Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Win 10 home + Chrome - Uciążliwe przekierowania, reklamy

Cit3k 13 Kwi 2017 22:55 285 7
  • #1 13 Kwi 2017 22:55
    Cit3k
    Poziom 8  

    Witam,
    Posiadam, jak wielu użytkowników tego forum, problem z pojawiającymi się reklamami w trakcie korzystania z Google Chrome. Komputer przeskanowany Malwarebaytes, Dr. Web Cureit! oraz AdwCleaner'em.

    Przedstawiam logi z FRST:

    0 7
  • Pomocny post
    #2 14 Kwi 2017 06:07
    krzychupar
    Poziom 41  

    Otwórz notatnik systemowy i wklej:

    CustomCLSID: HKU\S-1-5-21-2241850949-3697104203-1772488043-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Arek\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2241850949-3697104203-1772488043-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Arek\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2241850949-3697104203-1772488043-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Arek\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Brak pliku
    Task: {11462A66-90BA-46FB-95D5-FC819C49D9A8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {1B2933F6-A907-4631-A5C3-A47DCDACDD80} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {3097A81A-402C-4EF1-B266-929CE15E99CE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {3F380C1B-1766-42A6-A099-13EC1E5368B7} - System32\Tasks\{B7AFAA8A-5FAF-4BDC-B44D-EDA62487DBC2} => pcalua.exe -a "C:\Users\Arek\Downloads\The Sims Crack\The Sims\Setup.exe" -d "C:\Users\Arek\Downloads\The Sims Crack\The Sims"
    Task: {5E3135BE-14B8-4E20-9BB9-21BCDE863614} - System32\Tasks\{B6CC0753-5FDD-43E1-BAF2-DF60401226E6} => pcalua.exe -a "C:\Program Files (x86)\Steam\bin\steamservice.exe" -d "C:\Program Files (x86)\Steam" -c /installscript "C:\Program Files (x86)\Steam\steamapps\common\raceroom racing experience\runasadmin.vdf" 211500
    Task: {67C79377-1B49-4064-B011-7785F53E7EC1} - System32\Tasks\{3EE2687E-71F0-4917-A31E-2499334BA8B8} => pcalua.exe -a E:\Launch.exe -d E:\
    Task: {704BC98C-962B-4CB5-90D3-E502F32EA3F3} - System32\Tasks\{ADDC018D-7205-4E54-948D-84862F78C60E} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\SubEdit-Player\subedit.exe"
    Task: {85F961B4-CA62-44F2-8165-370D1E7B6992} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {8D951CAF-F01D-4F7F-BF46-929D355B7425} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {95E61689-B578-4007-A2CB-490C964AD4F0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {A3F28F82-E354-4896-9692-FB234BC1F851} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {A6D0E7D2-2FDF-4CFE-9481-321B48F84711} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {BD93373B-508E-4F3B-8C5D-D1B00E3691EC} - System32\Tasks\{2C2CD2B3-23D5-4871-B2C2-D49D4C4B64FB} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\SubEdit-Player\codec\ac3filter\ac3config.exe"
    Task: {D948C4A6-3772-4FE3-942D-666348717A1D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA




    Task: {EDB5EAAE-E61D-4FD5-AE49-490F6CE1CFC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {F2063659-EC93-46EF-9837-B1F729A5EB6B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {FC38D5D4-D8A2-4BF1-8B64-1A7033A9C657} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {FF9E6DA4-67B6-46E0-9AA2-18D93424B98F} - System32\Tasks\{FD274ACA-4785-444D-971E-451C385C4E5B} => pcalua.exe -a C:\Users\Arek\Downloads\subedit+codecpack_b4072_install.exe -d C:\Users\Arek\Downloads
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\MountPoints2: {2b8daf12-019c-11e7-9c84-18037380580f} - "E:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\MountPoints2: {51827286-6f82-11e6-9c29-18037380580f} - "E:\autorun.exe"
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\MountPoints2: {5182728d-6f82-11e6-9c29-18037380580f} - "E:\autorun.exe"
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\MountPoints2: {74a75da2-eca4-11e6-9c83-18037380580f} - "E:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\MountPoints2: {f5ec467d-21ae-11e6-9c0a-18037380580f} - "E:\autorun.exe"
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    GroupPolicy\User: Ograniczenia <======= UWAGA
    SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2241850949-3697104203-1772488043-1001 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Brak pliku
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [nie znaleziono]
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku]
    U3 idsvc; Brak ImagePath
    2017-04-13 21:46 - 2017-04-13 22:27 - 00000000 ____D C:\AdwCleaner
    2017-04-13 21:24 - 2017-04-13 21:24 - 00000000 ____D C:\Users\Arek\Doctor Web
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze obok FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    Po wykonaniu zamieść nowe logi z FRST.

    0
  • #4 14 Kwi 2017 07:06
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-2241850949-3697104203-1772488043-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Arek\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2241850949-3697104203-1772488043-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Arek\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2241850949-3697104203-1772488043-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Arek\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Brak pliku
    Task: {11462A66-90BA-46FB-95D5-FC819C49D9A8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {1B2933F6-A907-4631-A5C3-A47DCDACDD80} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {3097A81A-402C-4EF1-B266-929CE15E99CE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {3F380C1B-1766-42A6-A099-13EC1E5368B7} - System32\Tasks\{B7AFAA8A-5FAF-4BDC-B44D-EDA62487DBC2} => pcalua.exe -a "C:\Users\Arek\Downloads\The Sims Crack\The Sims\Setup.exe" -d "C:\Users\Arek\Downloads\The Sims Crack\The Sims"
    Task: {5E3135BE-14B8-4E20-9BB9-21BCDE863614} - System32\Tasks\{B6CC0753-5FDD-43E1-BAF2-DF60401226E6} => pcalua.exe -a "C:\Program Files (x86)\Steam\bin\steamservice.exe" -d "C:\Program Files (x86)\Steam" -c /installscript "C:\Program Files (x86)\Steam\steamapps\common\raceroom racing experience\runasadmin.vdf" 211500
    Task: {67C79377-1B49-4064-B011-7785F53E7EC1} - System32\Tasks\{3EE2687E-71F0-4917-A31E-2499334BA8B8} => pcalua.exe -a E:\Launch.exe -d E:\
    Task: {704BC98C-962B-4CB5-90D3-E502F32EA3F3} - System32\Tasks\{ADDC018D-7205-4E54-948D-84862F78C60E} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\SubEdit-Player\subedit.exe"
    Task: {85F961B4-CA62-44F2-8165-370D1E7B6992} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {8D951CAF-F01D-4F7F-BF46-929D355B7425} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {95E61689-B578-4007-A2CB-490C964AD4F0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {A3F28F82-E354-4896-9692-FB234BC1F851} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {A6D0E7D2-2FDF-4CFE-9481-321B48F84711} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {BD93373B-508E-4F3B-8C5D-D1B00E3691EC} - System32\Tasks\{2C2CD2B3-23D5-4871-B2C2-D49D4C4B64FB} => pcalua.exe -a C:\windows\system32\pcwrun.exe -c "C:\Program Files (x86)\SubEdit-Player\codec\ac3filter\ac3config.exe"
    Task: {D05D9AA4-F492-4571-9DC2-8AD5D5457C9E} - System32\Tasks\{6F5FAD79-D0BF-4815-9F13-1E5ECA368278} => C:\Program Files (x86)\SubEdit-Player\subedit.exe [2008-11-30] (Artur Sikora)
    Task: {D948C4A6-3772-4FE3-942D-666348717A1D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
    Task: {EDB5EAAE-E61D-4FD5-AE49-490F6CE1CFC5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {F2063659-EC93-46EF-9837-B1F729A5EB6B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {F8807677-B343-48BB-ADE2-B7C8A91D98AE} - System32\Tasks\{B945710E-CB2D-4314-B852-2AFF16C4309F} => C:\Program Files (x86)\SubEdit-Player\subedit.exe [2008-11-30] (Artur Sikora)
    Task: {FC38D5D4-D8A2-4BF1-8B64-1A7033A9C657} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {FF9E6DA4-67B6-46E0-9AA2-18D93424B98F} - System32\Tasks\{FD274ACA-4785-444D-971E-451C385C4E5B} => pcalua.exe -a C:\Users\Arek\Downloads\subedit+codecpack_b4072_install.exe -d C:\Users\Arek\Downloads
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\Run: [GoogleChromeAutoLaunch_0A01E58E7C4A04A5C96F62A2ABF82ADB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-29] (Google Inc.)
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\MountPoints2: {2b8daf12-019c-11e7-9c84-18037380580f} - "E:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\MountPoints2: {51827286-6f82-11e6-9c29-18037380580f} - "E:\autorun.exe"
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\MountPoints2: {5182728d-6f82-11e6-9c29-18037380580f} - "E:\autorun.exe"
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\MountPoints2: {74a75da2-eca4-11e6-9c83-18037380580f} - "E:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2241850949-3697104203-1772488043-1001\...\MountPoints2: {f5ec467d-21ae-11e6-9c0a-18037380580f} - "E:\autorun.exe"
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    GroupPolicy\User: Ograniczenia <======= UWAGA
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => Brak pliku
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [nie znaleziono]
    CHR Extension: (Strait of Hormuz) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhhbhnecfiglphccncjmcgkmmnkcingm [2017-03-31]
    CHR Extension: (One) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olonepdliekllagcdgmlbihgcplinegj [2016-11-20]
    CHR Extension: (Facebook - Delete My Timeline) - C:\Users\Arek\AppData\Local\Google\Chrome\User Data\Default\Extensions\olpgdigakalagbnckjmnhajofccbbeaf [2016-07-13]
    2017-04-13 21:46 - 2017-04-13 22:27 - 00000000 ____D C:\AdwCleaner
    2017-03-16 14:56 - 2017-03-16 14:56 - 00000000 __SHD C:\found.004

    0
  • Pomocny post
    #6 14 Kwi 2017 07:25
    Kolobos
    Spec od komputerów

    Nowe logi sa zbedne, czy problem nadal wystepuje?

    0
  • #7 14 Kwi 2017 07:28
    Cit3k
    Poziom 8  

    Jest ok. Dziękuję bardzo.

    0
  • #8 14 Kwi 2017 07:29
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST na koniec.

    0