Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

zmieniona wyszkiwarka + logi FRST

CamerDisco 09 Cze 2016 00:00 486 3
  • #2 09 Cze 2016 08:35
    Domino_2
    Pomocny dla użytkowników

    Cytat:

    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    () C:\ProgramData\Holdtam\Holdtam.exe
    AppInit_DLLs: C:\ProgramData\Holdtam\Vaiaex.dll => C:\ProgramData\Holdtam\Vaiaex.dll [363008 2016-06-04] ()
    AppInit_DLLs-x32: C:\ProgramData\Holdtam\In-Flex.dll => C:\ProgramData\Holdtam\In-Flex.dll [257536 2016-06-04] ()
    AutoConfigURL: [S-1-5-21-1226943040-1412469416-1247686408-1001] => hxxp://unstops.biz/wpad.dat?97cffe6b45bd19c4171645d63d34095911001542
    ManualProxies: 0hxxp://unstops.biz/wpad.dat?97cffe6b45bd19c4171645d63d34095911001542
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...Pax1yLuMmxW_0spwykWFEEKEMKbBNdXRV_mz_GRA3dg,,,,
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}




    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1226943040-1412469416-1247686408-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1226943040-1412469416-1247686408-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    FF NewTab: C:\\ProgramData\\Holdtams\\ff.NT
    FF Homepage: C:\\ProgramData\\Holdtams\\ff.HP
    FF HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => nie znaleziono
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <nie znaleziono>
    R2 Holdtam; C:\ProgramData\\Holdtam\\Holdtam.exe [792064 2016-06-04] () [Brak podpisu cyfrowego]
    2016-06-04 20:24 - 2016-06-04 21:21 - 00000000 ____D C:\AdwCleaner
    2016-06-04 20:19 - 2016-06-08 22:47 - 00000000 ____D C:\ProgramData\Holdtam
    2016-06-04 20:19 - 2016-06-04 20:19 - 00000000 ____D C:\ProgramData\Holdtams
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    0
  • #3 09 Cze 2016 08:39
    krzychupar
    Poziom 40  

    Otwórz notatnik i wklej:

    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    Hosts:
    AutoConfigURL: [S-1-5-21-1226943040-1412469416-1247686408-1001] => hxxp://unstops.biz/wpad.dat?97cffe6b45bd19c4171645d63d34095911001542
    ManualProxies: 0hxxp://unstops.biz/wpad.dat?97cffe6b45bd19c4171645d63d34095911001542
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...Pax1yLuMmxW_0spwykWFEEKEMKbBNdXRV_mz_GRA3dg,,,,
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1226943040-1412469416-1247686408-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1226943040-1412469416-1247686408-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...KMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    FF HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => nie znaleziono
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <nie znaleziono>
    2016-06-04 20:24 - 2016-06-04 21:21 - 00000000 ____D C:\AdwCleaner
    2016-06-04 20:19 - 2016-06-04 20:19 - 06859776 _____ C:\Users\Gnój\AppData\Roaming\agent.dat
    2016-06-04 20:19 - 2016-06-04 20:19 - 02279413 _____ C:\Users\Gnój\AppData\Roaming\Aning.bin
    2016-06-04 20:19 - 2016-06-04 20:19 - 01756999 _____ C:\Users\Gnój\AppData\Roaming\NewLottough.tst
    2016-06-04 20:19 - 2016-06-04 20:19 - 00126464 _____ C:\Users\Gnój\AppData\Roaming\noah.dat
    2016-06-04 20:19 - 2016-06-04 20:19 - 00067776 _____ C:\Users\Gnój\AppData\Roaming\Config.xml
    2016-06-04 20:19 - 2016-06-04 20:19 - 00018432 _____ C:\Users\Gnój\AppData\Roaming\Main.dat
    2016-06-04 20:19 - 2016-06-04 20:19 - 00000000 ____D C:\ProgramData\Holdtams
    2016-05-09 16:16 - 2016-05-31 22:28 - 00000000 ____D C:\4fun
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #4 09 Cze 2016 08:45
    Acorus 20
    Spec od komputerów

    Odinstaluj GeekBuddy. Otwórz notatnik systemowy i wklej:

    Cytat:
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
    Hosts:
    AppInit_DLLs: C:\ProgramData\Holdtam\Vaiaex.dll => C:\ProgramData\Holdtam\Vaiaex.dll [363008 2016-06-04] ()
    AutoConfigURL: [S-1-5-21-1226943040-1412469416-1247686408-1001] => hxxp://unstops.biz/wpad.dat?97cffe6b45bd19c4171645d63d34095911001542
    ManualProxies: 0hxxp://unstops.biz/wpad.dat?97cffe6b45bd19c4171645d63d34095911001542
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...85NvKMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...Pax1yLuMmxW_0spwykWFEEKEMKbBNdXRV_mz_GRA3dg,,,,
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...85NvKMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    HKU\S-1-5-21-1226943040-1412469416-1247686408-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...85NvKMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...85NvKMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1226943040-1412469416-1247686408-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...85NvKMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1226943040-1412469416-1247686408-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...85NvKMHbje1-GHdmQBUsDyzuQmXO8v7doq-FJmQQ,,&q={searchTerms}
    FF NewTab: C:\\ProgramData\\Holdtams\\ff.NT
    FF Homepage: C:\\ProgramData\\Holdtams\\ff.HP
    R2 Holdtam; C:\ProgramData\\Holdtam\\Holdtam.exe [792064 2016-06-04] () [Brak podpisu cyfrowego]
    2016-06-08 22:46 - 2016-06-08 22:46 - 00002397 _____ C:\WINDOWS\SysWOW64\findit.xml
    2016-06-04 20:24 - 2016-06-04 21:21 - 00000000 ____D C:\AdwCleaner
    2016-06-04 20:19 - 2016-06-08 22:47 - 00000000 ____D C:\ProgramData\Holdtam
    2016-06-04 20:19 - 2016-06-04 20:19 - 06859776 _____ C:\Users\Gnój\AppData\Roaming\agent.dat
    2016-06-04 20:19 - 2016-06-04 20:19 - 02279413 _____ C:\Users\Gnój\AppData\Roaming\Aning.bin
    2016-06-04 20:19 - 2016-06-04 20:19 - 01756999 _____ C:\Users\Gnój\AppData\Roaming\NewLottough.tst
    2016-06-04 20:19 - 2016-06-04 20:19 - 00126464 _____ C:\Users\Gnój\AppData\Roaming\noah.dat
    2016-06-04 20:19 - 2016-06-04 20:19 - 00067776 _____ C:\Users\Gnój\AppData\Roaming\Config.xml
    2016-06-04 20:19 - 2016-06-04 20:19 - 00018432 _____ C:\Users\Gnój\AppData\Roaming\Main.dat
    2016-06-04 20:19 - 2016-06-04 20:19 - 00000000 ____D C:\ProgramData\Holdtams
    2016-06-04 20:19 - 2016-06-04 20:17 - 00792064 _____ C:\Users\Gnój\AppData\Roaming\NewLottough.exe
    2016-06-04 20:18 - 2016-06-04 20:19 - 00005568 _____ C:\Users\Gnój\AppData\Roaming\md.xml
    2016-06-04 20:18 - 2016-06-04 20:18 - 00126464 _____ C:\Users\Gnój\AppData\Roaming\lobby.dat
    2016-06-04 20:18 - 2016-06-04 20:18 - 00072820 _____ C:\Users\Gnój\AppData\Roaming\Overzap.tst
    2016-06-04 20:18 - 2016-06-04 20:18 - 00054272 _____ C:\Users\Gnój\AppData\Roaming\ApplicationHosting.dat
    2016-06-04 20:18 - 2016-06-04 20:17 - 00792064 _____ C:\Users\Gnój\AppData\Roaming\Overzap.exe
    2016-06-04 20:17 - 2016-06-04 20:17 - 00128512 _____ C:\Users\Gnój\AppData\Roaming\Installer.dat
    2016-06-04 20:17 - 2016-06-04 20:17 - 00018240 _____ C:\Users\Gnój\AppData\Roaming\InstallationConfiguration.xml
    2016-06-04 20:19 - 2016-06-04 20:19 - 6859776 _____ () C:\Users\Gnój\AppData\Roaming\agent.dat
    2016-06-04 20:19 - 2016-06-04 20:19 - 2279413 _____ () C:\Users\Gnój\AppData\Roaming\Aning.bin
    2016-06-04 20:18 - 2016-06-04 20:18 - 0054272 _____ () C:\Users\Gnój\AppData\Roaming\ApplicationHosting.dat
    2016-06-04 20:19 - 2016-06-04 20:19 - 0067776 _____ () C:\Users\Gnój\AppData\Roaming\Config.xml
    2016-06-04 20:17 - 2016-06-04 20:17 - 0018240 _____ () C:\Users\Gnój\AppData\Roaming\InstallationConfiguration.xml
    2016-06-04 20:17 - 2016-06-04 20:17 - 0128512 _____ () C:\Users\Gnój\AppData\Roaming\Installer.dat
    2016-06-04 20:18 - 2016-06-04 20:18 - 0126464 _____ () C:\Users\Gnój\AppData\Roaming\lobby.dat
    2016-06-04 20:19 - 2016-06-04 20:19 - 0018432 _____ () C:\Users\Gnój\AppData\Roaming\Main.dat
    2016-06-04 20:18 - 2016-06-04 20:19 - 0005568 _____ () C:\Users\Gnój\AppData\Roaming\md.xml
    2016-06-04 20:19 - 2016-06-04 20:19 - 1756999 _____ () C:\Users\Gnój\AppData\Roaming\NewLottough.tst
    2016-06-04 20:19 - 2016-06-04 20:19 - 0126464 _____ () C:\Users\Gnój\AppData\Roaming\noah.dat
    2016-06-04 20:18 - 2016-06-04 20:18 - 0072820 _____ () C:\Users\Gnój\AppData\Roaming\Overzap.tst
    RemoveProxy:
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

    0