Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Strona gameplayinfo.org włącza się przy starcie systemu.

zygator22 26 Sie 2015 21:27 495 1
  • #1 26 Sie 2015 21:27
    zygator22
    Poziom 3  

    Strona gameplayinfo.org włącza się przy starcie systemu.
    Z góry dzięki za pomoc.

    Niżej załączam logi z FRST:

    0 1
  • CControls
  • Pomocny post
    #2 26 Sie 2015 22:19
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Bing Bar
    MyBestOffersToday 008.014010068

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {01A03CE1-6451-4C41-A7DC-937FA0C68A66} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {4C615A66-D43F-40EB-BAE4-1A4DEE9277CD} - \{8A433E4E-2779-4192-92D2-C014D8F70E0D} -> Brak pliku <==== UWAGA
    Task: {5009698D-9E5E-49C7-9083-D1C424B0A681} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {54F5FD62-D61D-4625-AE5D-EA54F4C77DD8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {59AFFB83-E033-4B83-B361-5BC84B0DD720} - System32\Tasks\pcoductpro => C:\WINDOWS\system32\config\systemprofile\AppData\Local\Duoair [2015-08-22] ()
    Task: {5E9ED138-884A-44AD-829D-2CE712E47FCE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {65B2085E-B78F-44F6-8D1D-867EEA706565} - System32\Tasks\{A17FE8CA-CA63-4074-986F-33CBD29977E7} => pcalua.exe -a "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe" -c --uninstall --system-level
    Task: {711B76C8-30A4-46A7-AF87-67F5BB6641EB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {75000C22-3066-4739-A86A-464BE61788AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {896DC8F2-C6BA-426C-AC41-328CA04D0EDE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {91F75672-7618-4D8D-93FB-225AFA8D3B64} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {93C498FA-7BED-4885-95ED-BF6BE58206D7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {AF42280E-CFB4-4795-9B2C-4A208FA956F2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {B2DAFE11-45E7-4840-A538-8F07CBE5410D} - \{3A476C0C-0EAF-47EB-8CAF-7247F77A5894} -> Brak pliku <==== UWAGA
    Task: {F9516DD1-F8F2-4BA1-A2C5-FDD7B10E8399} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    () C:\Program Files (x86)\31E2A7A0-1440275414-11B2-8000-D0A1A07A0DB7\hnszA1A4.tmp
    () C:\Program Files (x86)\31E2A7A0-1440275414-11B2-8000-D0A1A07A0DB7\jnsh83E8.tmp
    () C:\Program Files (x86)\Join Air\AssistantServices.exe
    () C:\Program Files (x86)\31E2A7A0-1440275414-11B2-8000-D0A1A07A0DB7\knsr7C7C.tmp
    () C:\Users\Grzesiek\AppData\Local\mbot_pl_014010068\upmbot_pl_014010068.exe
    HKLM-x32\...\Run: [mbot_pl_014010068] => C:\Program Files (x86)\mbot_pl_014010068\mbot_pl_014010068.exe [3979408 2015-08-22] ()
    HKLM-x32\...\Run: [Babakan] => cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20131017 (exit) else (start http://dinoklafbzor.org && exit)




    HKLM-x32\...\RunOnce: [upmbot_pl_014010068.exe] => C:\Users\Grzesiek\AppData\Local\mbot_pl_014010068\upmbot_pl_014010068.exe [3332752 2015-08-22] ()
    HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
    HKU\S-1-5-21-3953819830-622224066-1830746929-1000\...\RunOnce: [Uninstall C:\Users\Grzesiek\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Grzesiek\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
    AppInit_DLLs: C:\ProgramData\ExtTag\U-redin.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\ExtTag\ZonDomair.dll => Brak pliku
    GroupPolicy: Zasady grupy Chrome wykryto <======= UWAGA
    GroupPolicyScripts-x32: Zasady grupy wykryto <======= UWAGA
    HKU\S-1-5-21-3953819830-622224066-1830746929-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...4UKUdbTCdkdLIB_q3OrsSwPIIe8GTbVKTIsXvX&q={searchTerms}
    HKU\S-1-5-21-3953819830-622224066-1830746929-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...4UKUdbTCdkdLIB_q3OrsSwPIIe8GTbVKTIsXvX&q={searchTerms}
    HKU\S-1-5-21-3953819830-622224066-1830746929-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...eWoDHWURdykDc-bSFPBKQiuqGZ_FbAjv0HFBxhjwVKjhd
    HKU\S-1-5-21-3953819830-622224066-1830746929-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...4UKUdbTCdkdLIB_q3OrsSwPIIe8GTbVKTIsXvX&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-3953819830-622224066-1830746929-1000 -> DefaultScope {1C09A3FC-7A60-48A0-AC8D-E49649CCFB29} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...K3T&ts=1438204556&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3953819830-622224066-1830746929-1000 -> {1C09A3FC-7A60-48A0-AC8D-E49649CCFB29} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...K3T&ts=1438204556&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3953819830-622224066-1830746929-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-3953819830-622224066-1830746929-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...K3T&ts=1438204556&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3953819830-622224066-1830746929-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...4UKUdbTCdkdLIB_q3OrsSwPIIe8GTbVKTIsXvX&q={searchTerms}
    Toolbar: HKLM - Brak nazwy - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
    CHR HKLM\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
    OPR StartupUrls: "hxxp://google.%2Cpl/"
    OPR Extension: (escape75) - C:\Users\Grzesiek\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2015-07-30]
    R2 bycekibu; C:\Program Files (x86)\31E2A7A0-1440275414-11B2-8000-D0A1A07A0DB7\knsr7C7C.tmp [363008 2015-08-26] () [Brak podpisu cyfrowego]
    R2 fimevebo; C:\Program Files (x86)\31E2A7A0-1440275414-11B2-8000-D0A1A07A0DB7\hnszA1A4.tmp [137728 2015-08-22] () [Brak podpisu cyfrowego]
    S2 inyraupuat; C:\Users\Grzesiek\AppData\Local\Ran-lex.exe [47616 2015-08-22] () [Brak podpisu cyfrowego]
    R2 jimocoso; C:\Program Files (x86)\31E2A7A0-1440275414-11B2-8000-D0A1A07A0DB7\jnsh83E8.tmp [227328 2015-08-22] () [Brak podpisu cyfrowego]
    2015-08-25 15:53 - 2015-08-25 16:18 - 00000000 ____D C:\AdwCleaner
    2015-08-25 15:53 - 2015-08-25 15:53 - 00000124 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-08-25 15:53 - 2015-08-25 15:53 - 00000000 ____D C:\ProgramData\update
    2015-08-25 15:53 - 2015-08-25 15:53 - 00000000 ____D C:\ProgramData\1WinManPro1
    2015-08-23 13:43 - 2015-08-23 13:43 - 00003314 _____ C:\WINDOWS\System32\Tasks\pcoductpro
    2015-08-22 22:51 - 2015-08-22 22:51 - 00260876 _____ (VuuPC Limited) C:\Users\Grzesiek\AppData\Local\nsnDBC2.tmp
    2015-08-22 22:45 - 2015-08-22 22:45 - 00047616 _____ C:\Users\Grzesiek\AppData\Local\Ran-lex.exe
    2015-08-22 22:44 - 2015-08-22 22:44 - 00000000 ____D C:\Program Files (x86)\31E2A7A0-1440276246-11B2-8000-D0A1A07A0DB7
    2015-08-22 22:34 - 2015-08-22 22:34 - 00003396 _____ C:\WINDOWS\System32\Tasks\{A17FE8CA-CA63-4074-986F-33CBD29977E7}
    2015-08-22 22:30 - 2015-08-26 17:46 - 00000000 ____D C:\Program Files (x86)\31E2A7A0-1440275414-11B2-8000-D0A1A07A0DB7
    2015-08-22 22:30 - 2013-07-15 19:44 - 00001028 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
    2015-08-22 22:29 - 2015-08-26 21:15 - 00000000 ____D C:\Users\Grzesiek\AppData\Local\mbot_pl_014010068
    2015-08-22 22:29 - 2015-08-22 22:29 - 00000000 ____D C:\Program Files (x86)\mbot_pl_014010068
    2015-07-29 23:15 - 2015-07-29 23:16 - 00000000 ____D C:\ProgramData\4WinManPro4
    EmptyTemp:

    W Frst wybierz Fix.

    1