Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus - Rozszerzenia same aie pobieraja/otwieraja

wegorz123 31 Lip 2015 15:20 711 10
  • #1 31 Lip 2015 15:20
    wegorz123
    Poziom 9  

    Siema mam problem. Pojawil sie gdy jak glupi chcialem sciagnac darmowy program... zaczelo sie od zainstalowania sie przegladarki ktora sama sie wlaczala ale znalazlem temat jak ja usunac (nie pamietam nazwy) teraz strony startowe mi sie zmieniaja i wyskakuja wszedzie reklamy.
    Wrzucam skan otl
    Www.Pokazywarka.pl/wegorz123otl

    Prossze o pomoc !

    0 10
  • #4 03 Sie 2015 08:52
    Acorus 20
    Spec od komputerów

    Odinstaluj Buzzdock, Spyware Terminator 2015, Yahoo! Search.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Pokaż nowe logi z FRST.

    0
  • Pomocny post
    #6 04 Sie 2015 08:44
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj BrowserV30.07, Checked List, Crossbrowse, globalupdate Helper.

    Cytat:

    Hosts:
    Internet Explorer Versie 11 (Standaardbrowser pad: "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" -- "%1")
    (Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
    (Crossbrowse) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3125584105-3283239194-284023941-1004\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-3125584105-3283239194-284023941-1004\...\Run: [GoogleChromeAutoLaunch_2FC82548F900B222BA10F35EFB8B964E] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
    Startup: C:\Users\Pro Custom Design\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-04]
    ShortcutTarget: crossbrowse.lnk -> C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
    GroupPolicy: Groepsbeleid op Chrome gedetecteerd <======= AANDACHT
    Task: {00E06F87-A4D8-4205-9894-0C840B38E42E} - System32\Tasks\08f444fb-6b87-424b-b153-557164897574-5_user => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-5.exe [2015-08-04] (BrowserV30.07) <==== AANDACHT
    Task: {198F4C03-5FFC-4C39-900E-13AB985CC64D} - System32\Tasks\08f444fb-6b87-424b-b153-557164897574-6 => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-6.exe [2015-08-04] (BrowserV30.07) <==== AANDACHT
    Task: {298A5816-03D4-41AF-868B-3C5D432680AC} - System32\Tasks\TFTUMYUKPRPHHKWT => C:\ProgramData\Service1198\Service1198.exe [2015-06-28] () <==== AANDACHT
    Task: {4943DBB4-1C99-4D2D-B306-C98F663C0ABB} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe [2015-08-04] () <==== AANDACHT
    Task: {4EBF23E9-A500-4AD0-8960-74F2B3001BA2} - System32\Tasks\08f444fb-6b87-424b-b153-557164897574-1-6 => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-1-6.exe [2015-08-04] (BrowserV30.07) <==== AANDACHT
    Task: {550423E2-76BF-4869-BDCD-6E808F8B9059} - System32\Tasks\08f444fb-6b87-424b-b153-557164897574-3 => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-3.exe [2015-08-04] (BrowserV30.07) <==== AANDACHT
    Task: {56965FC9-AEEF-4652-BB69-70191455DAA3} - System32\Tasks\08f444fb-6b87-424b-b153-557164897574-5 => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-5.exe [2015-08-04] (BrowserV30.07) <==== AANDACHT
    Task: {5BCA2905-9117-4D4E-B402-A7EE7F73C7B5} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-04] (globalUpdate) <==== AANDACHT
    Task: {62503006-5D51-42EA-AD5C-581473AE2AB4} - System32\Tasks\OptimizerProUpdaterTask{E283BEBD-1F32-4B9A-931D-B4DA77E52AAF} => C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe <==== AANDACHT




    Task: {6B7086D7-32A2-4FBF-A0FC-33C8500CA3CA} - System32\Tasks\08f444fb-6b87-424b-b153-557164897574-7 => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-7.exe [2015-08-04] (BrowserV30.07) <==== AANDACHT
    Task: {9ECADC00-3D35-459C-9E0C-4FB360C31EC5} - System32\Tasks\08f444fb-6b87-424b-b153-557164897574-1-7 => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-1-7.exe [2015-08-04] (BrowserV30.07) <==== AANDACHT
    Task: {C7EB234A-A746-4883-A81B-CB0376C325B7} - System32\Tasks\MNKXYDZYN1 => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== AANDACHT
    Task: {D920EB13-C342-4C74-954A-930DDA901165} - System32\Tasks\oNC6okCHfQIXRu99O => C:\Users\Pro Custom Design\AppData\Roaming\oNC6okCHfQIXRu99O.exe [2015-04-20] () <==== AANDACHT
    Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File <==== AANDACHT
    Task: {FB49E75B-1A99-4E11-94E3-42629B7C5189} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-04] (globalUpdate) <==== AANDACHT
    Task: C:\Windows\Tasks\08f444fb-6b87-424b-b153-557164897574-1-6.job => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-1-6.exe <==== AANDACHT
    Task: C:\Windows\Tasks\08f444fb-6b87-424b-b153-557164897574-1-7.job => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-1-7.exe <==== AANDACHT
    Task: C:\Windows\Tasks\08f444fb-6b87-424b-b153-557164897574-3.job => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-3.exe <==== AANDACHT
    Task: C:\Windows\Tasks\08f444fb-6b87-424b-b153-557164897574-5.job => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-5.exe <==== AANDACHT
    Task: C:\Windows\Tasks\08f444fb-6b87-424b-b153-557164897574-5_user.job => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-5.exe <==== AANDACHT
    Task: C:\Windows\Tasks\08f444fb-6b87-424b-b153-557164897574-6.job => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-6.exe <==== AANDACHT
    Task: C:\Windows\Tasks\08f444fb-6b87-424b-b153-557164897574-7.job => C:\Program Files (x86)\BrowserV30.07\08f444fb-6b87-424b-b153-557164897574-7.exe <==== AANDACHT
    Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== AANDACHT
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== AANDACHT
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== AANDACHT
    Task: C:\Windows\Tasks\MNKXYDZYN1.job => C:\ProgramData\EpsanDrive\EpsanDrive.exe <==== AANDACHT
    Task: C:\Windows\Tasks\oNC6okCHfQIXRu99O.job => C:\Users\Pro Custom Design\AppData\Roaming\oNC6okCHfQIXRu99O.exe <==== AANDACHT
    Task: C:\Windows\Tasks\OptimizerProUpdaterTask{E283BEBD-1F32-4B9A-931D-B4DA77E52AAF}.job => C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exeI/schedule /profilepath C:\ProgramData\Premium\OptimizerPro\profile.ini <==== AANDACHT
    Task: C:\Windows\Tasks\TFTUMYUKPRPHHKWT.job => C:\ProgramData\Service1198\Service1198.exe <==== AANDACHT
    GroupPolicyScripts: Groepsbeleid gedetecteerd <======= AANDACHT
    CHR HKLM\SOFTWARE\Policies\Google: Beleid restrictie <======= AANDACHT
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is ingeschakeld.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:49211;https=127.0.0.1:49211
    HKU\S-1-5-21-3125584105-3283239194-284023941-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.search.yahoo.com/?fr=hp-ddc-bd&type=pr-bir-ia__alt__ddc_dsssyc_bd_com
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3125584105-3283239194-284023941-1004 -> DefaultScope {E9EBCFCA-BBFB-4111-B77B-4072C628C79C} URL = http://nl.search.yahoo.com/yhs/search?hspart=...mp;type=pr-bir-ia__alt__ddc_dss_bd_com&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3125584105-3283239194-284023941-1004 -> OldSearch URL = http://searchsimple-a.akamaihd.net/?affID=ia&q={searchTerms}&r=141
    SearchScopes: HKU\S-1-5-21-3125584105-3283239194-284023941-1004 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-3125584105-3283239194-284023941-1004 -> {E7B537EC-E0B5-49DC-B9B0-5CBDE94B9DEF} URL = http://www.google.nl/search?hl=nl&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3125584105-3283239194-284023941-1004 -> {E9EBCFCA-BBFB-4111-B77B-4072C628C79C} URL = http://nl.search.yahoo.com/yhs/search?hspart=...mp;type=pr-bir-ia__alt__ddc_dss_bd_com&p={searchTerms}
    BHO-x32: Checked List 1.0.0.7 -> {7ff0f7e7-8b1e-4e90-8bd5-f60cfdd71ecc} -> C:\Program Files (x86)\Checked List\CheckedListbho.dll [2015-06-30] (Checked List)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    CHR Extension: (BrowserV30.07) - C:\Users\Pro Custom Design\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhkmcfanijhphphomamdkaejjadkhgn [2015-08-04]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
    OPR Extension: (Sale Clipper) - C:\Users\Pro Custom Design\AppData\Roaming\Opera Software\Opera Stable\Extensions\eahkihgggfjloadgcbakhekclipmenhc [2015-07-28]
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe http://www.istartsurf.com/?type=sc&ts=143...HitachiXHDS721050CLA662_JP1572HR3Y77AK3Y77AKX
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-04] (globalUpdate) [Bestand niet getekend] <==== AANDACHT
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-04] (globalUpdate) [Bestand niet getekend] <==== AANDACHT
    2015-08-04 07:21 - 2015-08-04 07:21 - 00004122 _____ C:\Windows\System32\Tasks\Crossbrowse
    2015-08-04 07:21 - 2015-08-04 07:21 - 00002414 _____ C:\Users\Public\Desktop\Crossbrowse.lnk
    2015-08-04 07:21 - 2015-08-04 07:21 - 00001080 _____ C:\Windows\Tasks\Crossbrowse.job
    2015-08-04 07:21 - 2015-08-04 07:21 - 00000000 ____D C:\Users\Pro Custom Design\AppData\Local\Crossbrowse
    2015-08-04 07:21 - 2015-08-04 07:21 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse
    2015-08-04 07:21 - 2015-08-04 07:21 - 00000000 ____D C:\Users\Gast\AppData\Local\Crossbrowse
    2015-08-04 07:21 - 2015-08-04 07:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\Crossbrowse
    2015-08-04 07:21 - 2015-08-04 07:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
    2015-08-04 07:20 - 2015-08-04 07:20 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
    Empty Temp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe, odpal go jako administrator i kliknij Fix.

    1
  • Pomocny post
    #8 04 Sie 2015 10:01
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== AANDACHT
    2015-08-04 07:22 - 2015-08-04 07:22 - 00000000 ____D C:\Users\Pro Custom Design\AppData\Local\globalUpdate
    2015-08-04 07:22 - 2015-08-04 07:22 - 00000000 ____D C:\Program Files (x86)\globalUpdate
    2015-08-04 07:16 - 2015-08-04 08:35 - 00000000 ____D C:\AdwCleaner
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Pro Custom Design\AppData\Roaming\oNC6okCHfQIXRu99O
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Pro Custom Design\AppData\Roaming\oNC6okCHfQIXRu99O.exe
    DeleteQuarantine:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Odinstaluj globalupdate Helper. Skasuj folder C:\FRST.

    1
  • #10 04 Sie 2015 10:38
    Kolobos
    Spec od komputerów

    Nowe logi sa zbedne, usun katalog C:\FRST i to wszystko.

    0
  • #11 04 Sie 2015 11:37
    wegorz123
    Poziom 9  

    Ok, wielkie dzieki ! :)

    0