Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

FRST - Pełno wyskakujących reklam proszę o sprawdzenie logów

rudyroman 11 Lip 2015 14:07 657 3
  • #1 11 Lip 2015 14:07
    rudyroman
    Poziom 16  

    Witam koledzy.
    Od pewnego czasu ciągle wyskakują mi reklamy na przeglądarkach i ciągle próbuje mi się coś instalować. Odinstalowuję co się da ale znów same się instalują. Sprawdziłem komputer programem FRST ale na tym kończy się moja znajomość w temacie. Bardzo prosiłbym o sprawdzenie logów. Z góry śliczne dzięki!
    Pozdrawiam, Piotrek.

    0 3
  • CControls
  • Pomocny post
    #2 11 Lip 2015 14:15
    Acorus 20
    Spec od komputerów

    Odinstaluj GamesDesktop 008.005010023, GamesDesktop 008.005010027, GoHD, GUPlayer (remove only), SmartWeb. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Pokaż nowe logi z FRST.

    1
  • CControls
  • #4 11 Lip 2015 15:03
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
    Task: {0D14ED8E-8B5B-44E6-A606-A4286C544E25} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {217A6892-A78D-473D-9596-9D33487D9DD5} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {30D117B1-DDA9-4F05-961A-908857C41830} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-07-11] (globalUpdate) <==== ATTENTION
    Task: {383D5D08-8AA9-42CE-9CC0-C81EAB88C046} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: {49A3B784-C1FF-44D0-9954-0A7A2D120EE8} - System32\Tasks\{A4BC4967-DA29-4E13-BA39-2BC865745BF6} => pcalua.exe -a C:\Users\XXX\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=obw
    Task: {8242C72F-9E11-4646-BBF7-3D8848607C40} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\XXX\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
    Task: {B8B1659C-6FE5-43B8-B818-8FB7DC2A84EF} - System32\Tasks\{AA482BDA-81A1-4DC4-9791-98FFDBAE8E33} => pcalua.exe -a C:\Users\XXX\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
    Task: {DAB3043F-B73F-48F4-8157-F47A1023636E} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-07-11] (globalUpdate) <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
    HKLM\...\Run: [gmsd_pl_005010020] => [X]
    HKLM\...\Run: [gmsd_pl_005010022] => [X]
    HKLM\...\Run: [gmsd_pl_005010023] => [X]
    HKLM\...\Run: [gmsd_pl_005010027] => [X]
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-496672683-3794834982-2161645144-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=...097&ts=1436194711&type=default&q={searchTerms}




    SearchScopes: HKU\S-1-5-21-496672683-3794834982-2161645144-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=...097&ts=1436194711&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-496672683-3794834982-2161645144-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=...097&ts=1436194711&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-496672683-3794834982-2161645144-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.mystartsearch.com/web/?utm_source=...097&ts=1436194711&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-496672683-3794834982-2161645144-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=...097&ts=1436194711&type=default&q={searchTerms}
    BHO: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited)
    BHO: On Stage -> {9771c444-42b0-4e23-a7fb-ff707123ab30} -> C:\Program Files\On Stage\Extensions\9771c444-42b0-4e23-a7fb-ff707123ab30.dll No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=143...id=WDCXWD5000AAKS-22V1A0_WD-WCAWF770009700097
    FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ofcg8a1v.default\searchplugins\mystartsearch.xml [2015-07-11]
    FF Extension: jid0MXvUXM1npF7yTcY3bpZVht72AR4jetpack - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ofcg8a1v.default\Extensions\jid0-MXvUXM1npF7yTcY3bpZVht72AR4@jetpack [2015-07-09]
    FF Extension: QuickSearch - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ofcg8a1v.default\Extensions\searchffv2@gmail.com [2015-07-06]
    FF Extension: Search Enginer - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ofcg8a1v.default\Extensions\sweetsearch@gmail.com [2015-07-06]
    FF Extension: Mozilla Firefox Hotfixer - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ofcg8a1v.default\Extensions\veggy@veggyAddon.com [2015-07-05]
    FF Extension: Zoom It - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ofcg8a1v.default\Extensions\zzoomit@zoom.com [2015-07-07]
    FF HKLM\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ofcg8a1v.default\extensions\searchffv2@gmail.com
    FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\ofcg8a1v.default\extensions\sweetsearch@gmail.com
    CHR HKLM\...\Chrome\Extension: [mibfbmhijjgpkmobcfdlelpccpeafoom] - No Path Or update_url value
    S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-11] (globalUpdate) [File not signed] <==== ATTENTION
    S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-07-11] (globalUpdate) [File not signed] <==== ATTENTION
    R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
    R2 jerorito; C:\Users\XXX\AppData\Roaming\82B736CC-1435941542-11D5-AC23-B34F4C123803\knsi5D5F.tmp [595968 2015-07-05] () [File not signed]
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
    R2 zejytose; C:\Users\XXX\AppData\Roaming\82B736CC-1435941542-11D5-AC23-B34F4C123803\jnsg95DB.tmp [199168 2015-07-03] () [File not signed]
    S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
    S2 NvStreamSvc; "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" [X]
    S3 cpuz129; \??\C:\Users\XXX\AppData\Local\Temp\cpuz_x32.sys [X]
    S3 GPU-Z; \??\C:\Users\XXX\AppData\Local\Temp\GPU-Z.sys [X]
    S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
    S1 wsfd_1_10_0_19; system32\drivers\wsfd_1_10_0_19.sys [X]
    2015-07-11 12:11 - 2015-07-11 14:42 - 00000918 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    2015-07-11 12:11 - 2015-07-11 12:16 - 00000922 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
    2015-07-11 12:11 - 2015-07-11 12:11 - 00000000 ____D C:\Users\XXX\AppData\Local\globalUpdate
    2015-07-11 12:09 - 2015-07-11 13:11 - 00000000 ____D C:\Users\XXX\AppData\Roaming\systweak
    2015-07-11 12:01 - 2015-07-11 14:39 - 00000000 ____D C:\Program Files\GUPlayer
    2015-07-06 17:06 - 2015-07-11 13:49 - 00000000 ____D C:\Program Files\AnyProtectEx
    2015-07-06 16:58 - 2015-07-06 16:59 - 00000000 ____D C:\Program Files\MiuiTab
    2015-07-05 17:21 - 2015-07-05 17:21 - 00000000 __SHD C:\Users\XXX\AppData\Roaming\AnyProtectEx
    2015-07-05 08:40 - 2015-07-05 09:51 - 00000000 ____D C:\AdwCleaner
    2015-07-05 17:21 - 2015-07-05 17:21 - 0613255 _____ (CMI Limited) C:\Users\XXX\AppData\Local\nsi5C0D.tmp
    2015-07-06 17:06 - 2015-07-06 17:06 - 0613255 _____ (CMI Limited) C:\Users\XXX\AppData\Local\nspEE01.tmp
    2015-07-11 13:47 - 2015-07-11 13:47 - 0613255 _____ (CMI Limited) C:\Users\XXX\AppData\Local\nsw4DCC.tmp
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Odinstaluj globalupdate Helper. Przeskanuj programem Malwarebytes Anti-Malware http://www.malwarebytes.org/8/
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

    0