x-kom hosting

top-arama (podobieństwo yoursites)

zwyczajnyburak
utworzono
utworzono

Witam, mam podobny problem jak z yoursites, z tym że strona nazywa się top-arama. Podsyłam pliki z FRST.

Twój_Anioł_Stróż
komentarz
komentarz (edytowane)

1) Użyj >[url=http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner][b][color=blue]Adw-cleaner[/color][/b][/url]
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"

 

2) Otwórz Notatnik i wklej w nim:

2015-11-24 11:59 - 2015-11-24 11:59 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-24 11:59 - 2015-10-08 14:54 - 00000000 ____D C:\Users\oem\AppData\Roaming\TSv
2015-11-28 00:53 - 2015-10-08 14:54 - 00000000 ____D C:\Program Files (x86)\SFK
2015-11-24 11:59 - 2015-11-28 00:53 - 00000000 ____D C:\ProgramData\JWMiniProJ
2015-12-21 18:43 - 2015-12-21 20:43 - 00000001 _____ C:\Windows\SysWOW64\pl.html
R2 IhPul; C:\Users\oem\AppData\Roaming\TSv\TSvr.exe [580752 2015-11-23] (tsvr.com)
OPR Extension: (Sale Charger) - C:\Users\oem\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbomkegbickocickippcdaehfpjkioie [2015-06-05]
CHR Extension: (Sale Charger) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbomkegbickocickippcdaehfpjkioie [2015-06-06] [UpdateUrl: hxxp://cdn.salecharger.net/update] <==== UWAGA
CHR HomePage: Default -> s.piesearch.com/?type=chhp&from=chext
CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM"
CHR DefaultSearchURL: Default -> hxxp://do-search.com/web/?type=dspp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1
BHO-x32: Sale Charger -> {7a38e53c-e000-41e4-9b5a-47447db81c2b} -> C:\Program Files (x86)\Sale Charger\Extensions\7a38e53c-e000-41e4-9b5a-47447db81c2b.dll => Brak pliku
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433542513&z=10f2acd6eddd14a8273dc9bg5z1c1c3w5z1oewdebc&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433542513&z=10f2acd6eddd14a8273dc9bg5z1c1c3w5z1oewdebc&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433542513&z=10f2acd6eddd14a8273dc9bg5z1c1c3w5z1oewdebc&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433542513&z=10f2acd6eddd14a8273dc9bg5z1c1c3w5z1oewdebc&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms}
HKU\S-1-5-21-4173927088-283692545-3884366635-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=dspp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms}
HKU\S-1-5-21-4173927088-283692545-3884366635-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM
HKU\S-1-5-21-4173927088-283692545-3884366635-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM
HKU\S-1-5-21-4173927088-283692545-3884366635-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=dspp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=dspp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&ts=1433542588&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&ts=1433542588&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=dspp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&ts=1433542588&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> {F501BB8A-C171-4EE4-BCF3-14265136AD46} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&ts=1433542588&type=default&q={searchTerms}
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
Task: {4B3F7125-4157-4397-9DF4-D5226E09E98D} - System32\Tasks\{652D0533-BCAB-4F2F-A0CF-11D6F5EF0418} => pcalua.exe -a "C:\Users\oem\Desktop\Super Meat Boy\Super_Meat_Boy.exe" -d "C:\Users\oem\Desktop\Super Meat Boy"
Task: {4EF58E6C-6F17-4801-B120-61C3C7B603AD} - System32\Tasks\{4FB9B8B1-3DE8-4C0F-80AD-982482B1B216} => pcalua.exe -a C:\Users\oem\Downloads\pbsetup.exe -d C:\Users\oem\Downloads
ShortcutWithArgument: C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1
ShortcutWithArgument: C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1
ShortcutWithArgument: C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1
ShortcutWithArgument: C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\oem\Dane aplikacji:NT
AlternateDataStreams: C:\Users\oem\Dane aplikacji:NT2
AlternateDataStreams: C:\Users\oem\AppData\Roaming:NT
AlternateDataStreams: C:\Users\oem\AppData\Roaming:NT2
S1 qsafd_vt_1_10_0_20; system32\drivers\qsafd_vt_1_10_0_20.sys [X]
CHR Extension: (Smart Search) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj [2015-12-06]
C:\Program Files (x86)\Sale Charger
2015-12-08 22:50 - 2015-06-05 23:16 - 00000000 ____D C:\Program Files (x86)\MiuiTab
EmptyTemp:

Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe
Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW).

 

3) Napisz, czy problem znikł?

.

  • Dobra wypowiedź 1
zwyczajnyburak
komentarz
komentarz

Problem znikł. Zamieszczam jeszcze fixlog i plik z AdwCleanera.

Twój_Anioł_Stróż
komentarz
komentarz

Kończymy:

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk [b]Odinstaluj[/b] ([b]UNINSTALL[/b]).

.
zwyczajnyburak
komentarz
komentarz

Serdeczne dzięki za pomoc.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.