Proszę o sprawdzenie loga reklamy wyskaujace

kolobos Re: Proszę o sprawdzenie loga reklamy wyskaujace 10.07.17, 11:42

Uzyj sourceforge.net/projects/adobeflashupdater/files/McAfee%20Security%20Scan%20Remover/RemoveMcAfee_silent.exe/download

Wykonaj Fixlist.txt dla FRST:
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA
Task: {64108479-6A3D-420B-9BF3-F1AE3C3B5CE0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Brak pliku <==== UWAGA
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA
Task: {FB5C2A6E-7807-492D-96EA-38DDA2AF6318} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Brak pliku <==== UWAGA
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\RunOnce: [ALLPlayer Remote Update] => C:\Users\Admin\AppData\Local\Temp\ALLRemote.exe <==== UWAGA
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: G - G:\AutoRun.exe /s
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {154aa0a5-49d6-11e3-b12f-f46d04718949} - G:\AutoRun.exe
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {154aa0b8-49d6-11e3-b12f-f46d04718949} - G:\AutoRun.exe
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {4e1c201b-ba1b-11e6-9359-f46d04718949} - H:\startme.exe
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {c8ac16a7-01f2-11e1-a194-f46d04718949} - G:\LaunchU3.exe -a
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {d78a5dd6-4a4f-11e3-ad91-f46d04718949} - G:\AutoRun.exe
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {eade054b-97e5-11e2-a98e-806e6f6e6963} - G:\AutoRun.exe /s
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon => nie znaleziono
CHR Extension: (Conway) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhfglclpdbbbmcifkffplpkofhaeeje [2017-07-01]
CHR HKU\S-1-5-21-4158157715-813975995-5912975-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files (x86)\ALLPlayer\AllPlayer.crx <nie znaleziono>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files (x86)\ALLPlayer\AllPlayer.crx <nie znaleziono>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996736 2017-04-18] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16160 2017-04-18] (McAfee, Inc.)
R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86776 2017-04-18] (McAfee, Inc.)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
2017-07-09 13:51 - 2015-08-03 21:04 - 00000000 ____D C:\AdwCleaner

Usun katalog C:\FRST po wykonaniu.

Drzewko
Od najstarszego
Od najnowszego

kolobos Re: Proszę o sprawdzenie loga reklamy wyskaujace 10.07.17, 11:42

Uzyj sourceforge.net/projects/adobeflashupdater/files/McAfee%20Security%20Scan%20Remover/RemoveMcAfee_silent.exe/download

Wykonaj Fixlist.txt dla FRST:
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA
Task: {64108479-6A3D-420B-9BF3-F1AE3C3B5CE0} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> Brak pliku <==== UWAGA
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA
Task: {FB5C2A6E-7807-492D-96EA-38DDA2AF6318} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> Brak pliku <==== UWAGA
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\RunOnce: [ALLPlayer Remote Update] => C:\Users\Admin\AppData\Local\Temp\ALLRemote.exe <==== UWAGA
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: G - G:\AutoRun.exe /s
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {154aa0a5-49d6-11e3-b12f-f46d04718949} - G:\AutoRun.exe
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {154aa0b8-49d6-11e3-b12f-f46d04718949} - G:\AutoRun.exe
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {4e1c201b-ba1b-11e6-9359-f46d04718949} - H:\startme.exe
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {c8ac16a7-01f2-11e1-a194-f46d04718949} - G:\LaunchU3.exe -a
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {d78a5dd6-4a4f-11e3-ad91-f46d04718949} - G:\AutoRun.exe
HKU\S-1-5-21-4158157715-813975995-5912975-1000\...\MountPoints2: {eade054b-97e5-11e2-a98e-806e6f6e6963} - G:\AutoRun.exe /s
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon => nie znaleziono
CHR Extension: (Conway) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhfglclpdbbbmcifkffplpkofhaeeje [2017-07-01]
CHR HKU\S-1-5-21-4158157715-813975995-5912975-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files (x86)\ALLPlayer\AllPlayer.crx <nie znaleziono>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files (x86)\ALLPlayer\AllPlayer.crx <nie znaleziono>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996736 2017-04-18] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16160 2017-04-18] (McAfee, Inc.)
R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86776 2017-04-18] (McAfee, Inc.)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
2017-07-09 13:51 - 2015-08-03 21:04 - 00000000 ____D C:\AdwCleaner

Usun katalog C:\FRST po wykonaniu.
- Gość: Grzegorz Re: Proszę o sprawdzenie loga reklamy wyskaujace IP: 93.179.234.* 10.07.17, 17:29
  
  nie pomogło to co zostało mi zalecone
  zrobiłem nowe logi
  wklej.org./id/3216448/
  wklej.org./id/3216449/
  - kolobos Re: Proszę o sprawdzenie loga reklamy wyskaujace 11.07.17, 09:53
    
    W Chrome nadal widac szkodliwe rozszerzenie:
    CHR Extension: (Conway) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmhfglclpdbbbmcifkffplpkofhaeeje [2017-07-01]
    
    Usun recznie katalog z rozszerzeniem oraz w Chrome.
    
    Jezeli nie pomoze to zgraj zakladki z Chrome, nastepnie usun katalog profilu
    C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ oraz usun dane synchronizacji z konta: support.google.com/chrome/answer/6386691?hl=pl

Najnowsze z forum Wirusy, trojany, spyware

Zaloguj się