Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Samoczynnie przeskakujące strony internetowe

rtoip14 21 Lip 2016 10:25 1398 11
  • #2 21 Lip 2016 10:48
    Kolobos
    Spec od komputerów

    Odinstaluj:
    AdBlocker
    cloudfront - Uninstall

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CustomCLSID: HKU\S-1-5-21-314501420-2261803728-2016192299-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => Brak pliku
    Task: {795D4C2E-5AF9-473A-9D3B-3FD996B38DCB} - System32\Tasks\UCBrowserUpdater => C:\Program Files\UCBrowser\Application\update_task.exe
    Task: {7E875AE3-B7A3-4562-B619-0463BCED8EE0} - Brak ścieżki do pliku
    Task: {8905ECD8-016F-4DC2-90E6-A5F1FA6A841A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) -> Brak pliku <==== UWAGA
    Task: {BDD02B02-C536-49D5-A8FE-BA5544538BAB} - System32\Tasks\MailRuUpdater => C:\Users\Neo\AppData\Local\Mail.Ru\MailRuUpdater.exe
    Task: {BFFF610B-0E6D-4534-A652-4FDB287F51A3} - System32\Tasks\Ofiiedwerfit Controls => C:\Program Files\Teneentgratuck\ofiiedwerfitCntLgg.exe [2016-07-20] ()
    Task: {E6F3A527-8B0B-43FA-94EB-584032761924} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) -> Brak pliku <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files\UCBrowser\Application\update_task.exe
    ShortcutWithArgument: C:\Users\Neo\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://eclus.ru/?utm_source=startlink03&utm_content=da407d9d28e49f9560d00c219e7308e7&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    ShortcutWithArgument: C:\Users\Neo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.startgo123.com/nav/index?src=u
    Hosts:
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811013
    FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7BE5...-A1ED-4758-93DA-337BC0580193%7D&gp=811014
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\7hzevqeh.default\searchplugins\xp4ftf4e.xml [2016-07-20]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Profiles\5sw95kgl.default\searchplugins\xp4ftf4e.xml [2016-07-20]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Profiles\eiz85zq4.default\searchplugins\xp4ftf4e.xml [2016-07-20]




    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Profiles\dqmr68c3.default\searchplugins\xp4ftf4e.xml [2016-07-20]
    FF Extension: GsearchFinder - C:\Users\Neo\AppData\Roaming\Profiles\dqmr68c3.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-07-20]
    CHR HomePage: zjaieddnawardhermach -> hxxp://www.youndoo.com/?z=e414f379b81b5275fbd...=ST3500418AS_9VM6WSJMXXXX9VM6WSJM&type=hp
    CHR StartupUrls: zjaieddnawardhermach -> "hxxp://www.youndoo.com/?z=e414f379b81b5275fbde46cg5zfq8t5e7o6m5g6zbg&from=wak&uid=ST3500418AS_9VM6WSJMXXXX9VM6WSJM&type=hp"
    OPR Extension: (Adblock Plus) - C:\Users\Neo\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-04-17]
    S4 ofiiedwerfitCntAwt.exe; C:\Program Files\Teneentgratuck\ofiiedwerfitCntAwt.exe [735008 2016-07-20] ()
    S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S2 mrupdsrv; "C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe" --s [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    U3 acm5rqb4; Brak ImagePath
    2016-07-21 09:56 - 2016-07-21 09:58 - 00000000 ____D C:\AdwCleaner
    2016-07-21 09:56 - 2016-07-21 09:49 - 00000322 _____ C:\Users\Neo\Desktop\Kontynuuj narzędzia pobierania CrossFire EU.url
    2016-07-20 17:13 - 2016-07-20 17:13 - 00001463 _____ C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2016-07-20 17:13 - 2016-07-20 17:13 - 00000000 ____D C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-07-20 17:02 - 2016-07-20 17:13 - 00000440 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2016-07-20 17:02 - 2016-07-20 17:02 - 00000000 ____D C:\Users\Neo\AppData\Local\UCBrowser
    2016-07-20 16:57 - 2016-07-20 17:13 - 00000000 ____D C:\Program Files\Teneentgratuck
    2016-07-20 16:57 - 2016-07-20 16:58 - 00000000 ____D C:\Users\Neo\AppData\Local\sikadomzukidomreireward
    2016-07-20 16:56 - 2016-07-20 16:56 - 00610378 _____ C:\Users\Neo\Downloads\Crack Setup.rar
    2016-07-19 15:58 - 2016-06-19 01:26 - 01482240 _____ C:\Windows\system32\Drivers\etc\GlobalHackEU.exe
    2016-07-19 11:14 - 2016-07-19 11:14 - 02156048 _____ (Reloaded Technologies) C:\Users\Neo\Downloads\Crossfire_downloader.exe
    2016-07-19 10:48 - 2016-07-20 09:24 - 00000000 ____D C:\Program Files\Sterkospsoviry
    2016-07-19 10:48 - 2016-07-19 10:48 - 00000000 ____D C:\Users\Neo\AppData\Local\theqersygrqitainperhodom
    2016-07-16 14:12 - 2016-07-16 14:12 - 07102976 _____ C:\Users\Neo\AppData\Roaming\agent.dat
    2016-07-16 14:12 - 2016-07-16 14:12 - 00018432 _____ C:\Users\Neo\AppData\Roaming\Main.dat
    2016-07-16 14:10 - 2016-07-16 14:12 - 00000000 ____D C:\Users\Neo\AppData\Local\deoentderzgeserasp
    2016-07-07 11:24 - 2016-07-07 11:24 - 00000000 ____D C:\Users\Neo\AppData\Local\Tempzxpsignd1fa575c2c767fe5
    2016-07-07 11:24 - 2016-07-07 11:24 - 00000000 ____D C:\Users\Neo\AppData\Local\Tempzxpsign708c5087faa415d7
    2016-07-07 11:19 - 2016-07-07 11:19 - 00000000 ____D C:\Users\Neo\AppData\Local\Tempzxpsign7b541f69a9b1307a
    2016-07-07 11:19 - 2016-07-07 11:19 - 00000000 ____D C:\Users\Neo\AppData\Local\Tempzxpsign47c51ef5fd6ef973
    2016-07-06 13:12 - 2016-07-01 02:10 - 04280320 _____ C:\Windows\system32\Drivers\etc\PROMX.exe
    2016-07-04 19:39 - 2016-07-16 14:10 - 00128512 _____ C:\Users\Neo\AppData\Roaming\Installer.dat
    2016-07-16 14:12 - 2016-07-16 14:12 - 7102976 _____ () C:\Users\Neo\AppData\Roaming\agent.dat
    2016-07-04 19:39 - 2016-07-16 14:10 - 0128512 _____ () C:\Users\Neo\AppData\Roaming\Installer.dat
    2016-07-16 14:12 - 2016-07-16 14:12 - 0018432 _____ () C:\Users\Neo\AppData\Roaming\Main.dat
    2016-07-03 15:35 - 2016-07-03 15:35 - 0000016 _____ () C:\ProgramData\mntemp
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • #3 21 Lip 2016 10:49
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj AdBlocker, Akamai NetSession Interface i cloudfront.

    Cytat:

    CustomCLSID: HKU\S-1-5-21-314501420-2261803728-2016192299-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll => Brak pliku
    Task: {7E875AE3-B7A3-4562-B619-0463BCED8EE0} - Brak ścieżki do pliku
    Task: {8905ECD8-016F-4DC2-90E6-A5F1FA6A841A} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) -> Brak pliku <==== UWAGA
    Task: {E6F3A527-8B0B-43FA-94EB-584032761924} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\Neo\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://eclus.ru/?utm_source=startlink03&utm_content=da407d9d28e49f9560d00c219e7308e7&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    ShortcutWithArgument: C:\Users\Neo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.startgo123.com/nav/index?src=u
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll Brak pliku
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll Brak pliku
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x86.dll Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7BE5...-A1ED-4758-93DA-337BC0580193%7D&gp=811014
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin: @t.garena.com/garenatalk -> C:\Program Files\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [Brak pliku]
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-314501420-2261803728-2016192299-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Neo\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-314501420-2261803728-2016192299-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Neo\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [Brak pliku]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\7hzevqeh.default\searchplugins\xp4ftf4e.xml [2016-07-20]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Profiles\5sw95kgl.default\searchplugins\xp4ftf4e.xml [2016-07-20]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Profiles\eiz85zq4.default\searchplugins\xp4ftf4e.xml [2016-07-20]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Profiles\dqmr68c3.default\searchplugins\xp4ftf4e.xml [2016-07-20]
    FF Extension: GsearchFinder - C:\Users\Neo\AppData\Roaming\Profiles\dqmr68c3.default\Extensions\@90B817C8-8A5C-413B-9DDD-B2C61ED6E79A.xpi [2016-07-20]
    CHR HomePage: zjaieddnawardhermach -> hxxp://www.youndoo.com/?z=e414f379b81b5275fbd...=ST3500418AS_9VM6WSJMXXXX9VM6WSJM&type=hp
    CHR StartupUrls: zjaieddnawardhermach -> "hxxp://www.youndoo.com/?z=e414f379b81b5275fbde46cg5zfq8t5e7o6m5g6zbg&from=wak&uid=ST3500418AS_9VM6WSJMXXXX9VM6WSJM&type=hp"
    S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S2 mrupdsrv; "C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe" --s [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    U3 acm5rqb4; Brak ImagePath
    2016-07-21 09:56 - 2016-07-21 09:58 - 00000000 ____D C:\AdwCleaner
    2016-07-20 17:13 - 2016-07-20 17:13 - 00001463 _____ C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2016-07-20 17:13 - 2016-07-20 17:13 - 00000000 ____D C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-07-07 11:24 - 2016-07-07 11:24 - 00000000 ____D C:\Users\Neo\AppData\Local\Tempzxpsignd1fa575c2c767fe5
    2016-07-07 11:24 - 2016-07-07 11:24 - 00000000 ____D C:\Users\Neo\AppData\Local\Tempzxpsign708c5087faa415d7
    2016-07-07 11:19 - 2016-07-07 11:19 - 00000000 ____D C:\Users\Neo\AppData\Local\Tempzxpsign7b541f69a9b1307a
    2016-07-07 11:19 - 2016-07-07 11:19 - 00000000 ____D C:\Users\Neo\AppData\Local\Tempzxpsign47c51ef5fd6ef973
    2016-07-20 17:20 - 2016-06-05 15:39 - 00000345 _____ C:\DelFix.txt
    2016-07-16 14:12 - 2016-07-16 14:12 - 7102976 _____ () C:\Users\Neo\AppData\Roaming\agent.dat
    2016-07-04 19:39 - 2016-07-16 14:10 - 0128512 _____ () C:\Users\Neo\AppData\Roaming\Installer.dat
    2016-07-16 14:12 - 2016-07-16 14:12 - 0018432 _____ () C:\Users\Neo\AppData\Roaming\Main.dat
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    Zapisując w notatniku wybierz kodowanie UTF-8.

    0
  • #5 21 Lip 2016 11:17
    Domino_2
    Pomocny dla użytkowników

    Możesz wykonać tylko skrypt Kolobosa.

    0
  • #7 21 Lip 2016 11:54
    Domino_2
    Pomocny dla użytkowników

    Czy po wykonaniu skryptu jest poprawa?

    0
  • #8 21 Lip 2016 11:55
    Kolobos
    Spec od komputerów

    Zostalo jeszcze:
    U3 a5r657wh; Brak ImagePath
    To wklej do Fixlist.txt i wykonaj w FRST.

    To mozesz usunac recznie:
    2016-07-20 17:13 - 2016-07-21 10:51 - 00000000 ____D C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-07-20 17:13 - 2016-07-20 17:13 - 00001463 _____ C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk

    z C:\Users\Neo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\

    Zrob pelny skan przy pomocy mbam i usun to co wykryje: http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • Pomocny post
    #10 21 Lip 2016 12:03
    Kolobos
    Spec od komputerów

    Ktorej przegladarki to dotyczy?

    0