Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

WINDOWS 7 - Ads by Albireo

Yashe 14 Mar 2016 17:12 732 8
  • #1 14 Mar 2016 17:12
    Yashe
    Poziom 4  

    Witam,serdecznie

    Moja nieuwaga spowodowała, że złapałem wirusa... Po włączaniu jakąkolwiek przeglądarki wyświetla mi się milion reklam z dopiskiem "Ads by Albireo" Może mi ktoś pomóc w usunięciu tego?

    [] Adw Cleaner nic nie pomógł
    [] Słyszałem coś o Farbar Recovery Scan Tool, lecz nie wiem jak poprawnie użyć

    Mam Windows'a 7

    Pozdrawiam

    0 8
  • #2 14 Mar 2016 17:16
    Kolobos
    Spec od komputerów

    W FRST nacisnij Skanuj i zamiesc logi w zalaczniku (frst.txt oraz addition.txt).

    0
  • Pomocny post
    #4 14 Mar 2016 17:47
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {00957791-9F67-4FB3-88CC-54824063582E} - System32\Tasks\{6546AC03-4C4A-4478-A6B7-B66C959A2156} => C:\Users\PC-2\Desktop\Nowy folder\Golem.exe
    Task: {1207FD53-7BED-4DE5-A9BB-ACF2DD5091BA} - System32\Tasks\{1D62659E-935C-48DA-9025-4BA48227DC4C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.20.0.104/pl/abandoninstall?page=tsProgressBar
    Task: {1D30A07F-BD83-4177-8A39-4FB8327CE11B} - System32\Tasks\{971034F2-DDE6-4711-8926-E02DA18DECB5} => C:\Users\PC-2\Desktop\CichyLauncher.exe
    Task: {247A1F69-CD7E-4D85-8AAD-ACF821F26383} - System32\Tasks\{48E0B6D3-AFC0-49AA-9E35-1E5F0F71A0F0} => C:\Users\PC-2\Desktop\GTA San Andreas\gta_sa.exe
    Task: {2F1AB514-BB7C-43BB-8839-ADB7FAC1AE84} - System32\Tasks\{13FDECE2-8B70-4D68-998B-0ADEA209B731} => pcalua.exe -a C:\Users\PC-2\Downloads\dxwebsetup.exe -d C:\Users\PC-2\Downloads
    Task: {3024795B-18F9-4880-AC0E-50AF4071BC60} - System32\Tasks\{3738530C-146D-4832-8ADA-AECD1AD77AC0} => C:\Program Files (x86)\Counter-Strike\cstrike.exe
    Task: {329735D0-8565-4FC7-86BB-9C6833ACDFB9} - System32\Tasks\{8014C513-9A0B-4308-87EA-6C293AD65F89} => G:\Corona Simulator.exe
    Task: {3C6BDE1C-2153-42DB-AF2B-E96AFD80F853} - System32\Tasks\{9E114493-8BEF-4D78-A43B-6A13037A3101} => C:\Program Files (x86)\- Counter-Strike 1.6 -.exe
    Task: {3CA171F2-DABA-421E-BD06-4EFC3731E9A2} - System32\Tasks\{2B06CBB9-4AF5-496B-B3CD-7D64A9C1811E} => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2015-11-12] (LogMeIn Inc.)
    Task: {48143E5B-FABD-4F9B-BF83-1CC40E2ADA56} - System32\Tasks\{7DE3D741-D663-4996-AEDC-4CFEBD8DC7D7} => C:\Program Files (x86)\Counter-Strike\cstrike.exe
    Task: {4849AAAA-6358-4637-B298-7068FCF1353E} - System32\Tasks\{F0FD6D70-39EE-4849-9A5D-A06CA1BB7A8A} => C:\Program Files (x86)\Counter-Strike\cstrike.exe
    Task: {51CA0C46-AB4C-41D7-972B-63C80129F115} - System32\Tasks\{1AAD90E3-20E0-456D-AE6E-AC0B596786C9} => C:\Program Files (x86)\- Counter-Strike 1.6 -.exe
    Task: {52EDA3EC-3774-4034-BEBC-D8558CCA2ECD} - System32\Tasks\{C86D8BEF-0BC9-4D7B-B329-D490461C5C8B} => C:\Users\PC-2\Desktop\programy\GhettosXe.exe
    Task: {542FCAC8-655A-41D6-AF76-036BD1FFEB77} - System32\Tasks\{B3166BAC-520E-48C3-B04D-455A1877AEB7} => G:\Corona Simulator.exe
    Task: {607DDD05-8DFE-46EB-B0B5-A9F858727226} - System32\Tasks\{223A8736-C3DA-4777-9854-778DDB23BDB3} => C:\Program Files (x86)\- Counter-Strike 1.6 -.exe
    Task: {649C12D5-2656-44E6-881D-12893DAE357D} - System32\Tasks\{EBDAC50B-A728-4CC9-9697-A54BC70DF7C4} => C:\Program Files (x86)\- Counter-Strike 1.6 -.exe
    Task: {68FC69E1-B2BE-451A-B378-276DD9F3472A} - System32\Tasks\{5F89B359-B3CE-4973-927B-202BD9EC1F40} => Chrome.exe hxxp://ui.skype.com/ui/0/7.2.0.103/pl/abandoninstall?page=tsMain




    Task: {70CD59A2-B620-47E1-96F6-06D00BE96B9D} - System32\Tasks\{AEA87F17-3194-4191-81D6-727E4874A49F} => C:\Gry\Counter-Strike 1.6 v48\Counter-Strike 1.6.exe
    Task: {730928F9-D890-4663-9EEF-196A85C32693} - System32\Tasks\PC-2UnmentionableAppalledV2 => Rundll32.exe SpotlessTessellations.dll,main 7 1 <==== UWAGA
    Task: {7594EC95-E5F0-47AE-ABAC-3DF8DEABE34B} - System32\Tasks\{B15B6C08-36E3-49EE-AF7D-AD5232CEF861} => C:\Users\PC-2\Desktop\programy\GhettosXe.exe
    Task: {8659E3C2-729D-4116-A620-9A7C3580FF01} - System32\Tasks\{89EEB482-0998-4A52-A791-6A05D3ACDD4A} => C:\Users\PC-2\Desktop\programy\GhettosXe.exe
    Task: {89BADCEC-5E04-4E4A-A0FB-15D61F088F75} - System32\Tasks\{05354FA4-65C0-4B6D-AEE5-CF035C0869E7} => Chrome.exe hxxp://ui.skype.com/ui/0/6.13.60.104/pl/abandoninstall?page=tsProgressBar
    Task: {8A1C2690-13A9-46B9-9D12-CD1AD6D7EDF7} - System32\Tasks\{4E193FBF-EBA4-4042-8197-188026097571} => pcalua.exe -a C:\Users\PC-2\Desktop\dxwebsetup.exe -d C:\Users\PC-2\Desktop
    Task: {8CBD93A2-622B-4ACA-B27D-5E3C2DFB3F2F} - System32\Tasks\{82661A7D-8751-4D4B-8300-2C973B2EE57D} => pcalua.exe -a C:\Users\PC-2\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
    Task: {945497A5-6303-43A9-83D2-F4B8C168921E} - System32\Tasks\{5A4BDA28-A642-4EDE-84C6-29A15E46CA9F} => C:\Program Files (x86)\GameforgeLive\Games\POL_pol\Metin2\metin2m_pl.exe
    Task: {A49B65B2-B7DD-432D-B0DE-D5E34DA060A5} - System32\Tasks\{BBC7C490-31C3-4A4D-BCD1-50A76D2658E2} => C:\Users\PC-2\Desktop\programy\GhettosXe.exe
    Task: {AACCF32A-CBBA-4165-AC7D-391726191E9B} - System32\Tasks\{D51634F6-8CEB-41F3-BA26-200383E7DE79} => C:\Program Files (x86)\- Counter-Strike 1.6 -.exe
    Task: {B7BA9087-BA7C-49C8-BDED-9D55730553F0} - System32\Tasks\{16F3F552-49C2-4807-845B-4CA3DF54576D} => pcalua.exe -a "C:\Program Files (x86)\MPC Cleaner\UninstDelete.exe" -d "C:\Program Files (x86)\MPC Cleaner"
    Task: {BD1C47B8-B529-47DD-8139-C423938020DC} - System32\Tasks\{5F5596DB-73CA-46B4-B14E-CEC989AA6501} => C:\Users\PC-2\Desktop\programy\GhettosXe.exe
    Task: {BEAFFC57-DAE9-4F43-A477-879678DA2149} - System32\Tasks\{8081E07E-638E-4A3A-9CD5-7DD3BE5942C5} => C:\Program Files (x86)\- Counter-Strike 1.6 -.exe
    Task: {C7C5093F-49F0-4F72-A55A-F69D01258DCB} - System32\Tasks\{96913ED0-4D33-4268-9079-5DBEC592D8F4} => C:\Gry\Counter-Strike 1.6 v48\Counter-Strike 1.6.exe
    Task: {DC160849-FE12-478B-BFEC-F6681FC48E2C} - System32\Tasks\{B7B80C25-0DA8-4296-897B-872937E1630E} => C:\Users\PC-2\Desktop\programy\GhettosXe.exe
    Task: {E0B795AD-5756-4B22-B61C-526C5C806AB1} - System32\Tasks\{E6DC20D1-73D0-4669-9D2D-26E90C323374} => C:\Program Files (x86)\- Counter-Strike 1.6 -.exe
    Task: {F0DEF94F-4C0A-4A16-BDE9-7B09AC791E6C} - System32\Tasks\{09754867-B602-43A8-8F2B-C80F38228C85} => C:\Users\PC-2\Desktop\programy\GhettosXe.exe
    Task: {F3D5102B-36FD-42C4-8DD1-C2575C8E88E7} - System32\Tasks\{40B4FE4F-5E2A-45D2-B2B1-8CEBEB1BF896} => G:\Corona Simulator.exe
    Task: {F5F3EC0B-0E73-4115-9738-420456149ECC} - System32\Tasks\Siesi => C:\PROGRA~1\GROOVE~1\Fiyhtun.bat
    Task: {F82E5F09-ADFF-4F73-B387-6537F24D9B47} - System32\Tasks\{D44128AF-D48F-4796-AA8D-10AFC773FF2D} => pcalua.exe -a "C:\Users\PC-2\Downloads\rar-password-recovery (1).exe" -d C:\Users\PC-2\Downloads
    Task: {FAFD9DBD-37BA-4F9F-9EFC-09FB5DBA0573} - System32\Tasks\{8EB7DEB0-7EC4-4946-B24D-318658632D23} => C:\Users\PC-2\Desktop\programy\GhettosXe.exe
    Task: {FE9F3DC7-DAF8-49E5-95AA-138C127893EC} - System32\Tasks\{696639F8-2895-499C-83D8-67E4761796DD} => pcalua.exe -a C:\Users\PC-2\AppData\Local\Temp\7zS5F41.tmp\MicroInstallerNative.exe -d C:\Users\PC-2\AppData\Local\Temp\7zS5F41.tmp
    Task: C:\Windows\Tasks\Opera scheduled Autoupdate 1405090690.job => C:\Program Files (x86)\Opera\launcher.exe
    2016-03-12 22:57 - 2016-03-12 22:57 - 00670584 _____ () C:\Users\PC-2\AppData\Roaming\Mamkyjsu\Guphegv.dll
    2016-03-12 22:57 - 2016-03-12 22:57 - 00174456 _____ () C:\Users\PC-2\AppData\Roaming\Mamkyjsu\Mamkyjsu.exe
    2016-03-12 22:57 - 2016-03-12 22:57 - 00115576 _____ () C:\Users\PC-2\AppData\Roaming\Mamkyjsu\Hiqke.exe
    2016-03-12 22:57 - 2016-03-12 22:57 - 00146296 _____ () C:\Users\PC-2\AppData\Roaming\Mamkyjsu\Guphegv.exe
    2016-02-27 11:31 - 2016-02-27 11:31 - 00356864 _____ () C:\Users\PC-2\AppData\Local\UnmentionableAppalled\SpotlessTessellations.dll
    2016-03-12 22:57 - 2016-03-12 22:57 - 00262008 _____ () C:\Users\PC-2\AppData\Roaming\Mamkyjsu\Hiqke.dll
    Hosts:
    () C:\Users\PC-2\AppData\Roaming\Mamkyjsu\Mamkyjsu.exe
    () C:\Users\PC-2\AppData\Roaming\Mamkyjsu\Hiqke.exe
    () C:\Users\PC-2\AppData\Roaming\Mamkyjsu\Guphegv.exe
    HKLM-x32\...\Run: [cessrs.exe -start] => C:\Users\PC-2\AppData\Roaming\UPUpdata\cessrs.exe [2686976 2016-03-13] ()
    HKLM-x32\...\Run: [mpck_en_005030265] => [X]
    HKLM-x32\...\Run: [win_en_77] => [X]
    HKLM-x32\...\Run: [LightGate] => c:\programdata\lightgate.exe [1081344 2015-12-04] ()
    HKLM-x32\...\Run: [HomePageHelper] => c:\programdata\homepage.exe [1100288 2015-11-25] ()
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
    HKU\S-1-5-21-4216582804-3552437137-1378640929-1000\...\Run: [msiql] => c:\programdata\msiql.exe [1888256 2016-03-02] ()
    HKU\S-1-5-21-4216582804-3552437137-1378640929-1000\...\MountPoints2: {c1887210-17dd-11e5-b593-001a4d894833} - I:\setup.exe
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    AutoConfigURL: [S-1-5-21-4216582804-3552437137-1378640929-1000] => hxxp://un-stop.net/wpad.dat?57c61e435fee01b47010a04b07c44ed87549331
    ManualProxies: 0hxxp://un-stop.net/wpad.dat?57c61e435fee01b47010a04b07c44ed87549331
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartośc
    FF SearchPlugin: C:\Users\PC-2\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\DD1B66D4.xml [2016-03-13]
    FF Extension: Brak nazwy - C:\Users\PC-2\AppData\Roaming\Mozilla\Firefox\Profiles\1ly72qvq.default\extensions\deskCutv2@gmail.com [nie znaleziono]
    FF Extension: Brak nazwy - C:\Users\PC-2\AppData\Roaming\Mozilla\Firefox\Profiles\1ly72qvq.default\extensions\yahooprotected@gmail.com [nie znaleziono]
    FF Extension: GsearchFinder - C:\Users\PC-2\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-03-01]
    () C:\ProgramData\msiql.exe
    CHR HKU\S-1-5-21-4216582804-3552437137-1378640929-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
    R2 Egeistogti; C:\Users\PC-2\AppData\Roaming\Mamkyjsu\Mamkyjsu.exe [174456 2016-03-12] ()
    S2 GoogleChromeUpService; C:\ProgramData\service.exe [1734656 2016-03-13] () [Brak podpisu cyfrowego]
    S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2786816 2016-03-13] (TODO: ) [Brak podpisu cyfrowego]
    S3 ATP; system32\DRIVERS\cmdatp.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    S1 SRepairDrv; \??\C:\Windows\GJFix\SRepairDrv [X]
    S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
    2016-03-13 03:28 - 2016-03-13 03:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unusualsoft
    2016-03-13 02:43 - 2016-03-13 02:43 - 00003188 _____ C:\Windows\System32\Tasks\{16F3F552-49C2-4807-845B-4CA3DF54576D}
    2016-03-13 01:17 - 2015-11-25 18:31 - 01100288 _____ C:\ProgramData\HomePage.exe
    2016-03-13 01:06 - 2016-03-14 16:21 - 00011633 _____ C:\ProgramData\webad.xml
    2016-03-13 01:06 - 2015-12-04 16:14 - 01081344 _____ C:\ProgramData\LightGate.exe
    2016-03-13 00:59 - 2016-03-13 00:59 - 00000000 ____D C:\ProgramData\Windows Update
    2016-03-13 00:44 - 2016-03-13 00:44 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-03-13 00:35 - 2016-03-02 14:49 - 01888256 _____ C:\ProgramData\msiql.exe
    2016-03-13 00:34 - 2016-03-13 01:07 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
    2016-03-13 00:33 - 2016-03-13 00:38 - 00000000 ____D C:\Users\PC-2\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-03-13 00:32 - 2016-03-13 00:33 - 00000000 ____D C:\Users\Public\Documents\dmp
    2016-03-13 00:22 - 2016-03-13 00:43 - 00000000 ____D C:\Windows\GJFix
    2016-03-13 00:22 - 2016-03-13 00:22 - 00005120 _____ C:\Users\PC-2\AppData\Roaming\GiftBag.db
    2016-03-13 00:20 - 2016-03-13 00:41 - 00000000 ____D C:\Users\PC-2\AppData\Local\app
    2016-03-13 00:18 - 2016-03-13 00:18 - 01734656 _____ C:\ProgramData\service.exe
    2016-03-13 00:17 - 2016-03-13 00:23 - 00000000 ____D C:\Users\PC-2\AppData\Roaming\SarfasTicf
    2016-03-13 00:17 - 2016-03-13 00:17 - 00003338 _____ C:\Windows\System32\Tasks\Siesi
    2016-03-13 00:17 - 2016-03-13 00:17 - 00000000 ____D C:\Users\Public\Thunder Network
    2016-03-13 00:17 - 2016-03-13 00:17 - 00000000 ____D C:\Users\PC-2\AppData\Roaming\Mamkyjsu
    2016-03-13 00:17 - 2016-03-13 00:17 - 00000000 ____D C:\Users\PC-2\AppData\LocalLow\Company
    2016-03-13 00:17 - 2016-03-13 00:17 - 00000000 ____D C:\Users\PC-2\AppData\Local\Tempfolder
    2016-03-13 00:17 - 2016-03-13 00:17 - 00000000 ____D C:\ProgramData\Thunder Network
    2016-03-13 00:16 - 2016-03-13 00:18 - 00000000 ____D C:\Users\PC-2\AppData\Roaming\UPUpdata
    2016-03-13 00:16 - 2016-03-13 00:16 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    2016-03-12 22:58 - 2016-03-13 00:17 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
    2016-02-27 11:36 - 2016-02-27 11:36 - 00003456 _____ C:\Windows\System32\Tasks\PC-2UnmentionableAppalledV2
    2016-02-27 11:36 - 2016-02-27 11:36 - 00000000 ____D C:\Users\PC-2\AppData\Roaming\PriceFountainUpdateVer
    2016-02-27 11:36 - 2016-02-27 11:36 - 00000000 ____D C:\Users\PC-2\AppData\Local\UnmentionableAppalled
    2016-02-27 11:28 - 2016-02-27 11:28 - 00002984 _____ C:\Windows\System32\Tasks\{2B06CBB9-4AF5-496B-B3CD-7D64A9C1811E}
    2016-02-24 00:57 - 2016-02-24 02:10 - 00000000 ____D C:\ProgramData\Viatax
    2016-02-24 00:57 - 2016-02-24 00:57 - 08003072 _____ C:\Users\PC-2\AppData\Roaming\agent.dat
    2016-02-24 00:57 - 2016-02-24 00:57 - 01894030 _____ C:\Users\PC-2\AppData\Roaming\Villaphase.tst
    2016-02-24 00:57 - 2016-02-24 00:57 - 00126464 _____ C:\Users\PC-2\AppData\Roaming\noah.dat
    2016-02-24 00:57 - 2016-02-24 00:57 - 00064752 _____ C:\Users\PC-2\AppData\Roaming\Config.xml
    2016-02-24 00:57 - 2016-02-24 00:57 - 00018432 _____ C:\Users\PC-2\AppData\Roaming\Main.dat
    2016-02-24 00:57 - 2016-02-24 00:57 - 00005568 _____ C:\Users\PC-2\AppData\Roaming\md.xml
    2016-02-24 00:57 - 2016-02-24 00:56 - 00667648 _____ C:\Users\PC-2\AppData\Roaming\Villaphase.exe
    2016-02-24 00:56 - 2016-02-24 00:57 - 00011424 _____ C:\Users\PC-2\AppData\Roaming\InstallationConfiguration.xml
    2016-02-24 00:56 - 2016-02-24 00:56 - 00127488 _____ C:\Users\PC-2\AppData\Roaming\Installer.dat
    2016-03-13 01:17 - 2015-11-25 18:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
    2016-03-13 01:06 - 2015-12-04 16:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
    2016-03-13 00:35 - 2016-03-02 14:49 - 1888256 _____ () C:\ProgramData\msiql.exe
    2016-03-13 00:18 - 2016-03-13 00:18 - 1734656 _____ () C:\ProgramData\service.exe
    2016-03-13 01:06 - 2016-03-14 16:21 - 0011633 _____ () C:\ProgramData\webad.xml
    2016-03-13 12:37 - 2016-03-13 12:37 - 0000041 _____ () C:\ProgramData\xcgui_debug.txt
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Zainstaluj aktualizacje z: https://support.microsoft.com/pl-pl/kb/2545227

    0
  • #5 14 Mar 2016 20:21
    Yashe
    Poziom 4  

    Wszystko ładnie śmiga,nie ma problemu,a durne reklamy już się nie pojawiają.

    Bardzo dziękuje panu za pomoc, serdecznie Pozdrawiam

    0
  • #7 15 Mar 2016 13:53
    Domino_2
    Pomocny dla użytkowników

    @jonasz132 Na przyszłość załóz nowy temat.

    Zdecyduj się na jednego antywirusa, a drugiego odinstaluj.

    Odinstaluj ASUS WebStorage.

    Cytat:

    Task: {2A28DDF9-C682-4444-8219-6DC37E25DA0C} - System32\Tasks\Imapti => C:\PROGRA~1\GROOVE~1\Whfup.bat
    Task: {54536F71-6F83-43EC-AEEE-7964ED261F3C} - System32\Tasks\{EE142336-97A1-40E1-8489-6F5C10DC754E} => pcalua.exe -a F:\R161520.EXE -d F:\
    Task: {7E1B2A81-C002-438E-90EA-2AD34220F3B0} - System32\Tasks\Lebetap => C:\PROGRA~1\GROOVE~1\Ghjun.bat
    Task: {9C6D36A1-5CBB-40B4-B5B4-129FD2E95A15} - System32\Tasks\Kuytnep => C:\PROGRA~1\SHOPPE~2\Tidma.bat
    Task: {A652C506-045C-48CC-B83E-6F6404CECB03} - System32\Tasks\{4AC54C92-BBD2-41B9-854B-BED526F86CDC} => pcalua.exe -a "C:\Program Files (x86)\EDGE\EDGE MODEM\drivers\InstallDriver.exe" -d "C:\Program Files (x86)\EDGE\EDGE MODEM\drivers\" -c -install
    Task: {CA9AEAD4-C0E8-4EF0-BBC9-526AD509425D} - System32\Tasks\Xauvvu => C:\PROGRA~1\SHOPPE~1\Oaekyi.bat
    HKLM-x32\...\Run: [gmsd_pl_005010214] => [X]
    HKLM-x32\...\Run: [rec_en_77] => [X]
    HKLM-x32\...\Run: [gmsd_pl_005010215] => [X]
    HKLM-x32\...\Run: [gmsd_pl_005010216] => [X]
    HKLM-x32\...\Run: [gmsd_pl_005010218] => [X]
    HKLM-x32\...\Run: [gmsd_pl_005010220] => [X]
    HKU\S-1-5-21-2079011108-2540171504-25852643-1000\...\MountPoints2: {12e87df5-11da-11e0-9888-20cf3060a5eb} - F:\AutoRun.exe
    HKU\S-1-5-21-2079011108-2540171504-25852643-1000\...\MountPoints2: {12e87e0b-11da-11e0-9888-20cf3060a5eb} - F:\AutoRun.exe
    HKU\S-1-5-21-2079011108-2540171504-25852643-1000\...\MountPoints2: {1a9a1f76-a5fb-11e1-9cc3-8a1e5ad51cd4} - G:\AutoRun.exe
    HKU\S-1-5-21-2079011108-2540171504-25852643-1000\...\MountPoints2: {5b680cd2-14fa-11e0-badf-20cf3060a5eb} - F:\AutoRun.exe
    HKU\S-1-5-21-2079011108-2540171504-25852643-1000\...\MountPoints2: {96f771fc-6b2e-11e5-b01e-4e5d603c7102} - F:\LG_PC_Programs.exe
    HKU\S-1-5-21-2079011108-2540171504-25852643-1000\...\MountPoints2: {fbac6ec6-0c7a-11e0-bbcc-20cf3060a5eb} - F:\Autorun.exe
    ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
    BootExecute: PDBoot.exeautocheck autochk *
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am
    HKU\S-1-5-21-2079011108-2540171504-25852643-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-2079011108-2540171504-25852643-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-2079011108-2540171504-25852643-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-2079011108-2540171504-25852643-1000\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-2079011108-2540171504-25852643-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2079011108-2540171504-25852643-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-2079011108-2540171504-25852643-1000 -> {8902913C-A968-498E-BBC4-D28E1D3D70BF} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    Toolbar: HKU\S-1-5-21-2079011108-2540171504-25852643-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    FF Homepage: search.mpc.am
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF HKLM\...\Firefox\Extensions: [{1B6094EC-28D8-4F1E-814B-D1443BD98B9A}] - C:\Program Files\shopperz210120160935\Firefox\{1B6094EC-28D8-4F1E-814B-D1443BD98B9A}.xpi => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [{BF7D5EBD-AB51-4929-b52E-419F556F9D5F}] - C:\Program Files\groover210120162106\Firefox\{BF7D5EBD-AB51-4929-b52E-419F556F9D5F}.xpi => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [{ACBA8E76-6D31-4EFC-9CB2-A886ED69D15F}] - C:\Program Files\shopperz260120160933\Firefox\{ACBA8E76-6D31-4EFC-9CB2-A886ED69D15F}.xpi => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [{9DFBAB87-988A-4D72-87CA-16FADB2D2BE5}] - C:\Program Files\groover260120161531\Firefox\{9DFBAB87-988A-4D72-87CA-16FADB2D2BE5}.xpi => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{ACBA8E76-6D31-4EFC-9CB2-A886ED69D15F}] - C:\Program Files\shopperz260120160933\Firefox\{ACBA8E76-6D31-4EFC-9CB2-A886ED69D15F}.xpi => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{9DFBAB87-988A-4D72-87CA-16FADB2D2BE5}] - C:\Program Files\groover260120161531\Firefox\{9DFBAB87-988A-4D72-87CA-16FADB2D2BE5}.xpi => nie znaleziono
    CHR HomePage: Default -> search.mpc.am
    CHR StartupUrls: Default -> "search.mpc.am"
    CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
    CHR DefaultSearchKeyword: Default -> MPC Safe Search
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => Brak pliku
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => Brak pliku
    CHR Plugin: (Skype Toolbars) - C:\Users\Basia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll => Brak pliku
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => Brak pliku
    CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL => Brak pliku
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => Brak pliku
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => Brak pliku
    CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Brak pliku
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => Brak pliku
    CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => Brak pliku
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => Brak pliku
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbidppmgmdmjgfenjdafcalmciolcehp] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2079011108-2540171504-25852643-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bbidppmgmdmjgfenjdafcalmciolcehp] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
    R1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    U3 tmlwf; Brak ImagePath
    R4 tmtdi; system32\DRIVERS\tmtdi.sys [X]
    U3 tmwfp; Brak ImagePath
    2016-03-15 12:23 - 2016-03-15 12:54 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
    2016-03-15 13:17 - 2016-01-27 21:11 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    1
  • #8 15 Mar 2016 15:06
    jonasz132
    Poziom 8  

    Jednak co Specjalista to Specjalista ! Dzięki wielkie ! Wszystko gra.

    0
  • #9 15 Mar 2016 15:07
    Domino_2
    Pomocny dla użytkowników

    Możesz skasować folder C:\FRST.

    1