Reklamy, glass bottle ads, logi FRST

Dla specjalistów Bezpieczeństwo
#1

Witam, proszę o sprawdzenie logów, mnóstwo reklam wyświetlanych na stronach i w nowych kartach.

między innymi Glass Bottle

 

 

FRST

http://www.wklej.org/id/1728039/

 

Addition

http://wklej.org/id/1728040/

 

Shortcut

http://wklej.org/id/1728042/

 

Dzięki, pozdrawiam

#2

Otwórz notatnik systemowy i wklej:

Task: {06BCC6BF-EBA8-4E9D-BCCE-563FAD0D47A7} - System32\Tasks\{9C676F7F-8996-4640-A082-0A5E3A75F3C8} = Chrome.exe http://ui.skype.com/ui/0/7.2.0.103/pl/abandoninstall?page=tsPlugin
Task: {A990E6D1-D020-4FA6-99B4-61EA72217888} - \Driver Booster SkipUAC (User) No Task File ==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File ==== ATTENTION
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2015-05-21] (Realtek Semiconductor)
HKU\S-1-5-21-3493456266-610939002-2822510265-1000\...\Run: [drmvound] = C:\Users\User\AppData\Local\Temp\cnvfhlEx.exe [282624 2015-06-02] () ===== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-21]
OPR StartupUrls: "hxxp://mail.ru/cnt/10445"
OPR Extension: (Glass Bottle) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\nmdlhabgabpmfcenijcjbbdkbgjpdhfi [2015-05-30]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe http://www.istartsurf.com/?type=scts=1432926308z=98279657c00c5d579657c15gbz4cbo0tfo7qbcbe9gfrom=faceuid=HGSTXHTS725050A7E630_RC250FCB1R0UXK1R0UXKX
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-05-29] (电脑管家)
S3 TS888x64; \\C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16349.225\TS888x64.sys [X]
2015-06-01 15:09 - 2015-06-01 15:09 - 00001066 _____ () C:\Users\User\Desktop\Обнови Софт.lnk
2015-06-01 15:08 - 2015-06-01 15:08 - 00026528 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-06-01 15:08 - 2015-06-01 15:08 - 00001422 _____ () C:\Users\User\Desktop\Hamster PDF Reader.lnk
2015-06-01 15:08 - 2015-06-01 15:08 - 00000175 _____ () C:\Users\User\Desktop\Искать в Интернете.url
2015-06-01 15:08 - 2015-06-01 15:08 - 00000000 ____ D () C:\Users\User\AppData\Roaming\HamsterSoft
2015-06-01 15:08 - 2015-06-01 15:08 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamster Soft
2015-06-01 15:08 - 2015-06-01 15:08 - 00000000 ____ D () C:\Program Files (x86)\Hamster Soft
2015-05-31 12:14 - 2015-05-31 12:14 - 00000000 ____ D () C:\Program Files (x86)\6cb499b4-faec-4355-8ac1-346019c457e5
2015-05-29 18:13 - 2015-05-29 18:31 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-05-29 17:37 - 2015-05-29 17:36 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-05-29 17:37 - 2015-05-29 17:36 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-05-29 17:37 - 2015-05-29 17:36 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-05-29 17:37 - 2015-05-29 17:36 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-05-21 12:18 - 2015-05-21 12:18 - 00003094 _____ () C:\Windows\System32\Tasks\{9C676F7F-8996-4640-A082-0A5E3A75F3C8}
2015-05-29 17:37 - 2015-05-29 17:36 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-05-29 17:37 - 2015-05-29 17:36 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-05-29 18:13 - 2015-05-29 18:31 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-05-29 17:37 - 2015-05-29 17:36 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-05-29 17:37 - 2015-05-29 17:36 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Nowy log FRST

http://wklej.org/id/1728098/

#4

Otwórz notatnik systemowy i wklej:

S1 HWiNFO32; \\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [X]

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.