Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Samsung - Wyskakujące reklamy

darokox 27 Cze 2014 13:34 918 7
  • #1 27 Cze 2014 13:34
    darokox
    Poziom 11  

    Witam, zacząłem pracować na kompie w firmie, okazało się, że jest mega zasyfiony i wyskakują cały czas jakieś reklamy, proszę o pomoc w usunięciu zbędnych pogramików, wykonałem skan esetem i nie wykazało wirusów, załączam skan OTL.

    0 7
  • CControls
  • CControls
  • #4 27 Cze 2014 15:48
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {1D376B36-5C03-4343-801F-B73B521057C1} - System32\Tasks\fbagent => C:\Users\Ja\AppData\Roaming\umwyu.exe
    Task: {9194CB82-60DC-40A0-9A64-07632109BE42} - System32\Tasks\systems => C:\Users\Ja\AppData\Roaming\ybhte.exe
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&...amp;ver=12349&tm=-15857&src=ds&p={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&...amp;ver=12349&tm=-15857&src=ds&p={searchTerms}
    SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.03010003&st=12&q={searchTerms}&barid={4C5808E2-6467-45D4-8156-EEB778E4DAA4}
    SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=4aa7473a00000000000090a4de8d9d56
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=4aa7473a00000000000090a4de8d9d56
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&...amp;ver=12349&tm=-15857&src=ds&p={searchTerms}
    SearchScopes: HKCU - {E35E35DD-A1F1-4EC1-BB20-96F38A492A35} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=YYYYYYYYPL&apn_uid=2F83E5E2-55A3-4E74-964D-B77F2FA94544&apn_sauid=BB661F09-49DB-430D-9162-19186D4A0D9E
    SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.03010003&st=12&q={searchTerms}&barid={4C5808E2-6467-45D4-8156-EEB778E4DAA4}
    BHO-x32: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
    Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF SearchPlugin: C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\h9i215of.default\searchplugins\askcom.xml
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2014-06-27 14:47 - 2014-06-27 14:48 - 00000000 ____D () C:\AdwCleaner
    2014-06-27 11:35 - 2012-04-23 20:46 - 00001066 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-129265271-3525497852-1072832283-1001UA.job
    2014-06-27 11:17 - 2012-04-23 20:46 - 00001044 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-129265271-3525497852-1072832283-1001Core.job

    W FRST wybierz Fix.

    Usun to co wykryl mbam.

    0
  • #5 27 Cze 2014 15:50
    Acorus 20
    Spec od komputerów

    Odinstaluj Akamai NetSession Interface.Otwórz Notatnik i wklej:

    Cytat:
    Task: {12CA4820-7C09-40FB-A45E-A95040D3C26E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-129265271-3525497852-1072832283-1001UA => C:\Users\Ja\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
    Task: {1D376B36-5C03-4343-801F-B73B521057C1} - System32\Tasks\fbagent => C:\Users\Ja\AppData\Roaming\umwyu.exe
    Task: {34A8556A-0EF6-4666-B6C4-83E36D2F0577} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-129265271-3525497852-1072832283-1001Core => C:\Users\Ja\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
    Task: {9194CB82-60DC-40A0-9A64-07632109BE42} - System32\Tasks\systems => C:\Users\Ja\AppData\Roaming\ybhte.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-129265271-3525497852-1072832283-1001Core.job => C:\Users\Ja\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-129265271-3525497852-1072832283-1001UA.job => C:\Users\Ja\AppData\Local\Facebook\Update\FacebookUpdate.exe
    HKU\S-1-5-21-129265271-3525497852-1072832283-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Ja\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-129265271-3525497852-1072832283-1001\...\Run: [Facebook Update] => C:\Users\Ja\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&...amp;ver=12349&tm=-15857&src=ds&p={searchTerms}
    SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&...amp;ver=12349&tm=-15857&src=ds&p={searchTerms}




    SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.03010003&st=12&q={searchTerms}&barid={4C5808E2-6467-45D4-8156-EEB778E4DAA4}
    SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=4aa7473a00000000000090a4de8d9d56
    SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=4aa7473a00000000000090a4de8d9d56
    SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&...amp;ver=12349&tm=-15857&src=ds&p={searchTerms}
    SearchScopes: HKCU - {E35E35DD-A1F1-4EC1-BB20-96F38A492A35} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=YYYYYYYYPL&apn_uid=2F83E5E2-55A3-4E74-964D-B77F2FA94544&apn_sauid=BB661F09-49DB-430D-9162-19186D4A0D9E
    SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&crg=3.03010003&st=12&q={searchTerms}&barid={4C5808E2-6467-45D4-8156-EEB778E4DAA4}
    BHO-x32: No Name - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
    Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} - No File
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
    S0 oluhpar; System32\drivers\kdai.sys [X]
    2014-06-27 14:47 - 2014-06-27 14:48 - 00000000 ____D () C:\AdwCleaner


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix.

    0
  • #8 23 Maj 2018 09:21
    darokox
    Poziom 11  

    Pomogli mi na forum

    0