Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wyskakujące reklamy - Klikam na dowolnej stronie otwiera inna.Przekierowanie.

rege2003 11 Kwi 2016 07:03 2619 35
  • #1 11 Kwi 2016 07:03
    rege2003
    Poziom 9  

    Witam od jakiegoś czasu mam problem z prawidłowym działaniem przeglądarki. Mianowicie po kliknięciu na dowolny temat na stronie zostaję przekierowany na inna. Program antywirusowy Bitdefender dodatkowo IOBit Malware w wersji Pro, w przeglądarkach zainstalowane AdBlocker i Adguard. System był skanowany AdwClener wykazał problemy które zostały usunięte ale problem występuje dalej. Proszę o sprawdzenie nie mam pomysłu co jest przyczyną, a jest to uciążliwe.

    0 29
  • CControls
  • #2 11 Kwi 2016 08:38
    Kolobos
    Spec od komputerów

    Masz zainfekowany router, ustawione dnsy z UK. Wykonaj: https://www.elektroda.pl/rtvforum/topic2874173.html resetowac nie musisz ale koniecznie zmien dnsy oraz zablokuj dostep do panelu routeraz internetu.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CreateRestorePoint:
    HKLM-x32\...\Run: [LManager] => [X]
    HKU\S-1-5-21-2476713390-2062844618-3098774764-1002\...\MountPoints2: {2d976281-f7c8-11e5-be7a-bc8556129cec} - "E:\LG_PC_Programs.exe"
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono
    CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nie znaleziono>
    2016-04-10 23:54 - 2016-04-10 23:54 - 00000000 ____D C:\Users\Adrian Łuszczyński\AppData\Local\Sparta
    2016-04-10 23:36 - 2016-04-10 23:37 - 03465280 _____ C:\Users\Adrian Łuszczyński\Downloads\adwcleaner_5.110 (1).exe
    2016-03-17 15:50 - 2016-03-11 21:28 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • CControls
  • #4 05 Lip 2016 06:12
    krzychupar
    Poziom 41  

    Otwórz notatnik i wklej:
    Task: {84C3C639-C9B5-4238-9245-A3596CF5F9E3} - System32\Tasks\Adrian ŁuszczyńskiUbiquitiesMidbodyV2 => Rundll32.exe GimpierRondos.dll,main 7 1 <==== UWAGA
    Task: {90C8AEA1-E8AF-4D6D-92B7-FED0AC569D50} - \AutoPico Daily Restart -> Brak pliku <==== UWAGA
    HKU\S-1-5-21-2476713390-2062844618-3098774764-1002\...\MountPoints2: {e16fff6e-2b6b-11e6-be91-b888e3a5ad8c} - "E:\AutoRun.exe"
    HKU\S-1-5-21-2476713390-2062844618-3098774764-1002\...\MountPoints2: {ecedfb6f-0600-11e6-be80-bc8556129cec} - "E:\setup.exe"
    HKU\S-1-5-21-2476713390-2062844618-3098774764-1002\...\MountPoints2: {ecee0c12-0600-11e6-be80-bc8556129cec} - "F:\autorun.exe"
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [Brak pliku]
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [Brak pliku]
    FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [Brak pliku]
    S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
    2016-07-02 00:20 - 2016-04-10 23:27 - 00000000 ____D C:\AdwCleaner
    C:\Windows\SysWOW64\MosResource.dll
    C:\Windows\SysWOW64\NmaDirect.dll
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #6 31 Lip 2016 17:53
    Kolobos
    Spec od komputerów

    W ktorej przegladarce?

    Jezeli Frst nie usunie przywracania w Chrome: searchinterneat-a.akamaihd.net to zrob to recznie w ustawieniach przegladarki.

    Odinstaluj: REACHit

    Fixlist.txt dla FRST:
    Task: {0D9D6065-E03B-46E0-9C9E-B1DF29BE8E41} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {16F02A47-DDE3-4E47-80FF-724BE5F70ADE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {1AC5517E-1E28-465A-98FD-BA1A38C27D2A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {41A0798B-8A51-4E19-9EEE-5EDA385397D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {53571FA1-5AEF-47ED-BD98-448DD316F1A3} - System32\Tasks\{ED7DE142-86C2-4DE7-9500-F9835ED4155D} => pcalua.exe -a "C:\Program Files (x86)\ALLPlayer Remote\unins000.exe"
    Task: {5B0F6406-F027-47DD-BDAE-EB74BDD45636} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {61AF0E67-1EAD-48BA-ACA6-EE24B77C1279} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
    Task: {6B5F2060-BEB0-4EAD-B705-2F7B9EC1560D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {7E4F3F05-27BB-4A59-B609-9CFEE288A2F2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {87314361-000B-4C3F-9CAE-C09FFECC1BB1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {91D80BFA-C86A-4564-A014-3059ED08E8E7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {93EA0C0F-C70D-42E3-99F7-13790873B4F5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {B5882799-807A-4036-81A0-30BACEADDE8D} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-02-22] (Lenovo)
    Task: {CD862328-244C-48FB-9882-FE30CAEA4F53} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {EEEE0FB8-328B-45ED-A5F8-A8EFD57925ED} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-02-22] (Lenovo)
    HKU\S-1-5-21-2458585426-2060847379-1595016137-1001\...\MountPoints2: {81b2bfb2-2ae9-11e4-824f-806e6f6e6963} - "E:\install.exe"
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartpageing.com/web/?type=ds&...oshibaxmq01abd050_43ics6gosxx43ics6gos&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartpageing.com/web/?type=ds&...oshibaxmq01abd050_43ics6gosxx43ics6gos&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope - brak wartości
    Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku
    FF DefaultSearchEngine: Default
    FF SelectedSearchEngine: Default
    FF user.js: detected! => C:\Users\bozena\AppData\Roaming\Mozilla\Firefox\Profiles\yo5vy9l4.default\user.js [2015-12-20]
    CHR HomePage: Default -> gazeta.allplayer.org/
    CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/hm?eq=U0EeCFZVBB8SRghHdFpbBAoSERhGJAsATA1CEQEOIgoJBxRDEQFFdV1cUQ9BGAEFIk0FA1oDB0VXfV5bFElXTwhtIU1RF1w4T1NM"
    2016-07-31 16:39 - 2016-07-31 16:39 - 27989848 _____ (Elex do Brasil Participações Ltda) C:\Users\bozena\Downloads\yet_another_cleaner_sk_0.exe
    2016-07-31 16:07 - 2016-07-31 16:12 - 00000000 ____D C:\AdwCleaner
    2015-11-26 22:57 - 2012-10-24 21:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall3435810.exe
    EmptyTemp:

    0
  • #7 31 Lip 2016 18:03
    rege2003
    Poziom 9  

    Mozilla jeśli chodzi o przeglądarkę

    0
  • #10 21 Sie 2016 22:41
    Kolobos
    Spec od komputerów

    Fixlist.txt dla FRST:
    CustomCLSID: HKU\S-1-5-21-1018918578-3536796073-3864925594-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1018918578-3536796073-3864925594-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1018918578-3536796073-3864925594-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1018918578-3536796073-3864925594-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1018918578-3536796073-3864925594-1002_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1018918578-3536796073-3864925594-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1018918578-3536796073-3864925594-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1018918578-3536796073-3864925594-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-1018918578-3536796073-3864925594-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\ASUS\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Brak pliku
    (© 2015 Microsoft Corporation) C:\Users\ASUS\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
    HKU\S-1-5-21-1018918578-3536796073-3864925594-1002\...\Run: [BingSvc] => C:\Users\ASUS\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-04-02] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-1018918578-3536796073-3864925594-1002\...\RunOnce: [ALLPlayer Remote Update] => C:\Users\ASUS\AppData\Local\Temp\ALLRemote.exe [2152872 2016-08-21] (ALLPlayer ) <===== UWAGA
    HKU\S-1-5-21-1018918578-3536796073-3864925594-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\ASUS\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-04-02] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-1018918578-3536796073-3864925594-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [ALLPlayer Remote Update] => C:\Users\ASUS\AppData\Local\Temp\ALLRemote.exe [2152872 2016-08-21] (ALLPlayer ) <===== UWAGA




    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-17]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\..\Interfaces\{8BE0DD87-9BA3-49FF-AF4D-E93B82F0706B}: [DhcpNameServer] 100.100.4.213
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    SearchScopes: HKU\S-1-5-21-1018918578-3536796073-3864925594-1002 -> {93C367C4-83A0-4143-8551-13F51E09D8BA} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    SearchScopes: HKU\S-1-5-21-1018918578-3536796073-3864925594-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {93C367C4-83A0-4143-8551-13F51E09D8BA} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono
    CHR Extension: (Favorite Urls) - C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdcgankmcijajdjfjhejpgagccdalnfp [2016-08-04]
    CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    OPR StartupUrls: "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bg_276_bl-is-20__alt__ddc_dsssyc_bd_com"
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
    2016-08-21 21:44 - 2016-08-21 21:44 - 00000000 ____D C:\Users\ASUS\Downloads\FRST-OlderVersion
    2016-08-17 19:58 - 2016-01-15 22:48 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-08-17 19:58 - 2016-01-15 21:58 - 00001982 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-08-09 22:42 - 2015-02-07 13:00 - 00000000 ____D C:\AdwCleaner
    2016-08-06 01:20 - 2015-04-09 22:45 - 00003890 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1428612349
    2015-02-07 21:43 - 2016-08-21 18:54 - 0000401 _____ () C:\Users\ASUS\AppData\Roaming\sp_data.sys
    EmptyTemp:



    Przy okazji, brakuje Ci sterownikow do:
    Name: USB-IF xHCI USB Host Controller
    Name: Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter

    0
  • #14 18 Wrz 2016 21:40
    rege2003
    Poziom 9  

    Witam po odwiedzinach kuzyna i syna na internecie i wgraniu gry z internetu mam problem więc proszę o sprawdzenie logów. AdwC...... wskazał 180 zagrożeń, ale i nadal występuje problem z przeglądarką co ustawie na Link inna powraca. Ikonki skrótów i programów straciły swój prawidłowy wygląd i dalej po czyszczeniu w/w programem nie odzyskały prawidłowego wyglądu.

    0
  • #15 19 Wrz 2016 00:43
    krzychupar
    Poziom 41  

    Otwórz notatnik systemowy i wklej:
    Task: {630195D4-527D-4B29-BF1E-5245CBDBBB30} - System32\Tasks\EastmyUpdateTaskMachineCore => C:\Program Files (x86)\Eastmy\Update\EastmyUpdate.exe <==== UWAGA
    Task: {8CC3C22D-7CC2-4E9E-A2C3-D757E051390B} - \Opera scheduled Autoupdate 1406225691 -> Brak pliku <==== UWAGA
    Task: {E901D4FF-3F39-40CF-A6DC-CDA156CDBB1B} - System32\Tasks\EastmyUpdateTaskMachineUA => C:\Program Files (x86)\Eastmy\Update\EastmyUpdate.exe <==== UWAGA
    HKU\S-1-5-21-3469140032-243118668-3182475947-1002\...\MountPoints2: {1c3a9b75-bda3-11e4-8283-5a2c80139263} - "F:\LGAutoRun.exe"
    HKU\S-1-5-21-3469140032-243118668-3182475947-1002\...\MountPoints2: {30f8d41b-dc8c-11e3-825e-6c71d9d4e3c4} - "F:\AutoRun.exe"
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll Brak pliku
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll Brak pliku
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nuesearch.com/?type=sc&ts=1474...&uid=ST750LM022XHN-M750MBB_S2Y7J9ADB22384
    FF Homepage: hxxp://www.nuesearch.com/?type=hp&ts=1468...&uid=ST750LM022XHN-M750MBB_S2Y7J9ADB22384
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [Brak pliku]
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [Brak pliku]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [Brak pliku]
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [Brak pliku]
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [Brak pliku]
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [Brak pliku]
    FF SearchPlugin: C:\Users\zosia\AppData\Roaming\Mozilla\Firefox\Profiles\ssc8bnrv.default-1445428960644\searchplugins\nuesearch.xml [2016-07-15]
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.nuesearch.com/?type=sc&ts=1470...&uid=ST750LM022XHN-M750MBB_S2Y7J9ADB22384
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.nuesearch.com/?type=sc&ts=1474...&uid=ST750LM022XHN-M750MBB_S2Y7J9ADB22384
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.nuesearch.com/?type=sc&ts=1473...&uid=ST750LM022XHN-M750MBB_S2Y7J9ADB22384
    U2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-04-22] (Elex do Brasil Participações Ltda)
    S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
    S2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [X]
    S2 ASUS FaceID Service; C:\Program Files\ASUS\ASUS FaceID\HWFaceKeyService.exe [X]
    S2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [X]
    S2 Asus WebStorage Windows Service; "C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe" [X]
    S2 AtherosSvc; "C:\Program Files (x86)\Bluetooth Suite\adminservice.exe" [X]
    S2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [X]
    S2 EastmyP; "C:\ProgramData\Eastmy\Eastmy.exe" [X]
    S2 EastmyU; "C:\Program Files (x86)\Eastmy\Update\EastmyUpdate.exe" [X]
    S2 GamesAppIntegrationService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe" [X]
    S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S2 Huawei E3272; "C:\ProgramData\MobileBrServ\mbbservice.exe" -service [X]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe" [X]
    S2 Intel(R) ME Service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe" [X]
    S2 InterHop; "C:\Program Files (x86)\InterHop\InterHop.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X]
    S3 iumsvc; "C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe" [X]
    S2 jhi_service; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [X]
    S2 LMS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [X]
    S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
    S2 nvUpdatusService; "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [X]
    S2 TeamViewer; "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [X]
    S2 W3PCC; C:\ProgramData\Sun\Java\extension.dll [X]
    S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [X]
    S2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [X]
    S1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [X]
    U0 msahci; system32\drivers\msahci.sys [X]
    S2 plctrl; \??\C:\Program Files\ASUS\P4G\plctrl.sys [X]
    2016-09-18 18:43 - 2016-09-18 18:50 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #17 13 Lis 2016 22:06
    krzychupar
    Poziom 41  

    Odinstaluj :
    IObit Malware Fighter

    Otwórz notatnik systemowy i wklej:
    Task: {3F01429B-2543-411F-96EF-C4FD15DE5CBE} - \WPD\SqmUpload_S-1-5-21-2476713390-2062844618-3098774764-1002 -> Brak pliku <==== UWAGA
    HKU\S-1-5-21-2476713390-2062844618-3098774764-1002\...\MountPoints2: {9b2dee65-6f0e-11e6-beae-bc8556129cec} - "E:\AutoRun.exe"
    GroupPolicy: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Adrian Łuszczyński\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll => Brak pliku
    CHR Plugin: (Shockwave Flash) - C:\Users\Adrian Łuszczyński\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll => Brak pliku
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #19 06 Gru 2016 20:36
    dorre_tb
    Poziom 10  

    To wszystko jest rozwiazanie tymczasowe. Naprawdę. Zagdzieżdzone obiekty ma ciężko i mbam odszukac, chociaz w Twoim przypadku mbam byłby pomocny + reset przeglądarki.

    0
  • #20 06 Gru 2016 20:46
    Kolobos
    Spec od komputerów

    Moze naucz domownikow jak sie korzysta z internetu? To chyba nie takie trudne, wystarczy uwazac co sie robi i nie instalowac szkodliwych programow, a jak sie nie umie to w ogole niczego nie instalowac i nie sciagac.

    Do tego masz wylaczone przywracanie systemu, w razie problemow nie bedziesz mogl przywrocic systemu.

    Odinstaluj:
    ByteFence Anti-Malware
    WorldofTanks

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Fixlist.txt dla FRST:
    Task: {253CCCE4-6897-4F18-9555-48F107FBA8BC} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== UWAGA
    Task: {EBFD6B68-130B-43E4-97AA-BA16250162DA} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-08-27] (Byte Technologies LLC) <==== UWAGA
    ShortcutWithArgument: C:\Users\Wioletta Łuszczyńska\Desktop\WorldofTanks.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=174&aff_id=1034 --app-window-size=1440,900
    ShortcutWithArgument: C:\Users\Wioletta Łuszczyńska\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=174&aff_id=1034 --app-window-size=1440,900
    ShortcutWithArgument: C:\Users\Wioletta Łuszczyńska\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://go.playmmogames.com/aff_c?offer_id=174&aff_id=1034 --app-window-size=1440,900
    2016-10-20 18:07 - 2016-10-20 18:07 - 00254280 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    2016-10-20 18:07 - 2016-10-20 18:07 - 00565064 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
    HKU\S-1-5-21-57606680-847276128-2046915113-1000\...\Run: [BingSvc] => C:\Users\Wioletta Łuszczyńska\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-28] (© 2015 Microsoft Corporation)
    CHR HKU\S-1-5-21-57606680-847276128-2046915113-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254280 2016-10-20] ()
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    U3 idsvc; Brak ImagePath
    2016-12-06 18:59 - 2016-10-20 15:56 - 00000000 ____D C:\Program Files\ByteFence
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Laczysz sie przez wifi czy przez kabel? Karta jest poprawnie zainstalowana i widzi siec? (wifi)

    0
  • #21 06 Gru 2016 22:39
    rege2003
    Poziom 9  

    Karta wifi jak i lan prawidłowo zainstalowana wykrywa sieć ale nie można się połączyć. inne komputery czy telefony normalnie mają połączenie a dell nie. Zona mówiła ze jakieś aktualizacje się wczytały i od tego może ?

    0
  • Pomocny post
    #22 06 Gru 2016 22:45
    Kolobos
    Spec od komputerów

    > wykrywa sieć ale nie można się połączyć

    Przez kabel tez nie dziala?

    > Zona mówiła ze jakieś aktualizacje się wczytały i od tego może ?

    Wszystko jest mozliwe.

    Czy po wykonaniu tego co podalem cos sie zmienilo?

    0
  • #23 06 Gru 2016 23:10
    rege2003
    Poziom 9  

    Pokasowałem co miałem AdwClener znalazł 15 zagrożeń i po ich usunięciu już była poprawa zastosowałem skrypt do FRST i włączyłem skanowanie w Avast Premiere. Żonie mówiłem wielokrotnie nie klikać na głupoty w necie ale..FaceBook RULES ... :) Dzięki za Pomoc

    0
  • #25 31 Sty 2017 16:08
    Kolobos
    Spec od komputerów

    W logach nie widac nic ciekawego, watpie zeby to mialo zwiazek z tym dzialem.

    Uzyj https://technet.microsoft.com/pl-pl/sysinternals/processexplorer i podaj co uruchomilo to okno.

    Fixlist.txt dla FRST:
    Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1473328436.job => C:\Documents and Settings\Paczków\Ustawienia lokalne\Dane aplikacji\Programs\Opera\launcher.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-2025429265-448539723-725345543-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    S3 catchme; \??\C:\DOCUME~1\Adrian\USTAWI~1\Temp\catchme.sys [X]
    2017-01-31 15:53 - 2016-04-07 06:59 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    0
  • #27 19 Maj 2017 14:01
    Kolobos
    Spec od komputerów

    Odinstaluj SafeFinder

    Zgraj zakladki z Chrome, w ustawieniach przegladarki usun profil ChromeDefaultData2.

    Wykonaj Fixlist.txt dla FRST:
    Online Application (x32 Version: 2.6.0 - Microleaves) Hidden <==== UWAGA

    Po wykonaniu odinstaluj:
    Online Application

    Wykonaj kolejny Fixlist.txt:
    CloseProcesses:
    Task: {137586EF-EEB7-40FA-894F-F9A323C1E7AE} - System32\Tasks\{19C991B2-F044-42ED-8ED6-48684313E616} => pcalua.exe -a "C:\Program Files (x86)\PubHotspot\uninstaller.exe"
    Task: {17435D8D-1501-416D-90B6-ECB8666B9994} - System32\Tasks\Zijose Configuration => C:\Program Files (x86)\Choweryvihidom\dalut.exe
    Task: {2F36B536-F901-4357-9529-2870BF32E8C9} - System32\Tasks\Opera scheduled suite Autoupdate 1495011764 => C:\Users\Agnieszka\AppData\Local\Programs\Opera\launcher.exe
    Task: {2F370F50-B934-492C-8565-BAAB91D622C5} - System32\Tasks\{DC88DF15-ABBF-4AE9-A020-35169CC1135E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Zentrax\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Zentrax\uninstall.dat" -a uninstallme F651CCF2-F046-4CB7-A661-C3E8741D3787 DeviceId=8012df8f-cd00-f95d-76d6-602d5f3b990e BarcodeId=51557003 ChannelId=3 DistributerName=APSFWemonetize
    Task: {4E8ED665-60C6-495B-8AB2-D5836CB5A3EF} - System32\Tasks\Texas PZ-Recorder for Windows => Rundll32.exe "C:\Program Files\Texas PZ-Recorder for Windows\Texas PZ-Recorder for Windows.dll",oeADqhxLjH
    Task: {5B21C336-8312-419E-BD1F-0EFDAC35CFF8} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\VideoMemoryDiagnostic => C:\\ProgramData\\VideoMemoryDiagnostic\\vmdiag.exe
    Task: {8308453E-8232-44AA-BDF2-D2EA7614B360} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-18] () <==== UWAGA
    Task: {8B0BFB06-5589-45F9-9AFD-C6CFD8E167C4} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== UWAGA
    Task: {95E9D269-E280-493B-97B5-F85F283A469D} - System32\Tasks\Microsoft\Windows\DeviceSettings\Canikcoeqot => msiexec.exe /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/oc...250S_GEK230T2ACPY6BACPY6BX&amp;d=20170514 /q <==== UWAGA
    Task: {F6DBD77A-0404-4DD6-A13E-0E190AB884D8} - System32\Tasks\Opera scheduled Autoupdate 1495011752 => C:\Users\Agnieszka\AppData\Local\Programs\Opera\launcher.exe
    Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Agnieszka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...lStorXTechnologyXJ9250S_GEK230T2ACPY6BACPY6BX
    2017-05-14 03:22 - 2017-05-14 03:22 - 00311296 _____ () C:\Program Files (x86)\Zijose Configuration\local64spl.dll
    2017-05-14 03:46 - 2015-06-01 13:40 - 02488320 _____ () C:\Program Files\Texas PZ-Recorder for Windows\Texas PZ-Recorder for Windows.dll
    2017-05-14 03:48 - 2017-05-15 14:37 - 03780096 _____ () C:\ProgramData\Logic Cramble\set.exe
    2017-05-15 21:37 - 2017-05-18 10:25 - 00335360 _____ () C:\Windows\TEMP\gE1F6.tmp.exe
    2017-05-15 21:37 - 2017-05-18 10:25 - 00477184 _____ () C:\Windows\TEMP\gE1F7.tmp.exe
    2017-05-14 05:01 - 2017-05-18 10:25 - 09435136 _____ () C:\Windows\TEMP\gC086.tmp.exe
    Hosts:
    () C:\ProgramData\Logic Cramble\set.exe
    () C:\Windows\Temp\gE1F6.tmp.exe
    () C:\Windows\Temp\gE1F7.tmp.exe
    () C:\Windows\Temp\gC086.tmp.exe
    HKLM\...\RunOnce: [PC] => C:\Windows\TEMP\gE1F6.tmp.exe [335360 2017-05-18] () <===== UWAGA
    HKU\S-1-5-21-461839220-4071251808-1523227092-1000\...\MountPoints2: L - L:\Autorun.exe
    HKLM\...\Providers\x24vd3gc: C:\Program Files (x86)\Zijose Configuration\local64spl.dll [311296 2017-05-14] ()
    AppInit_DLLs: C:\ProgramData\Voyasollam\Groovetone.dll => C:\ProgramData\Voyasollam\Groovetone.dll [343552 2017-05-14] ()
    IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
    IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
    ShellExecuteHooks: Brak nazwy - {86A00FA6-3384-11E7-BB01-64006A5CFC23} - C:\Users\Agnieszka\AppData\Roaming\Bumudom\Ghkerty.dll -> Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...lStorXTechnologyXJ9250S_GEK230T2ACPY6BACPY6BX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...lStorXTechnologyXJ9250S_GEK230T2ACPY6BACPY6BX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...echnologyXJ9250S_GEK230T2ACPY6BACPY6BX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...echnologyXJ9250S_GEK230T2ACPY6BACPY6BX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...lStorXTechnologyXJ9250S_GEK230T2ACPY6BACPY6BX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...lStorXTechnologyXJ9250S_GEK230T2ACPY6BACPY6BX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...echnologyXJ9250S_GEK230T2ACPY6BACPY6BX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...echnologyXJ9250S_GEK230T2ACPY6BACPY6BX&q={searchTerms}
    HKU\S-1-5-21-461839220-4071251808-1523227092-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...dk1FMzdxBjpf5mDE5s1aMPb-y2cBJBV36hIC0,&q={searchTerms}
    HKU\S-1-5-21-461839220-4071251808-1523227092-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...lStorXTechnologyXJ9250S_GEK230T2ACPY6BACPY6BX
    HKU\S-1-5-21-461839220-4071251808-1523227092-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...echnologyXJ9250S_GEK230T2ACPY6BACPY6BX&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...echnologyXJ9250S_GEK230T2ACPY6BACPY6BX&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...echnologyXJ9250S_GEK230T2ACPY6BACPY6BX&q={searchTerms}
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...dk1FMzdxBjpf5mDE5s1aMPb-y2cBJBV36hIC0,&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...echnologyXJ9250S_GEK230T2ACPY6BACPY6BX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-461839220-4071251808-1523227092-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...echnologyXJ9250S_GEK230T2ACPY6BACPY6BX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-461839220-4071251808-1523227092-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...dk1FMzdxBjpf5mDE5s1aMPb-y2cBJBV36hIC0,&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=...lStorXTechnologyXJ9250S_GEK230T2ACPY6BACPY6BX
    C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2
    CHR Profile: C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-05-18] <==== UWAGA
    CHR Extension: (Browser Hunt) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2017-05-14]
    CHR Extension: (Browser Hunt) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2017-05-15]
    CHR Extension: (Browser Hunt) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2017-05-15]
    CHR Extension: (Browser Hunt) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2017-05-18]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2017-05-15] () [Brak podpisu cyfrowego]
    R2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-18] (BIT) [Brak podpisu cyfrowego] <==== UWAGA
    R2 CSHMDR; C:\Users\Agnieszka\AppData\Local\CSHMDR\Snare.dll [832000 2017-05-18] (IntertSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    R2 CWASRE; C:\Users\Agnieszka\AppData\Local\CWASRE\Snare.dll [828416 2017-05-17] (IntertSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    R2 WinSAPSvc; C:\Users\Agnieszka\AppData\Roaming\WinSAPSvc\WinSAP.dll [1873920 2017-05-18] (TODO: <公司名>) [Brak podpisu cyfrowego] <==== UWAGA
    S2 tw3389823; C:\ProgramData\tw3389823.exe [X]
    2017-05-18 04:24 - 2017-05-18 04:24 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\CSHMDR
    2017-05-18 04:21 - 2017-05-18 04:21 - 00000000 ____D C:\Reimward
    2017-05-16 02:48 - 2017-05-16 02:48 - 00000000 ____D C:\Program Files\x24vd3gc
    2017-05-15 11:40 - 2017-05-15 11:40 - 00003092 _____ C:\Windows\System32\Tasks\{19C991B2-F044-42ED-8ED6-48684313E616}
    2017-05-15 11:37 - 2017-05-15 11:37 - 00003570 _____ C:\Windows\System32\Tasks\{DC88DF15-ABBF-4AE9-A020-35169CC1135E}
    2017-05-15 10:43 - 2017-05-18 09:56 - 00000564 _____ C:\Users\Agnieszka\AppData\Roaming\Microsoft\Windows\Start Menu\Free Porn Videos -- Qorno.website
    2017-05-15 03:46 - 2017-05-15 03:46 - 00000000 _____ C:\Windows\SysWOW64\1
    2017-05-15 03:02 - 2017-05-18 04:24 - 00003620 _____ C:\Windows\System32\Tasks\Milimili
    2017-05-15 03:02 - 2017-05-15 03:02 - 00000000 ____D C:\ProgramData\BIT
    2017-05-15 03:01 - 2017-05-18 04:24 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\WinSAPSvc
    2017-05-15 03:01 - 2017-05-16 02:52 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\CWASRE
    2017-05-15 03:01 - 2017-05-15 03:02 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-05-15 03:00 - 2017-05-18 04:23 - 00000000 ____D C:\Program Files\MK
    2017-05-15 03:00 - 2017-05-15 03:00 - 00000000 ____D C:\Terward
    2017-05-14 05:16 - 2017-05-14 06:46 - 00000000 ____D C:\Program Files\NWT4YHQLQ6
    2017-05-14 05:16 - 2017-05-14 05:59 - 00000000 ____D C:\Program Files\FMM4JQIU4N
    2017-05-14 05:16 - 2017-05-14 05:16 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\204917
    2017-05-14 05:15 - 2017-05-14 05:16 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\265380
    2017-05-14 05:14 - 2017-05-14 05:59 - 00000000 ____D C:\Program Files\M616GCXE5T
    2017-05-14 05:14 - 2017-05-14 05:15 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\868434
    2017-05-14 05:12 - 2017-05-14 05:13 - 00000132 _____ C:\ProgramData\log.binb
    2017-05-14 05:02 - 2017-05-14 05:02 - 00000000 ____D C:\b8cc82792686ad140e
    2017-05-14 04:47 - 2017-05-14 05:59 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\MLAV
    2017-05-14 04:25 - 2017-05-18 10:24 - 00000000 ____D C:\Program Files (x86)\Verneleeuse
    2017-05-14 04:18 - 2017-05-18 08:54 - 00000000 ____D C:\Program Files\O5QWTLAB8I
    2017-05-14 04:18 - 2017-05-14 05:06 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\760452
    2017-05-14 04:18 - 2017-05-14 05:06 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\580086
    2017-05-14 04:18 - 2017-05-14 05:06 - 00000000 ____D C:\Program Files\V1BV333OJE
    2017-05-14 03:56 - 2017-05-14 03:56 - 00000000 ____D C:\ProgramData\6cd6afb5-6d65-0
    2017-05-14 03:55 - 2017-05-18 10:13 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
    2017-05-14 03:55 - 2017-05-14 03:55 - 00000000 ____D C:\ProgramData\6cd6afb5-1117-1
    2017-05-14 03:54 - 2017-05-14 04:02 - 00000000 ____D C:\Program Files (x86)\SystemHealer
    2017-05-14 03:54 - 2017-05-14 03:54 - 00000000 ____D C:\ProgramData\Microleaves
    2017-05-14 03:54 - 2017-05-14 03:54 - 00000000 ____D C:\ProgramData\a22131c1-5d25-1
    2017-05-14 03:54 - 2017-05-14 03:54 - 00000000 ____D C:\ProgramData\a22131c1-0a23-0
    2017-05-14 03:52 - 2017-05-18 09:21 - 00000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
    2017-05-14 03:52 - 2017-05-14 05:19 - 00003206 _____ C:\Windows\System32\Tasks\Updater_Online_Application
    2017-05-14 03:52 - 2017-05-14 03:52 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-05-14 03:51 - 2017-05-14 03:51 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\Microleaves
    2017-05-14 03:51 - 2017-05-14 03:51 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\AdvinstAnalytics
    2017-05-14 03:49 - 2017-05-14 03:51 - 00015606 _____ C:\Windows\SysWOW64\findit.xml
    2017-05-14 03:49 - 2017-05-14 03:50 - 00000000 ____D C:\ProgramData\Voyasollams
    2017-05-14 03:48 - 2017-05-14 05:20 - 00000000 ____D C:\ProgramData\Voyasollam
    2017-05-14 03:48 - 2017-05-14 05:06 - 00000000 ____D C:\ProgramData\PrefsSecure
    2017-05-14 03:48 - 2017-05-14 03:50 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\Rebecultwkers
    2017-05-14 03:48 - 2017-05-14 03:48 - 07290368 _____ C:\Users\Agnieszka\AppData\Local\agent.dat
    2017-05-14 03:48 - 2017-05-14 03:48 - 01895968 _____ C:\Users\Agnieszka\AppData\Local\Hot-Home.tst
    2017-05-14 03:48 - 2017-05-14 03:48 - 01895382 _____ C:\Users\Agnieszka\AppData\Local\NimHold.bin
    2017-05-14 03:48 - 2017-05-14 03:48 - 00278509 _____ C:\Users\Agnieszka\AppData\Local\Gold-La.bin
    2017-05-14 03:48 - 2017-05-14 03:48 - 00126464 _____ C:\Users\Agnieszka\AppData\Local\noah.dat
    2017-05-14 03:48 - 2017-05-14 03:48 - 00070800 _____ C:\Users\Agnieszka\AppData\Local\Config.xml
    2017-05-14 03:48 - 2017-05-14 03:48 - 00018432 _____ C:\Users\Agnieszka\AppData\Local\Main.dat
    2017-05-14 03:48 - 2017-05-14 03:48 - 00005568 _____ C:\Users\Agnieszka\AppData\Local\md.xml
    2017-05-14 03:48 - 2017-05-14 03:48 - 00000000 ____D C:\ProgramData\Logic Cramble
    2017-05-14 03:48 - 2017-05-14 03:47 - 02053120 _____ (TODO: <Company name>) C:\Users\Agnieszka\AppData\Local\Hot-Home.exe
    2017-05-14 03:47 - 2017-05-18 10:20 - 00000000 ____D C:\Program Files (x86)\PubHotspot
    2017-05-14 03:47 - 2017-05-14 05:06 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\553836
    2017-05-14 03:47 - 2017-05-14 05:06 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\513434
    2017-05-14 03:47 - 2017-05-14 05:06 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\249070
    2017-05-14 03:47 - 2017-05-14 05:06 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\221984
    2017-05-14 03:47 - 2017-05-14 05:06 - 00000000 ____D C:\Program Files\X7NK4563AX
    2017-05-14 03:47 - 2017-05-14 05:06 - 00000000 ____D C:\Program Files\SYQMHUF73E
    2017-05-14 03:47 - 2017-05-14 05:06 - 00000000 ____D C:\Program Files\A3J4B7YWLR
    2017-05-14 03:47 - 2017-05-14 03:48 - 00016176 _____ C:\Users\Agnieszka\AppData\Local\InstallationConfiguration.xml
    2017-05-14 03:47 - 2017-05-14 03:47 - 00140800 _____ C:\Users\Agnieszka\AppData\Local\installer.dat
    2017-05-14 03:46 - 2017-05-18 10:39 - 00016776 _____ C:\Windows\System32\Tasks\Texas PZ-Recorder for Windows
    2017-05-14 03:46 - 2017-05-14 05:06 - 00000000 ____D C:\Program Files\HMUNSKHLMI
    2017-05-14 03:46 - 2017-05-14 05:06 - 00000000 ____D C:\Program Files\HJGMQ1JHR1
    2017-05-14 03:45 - 2017-05-14 07:25 - 00000000 ____D C:\ProgramData\VideoMemoryDiagnostic
    2017-05-14 03:45 - 2017-05-14 05:12 - 00001664 _____ C:\ProgramData\log.ewbt
    2017-05-14 03:45 - 2017-05-14 05:12 - 00000128 _____ C:\ProgramData\log.ewbb
    2017-05-14 03:22 - 2017-05-18 10:24 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\Bumudom
    2017-05-14 03:22 - 2017-05-14 03:22 - 00006082 _____ C:\Windows\System32\Tasks\Zijose Configuration
    2017-05-14 03:22 - 2017-05-14 03:22 - 00000000 ____D C:\Program Files (x86)\Zijose Configuration
    2017-05-14 03:21 - 2017-05-14 04:23 - 00000000 ____D C:\Program Files (x86)\Choweryvihidom
    2017-05-14 03:21 - 2017-05-14 03:23 - 00000000 ____D C:\Users\Agnieszka\AppData\Local\Plowurynluk
    2017-05-14 03:21 - 2017-05-14 03:21 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\BrowserModule
    2017-05-14 03:20 - 2017-05-14 03:21 - 00000000 ____D C:\Users\Agnieszka\AppData\Roaming\HamsterSoft
    2017-05-14 03:20 - 2017-05-14 03:20 - 00000000 ____D C:\Program Files (x86)\Hamster Soft
    2017-05-14 03:48 - 2017-05-14 03:48 - 7290368 _____ () C:\Users\Agnieszka\AppData\Local\agent.dat
    2017-05-14 03:48 - 2017-05-14 03:48 - 0070800 _____ () C:\Users\Agnieszka\AppData\Local\Config.xml
    2017-05-14 03:48 - 2017-05-14 03:48 - 0278509 _____ () C:\Users\Agnieszka\AppData\Local\Gold-La.bin
    2017-05-14 03:48 - 2017-05-14 03:47 - 2053120 _____ (TODO: <Company name>) C:\Users\Agnieszka\AppData\Local\Hot-Home.exe
    2017-05-14 03:48 - 2017-05-14 03:48 - 1895968 _____ () C:\Users\Agnieszka\AppData\Local\Hot-Home.tst
    2017-05-14 03:47 - 2017-05-14 03:48 - 0016176 _____ () C:\Users\Agnieszka\AppData\Local\InstallationConfiguration.xml
    2017-05-14 03:47 - 2017-05-14 03:47 - 0140800 _____ () C:\Users\Agnieszka\AppData\Local\installer.dat
    2017-05-14 03:48 - 2017-05-14 03:48 - 0018432 _____ () C:\Users\Agnieszka\AppData\Local\Main.dat
    2017-05-14 03:48 - 2017-05-14 03:48 - 0005568 _____ () C:\Users\Agnieszka\AppData\Local\md.xml
    2017-05-14 03:48 - 2017-05-14 03:48 - 1895382 _____ () C:\Users\Agnieszka\AppData\Local\NimHold.bin
    2017-05-14 03:48 - 2017-05-14 03:48 - 0126464 _____ () C:\Users\Agnieszka\AppData\Local\noah.dat
    2017-05-14 03:49 - 2017-05-14 03:49 - 0032038 _____ () C:\Users\Agnieszka\AppData\Local\uninstall_temp.ico
    2017-05-14 05:12 - 2017-05-14 05:13 - 0000132 _____ () C:\ProgramData\log.binb
    2017-05-14 03:45 - 2017-05-14 05:12 - 0000128 _____ () C:\ProgramData\log.ewbb
    2017-05-14 03:45 - 2017-05-14 05:12 - 0001664 _____ () C:\ProgramData\log.ewbt
    EmptyTemp:


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #29 21 Mar 2018 08:02
    Kolobos
    Spec od komputerów

    Wylacz dodatki w Chrome i sprawdz czy zacznie dzialac, jezeli nie to wylacz lub odinstaluj antywirus i sprawdz ponownie.

    0
  • #30 22 Mar 2018 09:54
    rege2003
    Poziom 9  

    Pokasowałem i dalej po otwarciu nowej strony w nowym oknie z np. z portalu o2 pokazuje się biała strona po odświeżeniu dalej nic.

    0