Reklamy, reklamy i jeszcze raz reklamy

Dla specjalistów Bezpieczeństwo
#1

Jak w temacie. W przeglądarce pokazują się złośliwe reklamy “Ad by cheap-o”.

 

Logi:

http://wklej.org/id/1639308/ - frst

http://wklej.org/id/1639309/ - addition

 

#2

Odinstaluj YAC(Yet Another Cleaner!).Otwórz notatnik systemowy i wklej:

Task: {2D18C500-769B-492B-9DF5-C92FC3E95C1B} - System32\Tasks\QQDR = C:\Users\Mati Osti\AppData\Roaming\QQDR.exe ==== ATTENTION
Task: {FD8EC465-1D95-4506-836D-C9B0B73FE941} - System32\Tasks\{D8807C35-55CD-4282-99A7-AD7F843F516F} = pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe"
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Mati Osti\Dane aplikacji:NT
AlternateDataStreams: C:\Users\Mati Osti\Dane aplikacji:NT2
AlternateDataStreams: C:\Users\Mati Osti\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Mati Osti\AppData\Roaming:NT2
BootExecute: autocheck autochk *
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
FF Extension: Avira Browser Safety - C:\Users\Mati Osti\AppData\Roaming\Mozilla\Firefox\Profiles\Gs9hIxoa.default\Extensions\abs@avira.com [2015-02-15]
FF Extension: Zoom It - C:\Users\Mati Osti\AppData\Roaming\Mozilla\Firefox\Profiles\Gs9hIxoa.default\Extensions\{3aae1bd2-15cf-c0bc-7de1-aa476a963ef1} [2015-02-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-19] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S1 pfnfd_1_10_0_8; system32\drivers\pfnfd_1_10_0_8.sys [X]
S3 X6va029; \\C:\Windows\SysWOW64\Drivers\X6va029 [X]
2015-02-18 14:50 - 2015-02-18 14:50 - 00000000 ____ D () C:\Users\Mati Osti\AppData\Roaming\Elex-tech
2015-02-18 14:50 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-02-18 13:34 - 2015-02-18 14:47 - 00000000 ____ D () C:\AdwCleaner
2015-02-16 02:56 - 2015-02-15 06:50 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{326e0409-6d74-43cf-a555-02a7d66ba8fc}Gw64.sys
2015-02-06 16:20 - 2015-02-07 15:49 - 00000000 ____ D () C:\Program Files\DD7191F4-293C-452F-8784-D96DE9582EC4
2015-01-28 20:49 - 2015-01-28 20:49 - 00000000 ____ D () C:\Program Files (x86)\Elex-tech
2015-01-28 17:36 - 2015-01-28 21:02 - 00000000 ____ D () C:\Program Files (x86)\f312f654-8257-4553-bfa5-06004664b3e2
2015-01-26 21:00 - 2015-01-26 21:00 - 00003124 _____ () C:\Windows\System32\Tasks\{D8807C35-55CD-4282-99A7-AD7F843F516F}
2015-01-26 19:23 - 2015-01-28 21:02 - 00000000 ____ D () C:\Program Files (x86)\cd91d84e-6d4d-430d-8996-39141ad740f7
2015-01-25 13:30 - 2015-01-25 13:30 - 00003176 _____ () C:\Windows\System32\Tasks\{CBBC0190-F5CB-447E-B999-FC22C73F8DB8}
C:\Users\Mati Osti\TVWSetup.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.4.1028.exe

#3

Problem rozwiązany. Była to najzwyczajniejsza wtyczka do google chrome, ale dziękuje, że chciałeś pomóc.

#4

Wtyczka? A reszta śmieci? Skasuj folder C:\FRST