Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wyskakujace reklamy - Analiza logów FRST

Montrres 25 Wrz 2015 19:29 594 2
  • #1 25 Wrz 2015 19:29
    Montrres
    Poziom 21  

    Witam!
    Mam problem z wyskakującymi reklamami w programie Firefox. Zrobiłem skan najpierw MBAM, a następnie zrobiłem skan przez FRST. Reklamy nadal się pojawiają.
    Dziękuję i pozdrawiam!

    0 2
  • CControls
  • Pomocny post
    #2 25 Wrz 2015 19:43
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {2DE042A8-B1A5-46B9-A2F6-0259F3899268} - System32\Tasks\{42EAA347-78CC-4EA4-804B-E1644CCB12DA} => pcalua.exe -a C:\Users\Fil\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima
    Task: {5DF040AF-41A4-45D2-BD99-BDB8A2B54AEE} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-11] () <==== UWAGA
    Task: {61A14CB4-80C7-4F9B-AD6A-0AD1FFFCD42C} - \SMupdate1 -> Brak pliku <==== UWAGA
    Task: {6E54BDE1-1D96-4B57-87E3-96EFC26D8106} - System32\Tasks\Inst_Rep => C:\Users\Fil\AppData\Local\Installer\Install_4591\DCytdieamodc_amodc_setup.exe
    Task: {7CB3676F-C789-42AF-B93E-24472F831644} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== UWAGA
    Task: {82E42ADE-1D3A-4F15-8154-0D6FB70E1732} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== UWAGA
    Task: {8489DE6E-C05B-4BDC-A40C-5F93E05268C0} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-11] () <==== UWAGA
    Task: {AED42040-80E2-482B-9E8C-23B3CB334DCF} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-07-11] () <==== UWAGA
    Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
    HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
    HKU\S-1-5-21-1962773787-3504259228-1178713184-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
    HKU\S-1-5-21-1962773787-3504259228-1178713184-1000\...\Run: [CoupSeek] => C:\Users\Fil\AppData\Roaming\CoupSeek\scpsk.exe
    HKU\S-1-5-21-1962773787-3504259228-1178713184-1000\...\Run: [MyComGames] => C:\Users\Fil\AppData\Local\MyComGames\MyComGames.exe [4167112 2015-09-24] (MY.COM B.V.)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    SearchScopes: HKU\S-1-5-21-1962773787-3504259228-1178713184-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=...090&ts=1433498598&type=default&q={searchTerms}




    SearchScopes: HKU\S-1-5-21-1962773787-3504259228-1178713184-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=...090&ts=1433498598&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1962773787-3504259228-1178713184-1000 -> {B9573962-489B-4765-A9D5-FA7F29D021B8} URL = hxxp://www.mystartsearch.com/web/?utm_source=...090&ts=1433498598&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1962773787-3504259228-1178713184-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=...090&ts=1433498598&type=default&q={searchTerms}
    BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll Brak pliku
    BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll Brak pliku
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
    FF DefaultSearchEngine: delta-homes
    FF SelectedSearchEngine: delta-homes
    FF SearchPlugin: C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\searchplugins\dsrlte1.xml [2015-05-02]
    FF SearchPlugin: C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\searchplugins\search-simple.xml [2015-04-29]
    FF Extension: Default NewTab - C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\Extensions\default_newtabff@gmail.com [2015-07-22]
    FF Extension: Default SearchProtected - C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\Extensions\defsearchp@gmail.com [2015-07-22]
    FF Extension: Fast Start - C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\Extensions\quick_searchff@gmail.com [2015-04-29]
    FF Extension: QuickSearch - C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\Extensions\searchffv2@gmail.com [2015-06-05]
    FF Extension: Search Enginer - C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\Extensions\sweetsearch@gmail.com [2015-04-29]
    FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\extensions\quick_searchff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\extensions\sweetsearch@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\extensions\searchffv2@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\extensions\default_newtabff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Fil\AppData\Roaming\Mozilla\Firefox\Profiles\lvpuf4wc.default\extensions\defsearchp@gmail.com
    FF HKU\S-1-5-21-1962773787-3504259228-1178713184-1000\...\Firefox\Extensions: [{A8EF1E73-D8F4-9AEF-BFB9-FCFFD6101C88}] - C:\Program Files (x86)\version64BlockAndSurf\192.xpi
    CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=...p;from=cmi&uid=395049983_1052515_3CE6E090
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1433498550&z=227572a3ca88f797a8dbdb5g5z8c4c6zat0b1w6z9o&from=cmi&uid=395049983_1052515_3CE6E090"
    CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&...cmi&uid=395049983_1052515_3CE6E090&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> mystartsearch
    OPR Extension: (Steel Cut) - C:\Users\Fil\AppData\Roaming\Opera Software\Opera Stable\Extensions\bmfpllkmkdifmhkkgdpepdhpbpgkkgmi [2015-05-02]
    OPR Extension: (Follow Rules) - C:\Users\Fil\AppData\Roaming\Opera Software\Opera Stable\Extensions\ddebipcgbmdndefmlpkffmjgicoehnbe [2015-04-29]
    S4 lydeteku; C:\Users\Fil\AppData\Roaming\00412F4E-1430335349-0000-0000-0000FFFFFFFF\nsu8BE5.tmp [317952 2015-05-07] () [Brak podpisu cyfrowego]
    R2 rinizisu; C:\Users\Fil\AppData\Roaming\00412F4E-1432797824-0000-0000-0000FFFFFFFF\hnsaF7A9.tmp [335360 2015-05-28] () [Brak podpisu cyfrowego]
    S2 mihoropu; C:\Users\Fil\AppData\Roaming\00412F4E-1432797824-0000-0000-0000FFFFFFFF\nst8468.tmp [X]
    S3 TBPanel; Brak ImagePath
    S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Fil\AppData\Roaming\2lmYC5KKMczTPEA
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Fil\AppData\Roaming\FBHT8u7TbTSJhhs08M
    2015-07-03 20:20 - 2015-07-03 20:19 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsc6831.tmp
    2015-06-07 20:26 - 2015-06-07 20:26 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nscBE5E.tmp
    2015-07-01 22:28 - 2015-07-01 22:28 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsf4097.tmp
    2015-07-01 02:41 - 2015-07-01 02:41 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsf72BC.tmp
    2015-05-28 09:55 - 2015-05-28 09:55 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsg1A75.tmp
    2015-06-13 11:38 - 2015-06-13 11:38 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nskD1C.tmp
    2015-07-03 13:44 - 2015-07-03 13:44 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsl6621.tmp
    2015-06-20 01:04 - 2015-06-20 01:04 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nslBC1D.tmp
    2015-04-29 21:47 - 2015-04-29 21:47 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsm18D.tmp
    2015-07-02 12:48 - 2015-07-02 12:48 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nso5617.tmp
    2015-07-11 13:20 - 2015-07-11 13:20 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsr211.tmp
    2015-07-17 12:24 - 2015-07-17 12:24 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsr22AE.tmp
    2015-05-06 10:30 - 2015-05-06 10:30 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsr4FC9.tmp
    2015-06-28 23:33 - 2015-06-28 23:33 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsrB579.tmp
    2015-05-28 10:40 - 2015-05-28 10:40 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nss15B5.tmp
    2015-04-30 16:09 - 2015-04-30 16:09 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nss312F.tmp
    2015-07-10 23:34 - 2015-07-10 23:34 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nstE89C.tmp
    2015-05-28 10:37 - 2015-05-28 10:37 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsw9ED1.tmp
    2015-06-30 13:11 - 2015-06-30 13:11 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsx1FFD.tmp
    2015-05-02 09:54 - 2015-05-02 09:54 - 0613255 _____ (CMI Limited) C:\Users\Fil\AppData\Local\nsz3A6F.tmp
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • CControls
  • #3 24 Wrz 2017 07:04
    Montrres
    Poziom 21  

    Problem oczywiście ustąpił.
    Pozdrawiam!
    Wyskakujace reklamy - Analiza logów FRST

    0