Losowo uruchamiane strony 18+

Pbog · 8 Luty 2015 19:52

Szanowni koledzy i koleżanki

Dostałem do przeglądu laptopa, który zaśmiecony jest jakimś ustrojstwem, które randomowo uruchamia w przeglądarce (Chrome) strony 18+ (w zasadzie jedną konkretną :-D ). Standardowe metody zawiodły (skan NOD32, AdwCleaner, MBAM, Kaspersky Rescue Disk). W związku z powyższym proszę o pomoc i rzut oka na logi FRST:

FRST: http://wklej.to/wGHgP

Addition: http://wklej.to/8Q3Ov

Atis · 8 Luty 2015 21:07

Resetowanie ustawień przeglądarki

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-18\...\Run: [Agent Portfela Bitdefender] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Portfel Bitdefender] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Agent aplikacji Portfel Bitdefender] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3852375296-1453916588-1649454041-1000 -> {46FF5555-4FBD-4B63-88F3-02526F186B7C} URL = 
SearchScopes: HKU\S-1-5-21-3852375296-1453916588-1649454041-1000 -> {698A8E15-A259-4927-BC33-F6B67C627036} URL = 
S3 Tosrfcom; No ImagePath
2015-02-08 16:04 - 2015-02-08 16:04 - 00000000 __SHD () C:\found.000
2015-02-08 15:54 - 2015-02-08 15:54 - 00242645 _____ () C:\ProgramData\1423407165.bdinstall.bin
2015-01-12 18:19 - 2015-02-08 17:20 - 00000000 ____ D () C:\AdwCleaner
2015-02-08 16:07 - 2014-07-11 17:31 - 00000000 ____ D () C:\Program Files\Bitdefender
2015-02-08 15:54 - 2014-07-11 17:32 - 00000000 ____ D () C:\ProgramData\Bitdefender
2015-02-08 15:54 - 2014-07-11 17:31 - 00000000 ____ D () C:\Program Files\Common Files\Bitdefender
2014-07-11 17:41 - 2014-07-11 17:41 - 0666716 _____ () C:\ProgramData\1405096301.bdinstall.bin
2014-07-11 17:41 - 2014-07-11 17:41 - 0666716 _____ () C:\ProgramData\1405096301.bdinstall.bin
CustomCLSID: HKU\S-1-5-21-3852375296-1453916588-1649454041-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Toshiba\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3852375296-1453916588-1649454041-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Toshiba\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3852375296-1453916588-1649454041-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Toshiba\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3852375296-1453916588-1649454041-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Toshiba\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.