Chrome - niechciane strony/wirusy

Dla specjalistów Bezpieczeństwo
#1

Cześć,

Proszę Was o pomoc, w Chrome wyskakują bez przerwy jakie dziwne strony, musiały się zainstalować jakieś niechciane wirusy i nie wiem jak się tego pozbyć.

Poniżej link do wyników z FRST
http://wklej.org/id/3093970/
http://wklej.org/id/3093971/
http://wklej.org/id/3093973/

#2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

HKU\S-1-5-21-582421798-3418890415-1221629861-1003\...\Policies\Explorer: [] CHR Extension: ( Capability Brown at 300) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijpmknbiiofdmechmkglfikdbfobbjdi [2017-04-18] CHR Extension: (2cloud) - C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmikngioikmebhcpmkgegfbmcjhnhch [2016-04-09] CHR HKU\S-1-5-21-582421798-3418890415-1221629861-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx U3 idsvc; Brak ImagePath 2013-02-10 14:21 - 2013-02-10 14:21 - 0017408 _____ () C:\Users\Alina\AppData\Local\WebpageIcons.db Task: {03EB1C48-54D6-401A-B0E4-6DA3B237AB29} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {076CC99E-1BA0-4B34-8295-E736B89C849B} - \Microsoft\Windows\Setup\gwx\rundetector -> Brak pliku <==== UWAGA Task: {1DE87A34-0D53-4848-9268-651E2E443B82} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {26AD878B-1DAF-4AC9-B591-C977BED1C2C2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {2755B20F-EF96-40CC-99A5-75F6D06E6C34} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {27A3CB78-D14C-40A2-9939-402369639702} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA Task: {2E7732B7-D23D-4610-9EDF-8AA740819023} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {311232ED-167B-40F3-9A4C-592DDDD1761A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {36854AF3-4783-42EE-84F2-65E334325CE5} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {3C49A35B-5FBC-4EB7-A40F-D9EDFA4F3E46} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA Task: {435592F7-C658-46CE-8DAD-7C752E91E91F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {500C6144-894D-459C-BB8E-E368FBFF61C9} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {5153DC7E-8D35-4ADE-B7BA-E9D9360947DA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe Task: {54675B45-20A9-44A2-B5F1-77E395328349} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {60E0EB04-358A-456D-8AE3-EC24EB7B3679} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {641D926C-16F6-4DAC-A67A-D1BC4F1F3CD6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {6C4DDD6A-8632-4576-91F3-EC97DE4D8448} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {6D281F2D-AA25-49A0-8561-92ADB4245BD0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA Task: {77AC45FF-456A-45CB-B53E-DF7ADE09F983} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA Task: {80CF99E8-BCEF-443D-B63D-6B5E62E5F7D8} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA Task: {86F23D90-038F-4FF6-90BC-FA1166635C7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {953AB7B3-EA3C-40C0-8AF5-1678F76B5C37} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA Task: {A082187D-45F5-4BAF-9F40-958CA67201A3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA Task: {A1CDE0A3-5C13-4BB6-945D-45B992E88716} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {A28A7E0B-F9E4-4EA1-A691-CDD208C4FAF8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA Task: {A30CD40D-2E48-4AE0-958C-76045131150F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA Task: {A3F2F6FC-82BF-4BBB-9DED-204C9AC3DDCD} - System32\Tasks\{DD28C80C-9394-447A-8396-B96D947E519B} => Chrome.exe Task: {AD6AEC13-8A1D-4CEE-9DBD-7CF98F4B0622} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {AF694C1B-2064-4976-A4B9-46A7E3311FED} - System32\Tasks\{D313F4A5-07A7-4405-A5A9-42CDCBCF90BF} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Acrobat 7.0\Setup Files\RdrBig709\POL\setup.exe" -d "C:\Program Files (x86)\Adobe\Acrobat 7.0\Setup Files\RdrBig709\POL" Task: {B9E12F37-5089-4457-BA98-998886B7E084} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe Task: {B9FFF20F-2925-405F-9F8F-5FEFD267CC56} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Brak pliku <==== UWAGA Task: {BF332134-CFE6-4B8D-8220-58358EED95FB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {C359AAE5-82A3-4E80-91EA-3D5DB43171F4} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA Task: {C54846B5-D8D1-45CE-A2B3-F6192D3F90FB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {CC91C08C-BF15-4BD4-B875-271B6B56FDA1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA Task: {DD25586B-EA1D-463E-B912-AA72DB518521} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA Task: {E06A0A8C-DD24-4DF5-9405-38712053B13A} - System32\Tasks\{F9264C64-1112-4A55-BC17-01C9D5CC8469} => pcalua.exe -a "C:\Users\krzysztof\Downloads\photogadget (1).exe" -d C:\Users\krzysztof\Downloads Task: {E34C34B7-D33A-4B0C-8226-CFAEE24CAE0F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA Task: {E4824433-2E09-4D1A-8C03-34132C5AA6FD} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {F02096EA-ED4C-49A3-B57D-E893E524A7AA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {F669791F-5CAD-4189-898D-782973BFD4A5} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {FD487BA2-5F69-46CF-AADD-61BE441B4D96} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

#3

http://wklej.org/id/3094115/

http://wklej.org/id/3094121/

#4

Skasuj folder C:\FRST