Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Lenovo reklamy, hijacking przeglądarki, brak uprawnień administratora

szymeeen 06 Kwi 2016 17:59 465 1
  • #1 06 Kwi 2016 17:59
    szymeeen
    Poziom 1  

    Tak jak w temacie, skanowane avastem, malware i adw.

    0 1
  • CControls
  • #2 06 Kwi 2016 18:20
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {237D6D36-A055-45F9-B70D-027AFDD9710E} - \MyBrowser -> Brak pliku <==== UWAGA
    Task: {2D9F5C88-3026-4617-BFC9-C5812394B87F} - System32\Tasks\BKQJV1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== UWAGA
    Task: {435F94FF-E9AE-43DB-9877-6ACF32EC848C} - \WordWizard Auto Updater 1.10.0.24 Pending Update -> Brak pliku <==== UWAGA
    Task: {6E88F817-20EC-45BB-8317-3716D0229C1F} - System32\Tasks\THUmHElbPOPhiw24roWER1pq => C:\Users\Sylwiamik1\AppData\Roaming\THUmHElbPOPhiw24roWER1pq.exe <==== UWAGA
    Task: {71CAAD1C-16F4-4CBE-8D59-8270C5EAC47A} - System32\Tasks\V8CA8nDPlsNZjbLFqk3irFPZMO => C:\Users\Sylwiamik1\AppData\Roaming\V8CA8nDPlsNZjbLFqk3irFPZMO.exe <==== UWAGA
    Task: {81BD721E-137F-4399-82E1-0D43140A9A73} - System32\Tasks\3w1wu49K => C:\Users\Sylwiamik1\AppData\Roaming\3w1wu49K.exe <==== UWAGA
    Task: {8A9FE2E0-D8A6-4B56-B354-22C5250118E0} - \Jaemjo -> Brak pliku <==== UWAGA
    Task: {A684ABC4-26BE-4CC7-9740-96BD516998DF} - \WordWizard Auto Updater 1.10.0.24 Core -> Brak pliku <==== UWAGA
    Task: {BDA270BD-382D-449C-A0AD-3F9D22CCEC7D} - System32\Tasks\MZpqYmc3qNXRW0YpEESS1hPf => C:\Users\Sylwiamik1\AppData\Roaming\MZpqYmc3qNXRW0YpEESS1hPf.exe <==== UWAGA
    Task: {CC55EF0E-23F9-495C-80BE-FDA287BB6A9C} - \globalUpdateUpdateTaskMachineCore -> Brak pliku <==== UWAGA
    Task: {D877EB46-14E5-42C7-B39A-66FFF7488ACA} - \globalUpdateUpdateTaskMachineUA -> Brak pliku <==== UWAGA
    Task: {E821AF9D-8681-45DC-A881-8D59452444EE} - System32\Tasks\ZCaRDyDuCudUFVw4y6PrN52HvM => C:\Users\Sylwiamik1\AppData\Roaming\ZCaRDyDuCudUFVw4y6PrN52HvM.exe <==== UWAGA
    Task: {EC414E67-2137-4C58-93CA-69CBD11245A0} - \SmartWeb Upgrade Trigger Task -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\3w1wu49K.job => C:\Users\Sylwiamik1\AppData\Roaming\3w1wu49K.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\BKQJV1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\ByteFence Scan.job => C:\Program Files\ByteFence\ByteFence.exe
    Task: C:\WINDOWS\Tasks\MZpqYmc3qNXRW0YpEESS1hPf.job => C:\Users\Sylwiamik1\AppData\Roaming\MZpqYmc3qNXRW0YpEESS1hPf.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\THUmHElbPOPhiw24roWER1pq.job => C:\Users\Sylwiamik1\AppData\Roaming\THUmHElbPOPhiw24roWER1pq.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\V8CA8nDPlsNZjbLFqk3irFPZMO.job => C:\Users\Sylwiamik1\AppData\Roaming\V8CA8nDPlsNZjbLFqk3irFPZMO.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\ZCaRDyDuCudUFVw4y6PrN52HvM.job => C:\Users\Sylwiamik1\AppData\Roaming\ZCaRDyDuCudUFVw4y6PrN52HvM.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Sylwiamik1\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/




    ShortcutWithArgument: C:\Users\Sylwiamik1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\Sylwiamik1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\Sylwiamik1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-06]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    URLSearchHook: [S-1-5-21-2990425086-1765047807-3833475030-1001] UWAGA => Brak domyślnego URLSearchHook
    URLSearchHook: [S-1-5-21-2990425086-1765047807-3833475030-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0] UWAGA => Brak domyślnego URLSearchHook
    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450691460&a...ced4cad90557ec1d9b8g4zfw1ebq7tbgbcfb5g&q={searchTerms}
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450691460&a...ced4cad90557ec1d9b8g4zfw1ebq7tbgbcfb5g&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2990425086-1765047807-3833475030-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450691460&a...ced4cad90557ec1d9b8g4zfw1ebq7tbgbcfb5g&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2990425086-1765047807-3833475030-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450691460&a...ced4cad90557ec1d9b8g4zfw1ebq7tbgbcfb5g&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2990425086-1765047807-3833475030-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2990425086-1765047807-3833475030-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2990425086-1765047807-3833475030-1002 -> {FBB3A178-4B03-49E6-B85B-174D5F807095} URL =
    SearchScopes: HKU\S-1-5-21-2990425086-1765047807-3833475030-1002 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
    FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=yessearches
    2016-04-06 16:27 - 2016-04-06 16:32 - 00000000 ____D C:\Users\Sylwiamik1\Doctor Web
    2016-04-06 15:20 - 2016-04-06 15:20 - 00000000 ____D C:\Users\Sylwiamik1\AppData\Roaming\gplyra
    2016-04-06 15:00 - 2016-04-06 17:33 - 00000000 ____D C:\Users\Sylwiamik1\AppData\Roaming\Mhidiuyu
    2016-04-06 15:00 - 2016-04-06 17:27 - 00000000 ____D C:\Program Files\Jeuyhfewt
    2016-04-06 17:33 - 2015-10-10 20:10 - 00000000 ____D C:\Program Files (x86)\f0240e4c-9f85-484b-ba44-793e1f040a71
    2016-04-06 17:33 - 2015-10-10 19:53 - 00000000 ____D C:\Program Files (x86)\8fa9c6c1-37c0-4027-bb89-20433c8ab86a
    2016-04-06 17:33 - 2015-10-10 19:35 - 00000000 ____D C:\Program Files (x86)\870a67bf-115f-413c-89ec-1069b025f1ec
    2016-04-06 16:27 - 2015-10-10 22:10 - 00000000 ____D C:\AdwCleaner
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Sylwiamik1\AppData\Roaming\3w1wu49K
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Sylwiamik1\AppData\Roaming\d3i2ZIPCWkFCoOMC0lvmUmDQwj
    2015-10-22 21:48 - 2015-10-22 21:48 - 0017650 _____ () C:\Users\Sylwiamik1\AppData\Roaming\ICSW_0C1F1L1G1L1B0R1P2X0S1M1T1C1PtJ1V0R1P1T1R1M0I2Z.txt
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Sylwiamik1\AppData\Roaming\MZpqYmc3qNXRW0YpEESS1hPf
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Sylwiamik1\AppData\Roaming\THUmHElbPOPhiw24roWER1pq
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Sylwiamik1\AppData\Roaming\V8CA8nDPlsNZjbLFqk3irFPZMO
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Sylwiamik1\AppData\Roaming\ZCaRDyDuCudUFVw4y6PrN52HvM
    2015-10-10 20:30 - 2015-10-10 20:30 - 0628688 _____ (CMI Limited) C:\Users\Sylwiamik1\AppData\Local\nspC1B7.tmp
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0