tomczyk513
(Tomczyk5131221)
24 Listopad 2014 15:45
#1
Witam,
Od jakiegoś czasu po uruchomieniu komputera włącza mi się sama przeglądarka firefox (najpierw wyskakuje okienko cmd na jakąś 1s) ze stroną gamezdoka.org .
Ma ktoś pomysł jak się tego pozbyć?
Skanowałem już komputer wieloma programami czyszczącymi typu antimalwere i nie pomogło, w zainstalowanych programach też nie widzę niczego podejrzanego w procesach podobnie.
Komputer
Monitor: LCD LG 19’’ 1934S-BN
Atis
(Atis)
24 Listopad 2014 17:33
#2
tomczyk513
(Tomczyk5131221)
25 Listopad 2014 16:51
#3
Acorus
(Acorus)
25 Listopad 2014 17:56
#4
Otwórz Notatnik i wklej:
Task: {046D2102-F8FF-42EF-8FC0-C1858FBBE479} - System32\Tasks\WOT W1 = Firefox.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/ ==== ATTENTION
Task: {5596A897-7B61-48E3-A3A5-CDF69BCDE399} - System32\Tasks\WOT WW2 = Firefox.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/ ==== ATTENTION
Task: {8E206875-2423-40C5-A8FA-DB1A1E92131A} - System32\Tasks\WOT WWED1 = Firefox.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/ ==== ATTENTION
Task: {92CE128A-6545-4D41-8BFE-D5476F942B49} - System32\Tasks\WOT WTHUR1 = Firefox.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/ ==== ATTENTION
Task: {962786B8-B474-4DB6-B9E7-CC3FC6C011AC} - System32\Tasks\WOT WFRI1 = Firefox.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/ ==== ATTENTION
Task: {A8745B96-2D63-4116-A986-E6ED023EB09F} - System32\Tasks\WOT WW1 = Firefox.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/ ==== ATTENTION
Task: {B5D3A841-260F-4966-81C7-C67D06E9266A} - System32\Tasks\WOT WTUE1 = Firefox.exe http://mmotraffic.com/catalog/goplay/1327/MTE3NjYvLy8xMzI3/ ==== ATTENTION
HKU\S-1-5-21-3349865243-1250912301-2486857206-1001\...\Run: [CMD] = cmd.exe /c start http://ooov.net exit ===== ATTENTION
BootExecute: autocheck autochk * sdnclean64.exe
HKU\S-1-5-21-3349865243-1250912301-2486857206-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hpts=1393607782from=amtuid=WDCXWD5000AAKS-00A7B2_WD-WMASY350352003520
HKU\S-1-5-21-3349865243-1250912301-2486857206-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hpts=1393607782from=amtuid=WDCXWD5000AAKS-00A7B2_WD-WMASY350352003520
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=dsts=1393607782from=amtuid=WDCXWD5000AAKS-00A7B2_WD-WMASY350352003520q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=dsts=1393607782from=amtuid=WDCXWD5000AAKS-00A7B2_WD-WMASY350352003520q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=dsts=1393607782from=amtuid=WDCXWD5000AAKS-00A7B2_WD-WMASY350352003520q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=dsts=1393607782from=amtuid=WDCXWD5000AAKS-00A7B2_WD-WMASY350352003520q={searchTerms}
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3349865243-1250912301-2486857206-1002 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=dsts=1393607782from=amtuid=WDCXWD5000AAKS-00A7B2_WD-WMASY350352003520q={searchTerms}
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
S3 MBAMSwissArmy; \\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 nethfdrv; \\C:\Windows\system32\drivers\nethfdrv.sys [X]
2014-11-25 17:33 - 2014-11-25 17:33 - 00000000 ____ D () C:\Users\Tomek\Downloads\FRST-OlderVersion
2014-11-22 13:42 - 2014-11-22 14:34 - 00000000 ____ D () C:\Program Files (x86)\Spybot - Search Destroy 2
2014-11-22 13:42 - 2014-11-22 14:21 - 00000000 ____ D () C:\ProgramData\Spybot - Search Destroy
2014-11-22 13:42 - 2014-11-22 13:42 - 00000000 ____ D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-22 13:41 - 2014-11-22 13:41 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Tomek\Downloads\spybot-2_4.exe
2014-11-22 13:41 - 2014-11-22 13:41 - 00003456 _____ () C:\Windows\System32\Tasks\WOT WWED1
2014-11-22 13:41 - 2014-11-22 13:41 - 00003456 _____ () C:\Windows\System32\Tasks\WOT WW2
2014-11-22 13:41 - 2014-11-22 13:41 - 00003456 _____ () C:\Windows\System32\Tasks\WOT WW1
2014-11-22 13:41 - 2014-11-22 13:41 - 00003456 _____ () C:\Windows\System32\Tasks\WOT WTUE1
2014-11-22 13:41 - 2014-11-22 13:41 - 00003456 _____ () C:\Windows\System32\Tasks\WOT WTHUR1
2014-11-22 13:41 - 2014-11-22 13:41 - 00003456 _____ () C:\Windows\System32\Tasks\WOT WFRI1
2014-11-22 13:41 - 2014-11-22 13:41 - 00003456 _____ () C:\Windows\System32\Tasks\WOT W1
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.