Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Pojawiające się okna z reklamami

szymon189 27 Gru 2015 14:03 549 5
  • #2 27 Gru 2015 14:24
    Acorus 20
    Spec od komputerów

    Odinstaluj Browser Mart, Softonic Assistant. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {1B245CA9-EA73-4996-B225-B164DE00D6E0} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: {892910FF-AE6E-4351-99A7-0313EDFB1406} - System32\Tasks\Lukdyowt => C:\PROGRA~1\GROOVE~1\Kojuaha.bat
    Task: {CAC91BD8-6106-45B5-ACA4-C1922ADF628E} - System32\Tasks\Browser Mart2 => Rundll32.exe "C:\Users\Uzytkownik\AppData\Local\Browser Mart\{ACA35689-8F3C-C917-4F59-B68A6F0E8CED}\bosnipa.dll",#1 <==== UWAGA
    Task: {EFCCD2C4-6A87-46CA-9D25-199D8DE6E9BF} - System32\Tasks\Browser Mart => Rundll32.exe "C:\Users\Uzytkownik\AppData\Local\Browser Mart\{ACA35689-8F3C-C917-4F59-B68A6F0E8CED}\BrowserMart.dll",#1 <==== UWAGA
    Task: {F0DC488F-3DBF-4AAC-A843-E82197E30CB0} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: {F2C45ECF-399E-4D88-9DE6-5CBBF262BFE9} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Uzytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=W0VJGFKF_ST500LT012-9WS142&tm=1450775137
    ShortcutWithArgument: C:\Users\Uzytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=W0VJGFKF_ST500LT012-9WS142&tm=1450775137
    ShortcutWithArgument: C:\Users\Uzytkownik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=W0VJGFKF_ST500LT012-9WS142&tm=1450775137
    ShortcutWithArgument: C:\Users\Uzytkownik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=W0VJGFKF_ST500LT012-9WS142&tm=1450775137




    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=W0VJGFKF_ST500LT012-9WS142&tm=1450775137
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=W0VJGFKF_ST500LT012-9WS142&tm=1450775137
    HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
    HKLM\...\Run: [rec_en_77] => C:\Program Files\rec_en_77\rec_en_77.exe [3970776 2015-12-21] ()
    HKLM\...\Run: [gmsd_pl_005010183] => C:\Program Files\gmsd_pl_005010183\gmsd_pl_005010183.exe [3972784 2015-12-21] ()
    HKU\S-1-5-21-1372639494-4065424391-1371049964-1000\...\Run: [SoftonicAssistant] => C:\Users\Uzytkownik\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe [1835976 2015-03-25] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=mbtkplv3&uid=W0VJGFKF_ST500LT012-9WS142&tm=1450775137
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=mbtkplv3&uid=W0VJGFKF_ST500LT012-9WS142&tm=1450775137
    HKU\S-1-5-21-1372639494-4065424391-1371049964-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=mbtkplv3&uid=W0VJGFKF_ST500LT012-9WS142&tm=1450775137
    FF Homepage: www.aqovd.com?oem=mbtkplv3&uid=W0VJGFKF_ST500LT012-9WS142&tm=1450775137
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\!FC23DE8C7A7AD3381AF19181ED04B72FFC23.js [2015-12-21] <==== UWAGA
    FF ExtraCheck: C:\Program Files\mozilla firefox\FC23DE8C7A7AD3381AF19181ED04B72FFC23 [2015-12-21] <==== UWAGA
    R2 gimiqixi; C:\Program Files\EF886501-1450728381-11CB-9AD6-DC6051C4CB43\knss349A.tmp [338432 2015-12-21] () [Brak podpisu cyfrowego]
    S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
    S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
    2015-12-23 15:17 - 2015-12-23 16:32 - 00000000 ____D C:\Users\Uzytkownik\Doctor Web
    2015-12-22 11:07 - 2015-12-22 15:26 - 00000000 ____D C:\Users\Uzytkownik\AppData\Roaming\NiunoHomghr
    2015-12-22 11:07 - 2015-12-22 11:07 - 00004728 _____ C:\Windows\system32\Bobbeu.ini
    2015-12-22 11:07 - 2015-12-22 11:07 - 00002448 _____ C:\Windows\system32\BobbeuOff.ini
    2015-12-22 11:07 - 2015-12-22 11:07 - 00000000 ____D C:\Windows\system32\kif
    2015-12-22 11:07 - 2015-12-22 11:07 - 00000000 ____D C:\Users\Uzytkownik\AppData\Local\Tempfolder
    2015-12-22 11:04 - 2015-12-22 11:04 - 00000000 ____D C:\Users\Uzytkownik\AppData\LocalLow\Company
    2015-12-22 11:04 - 2015-12-22 11:04 - 00000000 ____D C:\Users\Uzytkownik\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2015-12-22 11:04 - 2015-12-22 11:04 - 00000000 ____D C:\uninst
    2015-12-22 11:04 - 2015-12-22 11:04 - 00000000 _____ C:\Windows\system32\Number of results
    2015-12-22 10:14 - 2015-12-22 14:28 - 00000000 ____D C:\Program Files\gmsd_pl_005010183
    2015-12-21 22:53 - 2015-12-21 22:53 - 00000000 __SHD C:\Users\Uzytkownik\AppData\Roaming\AnyProtectEx
    2015-12-21 22:33 - 2015-12-22 13:19 - 00000000 ____D C:\Users\Uzytkownik\AppData\Roaming\systweak
    2015-12-21 22:32 - 2015-12-21 22:32 - 00000000 ____D C:\Users\Uzytkownik\AppData\Local\Browser Mart
    (CMI Limited) C:\Users\Uzytkownik\AppData\Local\nsc371B.tmp
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • #4 27 Gru 2015 19:06
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0
  • #6 27 Gru 2015 19:39
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    StartMenuInternet: Google Chrome.QD5UA6V4M53DBCEJUL6NE7EGOI - C:\Users\Uzytkownik\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.yoursearching.com/?type=sc&ts=...mp;uid=ST500LT012-9WS142_W0VJGFKFXXXXW0VJGFKF
    R2 WdMan; C:\ProgramData\gWdMg\WdMan.exe [338056 2015-12-27] (TFuns LIMITED)
    S1 MpKslfb3da79d; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8976F4FD-CEEC-4735-8147-2585A045A002}\MpKslfb3da79d.sys [X]
    2015-12-27 18:55 - 2015-12-27 19:00 - 00000000 ____D C:\AdwCleaner
    2015-12-27 14:10 - 2015-12-27 14:28 - 00000000 ____D C:\ProgramData\gWdMg
    2015-12-21 22:53 - 2015-12-21 22:53 - 0628688 _____ (CMI Limited) C:\Users\Uzytkownik\AppData\Local\nsc371B.tmp

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz >>>DelFix<<< http://www.bleepingcomputer.com/download/delfix/dl/281/
    Zaznacz opcje:
    Remove disinfection tools
    Create registry backup
    Kliknij przycisk Run

    0