• Ogłoszenie:

Dziwne przekierowania, wyskakujące reklamy - problem

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Dziwne przekierowania, wyskakujące reklamy - problem

Postprzez Zeta 30 Maj 2017, 22:31

reklama
Mam problem z tym od paru dni. Próbowałem usunąć różnymi sposobami lecz nic nie pomogło.
Załączniki
Shortcut.txt
(64.13 KiB) Ściągnięto 102 razy
FRST.txt
(110.11 KiB) Ściągnięto 93 razy
Addition.txt
(125.09 KiB) Ściągnięto 96 razy
Awatar użytkownika
Zeta
~user
 
Posty: 6
Dołączenie: 19 Lut 2015, 11:34



Dziwne przekierowania, wyskakujące reklamy - problem

Postprzez ordynat 31 Maj 2017, 08:11

Nie widzę tu żadnej infekcji, żadnego "reklamiarza".

Tylko kosmetyka:
Uruchom FRST. NA klawiaturze naciśnij jednocześnie CTRL+Y.Otworzy się Notatnik - wklej do niego:
CustomCLSID: HKU\S-1-5-21-3086553108-3716728113-2037818846-1000_Classes\CLSID\{58E3122F-80C9-D3C1-079D-1C1B93993628}\InprocServer32 -> Brak ścieżki do pliku
Task: {0FDA4688-01F7-4BBF-85CF-BF5AF880C2F1} - System32\Tasks\{301C89D9-E7D3-4E44-B14A-A644F13E0940} => pcalua.exe -a E:\Software\ASUS\LiveUpdate\XP32_Vista32_Vista64_Win7_32_Win7_64_2.5.9\Setup.exe -d E:\Software\ASUS\LiveUpdate\XP32_Vista32_Vista64_Win7_32_Win7_64_2.5.9 -c -s -f2c:\setup.log
Task: {10145744-AFEE-477C-A231-A8819ABD858D} - System32\Tasks\{3CD836E4-6421-4262-A142-F3E90CD2AA23} => pcalua.exe -a E:\Software\ASUS\LiveUpdate\XP32_Vista32_Vista64_Win7_32_Win7_64_2.5.9\Setup.exe -d E:\Software\ASUS\LiveUpdate\XP32_Vista32_Vista64_Win7_32_Win7_64_2.5.9 -c -s -f2c:\setup.log
Task: {1671E2FF-15C0-4BB3-A185-DD1FB2043790} - System32\Tasks\{37B68DB4-06BB-4077-8D85-71ADFAFA5650} => pcalua.exe -a "C:\Users\kermit1987\Desktop\AVAST Software\Avast\chrome\ChromeInst.exe" -d "C:\Users\kermit1987\Desktop\AVAST Software\Avast\chrome"
Task: {1A987EAB-CB48-4725-AC0C-CC39F1F7EB20} - System32\Tasks\{AD230079-63DD-4AED-82B1-2E85B6915AE9} => pcalua.exe -a "D:\Air Conflicts\Air Conflicts.exe" -d "D:\Air Conflicts"
Task: {21703DD3-23F9-43C9-9DCA-D23EA3DB229E} - System32\Tasks\{E23E6F4B-8A19-44D8-B730-CDE8EC255E86} => pcalua.exe -a E:\DirectX9\dxsetup.exe -d E:\DirectX9
Task: {279DC931-BCAC-4CFE-87ED-1E80E23A1061} - System32\Tasks\{5AC89ABE-7BA9-4EE1-A5B2-921AEEAF9018} => pcalua.exe -a D:\LODE2\Uninstal.exe -d D:\LODE2
Task: {284B1C0B-C76B-4C6E-8790-2F05EFE086A4} - Brak ścieżki do pliku
Task: {2B900C7B-A222-4378-A911-7A638864E51E} - System32\Tasks\{FCD0F84E-B86E-44D0-A40C-3BD28DA7FE4D} => pcalua.exe -a "C:\Program Files\Orange\Total Connection Manager\uninstall.exe" -d "C:\Program Files\Orange\Total Connection Manager\Driver\InstXP"
Task: {2CEA0539-DAB7-4D8F-BD7F-20FC5A20A200} - System32\Tasks\{ADFE5044-12AA-41BE-875B-1450815B8C1B} => pcalua.exe -a E:\startuj.exe -d E:\
Task: {4318C73A-1872-4573-A395-B127921A1EDF} - System32\Tasks\{A4745195-333F-4A46-8310-A84FCA936C7C} => pcalua.exe -a C:\Users\kermit1987\Desktop\Win7Vista_64_152258.exe -d C:\Users\kermit1987\Desktop
Task: {4F950F3A-912C-4C60-9AEE-FC11EE87FF4A} - System32\Tasks\{D78FA42D-C3AC-466F-AE1B-F2A31C360CE1} => pcalua.exe -a C:\Users\kermit1987\AppData\Roaming\key-find\UninstallManager.exe -c -ptid=exp
Task: {4FA7C225-EE4D-4C9B-AD48-6601343394A3} - System32\Tasks\{B5F877D1-CE37-48E8-9B8A-71736E06E71E} => pcalua.exe -a "C:\Users\kermit1987\Desktop\Need for Speed Most Wanted\eauninstall.exe" -d "C:\Users\kermit1987\Desktop\Need for Speed Most Wanted"
Task: {54F85883-EAFF-408D-9EDF-0D8F3295B3A9} - System32\Tasks\{7A9919E0-C075-4692-A9A4-1DCDFFF60767} => pcalua.exe -a E:\Software\ASUS\LiveUpdate\XP32_Vista32_Vista64_Win7_32_Win7_64_2.5.9\Setup.exe -d E:\Software\ASUS\LiveUpdate\XP32_Vista32_Vista64_Win7_32_Win7_64_2.5.9 -c -s -f2c:\setup.log
Task: {61899383-B1FE-43F7-A095-9FF68AAE5882} - System32\Tasks\{DA3F8855-ABA9-4664-9CD6-2CF9D3E1A093} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{DB858BBA-104E-40DD-BDC0-A12391F67C2E}\setup.exe" -c -runfromtemp -l0x0015
Task: {6559C2EE-B659-415A-94D5-3D526752BC78} - System32\Tasks\{5D96DC6B-E66C-4665-8D8B-89CBAC1B6831} => pcalua.exe -a "F:\Moje Gryy\Dawn of War S\Soulstorm.exe" -d "F:\Moje Gryy\Dawn of War S"
Task: {6985AB79-34CA-4593-A0FC-50590A3BB94E} - System32\Tasks\{5108F31B-9F65-4688-A8C9-CC428A29C503} => pcalua.exe -a "D:\Dawn of War S\Soulstorm.exe" -d "D:\Dawn of War S\"
Task: {88C0CBA0-5344-4C68-86EF-24C77E1E2735} - System32\Tasks\{0A3F6530-7370-42A0-B4E4-C7F42A29288E} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {8D732C1C-C3CA-4FAC-9BDF-701C5A1E4888} - System32\Tasks\{DE64B75F-6A29-4FD4-97C9-651A0FB798A8} => pcalua.exe -a "G:\Moje Gryy\Air Conflicts\Air Conflicts.exe" -d "G:\Moje Gryy\Air Conflicts"
Task: {8FB95AAA-5A5C-4F2B-AC17-4299D459A2F2} - System32\Tasks\{6AF40FCD-1AB8-4E5D-BF9E-421C3C158C62} => pcalua.exe -a "D:\Air Conflicts\Air Conflicts.exe" -d "D:\Air Conflicts"
Task: {90261D36-489F-47FF-B65C-4422FCB7F61A} - System32\Tasks\{44AD1E73-28B3-4EC1-A4DB-C2C6B7BEBF39} => pcalua.exe -a "C:\Users\kermit1987\Desktop\Hamachi 1.0.3.0 PL.exe" -d C:\Users\kermit1987\Desktop
Task: {92DA454E-91F8-4E5D-8356-7E5AB84B3AB6} - Brak ścieżki do pliku
Task: {9BEDED96-85AC-4D36-9EE8-0FC4BFD15659} - System32\Tasks\{1CF4C952-61BC-4E48-A4F0-5982CE2ED3DA} => pcalua.exe -a C:\Users\kermit1987\Desktop\Win64_152820.exe -d C:\Users\kermit1987\Desktop
Task: {ABB165BE-AF85-47D4-8494-6A6FACE1125E} - System32\Tasks\{B0A3AC2E-3A97-4245-996B-C6318EBEAE84} => pcalua.exe -a E:\Software\ASUS\LiveUpdate\XP32_Vista32_Vista64_Win7_32_Win7_64_2.5.9\Setup.exe -d E:\Software\ASUS\LiveUpdate\XP32_Vista32_Vista64_Win7_32_Win7_64_2.5.9 -c -s -f2c:\setup.log
Task: {ACBF25BE-7E97-4781-9EC9-8BC77FF0B8B7} - System32\Tasks\{F47DFE01-A195-4DBA-A447-C7A78AB2BD46} => pcalua.exe -a "H:\Windows Media Player\dlimport.exe" -d "H:\Windows Media Player"
Task: {AF7ED937-A927-4CC1-9C28-8AAE213E026D} - System32\Tasks\{712D01BF-644C-476C-8A11-D8F15BF16F51} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{B4FD3F41-E90C-4A3E-AADF-F2FB64CF2E42}\setup.exe" -c -runfromtemp -l0x0015
Task: {B4704122-C208-44B5-91C1-0E999EA90261} - System32\Tasks\{7F296C23-C56C-4AE0-BF64-FBC9AA9FA768} => pcalua.exe -a C:\Users\kermit1987\Desktop\Win7Vista_152258.exe -d C:\Users\kermit1987\Desktop
Task: {BAE2125A-4D33-4A41-A006-8BA62E483A81} - System32\Tasks\{5FADE275-2E2F-4A39-8D7A-93CCE1D091B0} => pcalua.exe -a E:\setup.exe -d E:\
Task: {C63B7772-6A3F-4FFE-AC54-788E289AE4E0} - System32\Tasks\{AE3959B8-78C5-447B-882C-3FE255C11BEC} => pcalua.exe -a "C:\Users\kermit1987\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D7LYEY3D\avast_free_antivirus_setup_online.exe" -d C:\Users\kermit1987\Desktop
Task: {C80A4AA1-6CA5-4203-A618-47033E3373B1} - System32\Tasks\{82145922-1DE2-44DA-B5A4-5441F1385857} => pcalua.exe -a "F:\Massive Assault\ma_map_brimstone.exe" -d "F:\Massive Assault"
Task: {CCE1A003-992E-484C-8E01-EDAB3F3B14EB} - System32\Tasks\{EC7521E3-E479-4E57-863D-9457BF25F9C4} => pcalua.exe -a E:\startuj.exe -d E:\
Task: {D4203204-0665-44B9-8EA5-F8F68ADFF7BC} - System32\Tasks\{1C141A02-5FC8-49CD-ADD4-B2AC165821B3} => pcalua.exe -a E:\startuj.exe -d E:\
Task: {E4A49B1D-0FFE-4965-9993-D6951322A4D0} - System32\Tasks\{C3A9A091-ECFC-4D77-80F6-5E046B209C49} => pcalua.exe -a "F:\Massive Assault - z ptchem\ma_map_brimstone.exe" -d "F:\Massive Assault - z ptchem"
Task: {E9B723D4-0E04-4EA0-933E-D38E5ED92846} - System32\Tasks\{2D027395-859C-4DB0-B97B-284887315414} => pcalua.exe -a E:\startuj.exe -d E:\
Task: {EF44A20A-29E3-403B-B6B9-FDC76259D8DE} - System32\Tasks\{59B6955E-7CC7-47DA-A594-9DA8D735D25F} => pcalua.exe -a E:\Aplikacje\setup.exe -d E:\Aplikacje
Task: {FDF809F4-F048-4A9C-A39D-5E5750B1EA03} - System32\Tasks\{F3857FAD-CEAA-49D7-B9E2-8EAC30384777} => pcalua.exe -a "F:\Massive Assault - z ptchem\ma_map_emerald.exe" -d "F:\Massive Assault - z ptchem"
FirewallRules: [{7A4B61EC-9FBC-47F3-B9DD-D6A27CC879EB}] => (Allow) D:\droid4x\download\MiniThunderPlatform.exe
FirewallRules: [{F167A000-914E-48AE-AA34-85FE98FEFE86}] => (Allow) D:\droid4x\download\MiniThunderPlatform.exe
FirewallRules: [TCP Query User{27980E09-C2B3-48F5-AC2A-2C510F3D4A7E}C:\users\kermit1987\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Block) C:\users\kermit1987\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [UDP Query User{B0AEDB0C-25D5-4932-BA88-C9154828A488}C:\users\kermit1987\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Block) C:\users\kermit1987\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
GroupPolicy: Ograniczenia - Windows Defender <======= UWAGA
DeleteKey: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
FF Plugin HKU\S-1-5-21-3086553108-3716728113-2037818846-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\kermit1987\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [Brak pliku]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\440938042.cfg [2017-05-27] <==== UWAGA
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-12-07] <==== UWAGA
S3 CLMirrorDriver; system32\DRIVERS\CLMirrorDriver.sys [X]
S3 cpuz138; \??\C:\Users\KERMIT~1\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== UWAGA
S3 gzflt; \??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [X]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
U3 tmlwf; Brak ImagePath
U3 tmwfp; Brak ImagePath
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
2016-02-28 22:19 - 2016-02-28 22:19 - 8003072 _____ () C:\Users\kermit1987\AppData\Roaming\agent.dat
RemoveDirectory: C:\Users\kermit1987\AppData\Roaming\HaiYuInst
2016-02-28 22:18 - 2016-02-28 22:18 - 0127488 _____ () C:\Users\kermit1987\AppData\Roaming\Installer.dat
2016-02-28 22:19 - 2016-02-28 22:19 - 0018432 _____ () C:\Users\kermit1987\AppData\Roaming\Main.dat
2014-06-19 10:49 - 2014-06-19 10:49 - 0000024 _____ () C:\Users\kermit1987\AppData\Roaming\temp.ini
C:\Users\Default\Desktop\CyberLink Power2Go.lnk
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).
ordynat
~user
 
Posty: 4765
Dołączenie: 02 Kwi 2010, 11:18
Pochwały: 866




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 18 gości