Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Wyskakująca strona po uruchomieniu przeglądarki.

adak140 13 Kwi 2018 16:23 213 4
  • #1 13 Kwi 2018 16:23
    adak140
    Poziom 8  

    Mam ten sam problem pomoże ktoś?

    Wydzieliłem jako nowy temat. Nie podpinaj się pod cudze wątki. Powoduje to bałagan na forum.
    Dodatkowo przypominam że kolegę również obowiązują zasady pisowni =>
    3.1.13. Dbaj o poprawność językową i zachowuj zasady netykiety. Nie wysyłaj wiadomości z których trudno wywnioskować co ich autor chciał przekazać.
    RADU23

    0 4
  • #2 13 Kwi 2018 19:02
    safbot1st
    Poziom 43  

    adak140 napisał:
    mam ten sam problem pomoże ktoś

    No:
    Code:

    HKLM-x32\...\Run: [NPSStartup] => [X]
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\...\Run: [Robert] => explorer.exe hxxp://exinariuminix.info <==== UWAGA
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\...\MountPoints2: I - I:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\...\MountPoints2: L - L:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\...\MountPoints2: {0887f2aa-518a-11e2-a447-d43d7e334f4b} - H:\setup.exe
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\...\MountPoints2: {532a63d3-cd0b-11e6-bf82-d43d7e334f4b} - K:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\...\MountPoints2: {532a6433-cd0b-11e6-bf82-d43d7e334f4b} - I:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\...\MountPoints2: {57f3f28c-9e1b-11e7-a9c3-d43d7e334f4b} - L:\AutoRun.exe
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\...\MountPoints2: {fa1d9bbe-bed3-11e6-b511-d43d7e334f4b} - K:\HiSuiteDownLoader.exe
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.comoestamos.com/search/
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.comoestamos.com/search/
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wp.pl/




    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-3553970612-2790493833-353556131-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
    URLSearchHook: HKU\S-1-5-21-3553970612-2790493833-353556131-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    URLSearchHook: HKU\S-1-5-21-3553970612-2790493833-353556131-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    SearchScopes: HKLM-x32 -> {76434FE2-B79A-4DFE-A374-D716B8B03CF7} URL = hxxp://www.comoestamos.com/search/searchgoogle.asp?q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-3553970612-2790493833-353556131-1004 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    SearchScopes: HKU\S-1-5-21-3553970612-2790493833-353556131-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3553970612-2790493833-353556131-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR StartupUrls: Default -> "hxxps://tvnwarszawa.tvn24.pl/"
    CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR HKU\S-1-5-21-3553970612-2790493833-353556131-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3553970612-2790493833-353556131-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    CHR crx: C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\default_apps\docs.crx [2018-03-20]
    CHR crx: C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\default_apps\drive.crx [2018-03-20]
    CHR crx: C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\default_apps\gmail.crx [2018-03-20]
    CHR crx: C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\default_apps\youtube.crx [2018-03-20]
    U3 an06t9vo; C:\Windows\System32\Drivers\an06t9vo.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 ALSysIO; \??\C:\Users\Robcio\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA
    S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
    S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
    S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
    S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 MSICDSetup; \??\G:\CDriver64.sys [X]
    S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
    S3 NTIOLib_1_0_C; \??\G:\NTIOLib_X64.sys [X]
    S3 VComm; system32\DRIVERS\VComm.sys [X]
    S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Users\Robcio\AppData\Local\Temp\tmpA89D.tmp [X] <==== UWAGA
    2012-12-22 20:29 - 2009-05-22 18:50 - 000092672 _____ (Option^Explicit Software                        vbtechcd(malpa)gmail.com) C:\Users\Robcio\KillBox.exe
    2016-01-26 20:38 - 2009-05-22 18:50 - 000092672 _____ (Option^Explicit Software                        vbtechcd(malpa)gmail.com) C:\Users\Robert.Robcio-Komputer\KillBox.exe
    2017-10-09 20:28 - 2017-10-09 21:04 - 000005120 _____ () C:\Users\Robert.Robcio-Komputer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    Task: {688C1736-3F5C-48E4-8026-6106D2B9683D} - System32\Tasks\Robert => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Robert /t REG_SZ /d "explorer.exe hxxp://exinariuminix.info" <==== UWAGA
    Task: {4A9B175A-0767-4CA8-9104-71218BBCF574} - System32\Tasks\Driver Booster SkipUAC (Robcio) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    Task: {500AD645-B08E-4362-9447-F6F1DDF23058} - System32\Tasks\{92BD5008-C751-4184-8EAA-265E89897B97} => C:\Windows\system32\pcalua.exe -a C:\Users\Robcio\Downloads\Dance3D\Install.exe -d C:\Users\Robcio\Downloads\Dance3D
    Task: {688C1736-3F5C-48E4-8026-6106D2B9683D} - System32\Tasks\Robert => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Robert /t REG_SZ /d "explorer.exe hxxp://exinariuminix.info" <==== UWAGA
    Task: {6B8D5BD3-484D-41FD-A8F6-32B095158796} - System32\Tasks\{227C1A8A-C341-4FDE-820A-4FE0688634D6} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -c -runfromtemp -l0x0015 -removeonly
    Task: {7AC009F7-1B42-44D4-8BB6-ABB9F1ABE3E7} - System32\Tasks\{845E3A57-83CE-47ED-AB47-F4BDC780F048} => C:\Windows\system32\pcalua.exe -a E:\Setup.exe -d E:\Task: {C6A48533-4013-41D4-B888-1E06EA84B18D} - System32\Tasks\RobertUpsurgedBoxingsV2 => rundll32.exe CitifyEnable.dll,main 7 1 <==== UWAGA
    Task: {C6A48533-4013-41D4-B888-1E06EA84B18D} - System32\Tasks\RobertUpsurgedBoxingsV2 => rundll32.exe CitifyEnable.dll,main 7 1 <==== UWAGA
    Task: {E614BE10-73FD-459A-B202-8B9550EDFE44} - System32\Tasks\{9F9F9338-5FEA-4C2C-BB0E-BC319B7E8303} => C:\Windows\system32\pcalua.exe -a "C:\Users\Robcio\Downloads\driver_for_3476_5743_5744\driver for 3476 5743 5744\Setup_.exe" -d "C:\Users\Robcio\Downloads\driver_for_3476_5743_5744\driver for 3476 5743 5744"
    EmptyTemp:

    0
  • #3 13 Kwi 2018 20:04
    adak140
    Poziom 8  

    Można krok po kroku co dalej z tym robić?

    0
  • Pomocny post
    #4 14 Kwi 2018 11:46
    safbot1st
    Poziom 43  

    Nawet nie zadałeś sobie trudu, zobaczyć jak to trzeba zrobić w temacie, pod który sam się podłączyłeś.
    Otwórz notatnik i wklej do niego zielony kod, zapisz jako fixlist.txt w folderze, w którym masz FRST.exe.
    Włącz FRST, ale zamiast "Skanuj" wybierz "Napraw".

    0
  • #5 16 Kwi 2018 16:00
    adak140
    Poziom 8  

    Wykonano według opisu i pomogło. Dziękuje. p.s. nie jestem polonistą.

    0