Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chrome - o tym decyduje admini -

danydany123 08 Kwi 2016 19:45 753 2
  • #1 08 Kwi 2016 19:45
    danydany123
    Poziom 2  

    Witam, mam ten popularny ostatnio problem, a że moje umiejętności są słabe, bardzo proszę o pomoc z wygenerowaniem pliku fixlist. Będę bardzo wdzięczny za szybką odpowiedź. Poniżej załączam dokumenty z FRST.

    0 2
  • CControls
  • Pomocny post
    #2 08 Kwi 2016 19:54
    Kolobos
    Spec od komputerów

    Nie pobieraj programow z dobrychprogramow przy pomocy ich menadzera pobierania, ktory instaluje szkodliwe oprogramowanie.
    Pobieraj TYLKO z bezposrednich linkow.

    Odinstaluj: REACHit

    Fixlist.txt dla FRST:
    Task: {3C0C2F9C-FB1A-469D-880D-74B9F053C2CC} - System32\Tasks\{BF7BB36C-1F27-4280-9615-103DEE994B99} => C:\Program Files (x86)\Bluetooth Radar\Blue Radar.exe
    Task: {43011879-F0CE-41CB-A6C2-C94746DD9570} - System32\Tasks\{5E150044-DF47-4C03-83ED-85D9667859AD} => pcalua.exe -a C:\SWSetup\SP54546\Setup.exe -d C:\SWSetup\SP54546
    Task: {6E789142-BAD5-417E-9260-971C3815FDF0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
    Task: {7716D1D0-AE3B-416E-95FB-1BCD0B9AA698} - System32\Tasks\{831CDC42-F2E2-4408-8F37-0793D39A4DE3} => pcalua.exe -a C:\Users\HP\Downloads\sp72598.exe -d C:\Users\HP\Downloads
    Task: {9CC5D5FE-1B54-4021-88B1-FA8AFDBB7009} - System32\Tasks\{A1679A9A-4AD8-41DB-871F-2DC344A52FAE} => pcalua.exe -a "C:\Users\HP\Desktop\Bluetooth Peripheral Driver\bthenum{00005557-0000-1000-8000-0002ee000001}.exe" -d "C:\Users\HP\Desktop\Bluetooth Peripheral Driver"
    Task: {AF17D537-57CA-4ADC-9462-187B308FDD5B} - System32\Tasks\Opera scheduled Autoupdate 1449673210 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-24] (Opera Software)
    Task: {B0C7B457-EFF9-4F5A-9367-1F0AB3B90C61} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-30] ()
    Task: {BD35D6D3-EE07-4C94-B3F7-A9F82BB717B8} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2015-12-10] (Lenovo)
    Task: {BE315389-B3AD-4637-8D35-7E9C69581098} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2015-12-10] (Lenovo)
    Task: {D825F0EB-CB27-4967-AD2E-EBE81B100449} - System32\Tasks\{711B8D82-3CE9-4E6A-8342-6FF6DA13C62B} => Chrome.exe
    ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545050A7E380_TA95123VJXX6VXJXX6VXX
    ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545050A7E380_TA95123VJXX6VXJXX6VXX




    ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545050A7E380_TA95123VJXX6VXJXX6VXX
    ShortcutWithArgument: C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545050A7E380_TA95123VJXX6VXJXX6VXX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.yoursites123.com/?type=sc&ts=1...HitachiXHTS545050A7E380_TA95123VJXX6VXJXX6VXX
    HKU\S-1-5-21-575989772-2829651132-2295270236-1000\...\MountPoints2: {db0013cd-9b9d-11e5-961f-28924a1e011c} - E:\setup.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS545050A7E380_TA95123VJXX6VXJXX6VXX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545050A7E380_TA95123VJXX6VXJXX6VXX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...HitachiXHTS545050A7E380_TA95123VJXX6VXJXX6VXX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545050A7E380_TA95123VJXX6VXJXX6VXX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-575989772-2829651132-2295270236-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKU\S-1-5-21-575989772-2829651132-2295270236-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
    HKU\S-1-5-21-575989772-2829651132-2295270236-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545050A7E380_TA95123VJXX6VXJXX6VXX&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545050A7E380_TA95123VJXX6VXJXX6VXX&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545050A7E380_TA95123VJXX6VXJXX6VXX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-575989772-2829651132-2295270236-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-575989772-2829651132-2295270236-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS545050A7E380_TA95123VJXX6VXJXX6VXX&q={searchTerms}
    BHO-x32: Bronze Aid -> {a5bfd1d3-18b6-4fc3-b3f9-262ae3552dbe} -> C:\Program Files (x86)\Bronze Aid\Extensions\a5bfd1d3-18b6-4fc3-b3f9-262ae3552dbe.dll => Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=...HitachiXHTS545050A7E380_TA95123VJXX6VXJXX6VXX
    FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2318qvt0.default\searchplugins\google-avast.xml [2016-04-08]
    FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2318qvt0.default\searchplugins\piesearch.xml [2016-04-07]
    FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2318qvt0.default\searchplugins\webssearches.xml [2016-04-08]
    FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2318qvt0.default\searchplugins\yoursites123.xml [2016-03-18]
    FF Extension: FirefixTab - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2318qvt0.default\Extensions\1451336888_xpi [2015-12-28] [Brak podpisu cyfrowego]
    FF Extension: Bronze Aid - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2318qvt0.default\Extensions\{f23f40a6-f385-4a12-8a31-75d2f6ea814c}.xpi [2015-12-09] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2318qvt0.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2318qvt0.default\extensions\yahooprotected@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2318qvt0.default\extensions\default_newtabff@gmail.com => nie znaleziono
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.so-v.com/?uid=af3d31f3-8f4b-4dbf-8cdf-3052626a5484
    OPR Extension: (Bronze Aid) - C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Extensions\dggglkdafimdaokflmhhmiepmpcdhdpj [2015-12-09]
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.so-v.com/?uid=af3d31f3-8f4b-4dbf-8cdf-3052626a5484
    S2 DeskTop_F; C:\ProgramData\desktopfind\desktop74.exe [236728 2016-03-16] (DeskTopService)
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
    S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
    S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
    S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
    S3 STHDA; system32\DRIVERS\stwrt64.sys [X]
    2016-04-08 19:04 - 2016-04-08 19:04 - 00002984 _____ C:\Windows\System32\Tasks\{711B8D82-3CE9-4E6A-8342-6FF6DA13C62B}
    2016-04-07 17:55 - 2016-04-07 17:55 - 00000000 ____D C:\ProgramData\desktopfind
    2016-03-19 23:01 - 2016-03-19 23:01 - 01026152 _____ (Nifalise ) C:\Users\HP\Downloads\Subtitle-Edit-14987-dp.exe
    2016-03-19 22:58 - 2016-04-06 05:07 - 00000000 ____D C:\Users\HP\AppData\Roaming\WinZiper
    2016-03-18 18:28 - 2016-04-08 19:27 - 00000000 ____D C:\ProgramData\JWdMJ
    2016-03-18 18:10 - 2016-03-18 18:29 - 00000072 _____ C:\Windows\SysWOW64\123.html
    2016-03-18 18:08 - 2016-04-08 19:27 - 00000000 ____D C:\Windows\SysWOW64\_tWm
    2016-03-14 16:57 - 2016-03-14 16:57 - 00000000 ____D C:\ProgramData\6WdM6
    2016-04-08 08:00 - 2015-12-09 17:00 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
    2016-03-31 18:24 - 2015-12-09 17:00 - 00003894 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449673210
    2016-03-19 22:58 - 2016-01-08 19:18 - 00000000 ____D C:\Users\HP\AppData\Roaming\eCyber
    2016-03-18 18:28 - 2016-01-08 14:08 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • CControls
  • #3 08 Kwi 2016 20:34
    danydany123
    Poziom 2  

    Bardzo serdecznie dziękuję za tak szybką pomoc. Wszystko działa :) Pozdrawiam !
    Chrome - o tym decyduje admini -

    0