Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus, już raz temu zaradziliście

Albi7x 20 Paź 2016 13:25 1230 18
  • #1 20 Paź 2016 13:25
    Albi7x
    Poziom 7  

    Już dwukrotnie umieszczałem post o pomoc z odwirusowaniem komputera, dwukrotnie był to trojan i mi pomogliście. Dziś piszę z prośbą o pomoc z wirusem, który wyrzuca mi masę reklam, instaluje niepożądane aplikacje (około 5), które pousuwałem, jakieś wyszukiwarki, które do niczego się nie nadają, robiąc coś na chromie, otwierają 3×Explorer z reklamami oraz jakieś apki i muszę ciągle je wyłączać.

    mbam: 12451 wykryto zagrożeń Link
    cureit:
    Adw:
    Olt:
    Extras:

    0 18
  • CControls
  • CControls
  • #3 20 Paź 2016 14:48
    Albi7x
    Poziom 7  

    Wrzucam wszystkie skany jakie robiłem.
    Przed AdwCleaner , mbae wykrywał zagrożenia nadal powiadomieni przychodziły, teraz nie wiem jak jest, nie uruchamiałem ponownie komputera po FRST.

    W adw, cureit i mbae klikałem w usuwanie zagrożeń. Reszta tylko skan

    0
  • #4 20 Paź 2016 15:14
    Domino_2
    Pomocny dla użytkowników

    Cytat:

    Task: {0962E784-792F-442B-BC5E-6B21D62A0AD1} - System32\Tasks\{24E7FD5A-6D5A-40D1-A2D7-32DD913151F1} => pcalua.exe -a "F:\Pobrane\Grand Theft Auto_ San Andreas Cenega PL.exe" -d F:\Pobrane
    Task: {127B990A-BF25-48A8-B86A-CA31F69AEFF0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2157099664-4145591000-594153506-1000Core => C:\Users\Albert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-15] (Facebook Inc.)
    Task: {1C5E7842-93E7-4D9F-85FD-9A0BEF58A80E} - System32\Tasks\{4AFA21AA-523C-404B-84D2-AE39FBEA4734} => pcalua.exe -a C:\Users\Albert\Downloads\ZIP_Repair.exe -d C:\Users\Albert\Downloads
    Task: {24712AAE-6ED1-4850-A576-CFB3A1F29EFD} - System32\Tasks\{4C7A3888-44C7-4BAC-9297-01415A5C6696} => pcalua.exe -a D:\Setup.Now.exe -d D:\
    Task: {50C66CE7-D021-42FE-984A-5F0D4118BB3F} - System32\Tasks\{3C903F2E-03DB-4A5D-A227-0C5C7A574BE8} => pcalua.exe -a C:\Ola\SetupAnyDVD6574.exe -d C:\Ola
    Task: {BCDCE51C-E303-4E33-8DE2-93D6BAEDA0B6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2157099664-4145591000-594153506-1000UA => C:\Users\Albert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-15] (Facebook Inc.)
    Task: {CEA7B652-6BD6-4348-A789-931B4CDE1936} - System32\Tasks\{4F0844F1-F3D8-4DB3-9F68-C04304029BC3} => pcalua.exe -a D:\Install.exe -d D:\
    Task: {D48A57AF-8563-44B6-AAA1-FD84FCCE37F5} - System32\Tasks\{1773C422-5C6C-4114-A13B-0D3CAD08E9FC} => pcalua.exe -a "D:\Driver\Install 32\MSP_Install.exe" -d "D:\Driver\Install 32"
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157099664-4145591000-594153506-1000Core.job => C:\Users\Albert\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2157099664-4145591000-594153506-1000UA.job => C:\Users\Albert\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157099664-4145591000-594153506-1000Core.job => C:\Users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157099664-4145591000-594153506-1000UA.job => C:\Users\Albert\AppData\Local\Google\Update\GoogleUpdate.exe
    Shortcut: C:\Users\Albert\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\Desktop\folder z folderami\Моzillа Firеfох.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic




    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Jarhair\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Jarhair\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> 1 0 <===== Cyrillic
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Jarhair\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Jarhair\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Jarhair\Application\chrome.exe (Google Inc.) -> %SNP%
    HKLM-x32\...\Run: [win_en_77] => [X]
    HKU\S-1-5-21-2157099664-4145591000-594153506-1000\...\MountPoints2: {3b21ca67-f27f-11e4-8ef3-902b348acc43} - H:\Startme.exe
    HKU\S-1-5-21-2157099664-4145591000-594153506-1000\...\MountPoints2: {6afc077c-57e1-11e2-b307-902b348acc43} - G:\Autorun.exe
    HKU\S-1-5-21-2157099664-4145591000-594153506-1000\...\MountPoints2: {8e92a7b0-9654-11e3-ab86-902b348acc43} - H:\LGAutoRun.exe
    HKU\S-1-5-21-2157099664-4145591000-594153506-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...dwB0_5Ht7rX_ymr5vwiS0eOBiLcicZ8OC9XwXj&q={searchTerms}
    HKU\S-1-5-21-2157099664-4145591000-594153506-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...dwB0_5Ht7rX_ymr5vwiS0eOBiLcicZ8OC9XwXj&q={searchTerms}
    HKU\S-1-5-21-2157099664-4145591000-594153506-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...dwB0_5Ht7rX_ymr5vwiS0eOBiLcicZ8OC9XwXj&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    FF ProfilePath: C:\Users\Albert\AppData\Roaming\Mozilla\Profiles\q7h9mnsl.default\Profiles\7g1l2b31.default-1417114515191 [nie znaleziono]
    FF NewTab: Mozilla\Profiles\q7h9mnsl.default -> hxxp://www.trotux.com/?z=4250939808796ff56160...DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&type=hp
    FF DefaultSearchEngine: Mozilla\Profiles\q7h9mnsl.default -> nice
    FF SearchEngineOrder.1: Mozilla\Profiles\q7h9mnsl.default -> nice
    FF SelectedSearchEngine: Mozilla\Profiles\q7h9mnsl.default -> nice
    FF Homepage: Mozilla\Profiles\q7h9mnsl.default -> hxxp://www.trotux.com/?z=4250939808796ff56160...DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&type=hp
    FF user.js: detected! => C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\7g1l2b31.default-1417114515191\user.js [2016-10-20]
    FF Homepage: Mozilla\Firefox\Profiles\7g1l2b31.default-1417114515191 -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=77bb563a23fe6d615726582g5z3m9qfq9tbo9weq5g
    FF NewTab: Mozilla\Firefox\Profiles\7g1l2b31.default-1417114515191 -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=77bb563a23fe6d615726582g5z3m9qfq9tbo9weq5g
    FF user.js: detected! => C:\Users\Albert\AppData\Roaming\Profiles\q7h9mnsl.default\user.js [2016-10-11]
    FF DefaultSearchEngine: Profiles\q7h9mnsl.default -> youndoo
    FF SearchEngineOrder.1: Profiles\q7h9mnsl.default -> nice
    FF SelectedSearchEngine: Profiles\q7h9mnsl.default -> youndoo
    FF Homepage: Profiles\q7h9mnsl.default -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=77bb563a23fe6d615726582g5z3m9qfq9tbo9weq5g
    FF NewTab: Profiles\q7h9mnsl.default -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=77bb563a23fe6d615726582g5z3m9qfq9tbo9weq5g
    FF SearchPlugin: C:\Users\Albert\AppData\Roaming\Profiles\q7h9mnsl.default\searchplugins\jc132o8e.xml [2016-10-12]
    FF SearchPlugin: C:\Users\Albert\AppData\Roaming\Profiles\q7h9mnsl.default\searchplugins\qjn5m2ld.xml [2016-09-06]
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-20] <==== UWAGA
    CHR Extension: (Brak nazwy) - C:\Users\Albert\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
    CHR HKLM-x32\...\Chrome\Extension: [dkdiphcpgeoipjdhnnldnmifhpokfojg] - hxxps://clients2.google.com/service/update2/crx
    R2 IlS; C:\ProgramData\Tencent\QQ\report\report.dll [340480 2016-10-20] () [Brak podpisu cyfrowego]
    S2 AgusiQTorrentsplDiscoPoloPLKAgusiQMuzyka; "F:\[AgusiQ-Torrents.pl] Disco.Polo.2015.PL-K12 [AgusiQ]\AgusiQTorrentsplDiscoPoloPLKAgusiQMuzyka.exe" affe6dc7e5264e7e8e5695737342bee0 [X]
    S2 ARARWinRAR; "C:\Program Files (x86)\WinRAR\ARARWinRAR.exe" e47b5abf08794d6b8b774f94eeb062f4 [X]
    S2 AxesstelSpolszcz; "C:\Program Files (x86)\Spolszcz\AxesstelSpolszcz.exe" ae2ce54ab1294744903dca4a5f8539bf [X]
    S2 GameSpyArcadeWatchmenTheEndisNigh; "C:\Program Files (x86)\GameSpy Arcade\GameSpyArcadeWatchmenTheEndisNigh.exe" 420f678469254505a655a4b567f7c9a0 [X]
    S2 grafifaAgusiQTorrentsplSnajperNAPISYPLMXAgusiQ; "F:\[AgusiQ-Torrents.pl] Snajper.2014.NAPISY PL-MX [AgusiQ]\grafifaAgusiQTorrentsplSnajperNAPISYPLMXAgusiQ.exe" 3e19779b2974487e881c2174c0562504 [X]
    S2 MozillaFirefoxMicrosoftNET; "C:\Program Files (x86)\Microsoft.NET\MozillaFirefoxMicrosoftNET.exe" c54102ea829e4d458c86147e71427a8f [X]
    S2 PerotainghernerrySystem; C:\Program Files (x86)\Kazushsicty\strlg.dll [X]
    S2 PesGry; "E:\Gry\PesGry.exe" 388837891c4f496ea6203a5f71b2a421 [X]
    S2 ProgramFilesxAgusiQTorrentSplTerminatorGenisysPLSUBBEDkokosikkowal; "F:\[AgusiQ-TorrentS.pl] Terminator.Genisys.2015.PL.SUBBED-kokosik1207 [676kowal]\ProgramFilesxAgusiQTorrentSplTerminatorGenisysPLSUBBEDkokosikkowal.exe" b48f42ba07304dd38f2ef02dfd46c678 [X]
    2016-10-20 14:17 - 2016-10-20 14:24 - 00000000 ____D C:\AdwCleaner
    2016-10-20 12:52 - 2016-10-20 14:01 - 00000000 ____D C:\Users\Albert\Doctor Web
    2016-10-11 12:28 - 2016-10-12 19:44 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2016-10-11 12:28 - 2016-10-11 12:28 - 00000000 ____D C:\Users\Albert\AppData\Roaming\Elex-tech
    2016-10-08 20:08 - 2016-10-08 20:08 - 00000000 ____D C:\ProgramData\Tencent
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, uruchom go i kliknij Fix/Napraw.

    Zainstaluj sobie dodatek do przeglądarki uBlock Origin.

    0
  • #5 20 Paź 2016 15:37
    Albi7x
    Poziom 7  

    Postępowałem według wskazówek, przy zapisywaniu wyskoczył komunikat, aby zmienić kodowanie na Unicode z ASINS? czy cos takiego, kontynuowałem, naprawiłem, oto załącznik :

    0
  • #6 20 Paź 2016 15:55
    Acorus 20
    Spec od komputerów

    Pokaż nowy raport z FRST bez Addition i Shortcut.

    0
  • #7 20 Paź 2016 15:58
    Domino_2
    Pomocny dla użytkowników

    Czy problem nadal występuje?

    Jeśli tak, wykonaj reset Chrome:
    https://support.google.com/chrome/answer/3296214?hl=pl

    Jeśli problem nadal będzie występował to odinstaluj przeglądarkę, zaznaczając aby usunął wszystkie dane, łącznie z katalogami profilu (możesz wyeksportować wcześniej zakładki) i zainstaluj ponownie wersję stabilną.

    0
  • Pomocny post
    #9 21 Paź 2016 08:52
    Domino_2
    Pomocny dla użytkowników

    Cytat:

    HKU\S-1-5-21-2157099664-4145591000-594153506-1000\...\MountPoints2: {6afc077c-57e1-11e2-b307-902b348acc43} - G:\Autorun.exe
    CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-21] <==== UWAGA
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, uruchom go i kliknij Fix/Napraw.

    Jak już wcześniej pisałem zainstaluj sobie dodatek do przeglądarki uBlock Origin.

    Po tych operacjach możesz usunąć folder C:\FRST.

    0
  • #11 28 Paź 2016 22:02
    krzychupar
    Poziom 40  

    Podałeś dwa razy Frst.txt a potrzebny jest jeszcze Addition.txt.

    0
  • #13 29 Paź 2016 14:09
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    Task: {CEE3999C-081D-4B7B-8D2C-4FAF42F4AAE5} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe <==== UWAGA
    Shortcut: C:\Users\Albert\Favorites\NCH Audio and Telephony Software.lnk -> hxxp://www.nch.com.au/index.html
    Shortcut: C:\Users\Albert\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\Desktop\folder z folderami\Моzillа Firеfох.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV\Go to OpenIV web site.lnk -> hxxp://openiv.com/
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    HKU\S-1-5-21-2157099664-4145591000-594153506-1000\...\MountPoints2: {6afc077c-57e1-11e2-b307-902b348acc43} - G:\Autorun.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&q={searchTerms}
    HKU\S-1-5-21-2157099664-4145591000-594153506-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mylucky123.com/?type=hp&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    HKU\S-1-5-21-2157099664-4145591000-594153506-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2157099664-4145591000-594153506-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2157099664-4145591000-594153506-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mylucky123.com/search/?type=ds&...ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    FF Homepage: Mozilla\Firefox\Profiles\0sfxnvik.default -> hxxp://www.mylucky123.com/?type=hp&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    FF SearchPlugin: C:\Users\Albert\AppData\Roaming\Mozilla\Firefox\Profiles\0sfxnvik.default\searchplugins\mylucky123.xml [2016-10-26]
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    CHR HomePage: ChromeDefaultData -> hxxp://www.mylucky123.com/?type=hp&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.mylucky123.com/?type=hp&ts=1477512686&z=f80d33dff8bd9eaad862fc8g6z9m9m3w0g3o2q3b8w&from=interhop1024&uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG"
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.mylucky123.com/search/?type=ds&...ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG&q={searchTerms}
    CHR DefaultSearchKeyword: ChromeDefaultData -> mylucky123
    CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-28] <==== UWAGA
    StartMenuInternet: Google Chrome.75RVVNEZZAB7FIPYRPWTZRHSW4 - C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    2016-10-27 22:52 - 2016-10-27 22:52 - 00000000 ____D C:\ProgramData\Tencent
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #15 29 Paź 2016 15:01
    Albi7x
    Poziom 7  

    A jednak zrobiłem jeszcze raz, chyba problem zażegnany. Co jest przyczyną? może coś usunąć

    0
  • #16 29 Paź 2016 15:07
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Shortcut: C:\Users\Albert\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\Desktop\folder z folderami\Моzillа Firеfох.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Fishpat\Application\chrome.exe (Google Inc.)
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Users\Albert\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    ShortcutWithArgument: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...mp;uid=ST500DM002-1BD142_5VMWAHRGXXXX5VMWAHRG
    AlternateDataStreams: C:\Windows:EF46D7EA17E87DB4 [0]
    MSCONFIG\startupreg: app => C:\Program Files (x86)\sbqh\uc.exe
    MSCONFIG\startupreg: svchost0 => C:\Program Files (x86)\sbqh\uc.exe
    HKU\S-1-5-21-2157099664-4145591000-594153506-1000\...\Run: [Facebook Update] => C:\Users\Albert\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-07-15] (Facebook Inc.)
    CHR Profile: C:\Users\Albert\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-10-29] <==== UWAGA
    R2 Zodition; C:\Program Files (x86)\Ghuwule\clorudomcontrols.dll [279552 2016-10-12] () [Brak podpisu cyfrowego]
    S2 ApphserftoH; C:\ProgramData\\ApphserftoH\\ApphserftoH.exe -f "C:\ProgramData\\ApphserftoH\\ApphserftoH.dat" -l -a
    S2 IlS; C:\ProgramData\Tencent\QQ\dr\qmdr.dll [X]
    S2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [X]
    2016-10-28 22:14 - 2016-10-28 22:14 - 00000000 ____D C:\ProgramData\ttff
    2016-10-28 22:14 - 2016-10-28 22:14 - 00000000 ____D C:\ProgramData\QQBrowser
    2016-10-28 22:14 - 2016-10-28 22:14 - 00000000 ____D C:\ProgramData\jdgjc
    2016-10-28 22:14 - 2016-10-28 22:14 - 00000000 ____D C:\Program Files (x86)\UvConverter
    2016-10-27 22:52 - 2016-10-27 22:52 - 00000000 ____D C:\Users\Albert\AppData\Local\Fishpat
    2016-10-27 22:52 - 2016-10-27 22:52 - 00000000 ____D C:\Program Files (x86)\Fishpat
    2016-10-27 22:45 - 2016-10-27 22:54 - 00000003 _____ C:\Windows\SysWOW64\hoewmds
    2016-10-26 22:11 - 2016-10-26 22:11 - 00000000 ____D C:\Program Files (x86)\InterHop
    2016-10-26 22:09 - 2016-10-26 22:09 - 00000000 ____D C:\Program Files (x86)\zj8o4k1m
    2016-10-26 22:04 - 2016-10-29 14:24 - 00000000 ____D C:\ProgramData\WinSAPSvc
    2016-10-26 22:04 - 2016-10-26 22:04 - 00000000 ____D C:\Program Files (x86)\WinArcher
    2016-10-26 22:04 - 2016-10-26 22:04 - 00000000 ____D C:\Program Files (x86)\r13hm8y0
    2016-10-21 14:53 - 2016-10-21 14:53 - 00000000 ____D C:\ProgramData\chuvc
    2016-10-21 14:53 - 2016-10-21 14:53 - 00000000 ____D C:\ProgramData\cgjcf
    2016-10-21 14:53 - 2016-10-21 14:53 - 00000000 ____D C:\ProgramData\BaofengUpdate_U
    2016-10-20 10:24 - 2016-10-20 10:24 - 00000000 ____D C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
    2016-10-20 10:24 - 2016-10-20 10:24 - 00000000 ____D C:\Users\Albert\AppData\Roaming\aMule
    2016-10-20 10:24 - 2016-10-20 10:24 - 00000000 ____D C:\Program Files (x86)\amuleC
    2016-10-19 20:48 - 2016-10-19 20:49 - 00000000 ____D C:\Program Files (x86)\f09er35s
    2016-10-15 00:39 - 2016-10-15 00:39 - 00000000 ____D C:\Program Files (x86)\ve71ww2d
    2016-10-12 22:52 - 2016-10-20 15:08 - 00000000 ____D C:\ProgramData\ApphserftoH
    2016-10-12 22:52 - 2016-10-12 22:52 - 00000000 ____D C:\ProgramData\ApphserftoHs
    2016-10-12 19:47 - 2016-10-12 19:47 - 00190394 _____ C:\Users\Albert\AppData\Roaming\Vaiatouch.bin
    2016-10-12 19:47 - 2016-10-12 19:47 - 00000000 ____D C:\Users\Albert\AppData\Local\tuto_monetize_120161011
    2016-10-12 19:43 - 2016-10-29 14:23 - 00000000 ____D C:\Program Files (x86)\Ghuwule
    2016-10-12 19:43 - 2016-10-13 17:22 - 00000000 ____D C:\Users\Albert\AppData\Roaming\Henerleatsiing
    2016-10-12 19:43 - 2016-10-12 19:44 - 00000000 ____D C:\Users\Albert\AppData\Local\Ckeberkchervotain
    2016-10-12 19:39 - 2016-10-12 19:44 - 00000000 ____D C:\Program Files (x86)\42323039-1476293990-4138-4343-3433FFFFFFFF
    2016-10-12 19:35 - 2016-10-20 14:12 - 00000000 ____D C:\Program Files (x86)\sunnyday
    2016-10-12 19:34 - 2016-10-20 15:25 - 00000000 ____D C:\Program Files (x86)\host
    2014-09-30 18:17 - 2014-09-30 18:17 - 0099384 _____ () C:\Users\Albert\AppData\Roaming\inst.exe
    2016-09-06 17:05 - 2016-10-12 19:43 - 0015840 _____ () C:\Users\Albert\AppData\Roaming\InstallationConfiguration.xml
    2016-09-06 17:05 - 2016-10-12 19:42 - 0140288 _____ () C:\Users\Albert\AppData\Roaming\Installer.dat
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • Pomocny post
    #18 29 Paź 2016 16:00
    Acorus 20
    Spec od komputerów

    To jest fałszywa Chrome.Odinstaluj amuleC.
    Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Shortcut: C:\Users\Albert\Desktop\Gооglе Сhrоmе.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\Desktop\folder z folderami\Моzillа Firеfох.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr (64-bit).lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> 0x4C0000000114020000000000C0000000000000469500000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D000013004100630063006500730073002000740068006500200049006E007400650072006E0065007400370043003A005C00550073006500720073005C0041006C0062006500720074005C0041007000700044006100740061005C004C006F00630061006C005C0047006F006F0067006C0065005C004300680072006F006D0065005C004100700070006C00690063006100740069006F006E0000000000 <===== Cyrillic
    Shortcut: C:\Users\Albert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Users\Albert\AppData\Roaming\HPRewriter2\RewRun3.exe (Brak pliku) <===== Cyrillic
    S2 UvConverter; "C:\Program Files (x86)\UvConverter\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X]
    2016-10-29 15:19 - 2016-10-29 15:24 - 00000000 ____D C:\AdwCleaner
    2016-10-20 14:16 - 2016-10-20 14:16 - 00000000 ____D C:\Program Files (x86)\Jarhair
    2016-10-08 20:08 - 2016-10-08 20:08 - 00000000 ____D C:\Users\Albert\AppData\Local\Jarhair
    2016-10-20 14:12 - 2016-09-06 17:05 - 00000000 ____D C:\Program Files (x86)\mpck
    2016-10-20 14:10 - 2016-09-06 17:06 - 00000000 ____D C:\Program Files (x86)\Kazushsicty
    2016-10-20 14:02 - 2016-09-08 21:55 - 00000000 ____D C:\Program Files (x86)\WinSaber
    2016-10-12 19:44 - 2016-09-06 17:07 - 00000000 ____D C:\Program Files (x86)\Shoqeent
    2016-10-12 19:44 - 2016-09-06 17:06 - 00000000 ____D C:\Program Files (x86)\sbqh
    2016-10-12 19:44 - 2016-09-06 17:04 - 00000000 ____D C:\Program Files (x86)\CleanBrowser


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Odinstaluj Chrome zaznaczając usunięcie danych przeglądania za pomocą Geek Uninstaller Free: http://www.geekuninstaller.com/geek.zip
    Najpierw możesz wyeksportować zakładki: https://support.google.com/chrome/answer/96816?hl=pl
    Później zainstaluj: https://www.google.pl/chrome/browser/desktop/
    W pasek adresu wpisz: about:support Kliknij Odśwież program Firefox.

    0