Gangnamgame.net

Blady223 · 21 Wrzesień 2015 08:32

Witam, wróciłem po tygodniu, odpalam PC i zaraz po starcie systemu odpala się chrome z tą stroną, laptop to samo.

Logi z PC

FRST

http://pastebin.com/VHLqmAqZ

Addition

http://pastebin.com/VRd3F3CG

Shortcut

http://pastebin.com/drMYANBD

Logi z Lapka

FRTS

http://pastebin.com/tM1x40D9

Addition

http://pastebin.com/KM4hNvLP

Shortcut

http://pastebin.com/TXauNx0x

Atis · 21 Wrzesień 2015 09:10

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [CMD] => cmd.exe /c start http://gangnamgame.org && exit
HKU\S-1-5-21-2220026274-96697493-1377027978-1000\...\Run: [GalaxyClient] => [X]
IFEO\adwcleaner_5.005.exe: [Debugger] svchost.exe
IFEO\AnVir.exe: [Debugger] svchost.exe
IFEO\AutoLogger.exe: [Debugger] svchost.exe
IFEO\avz.exe: [Debugger] svchost.exe
IFEO\CCleaner.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\FRST.exe: [Debugger] svchost.exe
IFEO\FRST64.exe: [Debugger] svchost.exe
IFEO\HiJackThis.exe: [Debugger] svchost.exe
IFEO\mbam.exe: [Debugger] svchost.exe
IFEO\regedit.exe: [Debugger] svchost.exe
IFEO\RegWorks.exe: [Debugger] svchost.exe
IFEO\RSIT.exe: [Debugger] svchost.exe
IFEO\RSITx64.exe: [Debugger] svchost.exe
HKU\S-1-5-21-2220026274-96697493-1377027978-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6DB0326A-C6B5-440A-93B9-128E4E2FE8DD}&mid=083e1e6d6bd547d288f281ac0f5beeeb-1abdb1771a3dd5bae860dc9fcc7dfceb3e7a6cc1&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-06 16:57:47&v=4.1.0.411&pid=wtu&sg=&sap=hp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2220026274-96697493-1377027978-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6DB0326A-C6B5-440A-93B9-128E4E2FE8DD}&mid=083e1e6d6bd547d288f281ac0f5beeeb-1abdb1771a3dd5bae860dc9fcc7dfceb3e7a6cc1&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0415av&pr=fr&d=2015-05-06 16:57:47&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2220026274-96697493-1377027978-1000 -> {D312428F-B49E-495b-B26E-8840C5D25B70} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [CMD] => cmd.exe /c start http://gangnamgame.org && exit
HKLM-x32\...\RunOnce: [vcredist_x86_del] => C:\Users\Kacper\AppData\Local\Microsoft\Redist\vcredist_x86.exe [152064 2015-07-29] (Program Redist)
IFEO\adwcleaner_5.005.exe: [Debugger] svchost.exe
IFEO\AnVir.exe: [Debugger] svchost.exe
IFEO\AutoLogger.exe: [Debugger] svchost.exe
IFEO\avz.exe: [Debugger] svchost.exe
IFEO\CCleaner.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\FRST.exe: [Debugger] svchost.exe
IFEO\FRST64.exe: [Debugger] svchost.exe
IFEO\HiJackThis.exe: [Debugger] svchost.exe
IFEO\mbam.exe: [Debugger] svchost.exe
IFEO\regedit.exe: [Debugger] svchost.exe
IFEO\RegWorks.exe: [Debugger] svchost.exe
IFEO\RSIT.exe: [Debugger] svchost.exe
IFEO\RSITx64.exe: [Debugger] svchost.exe
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.