Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Wirus, który wyświetla reklamy i zamyka przeglądarke. Sprawdzenie logów FRST

1ZaReZ1 08 Wrz 2018 10:43 87 2
  • #1 08 Wrz 2018 10:43
    1ZaReZ1
    Poziom 2  

    Witam mam problem z wirusem który automatycznie odpala reklamy w nowej karcie oraz zamyka przegladarke po wpisaniu fraz związanych z programami typu ADWCleaner etc.

    Z góry dziękuje za pomoc i pozdrawiam.

    Logi FRST.

    0 2
  • Pomocny post
    #2 08 Wrz 2018 10:54
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {02A81387-CAB7-4F59-9436-F52A2221670B} - System32\Tasks\{4637D4E3-8D68-4F06-B550-89058074D7CA} => C:\Windows\system32\pcalua.exe -a C:\Users\KubaBuba\Downloads\dotNetFx35setup(1).exe -d C:\Users\KubaBuba\Downloads
    Task: {48898FCD-F013-4B34-A749-EE60F7E9D806} - System32\Tasks\{9D0285A9-D752-4F13-9FBC-20838DDFDA8A} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\TeamSpeak 3 Client\package_inst.exe" -d C:\Users\KubaBuba\AppData\Local\Temp -c "C:\Users\KubaBuba\AppData\Local\Temp\ClownfishVoiceChanger-v1.65.ts3_plugin" <==== UWAGA
    Task: {54C007C9-11B1-4C3C-B674-C339DB2CED98} - System32\Tasks\{6C8F3C68-FC3C-A710-676A-8D7AE429C901} => "C:\Program Files\Mozilla Firefox\firefox.exe" hxxp://nwcnewsforuk.com/cl/?guid=20bcrrzpeb7flyx7a5kfoe1di6tucfe4&prid=1&pid=4_1408_0
    Task: {55F9A8F0-0C78-4484-8E0C-73C9D76A25E2} - System32\Tasks\{6237C893-1C97-49D5-B1B3-47FBF6980F36} => C:\Windows\system32\pcalua.exe -a F:\SETUP.EXE -d F:\
    C:\Program Files (x86)\Common Files\ugsOei.exe
    C:\Users\KubaBuba\AppData\Roaming\eAvar.exe
    Task: {8182A29B-8797-4256-A51C-0FDE4C18ED90} - System32\Tasks\{1A107EF2-B15C-95F9-DB7F-A4002A3AD437} => C:\Program Files (x86)\Common Files\ugsOei.exe [2009-07-14] (Microsoft Corporation)
    Task: {81940D74-ADDD-4CB9-8584-677B1C7CE865} - System32\Tasks\{9B71E3E8-FCCC-BC23-BC1D-5C72B9127EAB} => C:\Users\KubaBuba\AppData\Roaming\eAvar.exe [2009-07-14] (Microsoft Corporation) <==== UWAGA
    Task: {A8AE0BC8-AE87-4C67-8D7D-F986E80346F0} - System32\Tasks\{C7A87094-147B-45B2-B5BF-9BC79AF7F281} => C:\Windows\system32\pcalua.exe -a C:\Win7_x64.exe -d C:\
    Task: {E6CE94B5-F5EB-4FC8-8B28-53387511530C} - System32\Tasks\{F2FACF37-D2A9-4628-B2F1-9767C1B6CA9C} => C:\Riot Games\League of Legends\LeagueClient.exe [2018-08-29] ()
    Task: {EED0C12B-C6FE-4FCE-9496-2D894EFB3220} - System32\Tasks\{C8F62C1C-84AB-4E46-A395-CEE105BF1E58} => C:\Windows\system32\pcalua.exe -a C:\Users\KubaBuba\Downloads\TheVulcanoQuestPL.exe -d C:\Users\KubaBuba\Downloads
    Task: {F11E26CB-515E-4F58-BC86-0F690BE3A51F} - System32\Tasks\{5163DAB2-58B0-4A40-82FB-3F7DFA3EA092} => C:\Windows\system32\pcalua.exe -a D:\Drivers\E534A\Win7_x64.exe -d D:\Drivers\E534A
    HKU\S-1-5-21-2593294678-4074417021-530637614-1000\...\MountPoints2: {2992d1a4-6402-11e8-81e4-fcaa142401f2} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2593294678-4074417021-530637614-1000\...\MountPoints2: {2992d1aa-6402-11e8-81e4-fcaa142401f2} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2593294678-4074417021-530637614-1000\...\MountPoints2: {2992d1b0-6402-11e8-81e4-fcaa142401f2} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2593294678-4074417021-530637614-1000\...\MountPoints2: {97cd3d39-a9cd-11e8-a2f1-fcaa142401f2} - E:\HiSuiteDownLoader.exe




    HKU\S-1-5-21-2593294678-4074417021-530637614-1000\...\MountPoints2: {ed0df4f5-20df-11e7-a655-fcaa142401f2} - E:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2593294678-4074417021-530637614-1000\...\MountPoints2: {f503ee2f-e6c5-11e6-a7ea-fcaa142401f2} - G:\setup.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    CHR HKU\S-1-5-21-2593294678-4074417021-530637614-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
    U3 aswbdisk; Brak ImagePath
    S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]
    S3 cpuz144; \??\C:\Windows\temp\cpuz144\cpuz144_x64.sys [X]
    S3 dump_wmimmc; \??\C:\Program Files (x86)\Metin2\GameGuard\dump_wmimmc.sys [X]
    2018-09-05 18:29 - 2018-09-05 18:29 - 000003730 _____ C:\Windows\System32\Tasks\{6C8F3C68-FC3C-A710-676A-8D7AE429C901}
    2018-09-05 18:29 - 2018-09-05 18:29 - 000003642 _____ C:\Windows\System32\Tasks\{9B71E3E8-FCCC-BC23-BC1D-5C72B9127EAB}
    2018-09-05 18:29 - 2018-09-05 18:29 - 000003448 _____ C:\Windows\System32\Tasks\{1A107EF2-B15C-95F9-DB7F-A4002A3AD437}
    2018-09-05 18:29 - 2018-09-05 18:29 - 000000002 _____ C:\Users\KubaBuba\AppData\Local\imw.ini
    2017-09-26 18:50 - 2017-07-11 13:41 - 000365248 _____ (COMODO) C:\ProgramData\cmdres.dll
    2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\ugsOei.exe
    2009-07-14 03:14 - 2009-07-14 03:14 - 000073216 ____N (Microsoft Corporation) C:\Users\KubaBuba\AppData\Roaming\eAvar.exe
    2018-09-05 18:29 - 2018-09-05 18:29 - 000000002 _____ () C:\Users\KubaBuba\AppData\Local\imw.ini
    C:\Windows\SysWOW64\lastpass_1337.exe

    Po wykonaniu usun katalog C:\FRST.

    Na przyszlosc uwazaj co robisz i nie sciagaj zainfekowanych gier!

    0
  • #3 08 Wrz 2018 11:27
    1ZaReZ1
    Poziom 2  

    fixlist i program FRST

    0