Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Mozilla Firefox i gamereleasedate.info/spage

VenomGS 14 Kwi 2017 15:15 474 1
  • #1 14 Kwi 2017 15:15
    VenomGS
    Poziom 2  

    Przy starcie Firefox'a wyskakuje mi strona gamereleasedate.info/spage
    Proszę o pomoc w usunięciu tego dziadostwa.
    Podaje logi z FRST64.

    0 1
  • Pomocny post
    #2 14 Kwi 2017 15:26
    Kolobos
    Spec od komputerów

    Albo Avira albo Comodo, jeden program odinstaluj i nigdy nie instaluj dwoch!

    Wykonaj Fixlist.txt dla FRST:
    Task: {14F8D131-175A-4E5D-9CE8-1C6ED0CCCFBC} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E924EF6F-F44F-4461-8A4E-F3BCD7112B1B}.exe <==== UWAGA
    Task: {19C601B0-A449-4C4D-8CD4-017E2EDF8C2F} - System32\Tasks\{86F2F4B5-3F84-4CCA-B0D8-F3B00A054384} => pcalua.exe -a "D:\chomikbox\gry\nhl 09\plh.exe" -d "D:\chomikbox\gry\nhl 09"
    Task: {2AB8896E-D511-4AA8-A689-378E85CC4359} - System32\Tasks\{715B6810-0D5E-4055-A2A2-A5E8BCE5A948} => pcalua.exe -a F:\Call.Of.Duty.5.World.At.War.FULLRip-KaOs\Install.exe -d F:\Call.Of.Duty.5.World.At.War.FULLRip-KaOs
    Task: {3406D6C5-D876-4540-826D-5E0D398A7889} - System32\Tasks\{156F9D53-80A2-4255-B7ED-DC7953E19C7D} => pcalua.exe -a C:\Users\profesor\Downloads\gfwlivesetup.exe -d C:\Users\profesor\Downloads
    Task: {5E30855F-1A9C-49EC-B671-DD9590DFCFDC} - System32\Tasks\{143F3474-689F-44A2-A365-8394D54770B0} => D:\Program Files (x86)\Ubisoft\Driver San Francisco\Driver.exe
    Task: {6BDBBA29-E37B-4101-99B6-7D8B89DC9D80} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{CB48157C-68E2-4EAE-A35F-DBA1CA2412A6}.exe <==== UWAGA
    Task: {81BE1E6E-C138-45ED-B894-28C249FE9E34} - System32\Tasks\{BAF35E11-2DC2-42E0-8463-4F43C4D7505A} => pcalua.exe -a C:\Users\profesor\Downloads\flvplayer_setup_[www.programosy.pl].exe -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {822FE524-D99F-4CE9-B599-D2DF91505CFF} - System32\Tasks\{695E8149-4874-423A-A96E-581081F7AFC4} => pcalua.exe -a G:\install.exe -d G:\
    Task: {8D44D149-4528-4FE8-930F-8B078A0D58D9} - System32\Tasks\profesor => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v profesor /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== UWAGA
    Task: {8F1F56F5-7FB3-400A-AF75-1A82E2CA0BFC} - System32\Tasks\{C0932877-2AC8-4E6C-A2E3-18F5F096A5F7} => pcalua.exe -a "D:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Windows\RO2Redist.exe" -d "D:\Program Files (x86)\Steam\SteamApps\common\Red Orchestra 2\Binaries\Windows"
    Task: {8F2DC96E-DBB7-43C9-8726-ED2912C8964B} - System32\Tasks\{387669E6-3FCD-44FC-9128-752AADEBD665} => pcalua.exe -a "G:\Nowy folder\542708-001-install-utility-b.exe" -d "G:\Nowy folder"
    Task: {93744519-54EC-49FC-9ED9-E447F39176F5} - System32\Tasks\venom - 14-01-2015 => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBCore.exe [2014-12-25] (Nero AG)
    Task: {C9A182DC-884D-4DB2-A9D4-943EDFD1B95B} - System32\Tasks\{77128683-B9E6-4B42-B8B6-E3363601044E} => pcalua.exe -a "d:\Program Files (x86)\Ubisoft\Ivory Tower\The Crew (Worldwide)\Support\InsHelper.exe" -c CallUplayProtocol Uninstall 413
    Task: {E1904FF5-BFA3-463F-9760-5A7D8382B419} - System32\Tasks\{84FC9A91-70B2-463F-A2D6-48739A99850C} => pcalua.exe -a "C:\Program Files (x86)\Delta\delta\1.8.8.8\GUninstaller.exe" -c -uprtc -key "delta"




    Task: {E2252079-BFF2-4DCD-9795-4CE0C7B41A7D} - System32\Tasks\{EB5ED8AC-E577-44CF-9D94-70BAE53394AE} => pcalua.exe -a C:\Users\profesor\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=cvs <==== UWAGA
    Task: {F7D93235-5AA0-43E9-AE89-9592F27D2278} - System32\Tasks\{FF597410-B0C0-4F15-86C8-30BFB6020342} => pcalua.exe -a C:\Users\profesor\Downloads\P17X_SupportPack_2_6.exe -d C:\Users\profesor\Downloads
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{CB48157C-68E2-4EAE-A35F-DBA1CA2412A6}.exe <==== UWAGA
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E924EF6F-F44F-4461-8A4E-F3BCD7112B1B}.exe <==== UWAGA
    HKU\S-1-5-21-1443638989-2860599587-1063304672-1000\...\Run: [profesor] => explorer.exe hxxp://kb-ribaki.org <===== UWAGA
    HKU\S-1-5-21-1443638989-2860599587-1063304672-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-1443638989-2860599587-1063304672-1000\...\MountPoints2: {043c84e1-3b9e-11e1-bf0d-bcaec5593680} - G:\starter.exe
    HKU\S-1-5-21-1443638989-2860599587-1063304672-1000\...\MountPoints2: {a61f5c2f-d5fc-11e2-bd11-bcaec5593680} - G:\SETUP.EXE
    HKU\S-1-5-18\...\Run: [DevconDefaultDB] => C:\Windows\system32\READREG /SILENT /FAIL=1
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
    HKU\S-1-5-21-1443638989-2860599587-1063304672-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
    HKU\S-1-5-21-1443638989-2860599587-1063304672-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
    HKU\S-1-5-21-1443638989-2860599587-1063304672-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1443638989-2860599587-1063304672-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR DefaultSearchURL: Default -> hxxp://www.yd.delta-search.com/?q={searchTerms}&affID=117023&tt=230113_srchyd_0413_1&babsrc=SP_ss&mntrId=aa508029000000000000bcaec5593680
    CHR DefaultSearchKeyword: Default -> yd.delta-search.com
    CHR Extension: (Avira Browser Safety) - C:\Users\profesor\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-03-30]
    CHR HKLM-x32\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files (x86)\StartSearch plugin\startsplg.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    S3 Sony Ericsson PCCompanion; "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe" [X]
    S2 tuquzini; C:\Users\profesor\AppData\Roaming\VOPackage\nss1D1D.tmpfs [X]
    S3 wxpSvc; C:\Program Files (x86)\webcamXP 5\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV [X] <==== UWAGA
    S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
    2013-06-26 14:44 - 2014-06-25 13:56 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    2011-09-15 18:39 - 2011-06-09 12:03 - 0143240 _____ (Ask.com) C:\Program Files (x86)\Common Files\ApnStub.exe

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0