Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

stacjonarny - reklamy w przeglądarkach

krzysiek94kb 26 Gru 2015 23:18 579 4
  • CControls
  • #2 27 Gru 2015 00:21
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    Usuń SafeFinder
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\...\MountPoints2: E - E:\autorun.exe
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\...\MountPoints2: F - F:\autorun.exe
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\...\MountPoints2: G - G:\Autorun.exe
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\...\MountPoints2: I - I:\setup.exe
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\...\MountPoints2: {4e9b5b38-637f-11e5-86f5-0019dbf30bbd} - F:\autorun.exe
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\...\MountPoints2: {cee6e71c-6454-11e5-8b2a-0019dbf30bbd} - E:\autorun.exe
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\...\MountPoints2: {cee6e855-6454-11e5-8b2a-0019dbf30bbd} - H:\AUTOSTARTER.EXE
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\...\MountPoints2: {cee6e85a-6454-11e5-8b2a-0019dbf30bbd} - I:\setup.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Pc77yql9sXdndBxa5KoJrmbv8yJk24Yr1GFQ,,&q={searchTerms}
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Pc77yql9sXdndBxa5KoJrmbv8yJk24Yr1GFQ,,&q={searchTerms}
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Pc77yql9sXdndBxa5KoJrmbv8yJk24Yr1GFQ,,&q={searchTerms}
    HKU\S-1-5-21-1881952494-2967652618-3769923456-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...-heQ9E-Y5cgzKfVAmX4JSrTf8BX4rpMmFSkQhvx1i7g,,,,




    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...p;uid=ST3500312CS_9VV7GPC9XXXX9VV7GPC9&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&...p;uid=ST3500312CS_9VV7GPC9XXXX9VV7GPC9&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Pc77yql9sXdndBxa5KoJrmbv8yJk24Yr1GFQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1881952494-2967652618-3769923456-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Pc77yql9sXdndBxa5KoJrmbv8yJk24Yr1GFQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1881952494-2967652618-3769923456-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Pc77yql9sXdndBxa5KoJrmbv8yJk24Yr1GFQ,,&q={searchTerms}
    FF NewTab: C:\\ProgramData\\Driptaxs\\ff.NT
    FF DefaultSearchEngine: findit
    FF Homepage: C:\\ProgramData\\Driptaxs\\ff.HPFF Extension: Discovery App - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\12apj6dj.default\Extensions\{63c7087a-cae6-482e-8a61-426a4c6dfc53}.xpi [2015-12-18] [Brak podpisu cyfrowego]
    FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\12apj6dj.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-19]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-12]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-12]
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...zD1SnuzzvrE-bI1MMpLzfOvM4mqGF8Ov9jPH1i5vQMA,,,,
    CHR Extension: (Dokumenty Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-25]
    CHR Extension: (Dysk Google) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Dokumenty Google offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
    CHR Extension: (Avast Online Security) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-11]
    CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-25]
    CHR Extension: (Discovery App) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\obiomlgmgpadnmccmicjegdhkjmhifih [2015-12-18] [UpdateUrl: hxxp://cdn.ratediscoverymarket.com/update] <==== UWAGA
    CHR Extension: (Gmail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-25]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-11]
    R2 Driptax; C:\ProgramData\\Driptax\\Driptax.exe [441856 2015-09-20] () [Brak podpisu cyfrowego]
    R2 WdMan; C:\ProgramData\iWdMi\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
    2015-12-19 14:00 - 2015-12-19 14:02 - 00000000 ____D C:\AdwCleaner
    2015-12-09 10:16 - 2015-12-09 10:17 - 00000000 ____D C:\ProgramData\iWdMi
    2015-12-09 10:15 - 2015-12-09 10:15 - 00000000 ____D C:\ProgramData\OWdMO
    2015-12-26 21:29 - 2015-09-30 16:03 - 00000000 ____D C:\ProgramData\Driptax
    2015-12-26 21:27 - 2015-09-25 11:43 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-26 21:26 - 2015-10-06 16:22 - 00000310 _____ C:\Windows\Tasks\Rtxebj.job
    2015-12-26 21:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-12-25 12:28 - 2015-09-30 16:04 - 00000000 ____D C:\ProgramData\Driptaxs



    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #4 27 Gru 2015 13:11
    krzychupar
    Poziom 40  

    Źle wykonany scrypt nic nie zostało usunięte. Zrobiłeś tak jak było napisane ?. Po poprawnym wykonaniu scryptu powinien przyjść log z usuwania.

    0
  • #5 27 Gru 2015 13:22
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0