Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Dozen search jak usunać - Zmiana strony startowej

Czachodym 03 Lis 2016 12:36 441 7
  • CControls
  • Pomocny post
    #2 03 Lis 2016 13:19
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    Task: {0072CDDC-7482-472B-9150-E392A7BDBAB7} - System32\Tasks\{5D6AC929-F83E-F0E3-011E-2C3F6BD75F30} => C:\Users\Michal\AppData\Roaming\PRICEF~1\PRODUC~1.EXE <==== UWAGA
    Task: {0FAA40E7-80DE-4614-B23E-0AA5EC753C4C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {25C39525-1FD8-4028-BE2A-0DF2300B10BF} - System32\Tasks\MichalLibertariansDrumheadsV2 => Rundll32.exe TenchUnreflecting.dll,main 7 1 <==== UWAGA
    Task: {266EB206-4FF3-4CB9-8750-4C66E1F86BF1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {443B8C40-8FE5-4886-8725-39925EBA7798} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {4A098371-1FBC-4E2D-B85B-56CBEFE2F766} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {4D9A1926-162F-4AA0-BDF5-6D3392782C28} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {553BF6C3-677C-458E-AFC7-3764F4A70A42} - System32\Tasks\WordFly Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\WordFly_1.10.0.25\Update\WordflyAutoUpdateClient.exe <==== UWAGA
    Task: {5ABEB82C-A80B-4392-899A-6C887AC79EA7} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe [2016-06-30] (Tencent) <==== UWAGA
    Task: {5CB2517B-702D-4890-81E4-B9B6D408018E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {63976B93-9E14-4555-AFA3-6099AC603AF7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {6B765ACF-6F91-41CE-A61A-73A37C620971} - System32\Tasks\WordFly Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\WordFly_1.10.0.25\Update\WordflyAutoUpdateClient.exe <==== UWAGA
    Task: {72175420-8608-414D-AFF7-28706DA0D8A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {83CC3C25-42B1-4895-8B53-D8C283251C78} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {95DC058A-2D80-4844-8A77-A99B1AD88480} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {B47777CD-09E7-496B-B543-854AF207C65A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {F41FD076-446D-4F15-B4C5-4034FBC85B52} - System32\Tasks\Opera scheduled Autoupdate 1441121937 => C:\Program Files (x86)\Opera\launcher.exe [2016-10-24] (Opera Software)
    Task: C:\WINDOWS\Tasks\{5D6AC929-F83E-F0E3-011E-2C3F6BD75F30}.job => C:\Users\Michal\AppData\Roaming\PRICEF~1\PRODUC~1.EXE <==== UWAGA
    ShortcutWithArgument: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470




    ShortcutWithArgument: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\nodejs\nodevars.bat"
    ShortcutWithArgument: C:\Users\Michal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470
    ShortcutWithArgument: C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470
    ShortcutWithArgument: C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.) -> hxxp://www.mylucky123.com/?type=sc&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mylucky123.com/?type=sc&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470
    Hosts:HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-4150567067-2483778498-4056745972-1002\...\MountPoints2: {c6797fc3-64a1-11e5-829c-448a5bee10ef} - "D:\setup.exe"
    Tcpip\..\Interfaces\{c3707d4d-6576-4b58-981c-84ffc0004dbb}: [DhcpNameServer] 7.254.254.254
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...TEONITXLCS-256M6S_S45N7172Z1ZSEA068470&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&...TEONITXLCS-256M6S_S45N7172Z1ZSEA068470&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...TEONITXLCS-256M6S_S45N7172Z1ZSEA068470&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&...TEONITXLCS-256M6S_S45N7172Z1ZSEA068470&q={searchTerms}
    HKU\S-1-5-21-4150567067-2483778498-4056745972-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mylucky123.com/?type=hp&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-4150567067-2483778498-4056745972-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-4150567067-2483778498-4056745972-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mylucky123.com/?type=sc&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470
    Edge HomeButtonPage: HKU\S-1-5-21-4150567067-2483778498-4056745972-1002 -> hxxp://www.mylucky123.com/?type=hp&ts=147...;uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470
    FF NewTab: Mozilla\Firefox\Profiles\kxbzown6.default -> hxxp://www.youndoo.com/?z=f1e068a215e429cce20...TXLCS-256M6S_S45N7172Z1ZSEA068470&type=hp
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kxbzown6.default -> youndoo
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kxbzown6.default -> youndoo
    FF Homepage: Mozilla\Firefox\Profiles\kxbzown6.default -> hxxp://www.youndoo.com/?z=f1e068a215e429cce20...TXLCS-256M6S_S45N7172Z1ZSEA068470&type=hp
    FF SearchPlugin: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\kxbzown6.default\searchplugins\mylucky123.xml [2016-10-25]
    CHR StartupUrls: Profile 1 -> "hxxp://www.mylucky123.com/?type=hp&ts=1477396560&z=6d46bdb88656858f8fb52d2gfz8m8mccct7qfw9w5t&from=interhop1024&uid=LITEONITXLCS-256M6S_S45N7172Z1ZSEA068470"
    CHR Profile: C:\Users\Michal\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-09-29] <==== UWAGA
    S2 ed2kidle; "C:\Program Files (x86)\amuleC\ed2k.exe" -downloadwhenidle [X]
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    S2 IlS; C:\ProgramData\Tencent\QQ\qmdr\dr.dll [X]
    R2 InternetExplorerMSBuild; "C:\Program Files (x86)\MSBuild\InternetExplorerMSBuild.exe" c54102ea829e4d458c86147e71427a8f [X]
    S2 winsaber; C:\Program Files (x86)\WinSaber\WinSaber.exe [X]
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
    2016-10-25 13:33 - 2016-10-25 13:33 - 00000000 ____D C:\ProgramData\Tencent
    C:\Users\Michal\main.exe
    C:\Users\Michal\ProbaTraw.exe
    C:\Windows\Tasks\{5D6AC929-F83E-F0E3-011E-2C3F6BD75F30}.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    1
  • #3 03 Lis 2016 13:37
    Czachodym
    Poziom 3  

    Zrobiłem tak jak powiedziałeś, ale niestety cały czas jest tak samo :/

    0
  • CControls
  • #4 03 Lis 2016 13:47
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0
  • Pomocny post
    #6 03 Lis 2016 14:14
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {6D71B423-75AE-4BA8-9AE1-DAC85CB9086E} - System32\Tasks\Coerbage Schedule => C:\Program Files (x86)\Pewikthibipy\sojight.exe [2016-09-28] (VideoLAN)
    Task: {EC9AA24F-61ED-4E3A-A12F-2E49C3ED0946} - System32\Tasks\BaronReplays => C:\Riot [Argument = Games\BaronReplays\BaronReplays.exe -minimized]
    Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Michal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Stanper\Application\chrome.exe (Google Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM\...\Providers\dmm5mm76: E:\Config.Msi\\local64spl.dll
    HKLM\...\Providers\emird3bp: C:\_\local64spl.dll
    HKLM\...\Providers\j2ahmuha: F:\Drivers\\local64spl.dll
    HKLM\...\Providers\mttquiq4: C:\\local64spl.dll
    HKLM\...\Providers\qaa27lra: F:\Tools\\local64spl.dll
    HKLM\...\Providers\r8fak9fz: E:\Config.Msi_\local64spl.dll
    HKLM\...\Providers\tekil2he: F:\Tools_\local64spl.dll
    HKLM\...\Providers\xd2fx9f0: E:\Filmy\\local64spl.dll
    HKLM\...\Providers\yq8buu7o: F:\Drivers_\local64spl.dll
    HKLM\...\Providers\za3wxyml: E:\Filmy_\local64spl.dll
    2016-10-25 13:33 - 2016-10-25 13:33 - 00000000 ____D C:\Users\Michal\AppData\Local\Stanper
    2016-10-25 13:33 - 2016-10-25 13:33 - 00000000 ____D C:\Program Files (x86)\Stanper
    2016-10-25 12:56 - 2016-10-25 14:19 - 00000000 ____D C:\Program Files (x86)\UvConverter
    2016-10-25 12:56 - 2016-10-25 14:12 - 00000000 ____D C:\Program Files (x86)\InterHop
    2016-10-19 23:33 - 2016-11-02 20:01 - 00000000 ____D C:\Program Files (x86)\{F87EAACD-3740-4FD4-BDA4-B3C16F973DD4}
    2016-10-19 23:32 - 2016-10-19 23:33 - 00000000 ____D C:\Program Files (x86)\f09er35s
    2016-10-19 19:32 - 2016-11-02 20:01 - 00000000 ____D C:\Program Files (x86)\{7FB4CFEF-99AA-4F4C-929B-76C31D9FF8D6}
    2016-10-19 19:32 - 2016-10-19 19:32 - 00000000 ____D C:\Program Files (x86)\b60ja8i6
    2016-10-17 14:22 - 2016-11-02 20:01 - 00000000 ____D C:\Program Files (x86)\{434FFF94-CACF-48A9-A097-9C31B7327F61}
    2016-10-17 14:22 - 2016-10-17 14:22 - 00000000 ____D C:\Program Files (x86)\k5od60s4
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Reset Chrome: https://support.google.com/chrome/answer/3296214?hl=pl

    0
  • #7 03 Lis 2016 14:22
    Czachodym
    Poziom 3  

    Działa, wielkie dzięki :D Btw. czy może mi ktoś w skrócie wyjaśnić co się właśnie stało? Byłbym wdzięczny :d

    0