Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Złośliwe programy typu adware i prośba o fixlist.

ewako 25 Paź 2015 13:46 516 6
  • #1 25 Paź 2015 13:46
    ewako
    Poziom 2  

    Witam.

    Czy moglibyście pomóc również mnie? Mam problemy z czymś takim gmsd_pl_005010123, a przy okazji dodatkowo inne wirusy. Zrobiłam skan za pomocą FRST.
    Odinstalowałam cinemaplus, gamedeskop, jogotempo, pozostałych rzeczy też nigdzie nie widzę.
    Pomóżcie proszę z tym fixlist.txt.

    Z góry dziękuję.

    0 6
  • CControls
  • Pomocny post
    #2 25 Paź 2015 14:12
    Acorus 20
    Spec od komputerów

    Odinstaluj oursurfing, WordWizard 1.10.0.24. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {099EFBCD-AD67-4885-B92E-C1082CE24EB9} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-11 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-11.exe <==== UWAGA
    Task: {10EFEA99-BAAE-446B-890D-C7E345AB55E4} - System32\Tasks\Installer_iwebar => C:\Users\pc\AppData\Local\Installer\Installiwebar_20209\ytdieamodc_amodc_setup.exe <==== UWAGA
    Task: {16193EBE-DEA2-487C-A3FB-B29CCAA1B9DF} - System32\Tasks\WordWizard Auto Updater 1.10.0.24 Pending Update => C:\Program Files (x86)\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe [2015-09-02] (WordWizard) <==== UWAGA
    Task: {256AFF6A-AF7C-4194-B136-7E0582135EB8} - System32\Tasks\Inst_Rep => C:\Users\pc\AppData\Local\Installer\Install_4637\ytdieamodc_amodc_setup.exe
    Task: {2AA4B4A6-6F46-434E-A170-64A28D79081C} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-7.exe <==== UWAGA
    Task: {3DC72C58-AAA4-4A73-9AB1-D78F4B1D0015} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5.exe <==== UWAGA
    Task: {40BECF39-19D1-421D-B201-406E31839C93} - System32\Tasks\WordWizard Auto Updater 1.10.0.24 Core => C:\Program Files (x86)\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe [2015-09-02] (WordWizard) <==== UWAGA
    Task: {6600507A-D893-4FB1-AC6B-091F9ADA2DF8} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-6.exe <==== UWAGA
    Task: {75BF98E4-5615-44D3-A394-E1B99258E80F} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-6 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-6.exe <==== UWAGA
    Task: {927CB3A8-29B9-4622-88F2-D2CCEA471C61} - System32\Tasks\grHWMsC => C:\Users\pc\AppData\Roaming\grHWMsC.exe [2015-04-20] () <==== UWAGA
    Task: {9EE7BA3B-F88C-41CE-A7A8-FC119100E434} - System32\Tasks\MejYPGwlx0yTLY9AMf0EFZw => C:\Users\pc\AppData\Roaming\MejYPGwlx0yTLY9AMf0EFZw.exe [2015-04-20] () <==== UWAGA
    Task: {B8AE7A43-91D2-4D90-B2B9-65E3F5EB69EC} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-7 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-7.exe <==== UWAGA
    Task: {BC231C1E-83F7-44C6-BB64-82CEA6680334} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-3 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-3.exe <==== UWAGA
    Task: {CE605CEC-531F-4838-8B16-77F6AA198010} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5.exe <==== UWAGA




    Task: {CFCBCE17-89DA-4F0A-8E76-02CA492B0528} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-4 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-4.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-6.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-7.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-11.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-11.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-3.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-4.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-6.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-7.exe <==== UWAGA
    Task: C:\Windows\Tasks\grHWMsC.job => C:\Users\pc\AppData\Roaming\grHWMsC.exe <==== UWAGA
    Task: C:\Windows\Tasks\MejYPGwlx0yTLY9AMf0EFZw.job => C:\Users\pc\AppData\Roaming\MejYPGwlx0yTLY9AMf0EFZw.exe <==== UWAGA
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=st1000dm003-1er162_z4y5s033xxxxz4y5s033
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=st1000dm003-1er162_z4y5s033xxxxz4y5s033
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts...t1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts...t1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=st1000dm003-1er162_z4y5s033xxxxz4y5s033
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=st1000dm003-1er162_z4y5s033xxxxz4y5s033
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts...t1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts...t1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    HKU\S-1-5-21-1020640253-1596761399-475517059-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=st1000dm003-1er162_z4y5s033xxxxz4y5s033
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts...t1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts...t1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts...t1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts...t1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1020640253-1596761399-475517059-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts...t1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=...p;uid=ST1000DM003-1ER162_Z4Y5S033XXXXZ4Y5S033
    Edge HomeButtonPage: HKU\S-1-5-21-1020640253-1596761399-475517059-1001 -> hxxp://www.oursurfing.com/?type=hp&ts=144...p;uid=st1000dm003-1er162_z4y5s033xxxxz4y5s033
    FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=nt&...p;uid=ST1000DM003-1ER162_Z4Y5S033XXXXZ4Y5S033
    FF Homepage: hxxp://www.mystartsearch.com/?type=hp&ts=...p;uid=ST1000DM003-1ER162_Z4Y5S033XXXXZ4Y5S033
    FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\yibzyyhx.default\searchplugins\istartsurf.xml [2015-10-25]
    FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\yibzyyhx.default\searchplugins\mystartsearch.xml [2015-10-25]
    FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\yibzyyhx.default\searchplugins\oursurfing.xml [2015-10-12]
    FF Extension: Default SearchProtected - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\yibzyyhx.default\Extensions\defsearchp@gmail.com [2015-10-25] [Brak podpisu cyfrowego]
    FF Extension: deskCut - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\yibzyyhx.default\Extensions\deskCutv2@gmail.com [2015-10-25] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\yibzyyhx.default\extensions\deskCutv2@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\yibzyyhx.default\extensions\defsearchp@gmail.com
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.mystartsearch.com/?type=sc&ts=...p;uid=ST1000DM003-1ER162_Z4Y5S033XXXXZ4Y5S033
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1445773474&z=bda7fe0fca414a67a9cd363gbz5z0w7mam8c2odode&from=cmi&uid=ST1000DM003-1ER162_Z4Y5S033XXXXZ4Y5S033"
    CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y5S033XXXXZ4Y5S033&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> mystartsearch
    CHR HKU\S-1-5-21-1020640253-1596761399-475517059-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=...p;uid=ST1000DM003-1ER162_Z4Y5S033XXXXZ4Y5S033
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.mystartsearch.com/?type=sc&ts=...p;uid=ST1000DM003-1ER162_Z4Y5S033XXXXZ4Y5S033
    R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [270568 2015-10-12] ()
    R2 wwsvc_1.10.0.24; C:\Program Files (x86)\WordWizard_1.10.0.24\Service\wwsvc.exe [301656 2015-09-02] (WordWizard)
    R2 quhedozo; C:\Program Files (x86)\00000000-1444679792-0000-0000-D8CB8A9CBDDD\knsd8403.tmpfs [X]
    R1 wwfd_vw_1_10_0_24; C:\Windows\System32\drivers\wwfd_vw_1_10_0_24.sys [57728 2015-09-02] (WordWizard)
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    2015-10-25 12:45 - 2015-10-25 12:56 - 00000000 ____D C:\Users\pc\AppData\Local\gmsd_pl_005010123
    2015-10-25 12:45 - 2015-10-25 12:54 - 00000000 ____D C:\Program Files (x86)\gmsd_pl_005010123
    2015-10-25 12:43 - 2015-10-25 12:43 - 00004312 _____ C:\Windows\System32\Tasks\WordWizard Auto Updater 1.10.0.24 Pending Update
    2015-10-25 12:43 - 2015-10-25 12:43 - 00004280 _____ C:\Windows\System32\Tasks\WordWizard Auto Updater 1.10.0.24 Core
    2015-10-25 12:43 - 2015-10-25 12:43 - 00000000 ____D C:\Program Files (x86)\WordWizard_1.10.0.24
    2015-10-24 08:40 - 2015-10-24 08:40 - 00000000 ____D C:\Users\pc\AppData\Roaming\istartsurf
    2015-10-12 20:56 - 2015-10-12 20:57 - 00000000 ____D C:\Users\pc\AppData\Roaming\oursurfing
    2015-10-12 20:52 - 2015-10-12 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY
    2015-10-12 20:52 - 2015-10-12 20:52 - 00000000 ____D C:\Program Files (x86)\mbot_pl_014010111
    2015-04-19 13:20 - 2015-10-25 12:58 - 0000626 _____ () C:\Users\pc\AppData\Roaming\grHWMsC
    2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Users\pc\AppData\Roaming\grHWMsC.exe
    2015-04-19 13:20 - 2015-10-25 12:58 - 0000626 _____ () C:\Users\pc\AppData\Roaming\MejYPGwlx0yTLY9AMf0EFZw
    2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Users\pc\AppData\Roaming\MejYPGwlx0yTLY9AMf0EFZw.exe
    2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\pc\AppData\Roaming\mjONwbFb3kDf
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • CControls
  • Pomocny post
    #4 25 Paź 2015 18:22
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1444679...t&uid=st1000dm003-1er162_z4y5s033xxxxz4y5s033
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1444679...t&uid=st1000dm003-1er162_z4y5s033xxxxz4y5s033
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=144...id=st1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=144...id=st1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1444679...t&uid=st1000dm003-1er162_z4y5s033xxxxz4y5s033
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1444679...t&uid=st1000dm003-1er162_z4y5s033xxxxz4y5s033
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=144...id=st1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=144...id=st1000dm003-1er162_z4y5s033xxxxz4y5s033&q={searchTerms}
    HKU\S-1-5-21-1020640253-1596761399-475517059-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1444679...t&uid=st1000dm003-1er162_z4y5s033xxxxz4y5s033
    2015-10-25 17:42 - 2015-10-25 17:44 - 00000000 ____D C:\AdwCleaner
    2015-10-25 11:30 - 2015-10-25 17:38 - 00000000 ____D C:\Users\pc\Downloads\FRST-OlderVersion
    2015-10-22 18:48 - 2015-10-23 13:08 - 00000000 ____D C:\Program Files (x86)\1d4277cb-5f7f-4bf8-9966-3c98b6126ddf


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #6 25 Paź 2015 19:30
    Acorus 20
    Spec od komputerów

    Skasuj folder C:\FRST.

    0
  • #7 25 Paź 2015 20:15
    ewako
    Poziom 2  

    Skasowałam.

    Wielkie dzięki.

    0