Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Win 8, Chrome - wyskakujace multi ads on.

TurboTygrys 18 Wrz 2015 19:22 477 3
  • Pomocny post
    #2 18 Wrz 2015 19:51
    Acorus 20
    Spec od komputerów

    Odinstaluj AnyProtect, AnySend, CinemaP-1.9cV10.08, CinemaPlus-3.2cV09.08, do-search uninstall, GamesDesktop 008.005010057, GoHD, iWebar, MyBestOffersToday 008.014010057, Object Browser, PhraseProfessor 1.10.0.21, Sale Charger, SmartWeb, WebStorage, YTDownloader. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Pokaż nowe logi z FRST.

    0
  • #4 22 Wrz 2015 20:27
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    HKU\S-1-5-21-2253440694-3573756850-3282575963-1001\...\Run: [GoogleChromeAutoLaunch_2A07FFF82FD9F2F20464736682738193] => "C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe" --no-startup-window
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-20]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    SearchScopes: HKU\S-1-5-21-2253440694-3573756850-3282575963-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=144...id=HGSTXHTS545050A7E680_TMA55DGL1P88KP1P88KPX
    CHR HomePage: Default -> hxxp://www.oursurfing.com/?type=hp&ts=144...id=HGSTXHTS545050A7E680_TMA55DGL1P88KP1P88KPX
    CHR RestoreOnStartup: Default -> "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bl-bcr-is__alt__ddc_dsssyc_bd_com"
    CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1442800700&z=35687039cc708ad40619199gaz3z8o6beeee3q8tft&from=buzz&uid=HGSTXHTS545050A7E680_TMA55DGL1P88KP1P88KPX"
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=F99ztu...,50139bba-65ba-42e4-9e13-aa3299beb380,&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR Extension: (Search Module Plus v2) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlcgehabolcakkjhgmgpkagpolbjlhfa [2015-09-20]
    CHR Extension: (Sale Charger) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjodaojofnncamkhhbnonejbjliohhk [2015-08-10]




    CHR HKU\S-1-5-21-2253440694-3573756850-3282575963-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.oursurfing.com/?type=sc&ts=144...id=HGSTXHTS545050A7E680_TMA55DGL1P88KP1P88KPX
    OPR Extension: (Brak nazwy) - C:\Users\Paweł\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan [2015-08-10]
    OPR Extension: (Brak nazwy) - C:\Users\Paweł\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-17]
    OPR Extension: (Brak nazwy) - C:\Users\Paweł\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-08-10]
    R2 uUolIJswkDm; C:\ProgramData\MGRtlTl\uUolIJswkDm.exe [2730936 2015-09-20] (Valid Applications)
    R2 ZWyskJrxCe; C:\ProgramData\mxxmoIUZy\ZWyskJrxCe.exe [2731488 2015-09-09] (Unique Solutions)
    U0 msahci; system32\drivers\msahci.sys [X]
    2015-09-21 03:58 - 2015-09-21 23:33 - 00000000 ____D C:\ProgramData\OWdsManProO
    2015-09-20 23:12 - 2015-09-22 19:13 - 00001987 _____ C:\Users\Public\Desktop\speed browser.lnk
    2015-09-20 23:12 - 2015-09-22 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\speed browser
    2015-09-20 23:12 - 2015-09-20 23:12 - 00014080 _____ (Microsoft) C:\Users\Paweł\AppData\Roaming\LaunchBrowser_ed.exe
    2015-09-20 23:12 - 2015-09-20 23:12 - 00000000 ____D C:\Users\Paweł\AppData\Local\speed browser
    2015-09-20 23:12 - 2015-09-20 23:12 - 00000000 ____D C:\Program Files (x86)\speed browser
    2015-09-20 21:04 - 2015-09-20 21:04 - 00000000 ____D C:\ProgramData\Browser
    2015-09-20 13:04 - 2015-09-22 19:13 - 00003446 _____ C:\WINDOWS\System32\Tasks\Ontleasxli
    2015-09-20 13:04 - 2015-09-20 13:04 - 00000000 ____D C:\ProgramData\Ontleasxli
    2015-09-20 12:58 - 2015-09-20 12:59 - 00000000 ____D C:\ProgramData\MGRtlTl
    2015-09-19 19:25 - 2015-09-19 19:28 - 00000000 ____D C:\AdwCleaner
    2015-09-14 18:59 - 2015-09-14 19:00 - 00000000 ____D C:\Program Files (x86)\529949c9-cddd-4b69-bd99-ce61486af548
    2015-09-14 18:53 - 2015-09-22 03:58 - 00000352 ____H C:\WINDOWS\Tasks\TBLVOYUWROKEJHEF.job
    2015-09-14 18:53 - 2015-09-19 19:35 - 00000328 _____ C:\WINDOWS\Tasks\HZJFJDVPRT1.job
    2015-09-14 18:53 - 2015-09-14 18:53 - 00003360 _____ C:\WINDOWS\System32\Tasks\TBLVOYUWROKEJHEF
    2015-09-14 18:53 - 2015-09-14 18:53 - 00002842 _____ C:\WINDOWS\System32\Tasks\HZJFJDVPRT1
    2015-09-14 18:46 - 2015-09-14 18:46 - 00001008 _____ C:\WINDOWS\Tasks\m8mEqCyAqbU4B.job
    2015-09-13 22:48 - 2015-09-13 22:48 - 00001018 _____ C:\WINDOWS\Tasks\jlsxGCNmMJMaGKI5jq.job
    2015-09-13 22:47 - 2015-09-13 22:47 - 00000000 ____D C:\Program Files (x86)\d29d606a-51ba-4876-b506-1da9e9db9067
    2015-09-09 22:27 - 2015-09-09 22:29 - 00000000 ____D C:\Program Files (x86)\c41188a6-0afb-4a8c-8563-8e996e6dd44f
    2015-09-09 22:13 - 2015-09-09 22:13 - 00001026 _____ C:\WINDOWS\Tasks\DdWPWnj8NXOJwkMB4YVhEy.job
    2015-09-09 22:12 - 2015-09-09 22:12 - 00000000 ____D C:\Program Files (x86)\7e190821-4544-40cb-8e26-c5101d82dff2
    2015-09-09 22:07 - 2015-09-09 22:07 - 00000000 ____D C:\Users\Paweł\AppData\Local\CrashRpt
    2015-09-09 22:07 - 2015-09-09 22:07 - 00000000 ____D C:\Users\Paweˆ
    2015-09-09 00:15 - 2015-09-22 19:13 - 00003460 _____ C:\WINDOWS\System32\Tasks\Esxiosuhinuvs
    2015-09-09 00:15 - 2015-09-09 00:15 - 00000000 ____D C:\ProgramData\Esxiosuhinuvs
    2015-09-09 00:09 - 2015-09-09 00:10 - 00000000 ____D C:\ProgramData\mxxmoIUZy
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Paweł\AppData\Roaming\DdWPWnj8NXOJwkMB4YVhEy
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Paweł\AppData\Roaming\DdWPWnj8NXOJwkMB4YVhEy.exe
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Paweł\AppData\Roaming\FXG3aU4JInKiPwknOsk6FvS
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Paweł\AppData\Roaming\FXG3aU4JInKiPwknOsk6FvS.exe
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Paweł\AppData\Roaming\hucBt9dCauL
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Paweł\AppData\Roaming\hucBt9dCauL.exe
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Paweł\AppData\Roaming\jlsxGCNmMJMaGKI5jq
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Paweł\AppData\Roaming\jlsxGCNmMJMaGKI5jq.exe
    2015-09-20 23:12 - 2015-09-20 23:12 - 0014080 _____ (Microsoft) C:\Users\Paweł\AppData\Roaming\LaunchBrowser_ed.exe
    2015-09-20 23:12 - 2015-09-20 23:12 - 0000182 _____ () C:\Users\Paweł\AppData\Roaming\LaunchBrowser_ed.exe.config
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Paweł\AppData\Roaming\m8mEqCyAqbU4B
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Paweł\AppData\Roaming\m8mEqCyAqbU4B.exe
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Paweł\AppData\Roaming\uivTGx8BX0PWlPX7gdpMpTfQX
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Paweł\AppData\Roaming\uivTGx8BX0PWlPX7gdpMpTfQX.exe
    2015-08-10 18:08 - 2015-08-10 18:08 - 0613255 _____ (CMI Limited) C:\Users\Paweł\AppData\Local\nsi1F3E.tmp
    2015-08-10 18:13 - 2015-08-10 18:13 - 0613255 _____ (CMI Limited) C:\Users\Paweł\AppData\Local\nsk8F88.tmp
    2015-09-14 18:46 - 2015-09-14 18:46 - 0613255 _____ (CMI Limited) C:\Users\Paweł\AppData\Local\nsl9D23.tmp
    2015-09-14 19:03 - 2015-09-14 19:02 - 0613255 _____ (CMI Limited) C:\Users\Paweł\AppData\Local\nsm7E1D.tmp
    C:\ProgramData\SetStretch.VBS
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw. Przeskanuj programem Malwarebytes Anti-Malware https://www.malwarebytes.org/downloads/
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

    0