Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Adware na firefox (banery)

kris_1313 24 Sie 2017 12:54 453 2
  • Pomocny post
    #2 24 Sie 2017 13:52
    Kolobos
    Spec od komputerów

    Odinstaluj: One System Care

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {67C99E6B-FF29-481C-89F6-7AE737BCA847} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-24] ()
    Task: {AD55251E-7C8A-4E11-90C3-E63CF5B63F71} - System32\Tasks\{308BC180-758E-4F2D-A867-D5E3E80940B0} => C:\Windows\system32\pcalua.exe -a E:\Start.exe -d E:\
    Task: {BDA5B367-9D92-49A9-9880-DB4429C794C1} - System32\Tasks\{7E050C47-080C-050C-7811-050C047D1178} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwAgACAAIAA7ADsAOwAgADsAIAAgACAAOwAgADsAOwAgADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAA (dane wartości zawierają 10104 znaków więcej). <==== UWAGA
    Task: {BF52ED7C-CFC4-4AE3-A411-F3125D17B0C8} - System32\Tasks\{71195F11-4B16-47E0-9441-C01F32B4FDCB} => C:\Windows\system32\pcalua.exe -a D:\DirectX9\DXSETUP.exe -d D:\DirectX9
    Task: {C20B3AB0-898D-44B9-8FAE-43FB2FB120F0} - System32\Tasks\stable Task => C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE
    C:\Users\User\Desktop\progsy\Моzillа Firеfох.lnk
    Shortcut: C:\Users\User\Desktop\progsy\Моzillа Firеfох.lnk -> C:\Program Files (x86)\HPTiger\TigerStarter.exe (Brak pliku) <==== Cyrillic
    Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\HPTiger\TigerStarter.exe (Brak pliku) <==== Cyrillic
    C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
    Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\HPTiger\TigerStarter.exe (Brak pliku) <==== Cyrillic
    C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\HPTiger\TigerStarter.exe (Brak pliku) <==== Cyrillic
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxNb3ppbGxhIEZpcmVmb3hcZmlyZWZveC5leGU= aHR0cDovL3F3YXJ5bXBhc2YucnUv <==== Cyrillic




    C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2755504 2016-08-27] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2755504 2016-08-27] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-21-3047399254-2158649823-1455272432-1001\...\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [3709896 2015-11-04] (Napisy24.pl)
    HKU\S-1-5-21-3047399254-2158649823-1455272432-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2755504 2016-08-27] (Microsoft Corporation) <==== UWAGA
    HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2755504 2016-08-27] (Microsoft Corporation) <==== UWAGA
    Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-08-05]
    ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\User\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe (Brak pliku)
    GroupPolicy: Ograniczenia <==== UWAGA
    URLSearchHook: [S-1-5-80-4287524181-3401991209-718407576-1481970793-3068686015] UWAGA => Brak domyślnego URLSearchHook
    FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ynnjdmm.default\user.js [2017-07-12]
    FF Extension: (Tables) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ynnjdmm.default\Extensions\300414@extcorp.com.xpi [2017-08-23]
    C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0ynnjdmm.default\Extensions\300414@extcorp.com.xp
    S4 HPTiger Service; C:\Program Files (x86)\HPTiger\HPTigerSrv.exe [X]
    R1 wfcre; C:\Windows\System32\drivers\wfcre.sys [124288 2017-07-04] ()
    2017-08-24 12:01 - 2017-08-24 12:01 - 000024526 _____ C:\Windows\System32\Tasks\{7E050C47-080C-050C-7811-050C047D1178}
    2017-08-24 12:01 - 2017-08-24 12:01 - 000003566 _____ C:\Windows\System32\Tasks\stable Task
    2017-08-24 12:06 - 2016-02-23 20:01 - 000000000 ____D C:\AdwCleaner
    2017-06-16 03:01 - 2017-06-16 03:01 - 000000048 ____H () C:\Program Files (x86)\l0jp1nnvo4.dat
    C:\Users\User\hsqlprefs.dat

    Po wykonaniu sprawdz czy problem nadal wystepuje. Jezeli tak to zalacz nowe logi z FRST, ze skanowania oraz podaj, ktorej przegladarki to dotyczy. Jezeli nie to usun katalog C:\FRST i to wszystko.

    0
  • #3 24 Sie 2017 15:41
    kris_1313
    Poziom 6  

    Wszystko w porządku :)

    0