Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak pozbyć się wyskakujących reklam? ADWCleaner nie pomaga

Kara93 21 Paź 2018 18:23 135 5
  • #2 21 Paź 2018 18:43
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    Task: {24F00503-A176-4585-B979-8E44A6E471D0} - \Online Application V2G4 -> Brak pliku <==== UWAGA
    Task: {2BF63E5F-07E3-4EE9-93B8-EB0D4F6F9716} - \Online Application V2G3 -> Brak pliku <==== UWAGA
    Task: {309B52EF-B9FC-4C33-A2E6-BD936C391F47} - System32\Tasks\cFos\Registration Tasks\Open Browser => c:\program files (x86)\google\chrome\application\chrome.exe "hxxp://localhost:1487/cfosspeed/slot.htm"
    Task: {515578D1-0BA9-4DB6-81DE-74543BEAAC81} - \Online Application V2G1 -> Brak pliku <==== UWAGA
    Task: {595632CE-08C0-4AB4-B0AC-1B1A66B55607} - \Online Application V2G2 -> Brak pliku <==== UWAGA
    Task: {8BAC4450-5DFC-4D47-8F63-8FFA138026D1} - \gkNqfjNoNlLfJVmHB2 -> Brak pliku <==== UWAGA
    Task: {9107F4EF-4365-4C8F-9EA7-8ED891AE3D16} - \Online Application V2G6 -> Brak pliku <==== UWAGA
    Task: {9A50F257-4CE4-4D80-8F5B-DBA462A1984A} - \yKMtMHoPoUUExsP2 -> Brak pliku <==== UWAGA
    Task: {9A6944A3-2CF3-43D4-A08B-59F28BC7B6E1} - \Online Application V2G5 -> Brak pliku <==== UWAGA
    Task: {9BFD2A81-2401-4D7C-9C96-B8CE062C4789} - \eVSrriCnrZQlODxsGDB2 -> Brak pliku <==== UWAGA
    Task: {9E6B5759-6CE6-4661-B806-CE084A210D04} - \Updater_Online_Application -> Brak pliku <==== UWAGA
    Task: {BA2C2F4B-91B5-49E3-A3B2-14B6F5FE0045} - \xdbGJPONaKkXIL -> Brak pliku <==== UWAGA
    Task: {FBCA015B-7A5E-4C80-B066-ADA0BC99AB02} - System32\Tasks\CastVPN => "cmd" /c sc stop CastVPN & sc start CastVPN"
    ShortcutWithArgument: C:\Users\Damian\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://elamini.ru/?utm_source=startlink03&utm_content=2a4d25e041eea337aee94692c1693fa1&utm_term=EB7F881AE2D3971E4BDA4136E32F006C&utm_d=20180215"
    ShortcutWithArgument: C:\Users\Damian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811550"
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2523929006-4012201428-3024620391-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...Ca-Zu9eeBxXSwDuwxYs_tCFSqE_f40cHLZeA,,&q={searchTerms}




    HKU\S-1-5-21-2523929006-4012201428-3024620391-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=834423
    HKU\S-1-5-21-2523929006-4012201428-3024620391-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2523929006-4012201428-3024620391-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B4F6A678F-7EA1-44DE-A722-AB2D12E444CB%7D&gp=811610
    SearchScopes: HKU\S-1-5-21-2523929006-4012201428-3024620391-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2523929006-4012201428-3024620391-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B4F6A678F-7EA1-44DE-A722-AB2D12E444CB%7D&gp=811610
    FF Homepage: Mozilla\Firefox\Profiles\uvt9idt6.default -> hxxps://inline.go.mail.ru/homepage?inline_comp=hp&inline_hp_cnt=11956636
    FF NewTab: Mozilla\Firefox\Profiles\uvt9idt6.default -> file:///C:/ProgramData/Quoteexs/ff.NT
    FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\uvt9idt6.default\Extensions\homepage@mail.ru.xpi [2018-09-15]
    FF Extension: (Поиск Mail.Ru) - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\uvt9idt6.default\Extensions\search@mail.ru.xpi [2018-09-15]
    FF Extension: (Пульт) - C:\Users\Damian\AppData\Roaming\Mozilla\Firefox\Profiles\uvt9idt6.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}.xpi [2018-09-15]
    CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=811141","hxxp://mail.ru/cnt/10445?gp=811138","hxxp://www.gazeta.pl/0,0.html?p=190","hxxp://mail.ru/cnt/10445?gp=811560"
    CHR DefaultSearchURL: Default -> hxxps://inline.go.mail.ru/search?inline_comp=dse&q={searchTerms}&fr=chxtn12.0.42
    CHR DefaultSearchKeyword: Default -> inline.go.mail.ru
    CHR DefaultSuggestURL: Default -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\homnophpjlhlpaglnfpomcambjmgceem [2018-09-09] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fppjhfcgnalgfiimdflmikpifodndljf] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gbnhehnpnbiioheicppmmmjaekcdfigc] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gcnfpjoimnmmdiokmpaebcacnnpdifbn] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hnainbefehfglngmjpbmilfmlbmicacf] - hxxps://clients2.google.com/service/update2/crx
    R2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
    R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-06-25] () [Brak podpisu cyfrowego] <==== UWAGA
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2018-09-15 12:54 - 2018-09-16 00:22 - 000000000 ____D C:\Users\Damian\AppData\Local\WServices
    2018-09-15 12:54 - 2018-09-15 12:58 - 000000000 ____D C:\Users\Damian\AppData\Local\Mail.Ru
    2018-09-15 12:54 - 2018-09-15 12:58 - 000000000 ____D C:\Program Files (x86)\Mail.Ru
    2018-09-15 12:54 - 2018-09-15 12:54 - 000000000 ____D C:\Users\Damian\Downloads\cheat-2018-
    2018-09-15 12:54 - 2018-09-15 12:54 - 000000000 ____D C:\Users\Damian\AppData\Roaming\Smart Application Controller
    2018-09-15 12:54 - 2018-09-15 12:54 - 000000000 ____D C:\ProgramData\Mail.Ru
    2018-09-15 12:54 - 2018-08-26 21:05 - 000000000 ____D C:\ProgramData\Driver Foundation Visions VHG
    2018-09-09 20:30 - 2018-09-11 22:15 - 000000000 ____D C:\ProgramData\vAtgRIojrOIejiVB
    2018-09-09 20:29 - 2018-09-09 20:41 - 000000000 ____D C:\Users\Damian\AppData\Roaming\xave0kbjrkc
    2018-09-09 20:29 - 2018-09-09 20:41 - 000000000 ____D C:\Program Files\5I46U3ZU8T
    2018-09-09 20:25 - 2018-09-09 20:42 - 000000000 __SHD C:\ProgramData\uqhqnwvukzj
    2018-09-09 20:22 - 2018-09-09 20:28 - 001413120 _____ C:\Users\Damian\AppData\Local\sham.db
    2018-09-09 20:22 - 2018-09-09 20:22 - 007781888 _____ C:\Users\Damian\AppData\Local\agent.dat
    2018-09-09 20:22 - 2018-09-09 20:22 - 002297856 _____ (TODO: <Company name>) C:\Users\Damian\AppData\Local\Runstock.exe
    2018-09-09 20:22 - 2018-09-09 20:22 - 002297856 _____ (TODO: <Company name>) C:\Users\Damian\AppData\Local\Redhatlax.exe
    2018-09-09 20:22 - 2018-09-09 20:22 - 002018963 _____ C:\Users\Damian\AppData\Local\Redhatlax.tst
    2018-09-09 20:22 - 2018-09-09 20:22 - 001895382 _____ C:\Users\Damian\AppData\Local\Istop.bin
    2018-09-09 20:22 - 2018-09-09 20:22 - 000278510 _____ C:\Users\Damian\AppData\Local\Runstock.tst
    2018-09-09 20:22 - 2018-09-09 20:22 - 000140800 _____ C:\Users\Damian\AppData\Local\installer.dat
    2018-09-09 20:22 - 2018-09-09 20:22 - 000126464 _____ C:\Users\Damian\AppData\Local\noah.dat
    2018-09-09 20:22 - 2018-09-09 20:22 - 000070896 _____ C:\Users\Damian\AppData\Local\Config.xml
    2018-09-09 20:22 - 2018-09-09 20:22 - 000005568 _____ C:\Users\Damian\AppData\Local\md.xml
    2018-09-09 21:16 - 2018-09-09 16:28 - 000000821 _____ () C:\ProgramData\gaqdfvcejz.vbs
    2018-09-09 21:16 - 2018-09-09 15:42 - 000603352 _____ (Alexander Roshal) C:\ProgramData\nfyserqa.exe
    2018-09-09 20:24 - 2018-09-09 20:24 - 001121781 _____ () C:\ProgramData\sdfser.exe
    2018-08-26 21:03 - 2018-04-30 14:00 - 001677824 _____ (Igor Pavlov) C:\Users\Damian\AppData\Roaming\7z.dll
    2018-08-26 21:04 - 2018-04-30 14:00 - 000461824 _____ (Igor Pavlov) C:\Users\Damian\AppData\Roaming\7z.exe
    2018-02-17 10:59 - 2018-02-21 00:40 - 000000181 _____ () C:\Users\Damian\AppData\Roaming\default.rss
    2018-02-21 00:39 - 2018-02-21 00:39 - 000000000 _____ () C:\Users\Damian\AppData\Roaming\downloads.m3u
    2018-08-26 21:05 - 2018-09-06 12:12 - 003138921 _____ () C:\Users\Damian\AppData\Roaming\updates.7z
    2018-09-09 20:22 - 2018-09-09 20:22 - 007781888 _____ () C:\Users\Damian\AppData\Local\agent.dat
    2018-09-09 20:22 - 2018-09-09 20:22 - 000070896 _____ () C:\Users\Damian\AppData\Local\Config.xml
    2018-09-09 20:22 - 2018-09-09 20:22 - 000140800 _____ () C:\Users\Damian\AppData\Local\installer.dat
    2018-09-09 20:22 - 2018-09-09 20:22 - 001895382 _____ () C:\Users\Damian\AppData\Local\Istop.bin
    2018-09-09 20:22 - 2018-09-09 20:22 - 000005568 _____ () C:\Users\Damian\AppData\Local\md.xml
    2018-09-09 20:22 - 2018-09-09 20:22 - 000126464 _____ () C:\Users\Damian\AppData\Local\noah.dat
    2018-09-09 20:22 - 2018-09-09 20:22 - 002297856 _____ (TODO: <Company name>) C:\Users\Damian\AppData\Local\Redhatlax.exe
    2018-09-09 20:22 - 2018-09-09 20:22 - 002018963 _____ () C:\Users\Damian\AppData\Local\Redhatlax.tst
    2018-09-11 22:53 - 2018-09-11 22:53 - 000000017 _____ () C:\Users\Damian\AppData\Local\resmon.resmoncfg
    2018-09-09 20:22 - 2018-09-09 20:22 - 002297856 _____ (TODO: <Company name>) C:\Users\Damian\AppData\Local\Runstock.exe
    2018-09-09 20:22 - 2018-09-09 20:22 - 000278510 _____ () C:\Users\Damian\AppData\Local\Runstock.tst
    2018-09-09 20:22 - 2018-09-09 20:28 - 001413120 _____ () C:\Users\Damian\AppData\Local\sham.db
    2018-09-09 20:22 - 2018-09-09 20:22 - 000032038 _____ () C:\Users\Damian\AppData\Local\uninstall_temp.ico
    2018-03-03 18:15 - 2018-03-03 18:15 - 000000002 _____ () C:\Users\Damian\AppData\Local\WMI.ini
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #5 21 Paź 2018 19:29
    krzychupar
    Poziom 40  

    W logach jest czysto, usuń C:\FRST i zamknij temat.

    0
  • #6 21 Paź 2018 22:38
    RADU23
    Moderator - Komputery Serwis

    @Kara93
    Wykonaj jeszcze taki fixlist:

    Cytat:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
    BHO-x32: Search(malpa)Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Damian\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll => Brak pliku
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Damian\AppData\Local\Google\Chrome\User Data\Default\Extensions\homnophpjlhlpaglnfpomcambjmgceem [2018-09-09] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]

    0