Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Proszę o sprawdzenie FRST

ZielonyMajor 15 Lip 2018 13:50 162 7
  • #2 15 Lip 2018 13:58
    safbot1st
    Poziom 43  

    Podaję fixlist.txt:

    HKU\S-1-5-21-1649974807-2686405189-2755944314-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=190
    HKU\S-1-5-21-1649974807-2686405189-2755944314-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
    SearchScopes: HKLM -> DefaultScope {88F90220-29FC-427A-828A-0332A5154DA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {88F90220-29FC-427A-828A-0332A5154DA9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {8F4C355E-C898-46A9-9EB2-64E0B8AA62DE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {8F4C355E-C898-46A9-9EB2-64E0B8AA62DE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1649974807-2686405189-2755944314-1000 -> DefaultScope {8F4C355E-C898-46A9-9EB2-64E0B8AA62DE} URL =
    SearchScopes: HKU\S-1-5-21-1649974807-2686405189-2755944314-1000 -> {1B9B69F5-A5B5-4B52-910E-8279E01C3A7F} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
    SearchScopes: HKU\S-1-5-21-1649974807-2686405189-2755944314-1000 -> {C34C2D0C-F5BF-47C2-A3A3-639D9D79AB03} URL = hxxp://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
    BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL => Brak pliku
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100422161408.dll [2010-01-05] (McAfee, Inc.)




    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll => Brak pliku
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21] (Adobe Systems Incorporated)
    BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll => Brak pliku
    BHO-x32: ALLYouTubeDownloader -> {61DB16C5-B733-43F4-872E-B20DC9E72740} -> C:\Program Files (x86)\ALLYouTubeDownloader\ALLYouTubeDownloader.dll [2012-12-16] (ALLCinema Ltd.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100422161408.dll [2010-01-05] (McAfee, Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
    BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\progra~2\mcafee\sitead~1\mcieplg.dll => Brak pliku
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-22] (Sun Microsystems, Inc.)
    BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll [2011-02-09] (ALLCinema Ltd.)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll Brak pliku
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll Brak pliku
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll Brak pliku
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL Brak pliku
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL Brak pliku
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll Brak pliku
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Brak pliku
    FF Homepage: Mozilla\Firefox\Profiles\7qjz0l5b.default -> hxxp://www.gazeta.pl/0,0.html?p=190
    FF Extension: (System Table) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7qjz0l5b.default\Extensions\470116@modext.tech.xpi [2018-06-20]
    FF Extension: (Iplex to ALLPlayer) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7qjz0l5b.default\Extensions\IplextoALL@ALLPlayer.org [2018-04-10] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Extension: (ALLYouTubeDownloader) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7qjz0l5b.default\Extensions\YouTubetoALL@ALLPlayer.org [2018-04-10] [Przestarzałe] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [Brak pliku]
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [Brak pliku]
    CHR HomePage: Default -> hxxp://www.onet.pl/
    CHR StartupUrls: Default -> "hxxp://www.onet.pl/"
    CHR Extension: (Brak nazwy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip [2018-04-10]
    CHR Extension: (Brak nazwy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-07-14]
    S4 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2009-12-14] (McAfee, Inc.)
    S4 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2009-12-14] (McAfee, Inc.)
    S4 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2009-12-14] (McAfee, Inc.)
    S4 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2009-12-14] (McAfee, Inc.)
    S4 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2009-12-14] (McAfee, Inc.)
    S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2009-12-14] (McAfee, Inc.)
    S4 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2009-12-14] (McAfee, Inc.)
    R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199032 2010-01-05] (McAfee, Inc.)
    S4 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [244840 2010-01-05] (McAfee, Inc.)
    R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [148520 2010-01-05] (McAfee, Inc.)
    S4 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2009-12-14] (McAfee, Inc.)
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [X]
    S3 cfwids; C:\windows\System32\drivers\cfwids.sys [62416 2010-01-05] (McAfee, Inc.)
    S3 mfeapfk; C:\windows\System32\drivers\mfeapfk.sys [121504 2010-01-05] (McAfee, Inc.)
    R3 mfeavfk; C:\windows\System32\drivers\mfeavfk.sys [189880 2010-01-05] (McAfee, Inc.)
    R3 mfefirek; C:\windows\System32\drivers\mfefirek.sys [440688 2010-01-05] (McAfee, Inc.)
    R0 mfehidk; C:\windows\System32\drivers\mfehidk.sys [528232 2010-01-05] (McAfee, Inc.)
    R1 mfenlfk; C:\windows\System32\DRIVERS\mfenlfk.sys [75288 2010-01-05] (McAfee, Inc.)
    S3 mferkdet; C:\windows\System32\drivers\mferkdet.sys [93840 2010-01-05] (McAfee, Inc.)
    R0 mfewfpk; C:\windows\System32\drivers\mfewfpk.sys [279752 2010-01-05] (McAfee, Inc.)
    S3 Tosrfcom; Brak ImagePath
    2018-07-14 15:19 - 2008-02-10 10:22 - 000149656 _____ (Autodesk, Inc.) C:\Users\user\AppData\Local\Temp\AcDeltree.exe
    2018-04-06 23:37 - 2010-03-06 05:10 - 000346968 _____ (Microsoft Corporation) C:\Users\user\AppData\Local\Temp\MSNECFD.exe
    2018-05-17 16:33 - 2018-05-17 16:33 - 004346990 _____ (Napisy24.pl ) C:\Users\user\AppData\Local\Temp\Napisy24.exe
    ContextMenuHandlers1: [McCtxMenu] -> {01576F39-90DE-4D6E-A068-5B20C22BAAEE} => c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll -> Brak pliku
    ContextMenuHandlers6: [McCtxMenu] -> {01576F39-90DE-4D6E-A068-5B20C22BAAEE} => c:\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll -> Brak pliku
    C:\Program Files\Common Files\McAfee\
    c:\PROGRA~1\mcafee\
    c:\Program Files\mcafee\
    EmptyTemp:

    0
  • Pomocny post
    #4 16 Lip 2018 05:45
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    CloseProcesses:
    HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKU\S-1-5-21-1649974807-2686405189-2755944314-1000\...\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [3990528 2018-02-02] (Napisy24.pl)
    HKU\S-1-5-21-1649974807-2686405189-2755944314-1000\...\Run: [Napisy24.pl] => C:\Program Files (x86)\Napisy24\Napisy24.exe [7006208 2018-02-02] (Napisy24.pl)
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR HomePage: Default -> hxxp://www.onet.pl/
    CHR StartupUrls: Default -> "hxxp://www.onet.pl/"
    CHR Extension: (Brak nazwy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0 [2018-07-14]
    2018-07-14 23:28 - 2018-07-14 23:30 - 000000000 ____D C:\AdwCleaner
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    Po wykonaniu zamieść wygenerowany Fixlog.
    I na koniec wykonaj reset chrome w/g tego https://support.google.com/chrome/answer/3296214?hl=pl

    0
  • #5 16 Lip 2018 19:44
    ZielonyMajor
    Poziom 4  

    Zrobiłem zgodnie z instrukcją i znów wszystko jest jak powinno. W załączniku fixlog.
    Dzięki bardzo i pozdrawiam!

    0
  • Pomocny post
    #6 16 Lip 2018 20:03
    krzychupar
    Poziom 40  

    Usuń C:\FRST i zamknij temat.

    0
  • #7 16 Lip 2018 20:08
    ZielonyMajor
    Poziom 4  

    Zrobione, dzięki!

    0
  • #8 16 Lip 2018 20:14
    ZielonyMajor
    Poziom 4  

    Zrobione, dzięki!

    Dodano po 5 [minuty]:

    Po naprawie w FRST z drugim plikiem fixlist.txt i po zresetowaniu ustawień chrome złośliwe reklamy się już nie pojawiają.

    0