Chrome sam się włącza przy starcie Win


(Piszczek Lukasz89) #1

Witam.

 

Od chyba dwóch dni chrome włącza mi się przy starcie systemu i wchodzi na jakieś dziwne strony typu zivlingamer org

Logi:

FRST  http://www.wklej.org/id/1719990/

Add http://www.wklej.org/id/1719991/

Short http://www.wklej.org/id/1719992/

 

Z góry dzięki za pomoc.

Łukasz


(Atis) #2

W panelu sterowania odinstaluj Akamai NetSession Interface.

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CMD] => cmd.exe /c start http://zivlingamer.org && exit
HKU\S-1-5-21-1531981098-2113320146-1894359535-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Łukasz\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
BootExecute: autocheck autochk * aswBoot.exe /A:C: /A:* STARTUP /L:1045 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:3 /wow /dir:d:\Program
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1531981098-2113320146-1894359535-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: ClearThink - C:\Users\Łukasz\AppData\Roaming\Mozilla\Firefox\Profiles\yrptt2b4.default-1405867735981\Extensions\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}.xpi [2014-09-03]
CHR Extension: (Bookmark Manager) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Bookmark Manager) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23]
CHR Extension: (Bookmark Manager) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR HKU\S-1-5-21-1531981098-2113320146-1894359535-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [61072 2014-08-31] (StdLib)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
Task: {0A92F4BB-251C-43AC-9840-3CA61EB30006} - System32\Tasks\{662A834D-CE90-4B9B-A606-993042CABA6A} => C:\Users\Łukasz\Desktop\Nowy folder (2)\Test MMPI\SETUP.EXE
Task: {1E60F52D-09ED-487A-84FF-55A3D0962F60} - System32\Tasks\{3E7D78B2-DAE3-4BA1-9FD2-9D32CE4353A5} => pcalua.exe -a "C:\Users\Łukasz\Desktop\Nowy folder (2)\skala\SETUP.EXE" -d "C:\Users\Łukasz\Desktop\Nowy folder (2)\skala"
Task: {309FA76C-BB19-49D4-B2B9-53217CFDF7DF} - System32\Tasks\{063223CC-7A69-4C77-94A5-7917E03D40F4} => pcalua.exe -a "C:\Program Files (x86)\Steinberg\Asio\asioglldsetup.exe" -d "C:\Users\Łukasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 5"
Task: {774DB4E1-22A4-4AF3-92F4-9CC1281129EC} - System32\Tasks\{1FF9473B-23CA-4210-A80C-5BEF8584554B} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/pl/abandoninstall?source=lightinstaller&amp;page=tsPlugin
Task: {7FADAFE9-E1D0-4390-93CD-301F59DBEC63} - System32\Tasks\{3CD16C4D-523C-4964-A44C-C9AC9AF3FCBB} => pcalua.exe -a "C:\Users\Łukasz\Desktop\Nowy folder (2)\Test MMPI\SETUP.EXE" -d "C:\Users\Łukasz\Desktop\Nowy folder (2)\Test MMPI"
Task: {836EF597-1D9D-4A9B-85DE-139A9CB84CE8} - System32\Tasks\{AF9C507A-C44F-4D9A-9895-DB188D26CCDA} => pcalua.exe -a F:\Autorun.exe -d F:\
Task: {B771E83E-0E87-441B-A174-8C5D937BCE0B} - System32\Tasks\{87BE92AF-1B3C-459F-A390-8579AE08424E} => pcalua.exe -a "F:\Komplete 5 Setup.exe" -d F:\
Task: {CC0296CE-C982-4CE6-8964-1623067692CA} - System32\Tasks\{E03C014F-EB9E-415B-B22F-385D43FF34CD} => pcalua.exe -a F:\Autorun.exe -d F:\
Task: {DEF77FA3-E684-4093-8914-3FF557A019CE} - System32\Tasks\{94C834FF-0795-4F76-8348-56D6764F6CB5} => C:\Users\Łukasz\Desktop\patch_witcher3_1.01-1.03_2.0.0.29.exe
Task: {F5E6AD07-B36B-4CA2-80F1-A92BD808DFE5} - System32\Tasks\{AE5B3A1D-9793-4460-A2F7-D38A6A4B9476} => C:\Users\Łukasz\Desktop\patch_witcher3_1.01-1.03_2.0.0.29.exe
AlternateDataStreams: C:\Users\Łukasz\Cookies:kjSVdqz31ZpbhjTIRijQpo2
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Acorus) #3

Otwórz notatnik systemowy i wklej:

Task: {774DB4E1-22A4-4AF3-92F4-9CC1281129EC} - System32\Tasks\{1FF9473B-23CA-4210-A80C-5BEF8584554B} = Chrome.exe http://ui.skype.com/ui/0/6.18.0.106/pl/abandoninstall?source=lightinstalleramp;page=tsPlugin
AlternateDataStreams: C:\Users\Łukasz\Cookies:kjSVdqz31ZpbhjTIRijQpo2
HKLM\...\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [CMD] = cmd.exe /c start http://zivlingamer.org exit
HKU\S-1-5-21-1531981098-2113320146-1894359535-1000\...\Run: [Akamai NetSession Interface] = C:\Users\Łukasz\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-1531981098-2113320146-1894359535-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
Toolbar: HKU\S-1-5-21-1531981098-2113320146-1894359535-1000 - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
CHR Extension: (Bookmark Manager) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Bookmark Manager) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-23]
CHR Extension: (Bookmark Manager) - C:\Users\Łukasz\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [61072 2014-08-31] (StdLib)
S3 catchme; \\C:\ComboFix\catchme.sys [X]
2015-05-24 13:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-24 13:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-24 13:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-24 13:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-24 13:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-24 13:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-24 13:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-24 13:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-24 13:33 - 2015-05-24 14:02 - 00000000 ____ D () C:\Qoobox
2015-05-21 15:16 - 2015-05-21 15:16 - 00003004 _____ () C:\Windows\System32\Tasks\{AE5B3A1D-9793-4460-A2F7-D38A6A4B9476}
2015-05-21 15:15 - 2015-05-21 15:15 - 00003004 _____ () C:\Windows\System32\Tasks\{94C834FF-0795-4F76-8348-56D6764F6CB5}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Piszczek Lukasz89) #4

Jak mówione, tak zrobione.

 

http://www.wklej.org/id/1720054/


(Atis) #5

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

BootExecute: autocheck autochk * aswBoot.exe /A:C: /A:* STARTUP /L:1045 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:3 /wow /dir:d:\Program
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-05-24 14:02 - 2015-05-24 14:02 - 00042472 _____ () C:\ComboFix.txt
2015-05-15 09:10 - 2015-05-15 09:10 - 00000000 ____ D () C:\ProgramData\McAfee
2015-05-24 15:12 - 2014-07-29 22:09 - 00000000 ____ D () C:\AdwCleaner
2015-05-24 13:37 - 2013-12-31 20:18 - 00000000 ____ D () C:\ProgramData\TEMP
2015-05-19 19:25 - 2013-10-04 12:10 - 00000000 ____ D () C:\TEMP
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Adobe Flash Player 17 ActiveX

Adobe Flash Player 17 NPAPI

Adobe Reader XI

Java 8 Update 31

Zainstaluj:

Flash Player 17.0.0.188 NPAPI

Flash Player 17.0.0.188 ActiveX

Adobe Reader XI 11.0.11


(Piszczek Lukasz89) #6

Dzięki bardzo, pomogło :slight_smile: