Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Przeglądarka odmawia posłuszeństwa - komputer robi co chce

omegan89 14 Cze 2018 20:47 171 6
  • #1 14 Cze 2018 20:47
    omegan89
    Poziom 16  

    Witam,

    Mam problem z moim laptopem. Problem polega na tym, że moja przeglądarka chrome odmawia posłuszeństwa, chcę wejść na daną stronę a otwiera się zupełnie inna strona, i jak jestem w wyszukiwarce google to treść wpisywana w wyszukiwarke wpisuje się gdzieś zupełnie w innym miejscu i jest jedna wielka masakra. Dlatego zwracam się do was z prośbą o pomoc. Poniżej przesyłam logi.

    Z góry bardzo dziękuję za pomoc.

    pozdrawiam

    0 6
  • CControls
  • #2 14 Cze 2018 21:03
    RADU23
    Moderator - Komputery Serwis

    Otwórz notatnik i wklej zawartość:

    Cytat:
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
    HKU\S-1-5-21-1506873379-4033535948-3962633191-1001\...\MountPoints2: {f0d34784-49ac-11e6-82aa-54a050c90e96} - "H:\setup.exe"
    HKU\S-1-5-21-1506873379-4033535948-3962633191-1001\...\MountPoints2: {f0d35e96-49ac-11e6-82aa-54a050c90e96} - "F:\autorun.exe"
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS541010A9E680_JD1003EZHNVABKHNVABKX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS541010A9E680_JD1003EZHNVABKHNVABKX&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS541010A9E680_JD1003EZHNVABKHNVABKX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS541010A9E680_JD1003EZHNVABKHNVABKX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1506873379-4033535948-3962633191-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) <==== UWAGA


    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    Wykonaj kopię zakładek i następnie reset Chrome =>
    https://www.tech-sas.pl/reset-google-chrome/

    0
  • CControls
  • #4 14 Cze 2018 21:40
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Advanced SystemCare 10
    Booking.com version 1.2.0.0
    ByteFence Anti-Malware
    YAC(Yet Another Cleaner!)

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    ContextMenuHandlers1-x32: [WinZipper] -> {4F622628-7632-4B28-B184-D7BA0CA3273B} => -> Brak pliku
    ContextMenuHandlers4: [WinZipper] -> {4F622628-7632-4B28-B184-D7BA0CA3273B} => -> Brak pliku
    ContextMenuHandlers6-x32: [WinZipper] -> {4F622628-7632-4B28-B184-D7BA0CA3273B} => -> Brak pliku
    Task: {2ACB41BC-3C56-48E6-9291-D26203CF0021} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-07-20] (Byte Technologies LLC) <==== UWAGA
    Task: {3466B904-CD03-48F6-9E90-14B128E6BAC5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {39855F8F-D1F3-4DBE-B880-BA7765692EFC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {48E5E7BB-FD9C-4BDC-9DBD-055CD00E095B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {75F697B3-5471-4079-8CF4-B2DEB5171719} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {76BF2F04-421B-490D-A82A-1653C2B3974E} - System32\Tasks\Opera scheduled Autoupdate 1449909648 => C:\Program Files (x86)\Opera\launcher.exe [2018-05-23] (Opera Software)
    Task: {7F55E066-EA01-471E-B5A1-ECF232B27F31} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {89DA9EB3-93D8-4880-A4E1-1C835136CA1C} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-07-20] (Byte Technologies LLC) <==== UWAGA
    Task: {8D84AFF8-4457-419F-87A8-3B12E8A2807C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {9CCF8A98-77E3-4F42-B813-9576F5FF98F7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {AB2EED23-F49C-4C57-A6DB-9143357A98C6} - \CCleanerSkipUAC -> Brak pliku <==== UWAGA
    Task: {AD58F674-DE47-42BC-BB91-C28A4FAAC539} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {E1324C68-86C7-4D3A-935B-B99D42A6B1D0} - System32\Tasks\Booking_helper => C:\PROGRA~2\Booking.com\BOOKIN~2.EXE
    Task: {ED050BF8-1DB1-4D75-BDE7-4E10EB72DE94} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {F72782CF-14E7-4D45-8EF9-675AF3E54443} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {FAA63C5D-1E03-4D1D-811E-97221330CE3A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\Booking_helper.job => C:\PROGRA~2\Booking.com\BOOKIN~2.EXE




    ShortcutWithArgument: C:\Users\dom\Desktop\zdjecia\jazda\Przeglądarka Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://tech-connect.biz/?ssid=1474287474&a=1107362&src=sh&uuid=d881782d-17b0-47d2-9105-a1e3844feaa8,1474287430720"
    ShortcutWithArgument: C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://tech-connect.biz/?ssid=1474287474&a=1107362&src=sh&uuid=d881782d-17b0-47d2-9105-a1e3844feaa8,1474287430720"
    Hosts:
    (Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    (Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    () C:\Program Files\ByteFence\rsLggr.exe
    HKU\S-1-5-21-1506873379-4033535948-3962633191-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3076896 2016-10-31] (IObit)
    HKU\S-1-5-21-1506873379-4033535948-3962633191-1001\...\RunOnce: [Uninstall 18.065.0329.0002\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\dom\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64"
    HKU\S-1-5-21-1506873379-4033535948-3962633191-1001\...\RunOnce: [Uninstall 18.065.0329.0002] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\dom\AppData\Local\Microsoft\OneDrive\18.065.0329.0002"
    HKU\S-1-5-21-1506873379-4033535948-3962633191-1001\...\MountPoints2: {f0d34784-49ac-11e6-82aa-54a050c90e96} - "H:\setup.exe"
    HKU\S-1-5-21-1506873379-4033535948-3962633191-1001\...\MountPoints2: {f0d35e96-49ac-11e6-82aa-54a050c90e96} - "F:\autorun.exe"
    AutoConfigURL: [S-1-5-21-1506873379-4033535948-3962633191-1001] => hxxp://non-block.net/wpad.dat?73b2f7d2b3c116d6ef4778ee6c09c99716782070
    ManualProxies: 0hxxp://non-block.net/wpad.dat?73b2f7d2b3c116d6ef4778ee6c09c99716782070
    RemoveProxy:
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS541010A9E680_JD1003EZHNVABKHNVABKX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS541010A9E680_JD1003EZHNVABKHNVABKX&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS541010A9E680_JD1003EZHNVABKHNVABKX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=14...XHTS541010A9E680_JD1003EZHNVABKHNVABKX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1506873379-4033535948-3962633191-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    Edge HomeButtonPage: HKU\S-1-5-21-1506873379-4033535948-3962633191-1001 -> hxxp://www.yoursites123.com/?type=hp&ts=1...id=HGSTXHTS541010A9E680_JD1003EZHNVABKHNVABKX
    FF user.js: detected! => C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\tub6ab0x.default\user.js [2016-11-08]
    FF Homepage: Mozilla\Firefox\Profiles\tub6ab0x.default -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=5919d0cec75e788ae90efa5g2z0m6bew4b9taocm9m
    FF NewTab: Mozilla\Firefox\Profiles\tub6ab0x.default -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=5919d0cec75e788ae90efa5g2z0m6bew4b9taocm9m
    FF Extension: (xRocket Toolbar) - C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\tub6ab0x.default\Extensions\arthurj8283@gmail.com [2016-11-08] [Przestarzałe] [Brak podpisu cyfrowego]
    C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\tub6ab0x.default\Extensions\arthurj8283@gmail.com
    FF SearchPlugin: C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\tub6ab0x.default\searchplugins\nice.xml [2016-11-08]
    FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\tub6ab0x.default\extensions\arthurj8283@gmail.com
    CHR HomePage: Default -> hxxp://www.luckysearch123.com?type=hp&ts=...;z=3b2b35a769ba4cbf096f8b0g2z2bezae4c5oemat5m
    C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhgmphkclmdooedjaakilimgmchieb
    CHR Extension: (PjrKal) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmdhgmphkclmdooedjaakilimgmchieb [2017-08-22]
    C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfjjbbaambllcjddmieboppacefphbfc
    CHR Extension: (Sessions) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfjjbbaambllcjddmieboppacefphbfc [2016-12-15]
    CHR Extension: (All Your Dreams) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmnipijmdeakgolboiciceajdldcaldo [2017-07-28]
    C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmnipijmdeakgolboiciceajdldcaldo
    R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-10-14] (IObit)
    S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [297288 2018-04-11] (Byte Technologies LLC.)
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) <==== UWAGA
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
    2018-05-25 22:45 - 2016-07-14 11:48 - 000000000 ____D C:\Program Files\ByteFence
    2016-01-08 08:14 - 2016-01-08 08:14 - 000000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-08-20 14:06 - 2018-06-14 20:29 - 000000093 _____ () C:\Users\dom\AppData\Roaming\sp_data.sys
    C:\Program Files (x86)\Elex-tech\

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 14 Cze 2018 22:14
    RADU23
    Moderator - Komputery Serwis

    Jeszcze taki fixlist wykonaj:

    Cytat:
    HKU\S-1-5-21-1506873379-4033535948-3962633191-1001\...\MountPoints2: {f0d34784-49ac-11e6-82aa-54a050c90e96} - "H:\setup.exe"
    2018-06-14 21:50 - 2018-06-14 21:53 - 000000000 ____D C:\AdwCleaner

    0
  • #7 14 Cze 2018 22:17
    Kolobos
    Spec od komputerów

    Do Fixlist.txt dodaj jeszcze:
    C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmnipijmdeakgolboiciceajdldcaldo
    CHR Extension: (All Your Dreams) - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmnipijmdeakgolboiciceajdldcaldo [2018-06-14]
    Task: {4F70D1FB-330E-4EC1-A3D9-51B8579EC8A2} - \Opera scheduled Autoupdate 1449909648 -> Brak pliku <==== UWAGA

    Jezeli rozszerzenie nie usunie sie z Chrome to usun katalog profilu przegladarki oraz dane synchronizacji z konta google.

    Usun katalog C:\FRST i to wszystko.

    0