zwyczajnyburak utworzono 21 grudnia 2015 utworzono 21 grudnia 2015 Witam, mam podobny problem jak z yoursites, z tym że strona nazywa się top-arama. Podsyłam pliki z FRST.
Twój_Anioł_Stróż komentarz 21 grudnia 2015 komentarz 21 grudnia 2015 (edytowane) 1) Użyj >[url=http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner][b][color=blue]Adw-cleaner[/color][/b][/url] najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego. Pokaż raport z niego "C" 2) Otwórz Notatnik i wklej w nim: 2015-11-24 11:59 - 2015-11-24 11:59 - 0000098 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat 2015-11-24 11:59 - 2015-10-08 14:54 - 00000000 ____D C:\Users\oem\AppData\Roaming\TSv 2015-11-28 00:53 - 2015-10-08 14:54 - 00000000 ____D C:\Program Files (x86)\SFK 2015-11-24 11:59 - 2015-11-28 00:53 - 00000000 ____D C:\ProgramData\JWMiniProJ 2015-12-21 18:43 - 2015-12-21 20:43 - 00000001 _____ C:\Windows\SysWOW64\pl.html R2 IhPul; C:\Users\oem\AppData\Roaming\TSv\TSvr.exe [580752 2015-11-23] (tsvr.com) OPR Extension: (Sale Charger) - C:\Users\oem\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbomkegbickocickippcdaehfpjkioie [2015-06-05] CHR Extension: (Sale Charger) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbomkegbickocickippcdaehfpjkioie [2015-06-06] [UpdateUrl: hxxp://cdn.salecharger.net/update] <==== UWAGA CHR HomePage: Default -> s.piesearch.com/?type=chhp&from=chext CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM" CHR DefaultSearchURL: Default -> hxxp://do-search.com/web/?type=dspp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1 BHO-x32: Sale Charger -> {7a38e53c-e000-41e4-9b5a-47447db81c2b} -> C:\Program Files (x86)\Sale Charger\Extensions\7a38e53c-e000-41e4-9b5a-47447db81c2b.dll => Brak pliku HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433542513&z=10f2acd6eddd14a8273dc9bg5z1c1c3w5z1oewdebc&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433542513&z=10f2acd6eddd14a8273dc9bg5z1c1c3w5z1oewdebc&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433542513&z=10f2acd6eddd14a8273dc9bg5z1c1c3w5z1oewdebc&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433542513&z=10f2acd6eddd14a8273dc9bg5z1c1c3w5z1oewdebc&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms} HKU\S-1-5-21-4173927088-283692545-3884366635-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=dspp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms} HKU\S-1-5-21-4173927088-283692545-3884366635-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM HKU\S-1-5-21-4173927088-283692545-3884366635-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hppp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM HKU\S-1-5-21-4173927088-283692545-3884366635-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=dspp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms} SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=dspp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms} SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&ts=1433542588&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&ts=1433542588&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=dspp&ts=1433542580&z=1d63ff8c025c4b7fa434f11g8z4cacfwczdo8wam7e&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&q={searchTerms} SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&ts=1433542588&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-4173927088-283692545-3884366635-1000 -> {F501BB8A-C171-4EE4-BCF3-14265136AD46} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST500DM002-1BD142_Z3TDEGPMXXXXZ3TDEGPM&ts=1433542588&type=default&q={searchTerms} GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA Task: {4B3F7125-4157-4397-9DF4-D5226E09E98D} - System32\Tasks\{652D0533-BCAB-4F2F-A0CF-11D6F5EF0418} => pcalua.exe -a "C:\Users\oem\Desktop\Super Meat Boy\Super_Meat_Boy.exe" -d "C:\Users\oem\Desktop\Super Meat Boy" Task: {4EF58E6C-6F17-4801-B120-61C3C7B603AD} - System32\Tasks\{4FB9B8B1-3DE8-4C0F-80AD-982482B1B216} => pcalua.exe -a C:\Users\oem\Downloads\pbsetup.exe -d C:\Users\oem\Downloads ShortcutWithArgument: C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1 ShortcutWithArgument: C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1 ShortcutWithArgument: C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1 ShortcutWithArgument: C:\Users\oem\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?type=sc&ts=1443703210&uid=0f4d2d81-5ed5-422c-b7e8-e0b97625a3ad&pid=etc1 AlternateDataStreams: C:\ProgramData:NT AlternateDataStreams: C:\ProgramData:NT2 AlternateDataStreams: C:\Users\All Users:NT AlternateDataStreams: C:\Users\All Users:NT2 AlternateDataStreams: C:\ProgramData\Application Data:NT AlternateDataStreams: C:\ProgramData\Application Data:NT2 AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 AlternateDataStreams: C:\Users\oem\Dane aplikacji:NT AlternateDataStreams: C:\Users\oem\Dane aplikacji:NT2 AlternateDataStreams: C:\Users\oem\AppData\Roaming:NT AlternateDataStreams: C:\Users\oem\AppData\Roaming:NT2 S1 qsafd_vt_1_10_0_20; system32\drivers\qsafd_vt_1_10_0_20.sys [X] CHR Extension: (Smart Search) - C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj [2015-12-06] C:\Program Files (x86)\Sale Charger 2015-12-08 22:50 - 2015-06-05 23:16 - 00000000 ____D C:\Program Files (x86)\MiuiTab EmptyTemp: Plik zapisz pod nazwą [b]fixlist.txt[/b] i umieść obok FRST.exe Uruchom [b]FRST[/b] i kliknij przycisk [b]Fix[/b] (NAPRAW). 3) Napisz, czy problem znikł? . 1
zwyczajnyburak komentarz 21 grudnia 2015 Autor komentarz 21 grudnia 2015 Problem znikł. Zamieszczam jeszcze fixlog i plik z AdwCleanera.
Twój_Anioł_Stróż komentarz 21 grudnia 2015 komentarz 21 grudnia 2015 Kończymy: Otwórz Notatnik i wklej w nim: DeleteQuarantine: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW). przez SHIFT+DEL usuń pozostały folder C:\FRST. W Adw-Cleaner kliknij na przycisk [b]Odinstaluj[/b] ([b]UNINSTALL[/b]). .
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.