Gangnamgame.net

Dla specjalistów Bezpieczeństwo
#1

Witam.

 

Przy starcie systemu uruchamia się w przeglądarce Chrome strona gangnamgame.net.

Proszę o pomoc z tym problemem. 

 

Logi z FRST:

 

FRST - http://www.wklej.org/id/1799806/

 

Addition - http://www.wklej.org/id/1799807/

 

Shortcut - http://www.wklej.org/id/1799808/

 

Pozdrawiam!

#2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [CMD] => cmd.exe /c start http://gangnamgame.org && exit
HKLM-x32\...\RunOnce: [vcredist_x86_del] => C:\Users\Patryk\AppData\Local\Microsoft\Redist\vcredist_x86.exe [152064 2015-07-29] (Program Redist)
HKU\S-1-5-21-1657377575-117672063-3306889883-1000\...\Run: [ASRock A-Tuning] => [X]
IFEO\adwcleaner_5.005.exe: [Debugger] svchost.exe
IFEO\AnVir.exe: [Debugger] svchost.exe
IFEO\AutoLogger.exe: [Debugger] svchost.exe
IFEO\avz.exe: [Debugger] svchost.exe
IFEO\CCleaner.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\FRST.exe: [Debugger] svchost.exe
IFEO\FRST64.exe: [Debugger] svchost.exe
IFEO\HiJackThis.exe: [Debugger] svchost.exe
IFEO\mbam.exe: [Debugger] svchost.exe
IFEO\regedit.exe: [Debugger] svchost.exe
IFEO\RegWorks.exe: [Debugger] svchost.exe
IFEO\RSIT.exe: [Debugger] svchost.exe
IFEO\RSITx64.exe: [Debugger] svchost.exe
CHR HomePage: Default -> hxxps://mysearch.avg.com?cid={791FB4D2-FBC3-47F1-B5FC-70968D6702EB}&mid=6e2847796d3247d291180119dfefe1de-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=AVG&coid=avgtbavg&pr=fr&d=2014-09-14 20:09:50&v=3.2.0.15&pid=wtu&sg=&sap=hp
S2 vToolbarUpdater3.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.4.0\ToolbarUpdater.exe [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
CustomCLSID: HKU\S-1-5-21-1657377575-117672063-3306889883-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Patryk\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1657377575-117672063-3306889883-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Patryk\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1657377575-117672063-3306889883-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Patryk\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1657377575-117672063-3306889883-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\Windows\system32\igfxEM.exe" No File
Task: {0B6ADE04-91E8-4C4C-BE01-2A804C4CD3F3} - System32\Tasks\{5B93BE6E-3D53-48B5-84FE-94569255EB4B} => Chrome.exe http://ui.skype.com/ui/0/6.20.0.104/pl/abandoninstall?source=lightinstaller&page=tsBing
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

#3

Fixlog - http://www.wklej.org/id/1799848/

FRST - http://www.wklej.org/id/1799849/

 

EDIT - linki przekierowywały w złe miejsca.

#4

Pokazujesz stare raporty utworzone o 18:00:07.

#5

Odinstaluj Adobe Reader 9.Otwórz notatnik systemowy i wklej:

Task: {0B6ADE04-91E8-4C4C-BE01-2A804C4CD3F3} - System32\Tasks\{5B93BE6E-3D53-48B5-84FE-94569255EB4B} = Chrome.exe http://ui.skype.com/ui/0/6.20.0.104/pl/abandoninstall?source=lightinstalleramp;page=tsBing
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [CMD] = cmd.exe /c start http://gangnamgame.org exit
HKU\S-1-5-21-1657377575-117672063-3306889883-1000\...\Run: [ASRock A-Tuning] = [X]
IFEO\adwcleaner_5.005.exe: [Debugger] svchost.exe
IFEO\AnVir.exe: [Debugger] svchost.exe
IFEO\AutoLogger.exe: [Debugger] svchost.exe
IFEO\avz.exe: [Debugger] svchost.exe
IFEO\CCleaner.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\FRST.exe: [Debugger] svchost.exe
IFEO\FRST64.exe: [Debugger] svchost.exe
IFEO\HiJackThis.exe: [Debugger] svchost.exe
IFEO\mbam.exe: [Debugger] svchost.exe
IFEO\regedit.exe: [Debugger] svchost.exe
IFEO\RegWorks.exe: [Debugger] svchost.exe
IFEO\RSIT.exe: [Debugger] svchost.exe
IFEO\RSITx64.exe: [Debugger] svchost.exe
CHR HomePage: Default - hxxps://mysearch.avg.com?cid={791FB4D2-FBC3-47F1-B5FC-70968D6702EB}mid=6e2847796d3247d291180119dfefe1de-ad1491be2ce6c122f6b66faa90e70c2decf7d34clang=plds=AVGcoid=avgtbavgpr=frd=2014-09-14 20:09:50v=3.2.0.15pid=wtusg=sap=hp
S2 vToolbarUpdater3.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.4.0\ToolbarUpdater.exe [X]
S3 MBAMSwissArmy; \\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#6

Skasuj folder C:\FRST

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Odinstaluj:

Adobe Flash Player 15 ActiveX

Adobe Reader 9

Java 7 Update 67

Java 8 Update 45

Java SE Development Kit 8 Update 45

Microsoft Silverlight

Zainstaluj:

Flash Player 18.0.0.232 ActiveX

Adobe Reader XI 11.0.12

Java 8 Update 60

Silverlight 5.1.40728.0

#7

Wielkie dzięki, problem rozwiązany.