Zainfekowanie Chrome


(Avers63) #1

Witam To mój pierwszy post, proszę o wyrozumiałość. Niestety po otwarciu przeglądarki Chrome, zaraz wyświetlają się wyskakujące z boku i na dole okna -odnośniki. Myślę że to coś w rodzaju Wander Burst, ale są jakieś inne chyba też. Proszę o pomoc, nie chciałbym formatować dysku.


(Acorus) #2

Odinstaluj agederar.Otwórz notatnik systemowy i wklej:

CustomCLSID: HKU\S-1-5-21-2931258356-2990582508-3718388646-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 - C:\Users\JUWI\AppData\Roaming\agederar\fortetri.dll () ==== ATTENTION
Task: {012C9971-402D-4CBD-88AE-EAA97E0EF002} - \{7B414C35-24A6-482F-B326-FCDE11FE226F} No Task File ==== ATTENTION
Task: {038F085F-ECBC-46DD-8A7E-08AB8C60CF02} - \{C95B704C-AEFB-4E13-9B09-9F13388C5860} No Task File ==== ATTENTION
Task: {03E21AC8-C337-40A8-82F2-0F2235673DAD} - \{7688223F-788A-467E-ABFA-F23782A5B52F} No Task File ==== ATTENTION
Task: {10DEC688-5FC7-4AD3-9C93-19AD0C63FF00} - \{DBACFD81-89D5-4618-973F-EB3F428F0507} No Task File ==== ATTENTION
Task: {1710CF0A-8B61-4F6E-85D4-E3217D9DE2F5} - \{AF8C5878-53E9-473C-B368-DCC8E34FEF54} No Task File ==== ATTENTION
Task: {1F4D185E-A293-4BEA-9EDA-38A21C872BC9} - \{66BB08AF-97D7-402F-A250-A241B23D6557} No Task File ==== ATTENTION
Task: {2ADC2C05-994C-4910-BCD9-AFB946100649} - \{50F1D694-EC53-4A3A-B1B5-EAB8D82D489B} No Task File ==== ATTENTION
Task: {2CCA7B2C-9D37-48F5-805D-D0AD96726FFB} - \{033D309E-AB8C-499C-A9DE-C3FF7A2DFBCB} No Task File ==== ATTENTION
Task: {2EF0C472-6E7A-46C1-82C6-561AA584A446} - \{73DCDD7C-8D62-4474-88AE-4030E54FDB7D} No Task File ==== ATTENTION
Task: {31B267BB-44D3-4CBF-9708-D3AA41E4144B} - \{F9C85FDD-FCBC-48BF-B668-AC0611EB7211} No Task File ==== ATTENTION
Task: {33AED06C-CF2D-4E78-B7F5-79CB5EB0AE18} - \{FD7D3BE5-6CC8-4926-A680-570A0B54338A} No Task File ==== ATTENTION
Task: {3C36C25E-7E50-4CC4-AA5E-3ADA85DD0DBC} - \{4357DBF8-150A-47DF-ACEE-35F2A84E415E} No Task File ==== ATTENTION
Task: {3CFF0F70-3826-4215-8348-26D6AF7D6ABA} - \{F5FBE34B-E39E-4FA3-8EBB-B43E7BB241E1} No Task File ==== ATTENTION
Task: {446E55EC-BEB5-490C-8004-3D68BC607E78} - \{1F2B49E7-804C-44B5-BDF4-C5D8DA8BD039} No Task File ==== ATTENTION
Task: {457DB84B-C820-441C-99B8-88181A06FF02} - \{A73DF127-80A1-4705-8D06-B5A5FC667FFB} No Task File ==== ATTENTION
Task: {477C0F5F-5E35-40D0-AE64-BF778325F61A} - \{594D7028-E112-470E-878F-28647FA713AC} No Task File ==== ATTENTION
Task: {479086BD-A234-4AE2-89A2-2C1769AA4053} - \{E7AE33DC-A50C-4254-9F18-7C05B693CEAE} No Task File ==== ATTENTION
Task: {4935BFCD-63F7-43B1-A2F0-2AC9E2459711} - \{55021700-1EDE-4FB3-956A-29F07B31AFEF} No Task File ==== ATTENTION
Task: {507B15F8-272E-4BF8-8877-EA1B0AA19B05} - \{DA168B22-0B6E-4E1A-985B-36D833ABD132} No Task File ==== ATTENTION
Task: {50929F8A-854C-4934-AAB4-C76E3D438519} - \{64BD0726-1672-4F29-AF50-EB2693FFC7DC} No Task File ==== ATTENTION
Task: {55174F40-5946-48A8-966E-B1475596DB41} - \{9ACD33A6-60F5-4567-ABAD-23CDD75DC61B} No Task File ==== ATTENTION
Task: {557DCC16-D448-4A4E-89CD-E5636EEE5FDB} - \{028F52E5-46CE-442A-824B-B57A571650C8} No Task File ==== ATTENTION
Task: {58C22956-BCBB-4117-A13F-5365BABF08B1} - \{DB408E8F-4836-45AE-B0F7-1D782094948C} No Task File ==== ATTENTION
Task: {5A783B7F-9B29-4DCF-934C-681835A0A4BD} - \{2D902EBB-14A1-43C2-9C63-ADAF39DBF839} No Task File ==== ATTENTION
Task: {636DD313-601F-492C-B428-6425BF04EDAE} - \{C3475DF6-22E5-4C30-B4C4-B07C0B26B91D} No Task File ==== ATTENTION
Task: {66E67B49-F8E5-4713-8CE8-9C8542059CDF} - \{03158FEA-B35E-4B34-B124-A23E0E400207} No Task File ==== ATTENTION
Task: {685A4552-C479-4183-B184-65962AE3CBC2} - \{17E8713C-0BC6-450B-B8DD-83A201AC4FC5} No Task File ==== ATTENTION
Task: {695E509C-C755-467C-B828-1A3FFA767185} - \{F5CA6F27-94DB-4F61-A1AA-64CD3F138ACB} No Task File ==== ATTENTION
Task: {6B940914-EB94-4067-9886-9377C499ED83} - \{CEE9B106-CC72-450F-B1D6-A54EF55361E3} No Task File ==== ATTENTION
Task: {6D46C8B6-E8C9-4AB1-92C9-3C818C2F72AB} - \{D42DC716-C7B9-4D2B-892C-85D96178BE41} No Task File ==== ATTENTION
Task: {6F6B8B9F-102C-4270-9195-2B32D7DA252D} - \{B89F52C4-1E1D-441B-AC25-A7FCDEC284A2} No Task File ==== ATTENTION
Task: {7601DC4C-252C-46D0-9E76-B07C27E6535E} - \{72631523-1A4B-4F64-BE59-4D1EC86BAD8E} No Task File ==== ATTENTION
Task: {7864EA68-49CE-47DA-B9BA-69076C668376} - \{1756E41D-6FE8-41E0-8408-DCB4BD7AAC8F} No Task File ==== ATTENTION
Task: {7B8429A2-F169-4C7B-B4D6-323E54858B3E} - \{93A220D6-CDE7-4A96-A116-E0B588E2980F} No Task File ==== ATTENTION
Task: {7D3838C2-B8BD-42FC-A88C-71E6C8BDB6A9} - \{AB663846-E505-4359-8C7F-783F25AC6ECE} No Task File ==== ATTENTION
Task: {7DC63282-D5D7-4650-809D-0F40C078EB4C} - \{3165CC8E-43C2-45E7-B9C6-65C74B99D407} No Task File ==== ATTENTION
Task: {861B8304-D51D-406B-910A-A802F95ADD75} - \{5D3C6423-F2C2-4F00-9893-FCDC5AAABB29} No Task File ==== ATTENTION
Task: {888CA9A6-6757-412A-8E87-161AC60810DD} - \{80CAFADC-5A61-42BE-B2DA-ED214FD37D7B} No Task File ==== ATTENTION
Task: {8C5FE184-47E4-469B-845E-30ADE4637532} - \{9578E40D-ABC2-4978-9EEA-57D450401ACA} No Task File ==== ATTENTION
Task: {8FFDE3BC-530D-4D07-B1F6-BE63C0FA5237} - \{944A9C83-86A2-4EE6-BF51-EDE484191BA0} No Task File ==== ATTENTION
Task: {91B5B1E4-D847-48B0-9A6B-52A80CC7D310} - \{A2ABCAD8-5942-42A7-A3C5-93A95796472C} No Task File ==== ATTENTION
Task: {9AA6A790-75BC-4F6F-87B6-2478DF352345} - \{62207842-C41C-42FD-BD12-4904C5759F4E} No Task File ==== ATTENTION
Task: {9E3FE1EA-DF58-43BE-9202-9186E4861168} - \{0AD5A9A9-13A3-48C9-B3BE-CB3A91872260} No Task File ==== ATTENTION
Task: {A1CE4D5A-DDC4-4721-9362-42363406EDE1} - \{EAA62A61-D883-408B-9D5D-C2F3306B3762} No Task File ==== ATTENTION
Task: {A3FC0F0C-E5BB-4217-AC31-31BF5D2EEEA9} - \{1C39DBC2-0A23-45D4-AD83-B43F894C72DD} No Task File ==== ATTENTION
Task: {A4E0E5CD-4497-4114-A30B-454E87E23A1A} - \{E53F0C46-2E23-486A-A4D3-F35B00F6F772} No Task File ==== ATTENTION
Task: {B63A2321-2FE9-46FF-978D-ABDE791EE71D} - \{C000C4DC-3B6A-419D-BEFF-22CF02F3355C} No Task File ==== ATTENTION
Task: {BC6C8EE1-3D80-410A-8F1E-CFDCA8F1BA84} - \{A58F43F3-0056-4A0C-9648-0E61CBD822FE} No Task File ==== ATTENTION
Task: {C0684C0A-01FC-4193-9CA3-7ACC6CC41360} - \{E070FAAE-0FC4-4544-B3E6-79D786C25267} No Task File ==== ATTENTION
Task: {C77A95C9-0A89-4362-89AE-131EE8D2AC34} - \{976BC9DF-09B8-4080-B7B8-E84F89BA7317} No Task File ==== ATTENTION
Task: {C7C88A01-5E1C-4CA1-8666-247F6BB19B98} - \{9F1D0D53-9849-4A10-BFC8-440FEA035C15} No Task File ==== ATTENTION
Task: {CB774843-9DCC-4BCE-A2FE-E9502E5DFF1C} - \{780285F2-CA63-4359-9948-525C02D6DA97} No Task File ==== ATTENTION
Task: {CE4E8150-E5E0-4CBC-89DC-F434D17F0BA8} - \{EEE8AF09-DEC6-4D91-8169-FE20D0F3CCAB} No Task File ==== ATTENTION
Task: {D15F1693-3E2D-416A-B327-F57C7747DAAE} - \{5FDCCF82-4FEA-48C9-9AA1-4BDA9AB0BC86} No Task File ==== ATTENTION
Task: {D2F64AC8-3255-4227-9D16-2E8A99817293} - \{2ED9EC4F-25A6-4E15-9D84-58CDC2F9A8B0} No Task File ==== ATTENTION
Task: {D75C1A30-224A-4EDB-A9E3-83B3CB83B618} - \{246B6DEA-5F83-4870-810B-3FF1F6670612} No Task File ==== ATTENTION
Task: {DAF5CE55-2EB3-4004-8E10-B13F4390EE79} - \{E4233F61-327F-49F2-A575-2793E9AA1C9A} No Task File ==== ATTENTION
Task: {DBFEFD13-8DF3-45D0-BB6E-25A8E05CCB42} - \{BD2BBEFF-160B-4F6C-A580-712D140414BF} No Task File ==== ATTENTION
Task: {DCEB7411-76DD-4AB9-AEA3-224FA2E81A49} - \{0A7B8317-7B3A-4C97-B943-074623EB754B} No Task File ==== ATTENTION
Task: {E1C8B0DC-A117-4281-A1EC-823AFA2838C8} - \{6C1D5164-3C46-443A-972B-EFA65698129F} No Task File ==== ATTENTION
Task: {E4549377-DF0E-4EA3-B706-A9925C2030C1} - System32\Tasks\{B843577C-BED1-4549-9C37-E18FD6CD567C} = E:\Autorun.exe
Task: {E6989052-0DBE-43C4-88D4-AF2951DDACE2} - \{BFB32858-FA64-44AD-922B-5A4D22A1F11E} No Task File ==== ATTENTION
Task: {EC14793B-42B1-4F84-BD6E-226FB1C0F405} - \{0F183533-87F3-4B44-9FA2-A5735DEFD37A} No Task File ==== ATTENTION
Task: {EEE4F1F2-510E-4701-A438-73556B06543F} - \{8440DA6E-4BBB-4FC6-9D04-5E079D3F8A96} No Task File ==== ATTENTION
Task: {F04C8F46-6F86-493F-B5BE-EAE4340A3ACB} - \{5F7BE207-C24B-4404-8C14-619E9A97426D} No Task File ==== ATTENTION
Task: {F111362A-77E1-4DC3-985E-0342C7E71283} - \{A00B8CDA-7023-4841-9E2A-4680CB875E3A} No Task File ==== ATTENTION
Task: {F40408DE-020A-43B4-ADBF-B38E6F06560C} - \{5766D2AD-CDF0-49F6-BE44-80F364899AA5} No Task File ==== ATTENTION
Task: {F51B840D-D261-4CCD-B13D-E34324461B0A} - \{E9E55435-88B9-4775-A511-013664C6845E} No Task File ==== ATTENTION
Task: {F6B9D91B-08DA-44AF-B5F6-FB034F3A25F2} - \{82A67C0A-1A7B-4270-B7E9-5DB83AE9BF1E} No Task File ==== ATTENTION
Task: {FA635F25-4D86-4DA0-B2B3-DDF87AD945DA} - \{A3CB84D8-1324-49D6-8928-B4161D0F97F3} No Task File ==== ATTENTION
Task: {FC11F69C-7CF3-4467-9D8C-F42A0E80D731} - \{8E60FE02-CF91-4483-AF9C-7D149BBA46F6} No Task File ==== ATTENTION
HKU\S-1-5-21-2931258356-2990582508-3718388646-1000\Software\Classes\.exe: = ===== ATTENTION
BootExecute: autocheck autochk * BootDefrag.exe
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
GroupPolicyScripts-x32: Group Policy detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2931258356-2990582508-3718388646-1000 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Settings Manager - C:\Users\JUWI\AppData\Roaming\Mozilla\Firefox\Profiles\t7j0k56u.default\Extensions\{12DC3319-1C0A-106A-C0A9-19AC078CABBB} [2014-05-29]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 PCAMp50a64; System32\Drivers\PCAMp50a64.sys [X]
S3 PCASp50a64; System32\Drivers\PCASp50a64.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2015-08-04 00:14 - 2015-08-04 00:14 - 00000000 ____ D C:\Program Files (x86)\23a45491-c09e-4201-9969-fc162e472fd5
2015-08-03 18:42 - 2015-08-03 18:42 - 00002932 _____ C:\Windows\System32\Tasks\{383D53AD-4F36-4B83-8449-92E838EFED64}
2015-08-03 18:24 - 2015-08-03 18:24 - 00002904 _____ C:\Windows\System32\Tasks\{CD9A448A-198D-4D5C-8DEE-FEC24D7C963C}
2015-08-03 17:44 - 2015-08-03 17:44 - 00002932 _____ C:\Windows\System32\Tasks\{C1D6EBCF-76F8-4EBC-8E66-135C177C689E}
2015-08-03 17:43 - 2015-08-03 17:43 - 00002888 _____ C:\Windows\System32\Tasks\{B843577C-BED1-4549-9C37-E18FD6CD567C}
2015-08-03 17:43 - 2015-08-03 17:43 - 00002888 _____ C:\Windows\System32\Tasks\{6D4F06BF-9E27-4B7F-BB8D-11B81A29BAA7}
2015-07-28 15:52 - 2015-07-28 15:52 - 00002930 _____ C:\Windows\System32\Tasks\{57094FEB-0274-4CC6-88B5-704D40F4DA9B}
2015-07-28 15:00 - 2015-07-28 15:00 - 00003520 _____ C:\Windows\System32\Tasks\{CF1DA4FC-F2D2-419C-8310-2E3EF0E39B3E}
2015-07-24 09:59 - 2015-07-24 09:59 - 00002980 _____ C:\Windows\System32\Tasks\{FBEE9706-BDB7-4437-B9E6-2390E38A59DA}
2015-07-24 09:59 - 2015-07-24 09:59 - 00002980 _____ C:\Windows\System32\Tasks\{DB66B022-9564-4E73-B224-C22C2799731C}
2015-07-24 09:59 - 2015-07-24 09:59 - 00002980 _____ C:\Windows\System32\Tasks\{07C19F99-D517-441C-81CD-031A64E6D9A6}
2015-07-24 09:58 - 2015-07-24 09:58 - 00002978 _____ C:\Windows\System32\Tasks\{6D4F397C-1571-4E88-A59C-82B66DFE14F7}
2015-07-24 09:58 - 2015-07-24 09:58 - 00002978 _____ C:\Windows\System32\Tasks\{51BD9006-03D2-4006-89D4-A2F22394706E}
2015-07-22 21:42 - 2015-07-22 21:42 - 00003386 _____ C:\Windows\System32\Tasks\{DFEC4CEB-0218-4A4A-BC88-A63C2ED61864}
2015-08-04 23:49 - 2014-01-05 20:16 - 00000000 ____ D C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Avers63) #3

Dzięki za odpowiedź, zrobiłem wszystko po kolei, ale niestety po włączeniu chrome zaraz pojawiła się zakładka po lewej stronie RELATED SEARCH BY WANDER BURST i na dole  inne okienka. Chyba coś jeszcze siedzi :frowning:


(Acorus) #4

Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.


(Avers63) #5

Dziękuję serdecznie,wszystko zrobiłem po kolei i  jak na razie w Chrome nic się nie wyświetla(okienka wander bust i inne).Jedynym problemem jeszcze jest to, że po uruchomiemiu komputera i wejściu w Chrome strasznie długo się włącza do neta :-). Czy można jeszcze coś z tym zrobić? 8)