Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wyskakujące reklamy w Operze - Wyskakujące reklamy.

ketes 12 Lut 2017 19:02 621 7
  • #1 12 Lut 2017 19:02
    ketes
    Poziom 6  

    Witam, nie wiem czy to dobry dział ale mam taki problem opera sama się otwiera z jakimiś reklamami i chciałem zapytać co to może być skanowałem programem Malwarebytes AntiMalware i ADW cleaner ale nic to nie dało proszę o pomoc z góry dziękuje.
    Pozdrawiam.

    0 7
  • #4 12 Lut 2017 19:40
    Kolobos
    Spec od komputerów

    Zrob kopie zakladek z Chrome o ile sa Ci potrzebne, skrypt usunie katalog profilu przegladarki.

    Odinstaluj: Body Text Feathering

    Podaj Fixlist.txt wykonaj w trybie awaryjnym.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {1321DBC9-1A49-4B0A-90A3-CCF51FD0D8E8} - System32\Tasks\Opera scheduled Autoupdate 1484845653 => C:\Users\maksiu.Bugajski-Komp.003\AppData\Local\Programs\Opera\launcher.exe
    Task: {1DEA0656-E7DC-4CE2-84CA-F166C4409A4D} - System32\Tasks\Cocather => msiexec /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel....1ER162_Z4Y5R0M1XXXXZ4Y5R0M1&v=2017211 /q
    Task: {240DE731-880A-41BA-BA90-84FFF6E233EC} - System32\Tasks\Sterberph Controls => C:\Program Files (x86)\Clasertionreubadom\migersh.exe
    Task: {28B7964D-1B39-42BD-A218-BB639F9AF0C3} - System32\Tasks\Opera scheduled Autoupdate 1471512825 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-06] (Opera Software)
    Task: {53B1A880-A1AB-4B52-8070-57B315DAF257} - System32\Tasks\Gagerty Schedule => C:\Program Files (x86)\Reoherty\kzt.exe
    Task: {580449CD-1FC6-40AA-AA36-9D350375F34C} - System32\Tasks\{006B4425-CD66-4A89-8AF8-CBFA676C0023} => pcalua.exe -a "C:\Program Files (x86)\Common Files\LabTam\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\LabTam\uninstall.dat" -a uninstallme 5754DE81-69E8-4FC4-A1E4-2193697B035C DeviceId=b6c50bec-76bb-343c-9a9c-3be4e38b75a0 BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
    Task: {5AE88D62-227B-43E9-9DC4-F6CB730E8D94} - System32\Tasks\{5C115859-D0E1-42FE-B63E-6EC5A24FD826} => pcalua.exe -a C:\Users\Bugajski\Desktop\gothic1_playerkit-1.08k\gothic1_playerkit-1.08k.exe -d C:\Users\Bugajski\Desktop\gothic1_playerkit-1.08k
    Task: {A08E0885-1E7E-4EA0-B51B-D5BACBF37B66} - System32\Tasks\Driver Booster SkipUAC (Bugajski) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    Task: {A8C5A677-307D-4CAA-91AB-B1270E62D52B} - System32\Tasks\Opera scheduled Autoupdate 1449772798 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-06] (Opera Software)
    Task: {B858E5ED-C2FA-4C56-AE27-D42BAA231B18} - System32\Tasks\{23CA71C6-56A1-4299-978E-7DADE2F70DAC} => pcalua.exe -a C:\Users\Bugajski\Desktop\gmod_9_0_4_www.INSTALKI.pl.exe -d C:\Users\Bugajski\Desktop
    Task: {CD674EEE-FD2D-49ED-A9C1-20D4061ED184} - System32\Tasks\BugajskiMachinationsDrummingV2 => Rundll32.exe BeeswaxesFilenames.dll,main 7 1 <==== UWAGA
    Task: {DEEBBAC8-4BCE-43F1-8029-262D5213D78D} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-02-11] (UC Web Inc.) <==== UWAGA
    Task: {E2608E81-EEBA-4854-86BC-3EEFFF4CEE6B} - System32\Tasks\Opera scheduled Autoupdate 1485523509 => C:\Users\maksiu.Bugajski-Komp.004\AppData\Local\Programs\Opera\launcher.exe




    Task: C:\Windows\Tasks\340914691d77t4972713.job => rundll32.exe C:\ProgramData\340914691d77t4972713\340914691d77t4972713.dll <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    Shortcut: C:\Users\Bugajski\Desktop\Gry\Metal Gear Solid V The Phantom Pain TimeZone Launcher.lnk -> D:\Metal Gear Solid V The Phantom Pain\start.bat (Brak pliku)
    Shortcut: C:\Users\Bugajski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\HPGuard\WebStarter.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\Bugajski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\HPGuard\WebStarter.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\HPGuard\WebStarter.exe (Brak pliku) <===== Cyrillic
    2017-02-11 13:32 - 2017-02-11 13:32 - 00315904 _____ () C:\Program Files (x86)\Sterberph Controls\local64spl.dll
    2017-02-11 13:32 - 2017-02-11 13:32 - 00230400 _____ () C:\Program Files (x86)\4668addb-1059-474b-9d39-2e7850f056831486816342\prot4668addb-1059-474b-9d39-2e7850f05683.tmpfs
    2017-02-11 13:34 - 2017-02-11 13:34 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2017-02-12 17:53 - 2017-02-12 17:53 - 00384512 _____ () C:\Program Files (x86)\4668addb-1059-474b-9d39-2e7850f056831486816342\kns5E18.tmp
    2017-02-11 13:32 - 2017-02-11 13:32 - 00150016 _____ () c:\program files (x86)\clasertionreubadom\doersycouwakcmm.dll
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [371912]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1213218]
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\93382471.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\93382471.sys => ""="Driver"
    Hosts:
    () C:\Program Files (x86)\4668addb-1059-474b-9d39-2e7850f056831486816342\prot4668addb-1059-474b-9d39-2e7850f05683.tmpfs
    () C:\Program Files (x86)\4668addb-1059-474b-9d39-2e7850f056831486816342\kns5E18.tmp
    (xcnbcncbn) C:\Users\Bugajski\AppData\Local\Temp\{0cf-e4-30-74432-af3f9-a726-ff773}\iEsvUdH29X.exe
    HKU\S-1-5-21-807507316-616474376-935463795-1000\...\Run: [iEsvUdH29X.exe] => C:\Users\Bugajski\AppData\Local\Temp\{0cf-e4-30-74432-af3f9-a726-ff773}\iEsvUdH29X.exe [628224 2017-02-11] (xcnbcncbn) <===== UWAGA
    HKU\S-1-5-21-807507316-616474376-935463795-1000\...\Run: [WdCVsqyHD0.exe] => C:\Users\Bugajski\AppData\Local\Temp\{0cf-e4-30-74432-af3f9-a726-ff773}\WdCVsqyHD0.exe [1257472 2017-02-11] (APSD) <===== UWAGA
    HKU\S-1-5-21-807507316-616474376-935463795-1000\...\MountPoints2: {0037e9d7-a4bb-11e5-b5ec-9eb1713715c8} - G:\Fairlight\Install.EXE
    HKU\S-1-5-21-807507316-616474376-935463795-1000\...\MountPoints2: {3e34dbaa-a75c-11e6-9771-bb489e4484f7} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-807507316-616474376-935463795-1000\...\MountPoints2: {4aba5a3e-6c35-11e6-8bea-fbc663278f48} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-807507316-616474376-935463795-1000\...\MountPoints2: {5015efba-3aa0-11e6-bf09-bf779170fec2} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-807507316-616474376-935463795-1000\...\MountPoints2: {5f76987e-a3e8-11e5-ad35-8832111d30c8} - F:\setup.exe
    HKU\S-1-5-21-807507316-616474376-935463795-1000\...\MountPoints2: {c043953a-27c2-11e6-ac28-e20fda3e99c1} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-807507316-616474376-935463795-1000\...\MountPoints2: {ccaf15a3-e3b9-11e6-bdc3-d47f2fbc50a0} - F:\HiSuiteDownLoader.exe
    HKLM\...\Providers\yks9i9i9: C:\Program Files (x86)\Sterberph Controls\local64spl.dll [315904 2017-02-11] ()
    ShellExecuteHooks: Brak nazwy - {49CA6BDA-ECD2-11E6-B70F-64006A5CFC23} - -> Brak pliku
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-02-11] ()
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    GroupPolicy\User: Ograniczenia <======= UWAGA
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    CHR DefaultProfile: ChromeDefaultData2
    CHR HomePage: ChromeDefaultData2 -> hxxp://www-searching.com/?pid=s&s=H2Bztrmbl10AU,8d8a4cd1-72f8-46c9-9e36-3891e4d4021c,,
    CHR StartupUrls: ChromeDefaultData2 -> "hxxp://www-searching.com/?pid=s&s=H2Bztrmbl10AU,8d8a4cd1-72f8-46c9-9e36-3891e4d4021c,"
    CHR DefaultSearchURL: ChromeDefaultData2 -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=H2Bztrmbl10AU,8d8a4cd1-72f8-46c9-9e36-3891e4d4021c,
    CHR DefaultSearchKeyword: ChromeDefaultData2 -> www-searching.com
    CHR DefaultSuggestURL: ChromeDefaultData2 -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR Profile: C:\Users\Bugajski\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2017-02-12] <==== UWAGA
    C:\Users\Bugajski\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2
    OPR Extension: (Video Blocker) - C:\Users\Bugajski\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbnmojjbdecpijlgpddpengmogfbhnak [2015-12-15]
    OPR Extension: (Torrent Search) - C:\Users\Bugajski\AppData\Roaming\Opera Software\Opera Stable\Extensions\khmddhpjnnanhbjphobcnmaojmonnjib [2016-08-22]
    OPR Extension: (Adblocker for Youtube™) - C:\Users\Bugajski\AppData\Roaming\Opera Software\Opera Stable\Extensions\oiiphhgajcopkkkglmilkjfokamokgni [2017-02-11]
    R2 mykohuvi; C:\Program Files (x86)\4668addb-1059-474b-9d39-2e7850f056831486816342\kns5E18.tmp [384512 2017-02-12] () [Brak podpisu cyfrowego]
    R2 Shuviing; C:\Program Files (x86)\Clasertionreubadom\Doersycouwakcmm.dll [150016 2017-02-11] () [Brak podpisu cyfrowego]
    R2 gemeloki; C:\Program Files (x86)\4668addb-1059-474b-9d39-2e7850f056831486816342\prot4668addb-1059-474b-9d39-2e7850f05683.tmpfs [X]
    R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-10] (REALiX(tm))
    R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2017-02-12 19:25 - 2017-02-12 19:25 - 00115304 _____ C:\Users\Bugajski\Desktop\Extras.Txt
    2017-02-12 19:25 - 2017-02-12 19:25 - 00090756 _____ C:\Users\Bugajski\Desktop\OTL.Txt
    2017-02-12 19:16 - 2017-02-12 19:16 - 00602112 _____ (OldTimer Tools) C:\Users\Bugajski\Desktop\OTL.exe
    2017-02-12 18:26 - 2017-02-12 18:40 - 00000000 ____D C:\Users\Bugajski\AppData\Roaming\KuaiZip
    2017-02-12 18:24 - 2017-02-12 19:15 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-02-11 13:34 - 2017-02-12 17:31 - 00000000 ____D C:\Program Files\żěŃą
    2017-02-11 13:34 - 2017-02-11 20:06 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-02-11 13:32 - 2017-02-12 18:06 - 00000000 ____D C:\Program Files (x86)\Clasertionreubadom
    2017-02-11 13:32 - 2017-02-12 17:53 - 00000000 ____D C:\Program Files (x86)\4668addb-1059-474b-9d39-2e7850f056831486816342
    2017-02-11 13:32 - 2017-02-11 20:06 - 00000000 ____D C:\Users\Bugajski\AppData\Local\Salcult
    2017-02-11 13:32 - 2017-02-11 20:06 - 00000000 ____D C:\Program Files (x86)\Sterberph Controls
    2017-02-11 13:32 - 2017-02-11 15:57 - 00000000 ____D C:\Users\Bugajski\AppData\Roaming\Plpoentthvutain
    2017-02-11 13:32 - 2017-02-11 13:32 - 00006064 _____ C:\Windows\System32\Tasks\Sterberph Controls
    2017-02-11 13:32 - 2017-02-11 13:32 - 00003704 _____ C:\Windows\System32\Tasks\Cocather
    2017-02-11 13:32 - 2017-02-11 13:32 - 00000000 ____D C:\Users\Bugajski\AppData\Local\Atnotzelersh
    2017-02-12 18:23 - 2015-12-10 19:59 - 00000000 ____D C:\AdwCleaner
    2016-05-13 16:02 - 2016-05-13 16:02 - 0000048 ____H () C:\Program Files (x86)\owxuqp79mx.dat
    2016-07-12 13:23 - 2016-07-12 13:23 - 0000120 _____ () C:\Users\Bugajski\AppData\Roaming\c0abe761.dat
    2016-05-03 09:22 - 2016-05-03 09:22 - 0005120 _____ () C:\Users\Bugajski\AppData\Roaming\GiftBag.db
    2016-05-02 10:50 - 2016-05-02 10:50 - 1626777 _____ () C:\Users\Bugajski\AppData\Roaming\Keylam.tst
    2016-05-02 10:50 - 2016-05-02 10:50 - 0126464 _____ () C:\Users\Bugajski\AppData\Roaming\lobby.dat
    2016-05-03 10:09 - 2016-05-03 10:09 - 0008192 ___SH () C:\Users\Bugajski\AppData\Roaming\Thumbs.db
    2016-05-02 10:50 - 2016-05-02 10:50 - 0072717 _____ () C:\Users\Bugajski\AppData\Roaming\TinRuntough.tst
    2016-05-02 10:50 - 2016-05-02 10:50 - 0032038 _____ () C:\Users\Bugajski\AppData\Roaming\uninstall_temp.ico
    2016-07-20 14:50 - 2016-07-20 14:50 - 0000016 _____ () C:\ProgramData\mntemp
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 12 Lut 2017 20:08
    ketes
    Poziom 6  

    Ale narazie nic nie wyskakuje.

    0
  • #7 12 Lut 2017 20:15
    Kolobos
    Spec od komputerów

    Usun recznie te pliki z cyrylica w nazwie:
    C:\Users\Bugajski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
    C:\Users\Bugajski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk

    W Operze usun szkodliwe rozszerzenie: Video Blocker. Jezeli korzystasz z Opery to zainstaluj chociaz uBlock Origin (do innych przegladarek tez).

    Nowy Fixlist.txt dla FRST:
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll -> Brak pliku
    OPR Extension: (Video Blocker) - C:\Users\Bugajski\AppData\Roaming\Opera Software\Opera Stable\Extensions\fbnmojjbdecpijlgpddpengmogfbhnak [2017-02-12]


    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #8 12 Lut 2017 21:23
    ketes
    Poziom 6  

    Dzięki wielkie pomogło.
    Mam młodszego brata i ściąga jakieś badziewie.
    Pozdrawiam.

    0