Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

FRST logi - usunięcie niechcianych reklam

91and1 01 Sty 2016 15:53 591 3
  • CControls
  • Pomocny post
    #2 01 Sty 2016 16:22
    Acorus 20
    Spec od komputerów

    Odinstaluj McAfee LiveSafe – Internet Security, webget. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {4E72A40B-93E9-4A37-817F-8B8908D64226} - System32\Tasks\Program Manager => C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe [2016-01-01] (Spigot, Inc.)
    Task: {4EC875A6-7B34-43DB-BA23-F7B3309CB406} - System32\Tasks\Yahoo! Search Updater => C:\Windows\system32\wscript.exe [2014-10-29] (Microsoft Corporation) <==== UWAGA
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1415757151-204160861-636789770-1002\...\Run: [Yahoo! Search] => C:\Users\tutehnamon\AppData\Local\Pay-By-Ads\Yahoo! Search\1.4.2.9\dsrlte.exe [687360 2015-10-03] ()
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&...OSHIBAXMQ01ABD075_X3LLSQIJSXXX3LLSQIJS&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&...OSHIBAXMQ01ABD075_X3LLSQIJSXXX3LLSQIJS&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&...p;uid=TOSHIBAXMQ01ABD075_X3LLSQIJSXXX3LLSQIJS
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&...p;uid=TOSHIBAXMQ01ABD075_X3LLSQIJSXXX3LLSQIJS
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&...OSHIBAXMQ01ABD075_X3LLSQIJSXXX3LLSQIJS&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&...OSHIBAXMQ01ABD075_X3LLSQIJSXXX3LLSQIJS&q={searchTerms}




    HKU\S-1-5-21-1415757151-204160861-636789770-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=dspp&...OSHIBAXMQ01ABD075_X3LLSQIJSXXX3LLSQIJS&q={searchTerms}
    HKU\S-1-5-21-1415757151-204160861-636789770-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hppp&...p;uid=TOSHIBAXMQ01ABD075_X3LLSQIJSXXX3LLSQIJS
    HKU\S-1-5-21-1415757151-204160861-636789770-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c
    HKU\S-1-5-21-1415757151-204160861-636789770-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=dspp&...OSHIBAXMQ01ABD075_X3LLSQIJSXXX3LLSQIJS&q={searchTerms}
    URLSearchHook: [S-1-5-21-1415757151-204160861-636789770-1001] UWAGA => Brak domyślnego URLSearchHook
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-1415757151-204160861-636789770-1002 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-1415757151-204160861-636789770-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1415757151-204160861-636789770-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-1415757151-204160861-636789770-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1415757151-204160861-636789770-1002 -> {75A6BE7B-0096-42FC-9220-427746A38765} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1415757151-204160861-636789770-1002 -> {E4241429-FC32-4DB4-B29E-2648E9ED1D17} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1415757151-204160861-636789770-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1415757151-204160861-636789770-1002 -> {EE5DDE4B-1796-49A6-9B75-127B6EDC75C5} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll => Brak pliku
    BHO-x32: webget 1.0.0.7 -> {dc264a72-fa75-4948-b881-ea8eff8e5dd2} -> C:\Program Files (x86)\webget\webgetBHO.dll => Brak pliku
    CHR RestoreOnStartup: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=616_pr__alt__ddc_dsssyc_bd_com"
    CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420891535&from=cor&uid=TOSHIBAXMQ01ABD075_X3LLSQIJSXXX3LLSQIJS"
    OPR Extension: (webget) - C:\Users\tutehnamon\AppData\Roaming\Opera Software\Opera Stable\Extensions\fcfenhgcgkodlgnjohkljmglclkjpoeb [2015-07-11]
    R2 IhPul; C:\Users\tutehnamon\AppData\Roaming\TSv\TSvr.exe [396944 2015-09-21] (tsvr.com)
    R2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [722400 2015-09-14] (Taiwan Shui Mu Chih Ching Technology Limited)
    S3 Program Manager; C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe [963304 2016-01-01] (Spigot, Inc.)
    R2 Update webget; C:\Program Files (x86)\webget\updatewebget.exe [665840 2016-01-01] ()
    R2 Util webget; C:\Program Files (x86)\webget\bin\utilwebget.exe [665840 2016-01-01] ()
    R1 {00a17723-ac6f-4f97-beab-db37995ec26c}w64; C:\Windows\System32\drivers\{00a17723-ac6f-4f97-beab-db37995ec26c}w64.sys [48824 2014-11-29] (StdLib)
    R1 {0d4cca85-dc2d-45b2-bbaf-78d1b51629f0}w64; C:\Windows\System32\drivers\{0d4cca85-dc2d-45b2-bbaf-78d1b51629f0}w64.sys [48824 2014-12-05] (StdLib)
    R1 {372d03ae-4cb6-4087-9149-bc1c4bc6238d}w64; C:\Windows\System32\drivers\{372d03ae-4cb6-4087-9149-bc1c4bc6238d}w64.sys [48776 2014-10-17] (StdLib)
    R1 {3e621eab-ed2c-4c84-aec5-15b99c4c467e}w64; C:\Windows\System32\drivers\{3e621eab-ed2c-4c84-aec5-15b99c4c467e}w64.sys [48776 2014-10-18] (StdLib)
    R1 {55685567-4840-4a91-962b-49a412e9485a}Gw64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112 2014-05-30] (StdLib)
    R1 {55685567-4840-4a91-962b-49a412e9485a}w64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [61112 2014-06-12] (StdLib)
    R1 {6c040542-e4d8-449f-9075-ee080e3c93a3}w64; C:\Windows\System32\drivers\{6c040542-e4d8-449f-9075-ee080e3c93a3}w64.sys [48776 2014-10-17] (StdLib)
    R1 {970302c0-cf9b-403f-9271-510be0ea0e41}w64; C:\Windows\System32\drivers\{970302c0-cf9b-403f-9271-510be0ea0e41}w64.sys [48824 2014-11-28] (StdLib)
    R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-24] (StdLib)
    R1 {bfb10c93-5530-4015-9a3f-61dfa880af58}w64; C:\Windows\System32\drivers\{bfb10c93-5530-4015-9a3f-61dfa880af58}w64.sys [48776 2014-10-23] (StdLib)
    2016-01-01 15:27 - 2016-01-01 15:27 - 00000000 ____D C:\Users\tutehnamon\AppData\Roaming\eCyber
    2016-01-01 14:57 - 2014-05-25 18:23 - 00000000 ____D C:\Program Files (x86)\webget
    2016-01-01 14:54 - 2015-09-20 12:08 - 00003904 _____ C:\Windows\System32\Tasks\Program Manager
    2015-12-31 17:29 - 2015-10-09 18:17 - 00000000 ____D C:\Program Files (x86)\Picexa
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • CControls
  • Pomocny post
    #4 01 Sty 2016 17:22
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt:
    Task: {78597E1B-03A3-46EB-9E20-08A89CC786F4} - System32\Tasks\Opera scheduled Autoupdate 1406468385 => C:\Program Files (x86)\Opera\launcher.exe [2015-12-04] (Opera Software)
    HKU\S-1-5-21-1415757151-204160861-636789770-1002\...\MountPoints2: {99ea8c70-45b5-11e3-8251-806e6f6e6963} - "D:\SETUP.EXE"
    HKU\S-1-5-21-1415757151-204160861-636789770-1002\...\MountPoints2: {d34e1780-24a6-11e4-8263-a4db30eaddfd} - "F:\AutoRun.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMenu.lnk [2014-05-25]
    ShortcutTarget: TrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe (Brak pliku)
    Tcpip\..\Interfaces\{4CCF1CAC-0300-4949-B2B2-F9F2468B12D6}: [DhcpNameServer] 127.0.0.1
    URLSearchHook: [S-1-5-21-1415757151-204160861-636789770-1001] UWAGA => Brak domyślnego URLSearchHook
    CHR HKLM-x32\...\Chrome\Extension: [cikkkfooompgefbcjlgdjejfdknkheaj] - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-01]
    CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
    CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx <nie znaleziono>
    S2 0042451451662224mcinstcleanup; C:\Users\TUTEHN~1\AppData\Local\Temp\004245~1.EXE -cleanup -nolog [X]
    2016-01-01 16:45 - 2016-01-01 16:53 - 00000000 ____D C:\AdwCleaner


    Problem dotyczy chrome?b Wykonaj: https://support.google.com/chrome/answer/3296214?hl=pl

    Jezeli nie pomoze to odinstaluj Chrome i usun katalog profilu przegaldarki z %LOCALAPPDATA%\Google\Chrome\User Data\ wczesniej zrob kopie zakladek.
    Po wykonaniu zainstaluj chrome ponownie.

    0