Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Otwierające się strony we wszystkich przeglądarkach

Axa152 22 Lis 2015 10:11 729 4
  • CControls
  • Pomocny post
    #2 22 Lis 2015 10:32
    Kolobos
    Spec od komputerów

    Masz zainfekowany router, zacznij od: https://www.elektroda.pl/rtvforum/viewtopic.php?t=2874173 Resetowac ustawien nie musisz, ale zablokowac dostep do panelu z internetu koniecznie.

    Odinstaluj:
    SelectionLinks (HKLM\...\sl-dlc) (Version: 1.0 - SelectionLinks) <==== UWAGA
    SoftwareUpdater (HKLM\...\SoftwareUpdater) (Version: - ) <==== UWAGA
    Sweet Page (HKLM\...\sweet-page uninstaller) (Version: - sweet-page) <==== UWAGA
    Winamp Packages (HKU\S-1-5-21-1409082233-1060284298-725345543-1003\...\Winamp Packages) (Version: - ) <==== UWAGA

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Google Update Helper (Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== UWAGA
    Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\minixp\DANEAP~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\EPUpdater.job => C:\DOCUME~1\minixp\DANEAP~1\BABSOL~1\Shared\BabMaint.exe <==== UWAGA
    (Cherished Technololgy LIMITED) C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe
    HKLM\...\Run: [tuto4pc_pl_16] => [X]
    HKLM\...\Run: [upt4pc_pl_16.exe] => C:\Documents and Settings\minixp\Ustawienia lokalne\Dane aplikacji\tuto4pc_pl_16\upt4pc_pl_16.exe -runhelper
    HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1409082233-1060284298-725345543-1003\...\Run: [] => [X]
    HKU\S-1-5-21-1409082233-1060284298-725345543-1003\...\Run: [NTRedirect] => C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\minixp\Dane aplikacji\BabSolution\Shared\enhancedNT.dll",Run
    HKU\S-1-5-21-1409082233-1060284298-725345543-1003\...\Run: [Facebook Update] => C:\Documents and Settings\minixp\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [138096 2014-09-03] (Facebook Inc.)
    HKU\S-1-5-21-1409082233-1060284298-725345543-1003\...\MountPoints2: {1e2b59a5-f6d8-11e2-8514-20cf307309db} - G:\wyskq6lt.exe
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-1409082233-1060284298-725345543-1003\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= UWAGA
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts...D5000LPVT-00G33T0_WD-WX61A43K1938K1938&q={searchTerms}




    SearchScopes: HKLM -> {68F5EFBF-B4D8-907C-5FC3-1CE8800DC602} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=syd72&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtA0Azz0ByCyCzzyByEyCtN0D0Tzu0CyDzyzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I1V0W1L1G0R0A0R&cr=1974379486&ir=
    SearchScopes: HKU\S-1-5-21-1409082233-1060284298-725345543-1003 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1409082233-1060284298-725345543-1003 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=44D0485D603A8B66&affID=119357&tsp=4975
    SearchScopes: HKU\S-1-5-21-1409082233-1060284298-725345543-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts...D5000LPVT-00G33T0_WD-WX61A43K1938K1938&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1409082233-1060284298-725345543-1003 -> {68F5EFBF-B4D8-907C-5FC3-1CE8800DC602} URL = hxxp://www.searchya.com/?q={searchTerms}&f=4&a=syd72&cd=2XzuyEtN2Y1L1QzuyEzzyD0DyCtDtA0Azz0ByCyCzzyByEyCtN0D0Tzu0CyDzyzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I1V0W1L1G0R0A0R&cr=1974379486&ir=
    BHO: Brak nazwy -> {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} -> Brak pliku
    FF SelectedSearchEngine: sweet-page
    FF Homepage: hxxp://www.sweet-page.com/?type=hppp&ts=1...d=WDCXWD5000LPVT-00G33T0_WD-WX61A43K1938K1938
    FF SearchPlugin: C:\Documents and Settings\minixp\Dane aplikacji\Mozilla\Firefox\Profiles\scgfuzob.default\searchplugins\babylon.xml [2013-08-12]
    FF SearchPlugin: C:\Documents and Settings\minixp\Dane aplikacji\Mozilla\Firefox\Profiles\scgfuzob.default\searchplugins\mixidj.xml [2013-06-16]
    FF SearchPlugin: C:\Documents and Settings\minixp\Dane aplikacji\Mozilla\Firefox\Profiles\scgfuzob.default\searchplugins\SearchYa!.xml [2013-08-20]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\sweet-page.xml [2015-03-22]
    FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Documents and Settings\minixp\Dane aplikacji\Mozilla\Firefox\Profiles\scgfuzob.default\extensions\quick_start@gmail.com => nie znaleziono
    CHR Plugin: (DealPlyLive Update) - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
    CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\DOCUME~1\minixp\USTAWI~1\DANEAP~1\searchya-speeddial.crx [2013-08-20]
    CHR HKLM\...\Chrome\Extension: [kpepfkjapeclaafmhoelccknpfedainn] - C:\Program Files\mixidj\mixidj\1.8.18.8\mixidj.crx [2013-04-19]
    CHR HKLM\...\Chrome\Extension: [onpejdpfebeopffobknkodakfphdelnh] - C:\Documents and Settings\minixp\Dane aplikacji\BabSolution\CR\Delta.crx <nie znaleziono>
    CHR HKU\S-1-5-21-1409082233-1060284298-725345543-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\DOCUME~1\minixp\USTAWI~1\DANEAP~1\searchya-speeddial.crx [2013-08-20]
    R2 Wpm; C:\Documents and Settings\All Users\Dane aplikacji\WPM\wprotectmanager.exe [549008 2014-05-12] (Cherished Technololgy LIMITED)
    S2 Update webget; "C:\Program Files\webget\updatewebget.exe" [X]
    R1 {55685567-4840-4a91-962b-49a412e9485a}t; C:\WINDOWS\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}t.sys [55224 2014-05-26] (StdLib)
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    2015-11-09 17:47 - 2015-11-20 22:14 - 00000436 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1392373346.job
    2015-11-22 09:40 - 2013-07-23 19:35 - 00000894 _____ C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineUA.job
    2015-11-22 09:35 - 2013-07-23 19:35 - 00000426 _____ C:\WINDOWS\Tasks\At1.job
    2015-11-21 20:40 - 2015-02-10 17:17 - 00000468 _____ C:\WINDOWS\Tasks\At4.job
    2015-11-21 20:40 - 2013-07-23 19:35 - 00000890 _____ C:\WINDOWS\Tasks\DealPlyLiveUpdateTaskMachineCore.job
    2015-11-21 17:17 - 2015-02-10 17:17 - 00000468 _____ C:\WINDOWS\Tasks\At5.job
    2015-11-21 14:00 - 2015-02-10 17:17 - 00000468 _____ C:\WINDOWS\Tasks\At6.job
    2015-11-17 07:07 - 2013-08-08 09:50 - 00000270 _____ C:\WINDOWS\Tasks\EPUpdater.job
    2015-11-14 12:09 - 2014-05-25 21:52 - 00000000 ____D C:\Program Files\SupTab
    2015-11-14 12:09 - 2014-05-25 21:52 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\IePluginServices
    2015-11-14 12:09 - 2014-05-25 21:51 - 00000000 ____D C:\Documents and Settings\minixp\Dane aplikacji\sweet-page
    2015-11-14 12:09 - 2013-12-31 17:34 - 00000000 ____D C:\Documents and Settings\minixp\Ustawienia lokalne\Dane aplikacji\genienext
    2015-11-14 12:09 - 2013-12-31 17:34 - 00000000 ____D C:\Documents and Settings\minixp\Dane aplikacji\newnext.me
    2015-11-08 10:10 - 2015-02-10 17:17 - 00000468 _____ C:\WINDOWS\Tasks\At3.job
    2013-08-20 15:23 - 2013-08-20 15:23 - 0333348 _____ () C:\Documents and Settings\minixp\Ustawienia lokalne\Dane aplikacji\searchya-speeddial.crx
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • CControls
  • #3 22 Lis 2015 12:57
    Axa152
    Poziom 2  

    Wrzucić jeszcze logi jak wszystko zrobione czy to wystarczy ?

    0
  • Pomocny post
    #4 22 Lis 2015 12:58
    Kolobos
    Spec od komputerów

    To wystarczy, usun jeszcze katalog C:\FRST po wykonaniu.

    0
  • #5 24 Lis 2015 22:01
    Axa152
    Poziom 2  

    temat do zamknięcia
    Dzięki za pomoc

    0