Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus w przegądarce wyświtla reklamy

wayover 11 Wrz 2018 13:26 108 6
  • #1 11 Wrz 2018 13:26
    wayover
    Poziom 2  

    Witam
    Od kilku dni mam problem z wirusem.
    Co jakiś czas przeglądarka sama się włącza z reklamami. Po wpisaniu np w google Malwarebytes każda przeglądarka się zamyka.
    Program Malwarebytes nie chce się uruchomić w normalnym trybie a w trybie awaryjnym nic nie wykrywa.
    Antywirus nic nie wykrywa, ale zaczęły pojawiać się pliki z hasłem i ukryte (jak widać w załączniku)
    Sprawdziłem tez wszystkie przeglądarki i w żadnej nie ma nieznanych rozszerzeń

    0 6
  • #3 11 Wrz 2018 15:35
    wayover
    Poziom 2  

    W poście załączyłem 2 pliki

    0
  • Pomocny post
    #4 11 Wrz 2018 16:26
    dt1
    Moderator - Komputery Serwis

    Fixlist dla Ciebie:

    Code:
    CloseProcesses:
    

    HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3932672 2018-07-06] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3932672 2018-07-06] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-21-1267392081-642404185-1957629773-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-08-24] (Piriform Ltd)
    HKU\S-1-5-21-1267392081-642404185-1957629773-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [3932672 2018-07-06] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3932672 2018-07-06] (Microsoft Corporation) <==== UWAGA
    GroupPolicy: Ograniczenia ? <==== UWAGA
    FF Extension: (AdBlock) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\z659qty4.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-07-26]
    FF Extension: (Firefox Monitor) - C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\z659qty4.default\features\{90b9014f-2d8f-42bd-affb-1c2774dc88e1}\fxmonitor@mozilla.org.xpi [2018-09-10]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku

    Task: {387D499A-A879-4187-8C27-80545800F04A} - System32\Tasks\{2B821CAE-636C-AA8E-34A1-7988204F0B01} => C:\Program Files (x86)\IoowQyGA.exe [2018-04-12] (Microsoft Corporation) <==== UWAGA
    Task: {39B43ABD-7384-4041-A9B8-56CA020FDB3F} - System32\Tasks\{D220ED9E-24ED-6763-F817-3D307ABF367F} => C:\Program Files (x86)\ayrCdipgd.exe [2018-04-12] (Microsoft Corporation) <==== UWAGA
    Task: {448334D0-15C0-4D95-A573-04BAEA8307E9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-08-24] (Piriform Ltd)
    Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
    Task: {85D30178-9262-4B70-AEFF-F494834EEFB3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-09-08] (Microsoft Corporation)
    Task: {97C84025-FA6B-44B1-8EFA-9E33832543CA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-09-08] (Microsoft Corporation)




    Task: {C7EE02EB-4667-4BF4-B83B-A506110FCF8E} - System32\Tasks\{25FEF3C4-C6EB-41B2-1FC7-9D4500F01F1E} => "C:\Program Files\Mozilla Firefox\firefox.exe" hxxp://addfleshitem.com/cl/?guid=b3qvxt18l7vyep2xqtzoqfuxs1lz4wl5&prid=1&pid=5_1301_40054
    Task: {E1A3016A-C4AB-4C9C-9E6C-919DF899930C} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    Task: {E2FD271E-0D8C-4DDC-8586-03D2788279C9} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-08-24] (Piriform Ltd)
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    AlternateDataStreams: C:\Users\Public\AppData:CSM [474]
    AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [484]

    FirewallRules: [{2FDBD423-C8C2-440C-A2A6-A6CAAAF5011B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{82124849-2714-4CFF-9A4A-CC90D029BB08}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{492A8B96-338C-4D71-870E-EA33963D18F0}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{F76679C5-4856-4FA8-AFED-CFB78FE04009}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{009A6901-6953-4828-B270-F0F603CD6F33}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{9CBFCE8D-C5E9-4392-8012-AAE27D6FD623}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{B5154DC0-5E67-4135-93C4-CFF6E7540866}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C56B9064-2DF7-4EB9-9390-4BE9D69180E9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{1872D92A-4ABF-47A2-82DD-9E1E6A41BF97}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{F97B8203-BFD0-431D-9EB1-6E3A2AB57565}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{CA32D732-4F48-4F8D-BBF0-CAEF56DBC26D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{E915B400-0F72-42DE-9A34-571753732A53}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{7AE5FD67-4E2B-45DC-91E4-7767230A0B9B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{3B7FC203-8090-4D49-B227-5CF0BE2C62E4}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{0232052C-6C30-4951-9241-4ACEF4FDB31A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{F49019F1-DCF1-4C9D-ABDD-E5C6A54DCF9E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{AA7DDFB4-C70F-4EA3-B1AF-CE86B2F58F48}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{64D57EA4-7A6D-4CC4-A2AC-B0082672316C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{17390AD3-0670-482D-AA1B-B59609A19842}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{03A2E325-15B4-4834-8F27-E3E5516541FD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{943C2808-723D-4524-B357-FC156B0855FF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{0738CA1E-69A0-4E45-8436-D3F0FEE5901F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{E3D843CB-32B0-4A5F-A67F-F9C24BBA3CFC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{8B5DF71B-8318-4028-9F9F-92DAB6E8BFD2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{A9173427-C752-43A2-9F43-BE191E41C270}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{D6309978-C1D8-47D7-B70A-F066F7370BA9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{81042357-178D-4E21-85A4-B6FA3A3E1AEF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{90D0D72A-F054-4F2D-BEDD-24006C1E55F3}] => (Allow) C:\Users\Lenovo\AppData\Local\EOIUiGn.exe
    FirewallRules: [{01F5847D-BE63-4490-90AC-8E0576E76E9E}] => (Allow) C:\Users\Lenovo\AppData\Roaming\KauDIeIEgxi.exe
    FirewallRules: [{792F5B00-BD2A-4774-BCF2-298157FA0F09}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{FC014031-0BEE-4E9C-9DA7-52D521217207}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{CB353D8F-1118-4F50-9F20-B508CFA220BE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{4117880F-42CD-452E-9F7E-6B316E461C0D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{995628BC-FF91-48AC-8BCB-E149E2B6F630}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{D531A650-F83B-4D1D-AB9A-D70DF3EED235}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{41664A8D-CC56-41D5-A126-9FB57AA2DA01}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{626156D8-73AB-4232-AAAF-2D5CB79930F6}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{03009599-3F0A-4807-B1B1-977ECBCD6408}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{EEB8F8C2-5EA3-448E-850F-789E310915AF}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{40C7227B-7AF4-48FA-A948-4FADEE0BFA72}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{D19B15AC-B9E3-4833-B747-0F2C5C6755E3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{8C788A7C-AB9E-4E7D-8E96-E03B8BB62A29}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C5A698C7-B687-41F3-BB25-1D9EBE4F3FC2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{3D63553F-7238-4B8A-A3F9-DB3401D96BC9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{726E6BFC-AB8A-4CF3-91D5-94C7B4A7B839}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{0C0BC831-E3DD-4E64-B443-8B14DB32AF1E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{DCEDB148-B689-470A-950A-C3CBACF7CE76}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{CB3C1479-777B-4CFD-88CC-B5FC2BEF6362}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{0B449F07-BB7A-4521-A07F-B4FE4D7A213A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{76ABBCD9-C2A4-4843-9EC9-F0B6D8D79598}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{2F8497A1-18E4-485E-BB19-F6010FB49352}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{21D25103-8FCD-4581-A846-21DCFBBC7785}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{B0BD86FE-BCB0-466A-9805-77AA3B4D436E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{30C9F1D0-00CB-4F6F-BD82-61F300826E4B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{98FC7781-43B9-48A0-AD4B-4D6B7E5E62E8}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{1EB91A44-B2D4-4964-83BB-CD29732985FE}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{4ACBA373-5403-4D8C-9F6F-4A9E4A62B1F1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{25AE9F15-0395-4468-95F7-BC73179AB773}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{99D48148-4239-41C9-8B2A-77D23889851E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{2BC9357A-079A-426B-BBC3-375B4464EADD}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C97B2F0F-1C5A-48F8-85C0-DEB40C9A3729}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{0825F7D0-5D27-4994-A581-B656B35C9012}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{57ACFA64-BD74-4A07-AB7B-2BA8A2878E75}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{83731204-A709-4E63-8AE0-43D19C08D50E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{BA93B13B-C3C6-49B0-BA77-2539DA71CFEC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{53B554F6-88A7-4B00-AE0B-8AA24F492174}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
    FirewallRules: [{1793B057-DBFB-4E0E-A227-D2F7D92A414A}] => (Allow) C:\Users\Lenovo\AppData\Roaming\mbEAEHSeWtk.exe
    FirewallRules: [{12A729DE-3357-4894-9B57-09704089650A}] => (Allow) C:\WINDOWS\SysWOW64\ECzuOPWqrdMB.exe
    FirewallRules: [{DF7EF266-7D7C-4F32-8C00-5C77C48F4513}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{1B8B7F76-1253-4656-BDC9-D06B630546FB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{838F21B5-0B68-4996-81F6-840A4489E85A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{EFA5679B-D701-464D-A2A0-AB3156CEB40B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{DE26433E-46CB-47CC-8C14-B29A1E4C4804}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{F94CDD05-D8C7-4BF3-B1D2-B22C833F7356}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{3B2D48BD-BE9F-448C-BF9A-F51572FAF2E2}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{5EB98C96-8F6C-4863-809D-EB2AC735F48A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{87360CE6-F0E2-46F4-938E-1AE57B7F5EAB}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{01C65EEA-15D1-41E7-8E3E-DE36F3539171}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{A82E9DC3-3A77-4ED1-9F80-7D5B86680280}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{A61374A4-DC0F-4C02-85F2-43E2341EC679}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{37749F09-D248-4423-BCCC-87EAB35C5C17}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{246C2E10-98C3-46F7-8D9E-30FA3DFC472C}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{601AA53C-99D9-4EAF-BC0D-A6FD0F16A3FE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{5EBC3AE1-97CC-4EC4-AE24-65D3ACE2BFB6}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
    FirewallRules: [{038BD29F-FE5A-4FAD-9B22-067923F04E3E}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
    FirewallRules: [{11846FF7-A87E-4E2E-ACCA-A2EB085BCD5A}] => (Allow) C:\Program Files (x86)\IoowQyGA.exe
    FirewallRules: [{3116957E-4F70-4131-8CFA-242F5CF5F06F}] => (Allow) C:\Program Files (x86)\ayrCdipgd.exe
    FirewallRules: [{9A3AB92C-1BB6-45F9-A549-98D25B4759F1}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{AF307E29-4571-42CA-867A-E1A4C9D6CADC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{255EC134-3B38-480D-AA19-C6ECA0AA01EC}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{04714FE2-4E46-43E0-917B-762A6711C47F}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{38A29B7B-5340-4E00-BF86-7C23A7FFBA33}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{8F3A9349-848F-4164-9AAF-A7739980F61E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{D2BEF3DE-81C8-4E1F-8814-1EB0CAFA92A9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{3DF0F95D-0880-44F0-9B91-06751C78FB30}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{64F590EC-6F74-4D6C-AE59-FBE241BC9F75}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{D2FE40F5-7509-41D1-913F-8D90B8970653}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{6AAEB7BB-843A-4130-9319-5AC0A432F30E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{A18120DC-9975-4C32-92B9-FC824088263D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{8368A1A6-47CE-4CD4-A420-4E35D857C235}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{94D3B2EE-2045-4335-8364-D1D8C9C3D093}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{47194AB3-1203-4C2B-99C4-ECE6B914790D}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{EBE37433-B841-4ABD-BD7B-5D51BD6D5C30}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{72B124C1-7D59-4472-B4AF-35754A2F3D3B}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{1F6981C8-73DE-4303-B3F7-2C8147B36736}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{C1BCB953-1C36-4DE6-91DA-9D7F95F4DDAA}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{2B498796-3335-440C-91AE-8BBDC42288F5}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{E6C3796C-25AC-4AFB-B2A8-6DDA2B18BE99}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{EF7CCB2B-12BA-47C2-9C4D-F1BE95FD4319}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{A7B135D4-8E35-4A1F-9B51-B1CA6A4A6CD7}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{D81F1199-FCB6-4865-AFC7-DEE13231F27E}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{BCF9F0E1-0285-4EA0-867A-EDEBD1D93E17}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{82625590-0DDE-4629-B699-6292D9E55302}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{D1F7C1FD-4C62-4BB8-AFC0-0798978128B3}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{05436FB9-4AB5-4B0B-8201-BB0B1AA05819}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{B00D7E9A-50EF-477B-8570-DA412669A77A}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{82593949-D395-496C-B25F-F13B170ED6E9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{FB297B6A-BD97-4364-9354-ABA879BEAAB9}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{748AB76E-4EEC-46E3-960C-5B4F1A188006}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{0DE105BC-C05D-4E35-86C7-18732C0DD736}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe
    FirewallRules: [{33E70F4E-51C9-4AA2-912B-A7DEA10F7E41}] => (Allow) C:\WINDOWS\SysWOW64\svchost.exe

    C:\Users\Lenovo\AppData\Local\*.exe
    C:\Users\Lenovo\AppData\Roaming\*.exe

    EmptyTemp:

    0
  • Pomocny post
    #5 11 Wrz 2018 16:32
    Kolobos
    Spec od komputerów

    Odinstaluj: CPUID CPU-Z 1.82.1

    Zmien
    FF Extension: (AdBlock)
    FF Extension: (Adblock Plus)
    Na uBlock Origin.

    Sprawdz plik C:\WINDOWS\SysWOW64\SearchIndexer.exe na jotti oraz virustotal i napisz czy cos wykryly.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    C:\Program Files (x86)\IoowQyGA.exe
    C:\Program Files (x86)\ayrCdipgd.exe
    Task: {387D499A-A879-4187-8C27-80545800F04A} - System32\Tasks\{2B821CAE-636C-AA8E-34A1-7988204F0B01} => C:\Program Files (x86)\IoowQyGA.exe [2018-04-12] (Microsoft Corporation) <==== UWAGA
    Task: {39B43ABD-7384-4041-A9B8-56CA020FDB3F} - System32\Tasks\{D220ED9E-24ED-6763-F817-3D307ABF367F} => C:\Program Files (x86)\ayrCdipgd.exe [2018-04-12] (Microsoft Corporation) <==== UWAGA
    Task: {B622D5D9-1C19-4607-9C84-8CE587CF8845} - System32\Tasks\Opera scheduled Autoupdate 1536136885 => C:\Program Files\Opera\launcher.exe [2018-09-06] (Opera Software)
    Task: {C7EE02EB-4667-4BF4-B83B-A506110FCF8E} - System32\Tasks\{25FEF3C4-C6EB-41B2-1FC7-9D4500F01F1E} => "C:\Program Files\Mozilla Firefox\firefox.exe" hxxp://addfleshitem.com/cl/?guid=b3qvxt18l7vy...oqfuxs1lz4wl5&prid=1&pid=5_1301_40054
    Task: {E1A3016A-C4AB-4C9C-9E6C-919DF899930C} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [3932672 2018-07-06] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [3932672 2018-07-06] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-21-1267392081-642404185-1957629773-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [3932672 2018-07-06] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [3932672 2018-07-06] (Microsoft Corporation) <==== UWAGA
    GroupPolicy: Ograniczenia ? <==== UWAGA
    FF user.js: detected! => C:\Users\Lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\z659qty4.default\user.js [2018-04-06]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    2018-09-09 18:25 - 2018-09-09 18:25 - 000003770 _____ C:\WINDOWS\System32\Tasks\{2B821CAE-636C-AA8E-34A1-7988204F0B01}
    2018-09-09 18:25 - 2018-09-09 18:25 - 000003572 _____ C:\WINDOWS\System32\Tasks\{D220ED9E-24ED-6763-F817-3D307ABF367F}
    2018-09-09 18:24 - 2018-09-09 18:24 - 000003894 _____ C:\WINDOWS\System32\Tasks\{25FEF3C4-C6EB-41B2-1FC7-9D4500F01F1E}
    2018-09-05 13:46 - 2018-09-09 18:25 - 000000002 _____ C:\Users\Lenovo\AppData\Local\imw.ini
    2018-09-05 10:41 - 2018-09-07 15:50 - 000004216 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1536136885
    2018-04-12 01:34 - 2018-04-12 01:34 - 000060416 ____N (Microsoft Corporation) C:\Program Files (x86)\ayrCdipgd.exe
    2018-04-12 01:34 - 2018-04-12 01:34 - 000060416 ____N (Microsoft Corporation) C:\Program Files (x86)\IoowQyGA.exe
    2018-04-12 01:34 - 2018-04-12 01:34 - 000178688 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\VUsoIhuuargA.exe
    2017-10-01 00:17 - 2017-10-01 00:17 - 000000779 _____ () C:\Users\Lenovo\AppData\Roaming\gdscan.log
    2018-04-12 01:34 - 2018-04-12 01:34 - 000060416 ____N (Microsoft Corporation) C:\Users\Lenovo\AppData\Roaming\mbEAEHSeWtk.exe
    2017-09-29 15:42 - 2017-09-29 15:42 - 000174592 _____ (Microsoft Corporation) C:\Users\Lenovo\AppData\Local\ERUeFUjgDyy.exe
    2018-09-05 13:46 - 2018-09-09 18:25 - 000000002 _____ () C:\Users\Lenovo\AppData\Local\imw.ini
    2018-05-11 01:18 - 2018-05-11 01:18 - 000000002 _____ () C:\Users\Lenovo\AppData\Local\WMI.ini

    Po wykonaniu zrob skan przy pomocy mbam i usun to co wykryje.

    0
  • #6 11 Wrz 2018 17:36
    wayover
    Poziom 2  

    Problem zniknął po usunięciu adblocka i cpuid cpu-z.
    z fixlistem chodzi o to żeby zrobić plik fixlist.txt i w FRST włączyć "napraw" ?
    Jeżeli tak to po scanie nic nie wyszło.

    Czyli problem był w adblocku i cpu-z ?

    0
  • #7 11 Wrz 2018 18:02
    Kolobos
    Spec od komputerów

    Nie mialo w ogole zwiazku z adblockiem ani cpu-z. Pobrales zainfekowana gre z torrentow (Two Point Hospital?) i po uruchomieniu zainfekowales system.

    > z fixlistem chodzi o to żeby zrobić plik fixlist.txt i w FRST włączyć "napraw" ?

    Nie w "FRST" tylko tam gdzie masz pobrany frst.exe (u Ciebie na Pulpicie). Po utworzeniu Fixlist z tym co podalem naciskasz w FRST Napraw.

    0