Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Advanced Search
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Podczas grania albo oglądania filmów, minimalizuje się gra/p

Randall_ 22 Jun 2016 14:27 741 6
Texa Poland
Lock | New topic
  • #1
    Randall_
    Level 12  
    Podpinam się pod temat, mam dokładnie tak samo, też co jakieś 10min, minimalizuje się gra/program, dodatkowo co jakieś 6min samoczynnie odpala się Mozilla ze stroną na której są same reklamy. I też podczas grania w gry mam wszystko wyłączone, tylko 8 procesów jest odpalonych w menedżerze zadań, podaję logi z FRST. Proszę o pomoc.
    Attachments:
    Odkryj oryginał, zgarnij złączkę WAGO i zawalcz o nagrody!
  • Texa Poland
  • Helpful post
    #2
    Kolobos
    IT specialist
    Odinstaluj: Update for PriceFountain

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Fixlist.txt dla FRST:
    Task: {3CB9E6CB-39AC-451D-9BCB-05594FC8A9D6} - System32\Tasks\{F238FF79-6411-431B-ADC5-EF808AC99580} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.0.106/pl/abandoninstall?source=lightinstaller&page=tsPlugin
    Task: {AA5B91B2-33B0-4D85-84CA-FA589963677D} - System32\Tasks\{E659E4E3-935C-4AF0-9A5F-5AB7DE51521F} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.18.0.106&LastError=404
    Task: {CD8210D4-A753-4387-BA59-69B112953FF7} - System32\Tasks\RandallDepositorsGarottingV2 => Rundll32.exe SeafoodCotters.dll,main 7 1 <==== UWAGA
    Task: {DDDAF089-F88A-48EC-A1D2-6FC0F11B36A9} - System32\Tasks\{60ED02E0-D67B-4317-8E0B-9A02D6BFE384} => pcalua.exe -a C:\Users\Randall\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=cor
    Task: {F87A95D1-CF54-47D9-A88C-AB1BA2E5489E} - System32\Tasks\Price Fountain => C:\Users\Randall\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2016-02-17] () <==== UWAGA
    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Randall\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    ShortcutWithArgument: C:\Users\Randall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336
    ShortcutWithArgument: C:\Users\Randall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336
    ShortcutWithArgument: C:\Users\Randall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336
    ShortcutWithArgument: C:\Users\Randall\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->
    ShortcutWithArgument: C:\Users\Randall\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.google.pl
    ShortcutWithArgument: C:\Users\Randall\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.google.pl
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\rff42i15r14e33f26o83x.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336
    HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\Windows\SysWOW64\Codecs\CodecUACManager.exe [60416 2015-10-07] ()
    HKU\S-1-5-21-1031010833-2913363726-4097652310-1000\...\Run: [Codec Pack Update Checker] => "C:\Windows\system32\Codecs\UpdateChecker.exe"
    HKU\S-1-5-21-1031010833-2913363726-4097652310-1000\...\MountPoints2: G - G:\Autorun.exe
    HKU\S-1-5-21-1031010833-2913363726-4097652310-1000\...\MountPoints2: {b71d1aed-89f9-11e5-9ec9-0015830cbfeb} - K:\Startme.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-09-24] (Microsoft Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2016-02-20]
    ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe ()
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449739113&z=33c59345b304cb0e719a509g3zaz9tam5c8t2g4gfm&from=ient07021&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449739113&z=33c59345b304cb0e719a509g3zaz9tam5c8t2g4gfm&from=ient07021&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449739113&z=33c59345b304cb0e719a509g3zaz9tam5c8t2g4gfm&from=ient07021&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449739113&z=33c59345b304cb0e719a509g3zaz9tam5c8t2g4gfm&from=ient07021&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336&q={searchTerms}
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130982024239018812&GUID=00000000-0000-0000-0000-000000000000
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675618&from=mych123&uid=samsungxhd502ij_s13tj1eq501336&z=5b4a5bcbf04b15cc163b950g7z0w5eaqameweq2o1c
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130982024239018812&GUID=00000000-0000-0000-0000-000000000000
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://v9.com/?type=hp&ts=1450675618&from=mych123&uid=samsungxhd502ij_s13tj1eq501336&z=5b4a5bcbf04b15cc163b950g7z0w5eaqameweq2o1c
    HKU\S-1-5-21-1031010833-2913363726-4097652310-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1450945231&z=d0e7d6df195dc5056bbdd78gfz7wde6t7zdw9obc9q&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336&q={searchTerms}
    HKU\S-1-5-21-1031010833-2913363726-4097652310-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131027094619365628&GUID=00000000-0000-0000-0000-000000000000
    HKU\S-1-5-21-1031010833-2913363726-4097652310-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336
    HKU\S-1-5-21-1031010833-2913363726-4097652310-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1450945231&z=d0e7d6df195dc5056bbdd78gfz7wde6t7zdw9obc9q&from=wpm07173&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449739113&z=33c59345b304cb0e719a509g3zaz9tam5c8t2g4gfm&from=ient07021&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449739113&z=33c59345b304cb0e719a509g3zaz9tam5c8t2g4gfm&from=ient07021&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336&q={searchTerms}
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-1031010833-2913363726-4097652310-1000 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-1031010833-2913363726-4097652310-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449739113&z=33c59345b304cb0e719a509g3zaz9tam5c8t2g4gfm&from=ient07021&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1031010833-2913363726-4097652310-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MS
    StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yoursites123.xml [2016-03-17]
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Randall\AppData\Roaming\Mozilla\Firefox\Profiles\cklgmlr5.default\extensions\defsearchp@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Randall\AppData\Roaming\Mozilla\Firefox\Profiles\cklgmlr5.default\extensions\deskCutv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Randall\AppData\Roaming\Mozilla\Firefox\Profiles\cklgmlr5.default\extensions\default_newtabff@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Randall\AppData\Roaming\Mozilla\Firefox\Profiles\cklgmlr5.default\extensions\yahooprotected@gmail.com => nie znaleziono
    StartMenuInternet: FIREFOX.EXE - c:\program files (x86)\mozilla firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336
    CHR HomePage: Default -> hxxp://search.gboxapp.com/
    CHR StartupUrls: Default -> "hxxp://search.gboxapp.com/","hxxp://pl.msn.com/?pc=UP97&ocid=UP97DHP","www.wp.pl/?src01=dp220140821","hxxp://www.yoursites123.com/?type=hp&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336"
    CHR DefaultSearchURL: Default -> hxxp://yoursites123.com/web?type=ds&ts=1458234954&z=64b99cc54795874c1ad3bcdg7z1w4bdo4c1zftcw1t&from=wpm0314&uid=SAMSUNGXHD502IJ_S13TJ1EQ501336&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> yoursites123
    S2 IhPul; C:\Users\Randall\AppData\Roaming\TSv\TSvr.exe [X]
    S2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S1 tcfd_vt_1_10_0_24; system32\drivers\tcfd_vt_1_10_0_24.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-06-11 02:15 - 2016-06-11 02:15 - 00000001 _____ C:\Windows\SysWOW64\pl.html
    2016-06-19 15:33 - 2016-02-20 15:33 - 00000300 _____ C:\Windows\Tasks\Price Fountain.job
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
  • Texa Poland
  • #3
    Randall_
    Level 12  
    dobrze tak zrobię, dam znać co z tego wyniknie. A co zrobić z tą całą listą Fixlist.txt dla FRST:
  • #5
    Randall_
    Level 12  
    Witam ponownie, zrobiłem dokładnie tak jak mi Kolobos kazał, i muszę powiedzieć że to rozwiązało problem dziękuję + leci:) ale po zeskanowaniu programem Malwarebytes Anti-Malware, to ostro się zdziwiłem, bo wykryło 127 nie wirusów tylko szkodliwych plików :/ podeślę wynik skanowania.
    Attachments:
  • #7
    Randall_
    Level 12  
    Już to zrobiłem jeszcze raz dziękuję, temat można zamknąć.
Lock | New topic