Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirus Bronze Aid- reklamy. jak się go pozbyć?

593olaa 06 Gru 2015 22:55 1116 9
  • #1 06 Gru 2015 22:55
    593olaa
    Poziom 5  

    witam. mam problem z Bronze Aid. wyskakują reklamy na pół strony. pobrałam AdwCleaner, przeskanowałam i usunęłam kilka plików ale reklamy nadal są. czytając forum, dowiedziałam się o FRST, przeskanowałam laptopa, ale nie wiem jak zrobić fixlist i czy to coś pomoże. proszę o pomoc, z góry dzięki

    dołączam logi z frst.

    0 9
  • #2 06 Gru 2015 23:33
    Kolobos
    Spec od komputerów

    Jezeli nie jestes w USA to dodaj do fixlist.txt te dwie linie:
    Tcpip\..\Interfaces\{7f4546de-0205-4195-a2bb-b3ce4f033cb6}: [NameServer] 54.247.108.9,46.16.234.83
    Tcpip\..\Interfaces\{ac91faca-79aa-46ec-a1a6-45e9517d8534}: [DhcpNameServer] 150.201.1.3
    Do tego sprawdz router, czy nie przydziela adresu dns 150.201.1.3.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {08EC4959-3BD9-4124-8407-E0430D8AD10F} - System32\Tasks\Opera scheduled Autoupdate 1448399823 => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software)
    Task: {33187A6A-84FE-49D4-A8DE-8E5F08B11A92} - System32\Tasks\{F3A46A15-C2C4-4AF0-95A6-330654E4DF25} => pcalua.exe -a "C:\Program Files (x86)\Bronze Aid\uninstaller.exe"
    Task: {62C00CFC-6F85-4352-B392-FBDAAF93E102} - System32\Tasks\Opera N Saturday => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software)
    Task: {8388E911-CEE7-4CC5-9E38-ED2767D764AA} - System32\Tasks\Opera N Sunday => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    FF Extension: Bronze Aid - C:\Users\notandi\AppData\Roaming\Mozilla\Firefox\Profiles\1pkhvxo2.default\Extensions\{5e94b337-ca09-4d30-8d5e-3d9701461b9a}.xpi [2015-12-02] [not signed]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    OPR Extension: (Bronze Aid) - C:\Users\notandi\AppData\Roaming\Opera Software\Opera Stable\Extensions\clgoikciiaacbfgpelbbfojeehmanjcf [2015-12-03]
    OPR Extension: (Bronze Aid) - C:\Users\notandi\AppData\Roaming\Opera Software\Opera Stable\Extensions\pliiimheibleihlaccafkkekmhdhgkpm [2015-12-02]
    U2 AVControlCenter; no ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    2015-12-06 21:03 - 2015-12-06 21:14 - 00000000 ____D C:\AdwCleaner
    2015-11-24 23:17 - 2015-11-24 23:17 - 00003978 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1448399823
    2015-11-24 23:17 - 2015-11-24 23:17 - 00003370 _____ C:\WINDOWS\System32\Tasks\Opera N Saturday
    2015-11-24 23:17 - 2015-11-24 23:17 - 00003366 _____ C:\WINDOWS\System32\Tasks\Opera N Sunday
    2015-12-06 21:15 - 2015-09-30 08:41 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • #3 07 Gru 2015 00:17
    593olaa
    Poziom 5  

    Zrobiłam tak jak napisałeś, jednak nie pomogło.
    Jest jeszcze coś co mogłabym zrobić?

    Fixlog:

    Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
    Ran by notandi (2015-12-06 22:58:39) Run:1
    Running from C:\FRST
    Loaded Profiles: notandi (Available Profiles: notandi)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Task: {08EC4959-3BD9-4124-8407-E0430D8AD10F} - System32\Tasks\Opera scheduled Autoupdate 1448399823 => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software)
    Task: {33187A6A-84FE-49D4-A8DE-8E5F08B11A92} - System32\Tasks\{F3A46A15-C2C4-4AF0-95A6-330654E4DF25} => pcalua.exe -a "C:\Program Files (x86)\Bronze Aid\uninstaller.exe"
    Task: {62C00CFC-6F85-4352-B392-FBDAAF93E102} - System32\Tasks\Opera N Saturday => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software)
    Task: {8388E911-CEE7-4CC5-9E38-ED2767D764AA} - System32\Tasks\Opera N Sunday => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software)
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    FF Extension: Bronze Aid - C:\Users\notandi\AppData\Roaming\Mozilla\Firefox\Profiles\1pkhvxo2.default\Extensions\{5e94b337-ca09-4d30-8d5e-3d9701461b9a}.xpi [2015-12-02] [not signed]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    OPR Extension: (Bronze Aid) - C:\Users\notandi\AppData\Roaming\Opera Software\Opera Stable\Extensions\clgoikciiaacbfgpelbbfojeehmanjcf [2015-12-03]
    OPR Extension: (Bronze Aid) - C:\Users\notandi\AppData\Roaming\Opera Software\Opera Stable\Extensions\pliiimheibleihlaccafkkekmhdhgkpm [2015-12-02]
    U2 AVControlCenter; no ImagePath
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    2015-12-06 21:03 - 2015-12-06 21:14 - 00000000 ____D C:\AdwCleaner
    2015-11-24 23:17 - 2015-11-24 23:17 - 00003978 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1448399823
    2015-11-24 23:17 - 2015-11-24 23:17 - 00003370 _____ C:\WINDOWS\System32\Tasks\Opera N Saturday
    2015-11-24 23:17 - 2015-11-24 23:17 - 00003366 _____ C:\WINDOWS\System32\Tasks\Opera N Sunday
    2015-12-06 21:15 - 2015-09-30 08:41 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    EmptyTemp:

    Tcpip\..\Interfaces\{7f4546de-0205-4195-a2bb-b3ce4f033cb6}: [NameServer] 54.247.108.9,46.16.234.83
    Tcpip\..\Interfaces\{ac91faca-79aa-46ec-a1a6-45e9517d8534}: [DhcpNameServer] 150.201.1.3





    *****************

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{08EC4959-3BD9-4124-8407-E0430D8AD10F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08EC4959-3BD9-4124-8407-E0430D8AD10F}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1448399823 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1448399823" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33187A6A-84FE-49D4-A8DE-8E5F08B11A92}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33187A6A-84FE-49D4-A8DE-8E5F08B11A92}" => key removed successfully
    C:\WINDOWS\System32\Tasks\{F3A46A15-C2C4-4AF0-95A6-330654E4DF25} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F3A46A15-C2C4-4AF0-95A6-330654E4DF25}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62C00CFC-6F85-4352-B392-FBDAAF93E102}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62C00CFC-6F85-4352-B392-FBDAAF93E102}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Opera N Saturday => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera N Saturday" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8388E911-CEE7-4CC5-9E38-ED2767D764AA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8388E911-CEE7-4CC5-9E38-ED2767D764AA}" => key removed successfully
    C:\WINDOWS\System32\Tasks\Opera N Sunday => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera N Sunday" => key removed successfully
    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    C:\Users\notandi\AppData\Roaming\Mozilla\Firefox\Profiles\1pkhvxo2.default\Extensions\{5e94b337-ca09-4d30-8d5e-3d9701461b9a}.xpi => moved successfully
    "HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
    C:\Users\notandi\AppData\Roaming\Opera Software\Opera Stable\Extensions\clgoikciiaacbfgpelbbfojeehmanjcf => moved successfully
    C:\Users\notandi\AppData\Roaming\Opera Software\Opera Stable\Extensions\pliiimheibleihlaccafkkekmhdhgkpm => moved successfully
    AVControlCenter => service removed successfully
    wfpcapture => service removed successfully
    C:\AdwCleaner => moved successfully
    "C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1448399823" => not found.
    "C:\WINDOWS\System32\Tasks\Opera N Saturday" => not found.
    "C:\WINDOWS\System32\Tasks\Opera N Sunday" => not found.
    C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7f4546de-0205-4195-a2bb-b3ce4f033cb6}\\NameServer => value removed successfully
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ac91faca-79aa-46ec-a1a6-45e9517d8534}\\DhcpNameServer => value removed successfully
    EmptyTemp: => 535.3 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 22:59:06 ====

    0
  • #4 07 Gru 2015 00:19
    Kolobos
    Spec od komputerów

    Zamiesc nowe logi z FRST, ze skanowania.

    Problem dotyczy Chrome?

    0
  • #7 07 Gru 2015 00:51
    593olaa
    Poziom 5  

    Nadal nic :/

    0
  • #9 07 Gru 2015 01:42
    593olaa
    Poziom 5  

    Uff! nie ma reklam. Dzięki wielkie!
    I tak, zawsze się loguję na to samo konto. Myślisz, że w tym problem? Nie logować się już na to konto?

    0
  • #10 07 Gru 2015 09:23
    Kolobos
    Spec od komputerów

    Po zalogowaniu chrome moze pobrac szkodliwe ustawienia z konta.

    Zaloguj sie i sprawdz czy znowu problem wroci. Jezeli tak to najlepiej bedzie wykasowac ustawienia z konta.

    0