Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Adware gen. - Chrome sam się wyłącza, infekcja.

10 Gru 2014 22:20 960 4
  • Poziom 9  
    Proszę o pomoc. Od wczoraj przeglądarka chrome mi głupieje wyłącza się sama co chwilkę, Avast wykazuje mi ze przeniesiono zagrożenie do kwarantanny. Nie można pracować normalnie na przeglądarce. Zagrożenie to: Adware gen. Co mam zrobić?
  • Spec od komputerów
    Odinstaluj:
    HomeTab 7.1
    Search App by Ask

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {E993E877-F00C-4008-9279-2690D7896125} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\WSystemUpdate.exe <==== ATTENTION
    Task: {EFA7637B-089F-45E8-89B5-D0FDD472CFFA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-17] (Google Inc.)
    Task: {F600FC86-29B4-4DCF-962D-F42BB07B1D9E} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WConnectorHandler.exe <==== ATTENTION
    HKLM-x32\...\Run: [] => [X]
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk
    ShortcutTarget: Torpedo.lnk -> D:\Torpedo\Torpedo.exe (No File)
    AlternateShell:
    GroupPolicyUsers\S-1-5-32-545\User: Group Policy restriction detected <======= ATTENTION
    AutoConfigURL: [S-1-5-21-2808992701-1393690524-2072215215-500] => http://cdn1.browsersecurity.net/safe/cloud.js?si=62606&tid=6533
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
    HKU\S-1-5-21-2808992701-1393690524-2072215215-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
    HKU\S-1-5-21-2808992701-1393690524-2072215215-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&...0524AS_5VPBAVLYXXXX5VPBAVLY&ts=1360269435
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2808992701-1393690524-2072215215-500 -> {BE62D8DB-6438-44E6-9718-26FE73E16CEF} URL = http://www.mysearchresults.com/search?c=3524&t=01&q={searchTerms}
    BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\22find.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
    FF HKLM-x32\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
    FF Extension: Smiley Bar for Facebook - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-02-14]
    FF HKU\S-1-5-21-2808992701-1393690524-2072215215-500\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
    FF HKU\S-1-5-21-2808992701-1393690524-2072215215-500\...\Firefox\Extensions: [specialsavings@vshsolutions.com] - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
    FF Extension: Special Savings - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2013-02-14]
    FF HKU\S-1-5-21-2808992701-1393690524-2072215215-500\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
    FF Extension: Free Games 111 - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-05-01]
    CHR StartupUrls: Default -> "hxxp://www.google.com/", "about:newtab?source=home"
    CHR HKLM-x32\...\Chrome\Extension: [jlceijfdfeghdhmmbhbcffanmcggoojf] - No Path
    S2 stdmfpam; \??\C:\Program Files (x86)\HomeTab\stdmfpam.dll [X]
    2014-12-10 22:28 - 2014-12-10 22:33 - 00000000 ____D () C:\AdwCleaner
    2014-12-09 19:01 - 2014-12-09 23:49 - 06000640 _____ () C:\Program Files (x86)\GUT1F54.tmp
    2014-12-09 19:01 - 2014-12-09 19:01 - 00000000 ____D () C:\Program Files (x86)\GUM1F53.tmp
    EmptyTemp:

    W FRST wybierz Fix. Usun katalog C:\FRST i to wszystko.
  • Spec od komputerów
    Odinstaluj HomeTab 7.1,Search App by Ask.Otwórz Notatnik i wklej:

    Cytat:
    Task: {5ABDFD3C-5591-4F5F-8F0F-6A38552733CF} - System32\Tasks\{8EA2C80A-99A9-4483-A433-ED9934AB7C43} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsProgressBar
    Task: {A47A32FA-A38D-417C-A0FB-8DEED41186F0} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
    Task: {E993E877-F00C-4008-9279-2690D7896125} - System32\Tasks\Browser Updater\Browser Updater => C:\Program Files (x86)\HomeTab\WSystemUpdate.exe <==== ATTENTION
    Task: {F600FC86-29B4-4DCF-962D-F42BB07B1D9E} - System32\Tasks\SystemSockets\SystemSockets => C:\Program Files (x86)\HomeTab\WConnectorHandler.exe <==== ATTENTION
    Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk
    ShortcutTarget: Torpedo.lnk -> D:\Torpedo\Torpedo.exe (No File)
    GroupPolicyUsers\S-1-5-32-545\User: Group Policy restriction detected <======= ATTENTION
    AutoConfigURL: [S-1-5-21-2808992701-1393690524-2072215215-500] => http://cdn1.browsersecurity.net/safe/cloud.js?si=62606&tid=6533
    HKU\S-1-5-21-2808992701-1393690524-2072215215-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&...0524AS_5VPBAVLYXXXX5VPBAVLY&ts=1360269435
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
    BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\22find.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
    FF HKLM-x32\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
    FF Extension: Smiley Bar for Facebook - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-02-14]
    FF HKU\S-1-5-21-2808992701-1393690524-2072215215-500\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
    FF HKU\S-1-5-21-2808992701-1393690524-2072215215-500\...\Firefox\Extensions: [specialsavings@vshsolutions.com] - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
    FF Extension: Special Savings - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2013-02-14]
    FF HKU\S-1-5-21-2808992701-1393690524-2072215215-500\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers
    FF Extension: Free Games 111 - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers [2014-05-01]
    CHR Extension: (Psykopaint) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2014-12-09]
    S2 stdmfpam; \??\C:\Program Files (x86)\HomeTab\stdmfpam.dll [X]
    2014-12-10 22:28 - 2014-12-10 22:33 - 00000000 ____D () C:\AdwCleaner
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix.