Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Reklamy - Samootwierające się reklamy i strony logi FRST

w0itas 04 Sty 2016 18:43 663 3
  • CControls
  • Pomocny post
    #2 04 Sty 2016 18:50
    Kolobos
    Spec od komputerów

    Odinstaluj: HiJackThis

    Fixlist.txt dla FRST:
    Task: {2E61998F-5C7C-477C-BA41-9C04D52484A6} - System32\Tasks\{1879E5F8-BE53-46FB-A73B-F7471142F8F2} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/pl/abandoninstall?page=tsMain
    Task: {3D43F292-CA28-4F1C-9224-6DE9C4167F1F} - System32\Tasks\Opera scheduled Autoupdate 1451408025 => C:\Program Files\Opera\launcher.exe [2015-12-15] (Opera Software)
    Task: {41EE4334-FF2D-423F-8F22-0EFA8A5F6D2C} - System32\Tasks\{44D0145A-DBBB-463B-AA31-55875CDF4A39} => Firefox.exe hxxp://ui.skype.com/ui/0/5.9.0.123/pl/abandoninstall?page=tsMain
    Task: {59D0756D-0330-4F59-A179-D3A6DEB63922} - System32\Tasks\{148EE83C-6ED3-4625-87A2-FF455AB759A1} => pcalua.exe -a F:\WorkData\licence\SETUPEX.EXE -d F:\WorkData\licence
    Task: {6AF41F2F-4E31-4917-8393-8B4C308A39DF} - System32\Tasks\{F55A01B1-4DFF-4F09-A40D-36B071CB4910} => pcalua.exe -a "D:\ChomikBOX\install (olatomek18)\Setup.exe" -d "D:\ChomikBOX\install (olatomek18)"
    Task: {97FA2054-5DB2-45B5-8493-8C0110266CC4} - System32\Tasks\{1D4E6D8D-91E8-474A-9AF7-F23C107CA48B} => pcalua.exe -a "f:\CorelDRAW x6\Setup\SetupARP.exe" -c /arp
    Task: {9D0A5312-BF69-44C0-88A1-1917D64DEEE3} - System32\Tasks\{3AF7C43E-2871-476A-8B32-409A6DC63013} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)Task: {C77D5FD1-491E-487A-9056-8B5095EDAD4A} - System32\Tasks\{50763A24-75C6-41C8-B270-209C22C22C33} => pcalua.exe -a Q:\setup.exe -d Q:\
    Task: {EED5AA19-09AC-4FA5-8463-4554E0D268A5} - System32\Tasks\{017088DB-B4CC-45E5-8A11-E578F3C0FDBC} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/pl/abandoninstall?page=tsProgressBar
    Task: {F374CDCD-E008-4441-B1A5-447321F91880} - System32\Tasks\Opera N Sunday => C:\Program Files\Opera\launcher.exe [2015-12-15] (Opera Software)
    Task: {F9679BD1-7DC5-4E8F-9CE4-1D3B35191A6D} - System32\Tasks\Opera N Saturday => C:\Program Files\Opera\launcher.exe [2015-12-15] (Opera Software)
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-172574896-2580324075-4164114687-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    SearchScopes: HKU\S-1-5-21-172574896-2580324075-4164114687-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/
    SearchScopes: HKU\S-1-5-21-172574896-2580324075-4164114687-1000 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451407586&a=1005803&uuid=e6b9b84a-9243-4033-8ad2-ade685dff162




    FF SelectedSearchEngine: AVG Secure Search
    FF SearchPlugin: C:\Users\WoitaS\AppData\Roaming\Mozilla\Firefox\Profiles\636waxht.default\searchplugins\nation-secure-search.xml [2013-10-01]
    FF Extension: Brak nazwy - C:\Users\WoitaS\AppData\Roaming\Mozilla\Firefox\Profiles\636waxht.default\Extensions\1451407638_xpi [2015-12-29] [Brak podpisu cyfrowego]
    CHR HomePage: Default -> hxxp://www.yoursearching.com/?type=hp&ts=...m=exp1&uid=samsungxhd502ij_s13tj90q879932
    CHR StartupUrls: Default -> "hxxp://www.yoursearching.com/?type=hp&ts=1451407628&z=5ee31681c2dcc5b85acd80bg5zcwfg0z5e5m7q6o3b&from=exp1&uid=samsungxhd502ij_s13tj90q879932"
    CHR Plugin: (StartSearch Video plug-in) - C:\Users\WoitaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\chvsharetvplg.dll => Brak pliku
    CHR Plugin: (StartSearch Video plug-in) - F:\Firefox\plugins\npvsharetvplg.dll => Brak pliku
    CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - F:\Firefox\plugins\npdeployJava1.dll => Brak pliku
    CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => Brak pliku
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 ONXPAR; \??\C:\Windows\system32\ONXPAR.SYS [X]
    S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
    U3 auoj7xn8; Brak ImagePath
    2016-01-01 21:18 - 2016-01-01 21:18 - 00019701 _____ C:\ComboFix.txt
    2016-01-01 20:54 - 2016-01-01 21:18 - 00000000 ____D C:\Qoobox
    2016-01-01 20:54 - 2016-01-01 21:18 - 00000000 ____D C:\ComboFix
    2016-01-01 20:54 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-01-01 20:54 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-01-01 20:54 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-01-01 20:54 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-01-01 20:54 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-01-01 20:54 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2016-01-01 20:54 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2016-01-01 20:54 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    2016-01-01 20:51 - 2016-01-01 20:51 - 05643309 ____R (Swearware) C:\Users\WoitaS\Desktop\ComboFix.exe
    2015-12-29 21:48 - 2016-01-01 20:53 - 00000000 ____D C:\AdwCleaner
    2015-12-29 21:27 - 2016-01-03 16:50 - 00002615 _____ C:\Users\WoitaS\Desktop\HiJackThis.lnk
    2015-12-29 21:27 - 2015-12-29 21:27 - 00000000 ____D C:\Users\WoitaS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2015-12-29 21:27 - 2015-12-29 21:27 - 00000000 ____D C:\Program Files\HiJackThis
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • CControls
  • Pomocny post
    #3 04 Sty 2016 19:36
    krzychupar
    Poziom 40  

    I jeszcze to:
    Otwórz notatnik systemowy i wklej:

    Task: {C77D5FD1-491E-487A-9056-8B5095EDAD4A} - System32\Tasks\{50763A24-75C6-41C8-B270-209C22C22C33} => pcalua.exe -a Q:\setup.exe -d Q:\
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-172574896-2580324075-4164114687-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7101A1C2-C7BA-45FD-ACFE-DC8C127FC7D9}&mid=cc246739806747d09d9d61013c44b2c6-c92862f198919ef9131d279c5313eccbbc9ac985&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615tb&pr=fr&d=2015-05-06 14:00:19&v=4.2.1.951&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-172574896-2580324075-4164114687-1000 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1451407586&a=1005803&uuid=e6b9b84a-9243-4033-8ad2-ade685dff162
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - F:\AVAST6~1.100\WebRep\FF => nie znaleziono
    CHR HomePage: Default -> hxxp://www.yoursearching.com/?type=hp&ts=1451...&from=exp1&uid=samsungxhd502ij_s13tj90q879932
    CHR StartupUrls: Default -> "hxxp://www.yoursearching.com/?type=hp&ts=1451407628&z=5ee31681c2dcc5b85acd80bg5zcwfg0z5e5m7q6o3b&from=exp1&uid=samsungxhd502ij_s13tj90q879932"
    CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => Brak pliku
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\pdf.dll => Brak pliku
    CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => Brak pliku
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => Brak pliku
    CHR Plugin: (Skype Toolbars) - C:\Users\WoitaS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll => Brak pliku
    CHR Plugin: (Adobe Acrobat) - F:\Adobe Reader\Reader\Browser\nppdf32.dll => Brak pliku
    CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => Brak pliku
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => Brak pliku



    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #4 04 Sty 2016 21:26
    w0itas
    Poziom 9  

    Bardzo, bardzo bardzo dziekuje :)
    POMOGŁO !!! :)))))

    0