bzyko1916 Opublikowano 1 Października 2014 Zgłoś Udostępnij Opublikowano 1 Października 2014 Witam, Niestety ale problem z niechcianymi reklamami mam również na drugim komputerze. Uprzejmię proszę o pomoc. Z góry dziękuje, Pozdrawiam. Extras.Txt OTL.Txt Addition.txt FRST.txt Shortcut.txt Odnośnik do komentarza
picasso Opublikowano 2 Października 2014 Zgłoś Udostępnij Opublikowano 2 Października 2014 Wdróż następujące działania: 1. Otwórz Notatnik i wklej w nim: CloseProcesses: R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-14] (APN LLC.) S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-22] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-22] (BonanzaDeals) S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-16] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-16] (globalUpdate) [File not signed] R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-16] (Fuyu LIMITED) [File not signed] Task: {1918ED80-B514-42D0-9C09-296DBD49B40E} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-3 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-3.exe [2014-09-16] (home) Task: {37B913C4-B89D-4300-8D14-0DE14F5CBD34} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-1 => C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-codedownloader.exe [2014-09-16] (home) Task: {44B759DF-578E-4C34-A4DA-6237FE9E7B79} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-4 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-4.exe [2014-09-16] (home) Task: {46359AF1-9F2D-4F7A-820E-F6EC31330ACD} - System32\Tasks\5f5c1887-7282-49a1-9f9a-421c8f6a508c => C:\Program Files (x86)\TheHDvid-Codec V10\5f5c1887-7282-49a1-9f9a-421c8f6a508c.exe [2014-09-16] () Task: {50B546FA-3D3D-4B82-80FC-2D965F15BDD3} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5_user => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5.exe [2014-09-16] (home) Task: {5ECB2F44-CA5A-4E4C-B96E-A6BCA981433C} - System32\Tasks\BonanzaDealsUpdate => C:\Program Task: {710ACE3C-6CD0-41EE-99A9-DA18680D11FE} - System32\Tasks\FTdownloader V4.0-updater => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-updater.exe [2013-10-18] (installdaddy) Task: {7191534E-9094-40DC-978A-421E4C2B857F} - System32\Tasks\Update Bonanza => C:\Users\Samsung\AppData\Roaming\UpdateBonanza\UpdateProc\UpdateTask.exe Task: {77D86B1B-E003-4CB7-BC94-23F8DB28D1F7} - System32\Tasks\Digital Sites => C:\Users\Samsung\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe Task: {8EE53436-0C5F-4544-99E9-3CFC5759ADF8} - System32\Tasks\DigitalSite => C:\Users\Samsung\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe Task: {A025987E-000B-4B70-B1E7-7E1E9065E3FE} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-16] (globalUpdate) Task: {A61AD63B-6C1D-4484-831C-5A5F07E90BEC} - System32\Tasks\Bonanza => C:\Users\Samsung\AppData\Roaming\Bonanza\UpdateProc\UpdateTask.exe Task: {C1F8E1D9-51F2-4603-A725-A2DA7B9324B6} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-2 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-2.exe [2014-09-16] (home) Task: {C60E3E83-0968-4F87-8415-DBFD48A83D59} - System32\Tasks\FTdownloader V4.0-codedownloader => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exe [2013-10-18] (installdaddy) Task: {CD2FFC2B-FF74-472C-800F-F2252D395FDC} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5.exe [2014-09-16] (home) Task: {E1CEAD6D-9EB5-40A4-8770-1FEACCD9AA02} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-7 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-7.exe [2014-09-16] (home) Task: {E46B65D5-2D2D-423C-9611-28D3B88586DD} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-09-16] (globalUpdate) Task: {E7148D0F-0F49-4164-80CF-CACF5363A4DB} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-22] (BonanzaDeals) Task: {EEBDD3C0-7494-422B-8272-2DC2ACAE0127} - System32\Tasks\9ce26207-004f-4300-a331-6180bb5fcd46 => C:\Program Files (x86)\TheHDvid-Codec V10\9ce26207-004f-4300-a331-6180bb5fcd46.exe [2014-09-16] (home) Task: {F4B549BD-2694-474E-8C75-41AD97022C97} - System32\Tasks\FTdownloader V4.0-enabler => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-enabler.exe Task: {F890E564-F29F-44FD-ABC8-BDB5DB2F0882} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-6 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-6.exe [2014-09-16] (home) Task: {FEBE0BC0-775F-40D3-9D48-A079BC7ACC1B} - System32\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-11 => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-11.exe [2014-09-16] (home) Task: {FEF2DCD2-3B10-4A68-9397-E399C9CB69AD} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-22] (BonanzaDeals) Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-1.job => C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-codedownloader.exe Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-11.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-11.exe Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-2.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-2.exe Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-3.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-3.exe Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-4.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-4.exe Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5.exe Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5_user.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-5.exe Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-6.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-6.exe Task: C:\windows\Tasks\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-7.job => C:\Program Files (x86)\TheHDvid-Codec V10\5cdd92e2-7487-4ed0-b4ba-8751a19b09d6-7.exe Task: C:\windows\Tasks\5f5c1887-7282-49a1-9f9a-421c8f6a508c.job => C:\Program Files (x86)\TheHDvid-Codec V10\5f5c1887-7282-49a1-9f9a-421c8f6a508c.exe Task: C:\windows\Tasks\9ce26207-004f-4300-a331-6180bb5fcd46.job => C:\Program Files (x86)\TheHDvid-Codec V10\9ce26207-004f-4300-a331-6180bb5fcd46.exe Task: C:\windows\Tasks\Bonanza.job => C:\Users\Samsung\AppData\Roaming\Bonanza\UpdateProc\UpdateTask.exe Task: C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: C:\windows\Tasks\Digital Sites.job => C:\Users\Samsung\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe Task: C:\windows\Tasks\DigitalSite.job => C:\Users\Samsung\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe Task: C:\windows\Tasks\FTdownloader V4.0-codedownloader.job => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-codedownloader.exe Task: C:\windows\Tasks\FTdownloader V4.0-enabler.job => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-enabler.exe Task: C:\windows\Tasks\FTdownloader V4.0-updater.job => C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-updater.exe Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe Task: C:\windows\Tasks\Update Bonanza.job => C:\Users\Samsung\AppData\Roaming\UpdateBonanza\UpdateProc\UpdateTask.exe HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Nation toolbar\vprot.exe [2556744 2014-04-28] () HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1956760 2014-06-14] (APN) HKLM-x32\...\Run: [tuto4pc_pl_21] => C:\Program Files (x86)\tuto4pc_pl_21\tuto4pc_pl_21.exe [3991024 2013-10-11] () HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [738496 2013-10-22] () HKU\S-1-5-21-4118013680-3836196915-2330699128-1001\...\Run: [NTRedirect] => C:\windows\SysWOW64\rundll32.exe "C:\Users\Samsung\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run HKU\S-1-5-21-4118013680-3836196915-2330699128-1001\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Samsung\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 716fea90021047d39d23c92ef6bd8982-8ee9d026ff9168386cb81b9362f1b77a823ad294 --CMPID 0913b HKU\S-1-5-21-4118013680-3836196915-2330699128-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Samsung\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) AppInit_DLLs: c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll => c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll File Not Found AppInit_DLLs-x32: c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.dll => "c:\programdata\bitguard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitguard.dll" File Not Found ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX ShortcutWithArgument: C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=98372089841E1D18&affID=119357&tsp=5011 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKLM - {3CD242FD-3221-4896-B3F0-1AB473ED083A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=98372089841E1D18&affID=119357&tsp=5011 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=ds&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX&q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear BHO: FTdownloader V4.0 -> {11111111-1111-1111-1111-110311551174} -> C:\Program Files (x86)\FTdownloader V4.0\FTdownloader V4.0-bho64.dll (installdaddy) BHO: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho64.dll (home) BHO-x32: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho.dll (home) BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO-x32: delta Helper Object -> {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -> C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 -> C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\nation-secure-search.xml FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Nation toolbar\FireFoxExt\18.1.0.443 FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\tmh9kbtt.default\extensions\faststartff@gmail.com FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Samsung\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-17] CHR HKLM-x32\...\Chrome\Extension: [lgnbhdnimikkoodkogjlcllngimhlapp] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [2013-06-26] CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-09-16] CHR HKLM-x32\...\Chrome\Extension: [pfmopbbadnfoelckkcmjjeaaegjpjjbk] - C:\Program Files (x86)\Gophoto.it\gophotoit16.crx [2013-08-08] C:\Program Files (x86)\globalUpdate C:\Program Files (x86)\Gophoto.it C:\Program Files (x86)\mozilla firefox\plugins C:\ProgramData\DSearchLink C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TUTO4PC C:\Users\Samsung\daemonprocess.txt C:\Users\Samsung\AppData\Local\globalUpdate C:\Users\Samsung\AppData\Roaming\BabSolution C:\Users\Samsung\AppData\Roaming\Babylon C:\Users\Samsung\AppData\Roaming\WebExtend C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie C:\Users\Samsung\Desktop\FTDownloader.lnk C:\Users\Samsung\Desktop\Search.lnk DeleteKey: HKCU\Software\Microsoft\Internet Explorer\Search Folder: C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions CMD: type "C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Preferences" Reg: reg query "HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command" /s Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. System zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 2. Przez Panel sterowania odinstaluj: Akamai NetSession Interface, Ask Toolbar, AVG Nation toolbar, BitGuard, Bonanza Deals, Delta Chrome Toolbar, Delta toolbar, FTdownloader V4.0, HDVidCodec, Mobogenie, PDF Writer Packages, Skype Packages, TheHDvid-Codec V10, tuto4pc_pl_21, Update for PDF Writer, Update_for_BonanzaDeals, WindowsMangerProtect20.0.0.722 3. Wyczyść Firefox z adware: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox. Zakładki i hasła nie zostaną naruszone. 4. Wyczyść Google Chrome z adware: Ustawienia > karta Rozszerzenia > odinstaluj BonanzaDeals, Delta Toolbar, FT Downloader, GoPhoto.it, Quick start, TheHDvid-Codec V10 Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Zresetuj ustawienia przeglądarki. Zakładki i hasła nie zostaną naruszone. Ustawienia > karta Ustawienia > sekcja Wyszukiwanie > klik w Zarządzanie wyszukiwarkami > skasuj z listy istartsurf. Zresetuj cache wtyczek. W pasku adresów wpisz chrome://plugins i ENTER. Na liście wtyczek wybierz dowolną i kliknij Wyłącz. Następnie wtyczkę ponownie Włącz. 5. Zrób nowy log FRST z opcji Scan, zaznacz ponownie pole Addition. Dołącz też plik fixlog.txt. . Odnośnik do komentarza
bzyko1916 Opublikowano 16 Listopada 2014 Autor Zgłoś Udostępnij Opublikowano 16 Listopada 2014 Wielkie dzięki. Wydaje się że wszystko ok. Dla pewności wrzucam logi. Jeszcze raz dzięki! OTL.Txt Addition.txt FRST.txt Fixlog.txt Odnośnik do komentarza
picasso Opublikowano 16 Listopada 2014 Zgłoś Udostępnij Opublikowano 16 Listopada 2014 Zadaia wykonane, przechodzimy dalej, bo tu nie koniec operacji: 1. Otwórz Notatnik i wklej w nim: CloseProcesses: HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [tuto4pc_pl_21] => [X] CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1410890247&from=ild&uid=HitachiXHTS547575A9E384_J1140021GBV31KGBV31KX" C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage* C:\Users\Samsung\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z C:\Users\Samsung\AppData\Roaming\0F1F1C2Y1H1P1C0I0T C:\Users\Samsung\AppData\Roaming\Bonanza C:\Users\Samsung\AppData\Roaming\DigitalSite C:\Users\Samsung\AppData\Roaming\DigitalSites C:\Users\Samsung\AppData\Roaming\UpdateBonanza Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3CD242FD-3221-4896-B3F0-1AB473ED083A}" /f CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Samsung\AppData\Local CMD: dir /a C:\Users\Samsung\AppData\LocalLow CMD: dir /a C:\Users\Samsung\AppData\Roaming EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 2. Operacje w przeglądarkach: - Opera: wejdź do Rozszerzeń i odinstaluj adware TheHDvid-Codec V10. - Google Chrome: Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Zresetuj ustawienia przeglądarki. 3. Zrób nowy log FRST z opcji Scan (bez Addition i Shortcut). Dołącz też plik fixlog.txt. . Odnośnik do komentarza
bzyko1916 Opublikowano 17 Listopada 2014 Autor Zgłoś Udostępnij Opublikowano 17 Listopada 2014 Podrzucam pliki. Z tym, że nie znalazłem żadnego TheHDvid-Codec V10. FRST.txt Fixlog.txt Odnośnik do komentarza
picasso Opublikowano 17 Listopada 2014 Zgłoś Udostępnij Opublikowano 17 Listopada 2014 Z tym, że nie znalazłem żadnego TheHDvid-Codec V10. W skanie dostosowanym FRST było widoczne rozszerzenie adware w katalogu i preferencjach Opery: ========================= Folder: C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions ======================== 2014-09-17 13:07 - 2014-09-17 13:07 - 0000000 ____D () C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang ====== End of Folder: ====== ========= type "C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Preferences" ========= "extensions" : { (...) }, "lkdanligledioimheahflbepecbceang" : { "creation_flags" : 9, "from_webstore" : true, "granted_permissions" : { "api" : [ "tabs", "cookies", "notifications", "contextMenus", "webNavigation", "webRequest", "webRequestBlocking", "unlimitedStorage", "storage", "proxy", "webRequestInternal" ], "explicit_host" : [ "http://*/*", "https://*/*" ], "scriptable_host" : [ "http://*/*", "https://*/*" ] }, "location" : 1, "manifest" : { "background" : { "page" : "background.html" }, "content_scripts" : [ { "all_frames" : true, "js" : [ "js/25562e210eba8e102e90ed20511d63f2.js", "js/lib/7571245074dfe2ae402afda4aff96a56.js", "js/lib/07f7c8317f838c3a1cfbe947ca2ea94d.js", "js/lib/10c7dea29007c5939c53d490f24bf39f.js", "js/lib/7f5bbce1ded4b53b44854e198bf22797.js", "js/api/07605f22b4dc9a1ebeb3b4547a430632.js", "js/api/0d47c86b5a157aee3eca998b25de5e09.js", "js/api/pageAction.js", "js/lib/installer.js", "js/lib/app_api.js" ], "matches" : [ "http://*/*", "https://*/*" ], "run_at" : "document_start" } ], "content_security_policy" : "script-src 'self' 'unsafe-eval'; object-src 'self'", "description" : "HDVid Codec - Enjoy the future of internet video with High Definition", "icons" : { "128" : "icons/icon128.png", "16" : "icons/icon16.png", "48" : "icons/icon48.png" }, "key" : "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/scrjPMvAHwhhfJGYAE51y7Xm2hYsttwUzCpwQhNR9EeDhq/GAdSY92OkALP/0/J9QIQn2mDfXqLRXUSrC+Qy3RuJNA8qAR1jWazQnMCpaejbAeZaueav7ZDPECblQhQ2ulJZ8fQjV6tW3tfifLZ4nfr19ROuPyKaCSYIv9gNGwIDAQAB", "manifest_version" : 2, "name" : "TheHDvid-Codec V10", "permissions" : [ "http://*/*", "https://*/*", "tabs", "cookies", "notifications", "contextMenus", "webNavigation", "webRequest", "webRequestBlocking", "unlimitedStorage", "storage", "proxy" ], "update_url" : "https://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/63315.xml", "version" : "1.26.47", "web_accessible_resources" : [ "Settings.json" ] }, "path" : "lkdanligledioimheahflbepecbceang\\1.26.47_0", "state" : 1 } } }, Jeśli tego nie widać w opcjach Rozszerzeń Opery, to albo jest to martwy szczątek, albo zaszły dodatkowe okoliczności i coś usuwałeś. Zakładam oczywiście, że poprawnie sprawdziłeś opcje Opery. Na wszelki wypadek będę resetować preferencje Opery. I poprawki: 1. Otwórz Notatnik i wklej w nim: C:\Program Files (x86)\BonanzaDeals C:\Program Files (x86)\BonanzaDealsLive C:\Program Files (x86)\FTDownloader.com C:\Program Files (x86)\Mobogenie C:\Program Files (x86)\predm C:\Program Files (x86)\Temp C:\ProgramData\APN C:\ProgramData\AVG Security Toolbar C:\ProgramData\AVG2013 C:\ProgramData\Babylon C:\ProgramData\BonanzaDealsLive C:\ProgramData\boost_interprocess C:\ProgramData\install_clap C:\ProgramData\Temp C:\ProgramData\WindowsMangerProtect C:\Users\Samsung\AppData\Local\avgchrome C:\Users\Samsung\AppData\Local\BonanzaDealsLive C:\Users\Samsung\AppData\Local\cache C:\Users\Samsung\AppData\Local\Cool_Mirage C:\Users\Samsung\AppData\Local\CrashDumps C:\Users\Samsung\AppData\Local\CrashRpt C:\Users\Samsung\AppData\Local\Mobogenie C:\Users\Samsung\AppData\LocalLow\Delta C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkdanligledioimheahflbepecbceang C:\Users\Samsung\AppData\Roaming\Opera Software\Opera Stable\Preferences Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Przedstaw wynikowy fixlog.txt. 2. Uruchom AdwCleaner. Zastosuj Szukaj, a po tym Usuń. Dostarcz logi z folderu C:\AdwCleaner. . Odnośnik do komentarza
bzyko1916 Opublikowano 18 Listopada 2014 Autor Zgłoś Udostępnij Opublikowano 18 Listopada 2014 Podrzucam logi. Fixlog.txt AdwCleanerR0.txt AdwCleanerS0.txt Odnośnik do komentarza
picasso Opublikowano 18 Listopada 2014 Zgłoś Udostępnij Opublikowano 18 Listopada 2014 Reczywiście, rozszerzenie adware w Operze nie było już obecne na tym etapie. Zadania wykonane, ale AdwCleaner się pomylił i skasował folder rozszerzenia Skype Click to Call z Google Chrome, więc Ustawienia > karta Rozszerzenia > odinstaluj odpadkowy wpis. I kończymy: 1. Zastosuj DelFix i wyczyść foldery Przywracania systemu: KLIK. 2. Rozważ aktualizację systemu do wersji Windows 8.1, stan obecny: Platform: Windows 8 (X64) OS Language: Polski (Polska) Internet Explorer Version 10 Odnośnik do komentarza
Rekomendowane odpowiedzi