Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus- wyskakuje co jakiś czas reklama na przeglądarce

bicon 14 Sty 2016 21:13 1083 3
  • CControls
  • #2 14 Sty 2016 21:28
    Bogdan Bejs
    Poziom 19  

    Wyczyść programem ADW Cleaner, a później Malwarebytes Anti Malware.

    0
  • CControls
  • Pomocny post
    #3 15 Sty 2016 00:25
    krzychupar
    Poziom 40  

    OdOtwórz notatnik systemowy i wklej:
    CustomCLSID: HKU\S-1-5-21-3398476154-2743233421-164737229-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3398476154-2743233421-164737229-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3398476154-2743233421-164737229-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3398476154-2743233421-164737229-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll => Brak pliku
    Task: {0DCE8C6A-3159-4856-B5E8-E5C6373D94DC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {0FF3020D-96A8-4E1C-8E35-96D15FD6E724} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {10DB7DFE-B071-4381-BF60-CE85F6863BD4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {21F0A9D2-545C-4030-8EDE-C58587E63354} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {26EEEA71-4C4F-4EDC-AF17-047B103F720D} - System32\Tasks\{AE50440B-358E-4BB5-912D-5F3EA1F28808} => pcalua.exe -a "C:\Program Files (x86)\IvecoPower\cdi.exe" -d "C:\Program Files (x86)\IvecoPower\" -c ARGV
    Task: {273D8207-9627-4C83-B22E-E75B069C3E68} - System32\Tasks\{91BC0FEA-7213-46C6-95DD-7C31CADB4B8B} => pcalua.exe -a C:\Users\Rafał\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
    Task: {2D65E343-3C48-4ABA-BEEC-FFF3AA1B2DD8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {31A892BD-4279-45F3-B197-BB19E4072DBD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {3295A85A-8A0D-437D-965B-E5239A46A60B} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {61B492E1-241E-4788-A198-375BEFC997F9} - System32\Tasks\{54B9BF74-FBFD-4B13-A624-FCAE155AA9D6} => pcalua.exe -a "C:\Users\Rafał\Downloads\EiNST3iN - Microsoft Office Enterprise Edition 2007\OfficeEnterpriseEdition2007.exe" -d "C:\Users\Rafał\Downloads\EiNST3iN - Microsoft Office Enterprise Edition 2007"
    Task: {642397D3-08C2-48F5-BF49-6BF322ABC7E3} - System32\Tasks\{2B0F31A2-84AC-4564-91C8-D23A58BF8CCB} => pcalua.exe -a "D:\STEROWNIKI\inst_sb6020_5130151065 RAMIR.EXE" -d D:\STEROWNIKI
    Task: {7C8FE5B5-461B-4896-ACBB-9A23BDCBDAA7} - System32\Tasks\{9A094DB6-1349-427D-B4E1-A29B04F2172A} => pcalua.exe -a C:\ETKA\PROG\hldrv32.exe -d C:\ETKA\PROG
    Task: {7D396000-77BF-4470-907D-F50F98967775} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA




    Task: {870B8DAE-AC3A-4845-9EC1-993FCA61B116} - System32\Tasks\{9854F073-D197-4C5C-B83C-1FFEECF039CD} => pcalua.exe -a C:\Users\Rafał\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=face
    Task: {87583678-7CD1-495F-B760-AB506231C5E5} - \PCDEventLauncher -> Brak pliku <==== UWAGA
    Task: {8BC4EB3A-C691-4BEC-99E8-B2CCA60D5871} - System32\Tasks\{1E491D17-2D0E-4564-B5DE-3BE04747FBFE} => pcalua.exe -a C:\Users\Rafał\Downloads\mp3gain-win-1_2_5.exe -d C:\Users\Rafał\Downloads
    Task: {8D73F570-41A9-4D25-BB9B-A4D781D5E24E} - System32\Tasks\{88F6CE05-76D7-4880-9E04-7EF3042FBD1B} => pcalua.exe -a C:\PROGRA~2\CARTYC~1\UNWISE.EXE -c C:\PROGRA~2\CARTYC~1\INSTALL.LOG
    Task: {984AF8F8-538B-4F9C-85ED-94152B3ECB61} - \SystemToolsDailyTest -> Brak pliku <==== UWAGA
    Task: {AE6818B3-904C-4C6E-82A7-DFD33AC32609} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {BE654302-2FA6-4392-806D-B8825CDA8E22} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {D03E8FC3-5A31-4CEC-B0C1-7AEE1163FBE4} - System32\Tasks\{4354F70D-2719-42D6-A274-9AD0A86675C2} => pcalua.exe -a C:\Users\Rafał\Downloads\irfanview_lang_polski.exe -d C:\Users\Rafał\Downloads
    Task: {D362DCDD-0BDD-4E2F-A8C6-61CEA13374F3} - \PCDoctorBackgroundMonitorTask -> Brak pliku <==== UWAGA
    Task: {D4917538-7DED-4DF0-A424-09DDEA385D01} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {DFEF20D4-F678-4CB2-98E7-BA5A9637320B} - System32\Tasks\{B3434F03-2B34-47D5-90E4-8DEE872B921D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Geodom\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\Geodom\uninstall.dat" -a uninstallme 00B589AB-DBC4-44B1-A810-C54BABFA60B7 DeviceId=3973c022-8878-ba38-d945-ed0051a78f9e BarcodeId=50127003 ChannelId=3 DistributerName=APSFImali
    HKU\S-1-5-21-3398476154-2743233421-164737229-1000\...\Policies\Explorer: []
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3398476154-2743233421-164737229-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3398476154-2743233421-164737229-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Vc6n-Npunxb6wugNUAuVlyxHmOTxO9wYh5Bto,&q={searchTerms}
    HKU\S-1-5-21-3398476154-2743233421-164737229-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...us1MwGuMIX8WiYq2mmH2JdP3Cf5xfwpRG0zxZZaIESN0,,
    HKU\S-1-5-21-3398476154-2743233421-164737229-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Vc6n-Npunxb6wugNUAuVlyxHmOTxO9wYh5Bto,&q={searchTerms}
    HKU\S-1-5-21-3398476154-2743233421-164737229-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Vc6n-Npunxb6wugNUAuVlyxHmOTxO9wYh5Bto,&q={searchTerms}
    SearchScopes: HKLM -> {B5C4A120-B51D-4D78-8C1D-F8F1F2910163} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Vc6n-Npunxb6wugNUAuVlyxHmOTxO9wYh5Bto,&q={searchTerms}
    SearchScopes: HKLM-x32 -> {B5C4A120-B51D-4D78-8C1D-F8F1F2910163} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3398476154-2743233421-164737229-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Vc6n-Npunxb6wugNUAuVlyxHmOTxO9wYh5Bto,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3398476154-2743233421-164737229-1000 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1452777673&a=1003813&uuid=1bc20a40-e5c4-4aa6-8eb1-43e463529a8e
    SearchScopes: HKU\S-1-5-21-3398476154-2743233421-164737229-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Vc6n-Npunxb6wugNUAuVlyxHmOTxO9wYh5Bto,&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=...msungXSSDX850XEVOXmSATAX250GB_S248NXAG904303X
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll [Brak pliku]
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll [Brak pliku]
    FF HKLM\...\Firefox\Extensions: [{0C02F556-77BB-40E9-99D9-1BF6786F7347}] - C:\Program Files\groover140120161447\Firefox\{0C02F556-77BB-40E9-99D9-1BF6786F7347}.xpi => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{0C02F556-77BB-40E9-99D9-1BF6786F7347}] - C:\Program Files\groover140120161447\Firefox\{0C02F556-77BB-40E9-99D9-1BF6786F7347}.xpi => nie znaleziono
    CHR dev: Chrome dev build wykryto! <======= UWAGA
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.yoursites123.com/?type=sc&ts=1...msungXSSDX850XEVOXmSATAX250GB_S248NXAG904303X
    S2 Cecwe; "C:\Users\Rafał\AppData\Roaming\MeweuTocec\Kenfa.exe" -cms [X]
    U3 idsvc; Brak ImagePath
    2016-01-14 14:49 - 2016-01-14 14:50 - 00000000 ____D C:\ProgramData\JWdMJ
    2016-01-14 14:47 - 2016-01-14 14:48 - 00000000 ____D C:\ProgramData\UWdMU
    2016-01-14 14:42 - 2016-01-14 14:43 - 05646860 _____ (Swearware) C:\Users\Rafał\Downloads\ComboFix (1).exe
    2016-01-14 14:38 - 2016-01-14 14:39 - 00000000 ____D C:\ProgramData\lWdMl
    Hosts:
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #4 15 Sty 2016 20:25
    bicon
    Poziom 8  

    @krzychupar Dzieki Wielkie za rozwiazanie problemu !!

    0