task: {067A856B-9895-4E43-9FD1-4E69C86A8A75} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {2D33A374-4AF9-4F5A-BC26-767257DEDE8B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> Brak pliku <==== UWAGA
    Task: {3EC5B581-5D7A-48E6-B38F-586BF44FCFC6} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    Task: {467BE58B-1235-4AED-85F9-C8B18A7C6D71} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {610C8916-0ADF-425B-8FAB-F4BEBA525849} - System32\Tasks\{EA30CA57-3B57-4E83-AB46-5C6D9987AAAD} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.6.0.105/pl/go/help...ller?source=lightinstaller&LastError=1618
    Task: {62BF0986-F2C0-4C1F-871B-FDBE2134983C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {65B2ECFD-63CE-442C-981E-128011D42A57} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA




    Task: {82FDEA99-20A1-496E-BCCC-3C29F81DE94A} - System32\Tasks\Update Manager => C:\Users\polska\AppData\Roaming\Youtubers.Life.Early.Access.v0.8.2-ALI213\Upgrade.exe
    Task: {95139A62-FE6B-49B1-BA61-D062A0B97801} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {95982E3E-17D5-4928-9F67-5D056589675A} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
    Task: {A5B5D710-8249-4827-B27E-EB42E09D8BB8} - System32\Tasks\{66338D5E-F124-4B9D-9BAA-C38EF7C155F9} => c:\program files (x86)\opera\launcher.exe
    Task: {E9DCD9A7-DD4E-4491-961B-307C42D5682D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {F0D55187-5A8E-4D9B-BA03-F1BB2A88ABC3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {F1288F71-0C21-4948-A1E3-41556D924126} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {F254083F-A832-46E2-A333-611D185CF8CB} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {F89F0D2B-C860-495E-A007-BAD9E7E8D46E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    HKU\S-1-5-21-941383810-3428670716-580500901-1002\...\MountPoints2: {90be5070-27cd-11e8-bf5f-40167e8cc778} - "H:\Setup\rsrc\autorun.exe"
    HKU\S-1-5-21-941383810-3428670716-580500901-1002\...\MountPoints2: {93d2a197-173d-11e8-bf5a-40167e8cc778} - "H:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-941383810-3428670716-580500901-1002\...\MountPoints2: {afaf45c6-5c04-11e8-bf6d-40167e8cc778} - "F:\HiSuiteDownLoader.exe"
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-941383810-3428670716-580500901-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={7B43B097-5247-4CF8-9BBC-233953756EE4}&mid=a5e5b50fa40447cf9ca87592765f4ae1-f80d72f706e7c81ea1dfaf4ed6ca316e80361726&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516pi&pr=fr&d=2016-09-07 15:58:32&v=4.3.5.160&pid=wtu&sg=&sap=hpms}
    SearchScopes: HKU\S-1-5-21-941383810-3428670716-580500901-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7B43B097-5247-4CF8-9BBC-233953756EE4}&mid=a5e5b50fa40447cf9ca87592765f4ae1-f80d72f706e7c81ea1dfaf4ed6ca316e80361726&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516pi&pr=fr&d=2016-09-07 15:58:32&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO: Brak nazwy -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Brak pliku
    BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
    BHO-x32: Brak nazwy -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> Brak pliku
    CHR HomePage: Default -> search.mpc.am
    CHR HKU\S-1-5-21-941383810-3428670716-580500901-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    2018-07-26 01:30 - 2018-07-26 01:30 - 000099870 _____ C:\Users\polska\Downloads\Extras.Txt
    2018-07-25 20:39 - 2018-07-25 20:39 - 000000002 _____ C:\Users\polska\AppData\Local\imw.ini
    2017-09-29 15:42 - 2017-09-29 15:42 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\ONGQ.exe
    2017-09-29 15:42 - 2017-09-29 15:42 - 000174592 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\EgOy.exe
    2017-09-29 15:42 - 2017-09-29 15:42 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\pEyyUeDc.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • CControls
  • #3 26 Lip 2018 14:56
    abcd1337
    Poziom 2  

    Dzięki za pomoc. Wszystko już działa. Nowe logi wrzuciłem wyżej.

    0
  • #4 26 Lip 2018 15:01
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #5 27 Lip 2018 19:22
    RADU23
    Moderator - Komputery Serwis

    abcd1337 napisał:
    Nowe logi wrzuciłem wyżej.

    To ja tutaj widzę jeszcze do wykonania taki fixlist:
    Cytat:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-941383810-3428670716-580500901-1002 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-941383810-3428670716-580500901-1002 -> {szukaj.gazeta.pl} URL = hxxp://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms}
    FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [Brak pliku]
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [Brak pliku]
    CHR HKU\S-1-5-21-941383810-3428670716-580500901-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
    ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
    AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [488]
    HKU\S-1-5-21-941383810-3428670716-580500901-1002\Software\Classes\regfile: regedit.exe "%1" <==== UWAGA


    Po wykonaniu zamieść ponownie logi, tym razem normalnie w nowym poście.

    0