Wirus na chrome


(Kamil777444) #1

Witam. Na google chrome ciągle wyświetlają mi się reklamy, przekierowuje mnie na jakieś strony.Czasami jest napisane,że nie mam aktualnego oprogramowania Java.Miałem ten sam problem z firefoxem lecz go odinstalowałem i przezuciłem się na chrome i znowu to powróciło. POMOCY


(Acorus) #2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Kamil777444) #3

Addition http://wklej.org/id/1608164/

frst http://wklej.org/hash/89fe36315b8/


(Acorus) #4

Odinstaluj FoxTab Video To MP3,SpyHunter.Otwórz notatnik systemowy i wklej:

Task: {5AE70E59-28CA-4809-960D-153C6F17F182} - System32\Tasks\RDReminder = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2011-03-25] (Dll-FIles.com)
Task: {A3A6B9FE-5B59-4F39-92BF-63DB6D71BBAB} - System32\Tasks\DLL-files.com Fixer_MONTHLY = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2011-03-25] (Dll-FIles.com)
Task: {F9390F0C-70C9-46FB-BEDE-5D970024022C} - System32\Tasks\DLL-files.com Fixer_UPDATES = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2011-03-25] (Dll-FIles.com)
Task: C:\Windows\Tasks\0414bUpdateInfo.job = C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0814avUpdateInfo.job = C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avUpdateInfo.job = C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1214avUpdateInfo.job = C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\AVG_REG_0913b.job = C:\ProgramData\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_DELETE.job = C:\ProgramData\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
Task: C:\Windows\Tasks\DLL-files.com Fixer_MONTHLY.job = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-files.com Fixer_UPDATES.job = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2131295503-2347969948-228419264-1000Core.job = C:\Users\Rodzina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\RDReminder.job = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\ROC_REG_JAN.job = C:\ProgramData\AVG January 2013 Campaign\ROC.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job = C:\ProgramData\AVG January 2013 Campaign\ROC.exe
HKU\S-1-5-21-2131295503-2347969948-228419264-1000\...\Policies\Explorer: [NoFolderOptions] 0
AppInit_DLLs-x32: c:\progra~2\ws6ca1~1.boo = "c:\progra~2\ws6ca1~1.boo" File Not Found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKU\S-1-5-21-2131295503-2347969948-228419264-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchbetter.com/?tpid=REAL5-Yo=Y10017pf=V7trgb=IE,FF,CRp2=%5EBNT%5Eayn130%5EYY%5EPLgct=hpapn_ptnrs=BNTapn_dtid=%5Eayn130%5EYY%5EPLapn_dbr=ie_8.0.7600.16869apn_uid=659EC3A8-1CA1-476C-8A9F-929912F90100itbv=12.23.0.21doi=2015-01-21psv=pt=tb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {20F5AB16-9F2E-4E92-93F2-ECB9ABB0EC42} URL = http://search.foxtab.com/?q={searchTerms}amp;s=in1
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2131295503-2347969948-228419264-1000 - {73ED0D85-E338-4C5F-9BE8-4ED7D939C469} URL = http://www.searchbetter.com/web?tpid=REAL5-Yo=Y10017pf=V7p2=^BNT^ayn130^YY^PLgct=sbitbv=12.23.0.21apn_uid=659EC3A8-1CA1-476C-8A9F-929912F90100apn_ptnrs=BNTapn_dtid=^ayn130^YY^PLapn_dbr=ie_8.0.7600.16869doi=2015-01-21trgb=IE,FF,CRq={searchTerms}psv=pt=tb
BHO: No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
BHO-x32: No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
Toolbar: HKLM - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
Toolbar: HKLM-x32 - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
Toolbar: HKU\S-1-5-21-2131295503-2347969948-228419264-1000 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2131295503-2347969948-228419264-1000 - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
FF Keyword.URL: hxxp://go.mail.ru/search?fr=fftbq=
CHR Extension: (BestSavEFoorYou) - C:\ProgramData\ihahdbildidaohdgfbgmpmnmhgadbghd\ [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [naipdapbimiiikbbgjcpbgmfhnlbagpj] - C:\Users\Rodzina\AppData\Local\Temp\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx [Not Found]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
U3 a8nmot6j; C:\Windows\System32\Drivers\a8nmot6j.sys [0] (Advanced Micro Devices) ==== ATTENTION (zero size file/folder)
U3 azriq6q1; C:\Windows\System32\Drivers\azriq6q1.sys [0] (Advanced Micro Devices) ==== ATTENTION (zero size file/folder)
U3 DfSdkS; No ImagePath
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
U0 sr; No ImagePath
S3 X6va008; \\C:\Windows\SysWOW64\Drivers\X6va008 [X]
S3 X6va010; \\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va011; \\C:\Windows\SysWOW64\Drivers\X6va011 [X]
2015-01-20 19:00 - 2015-01-23 15:02 - 00000000 ____ D () C:\AdwCleaner
2015-01-18 09:28 - 2015-01-18 09:28 - 00000000 ____ D () C:\ProgramData\ihahdbildidaohdgfbgmpmnmhgadbghd
2015-01-10 09:46 - 2015-01-10 09:46 - 00000000 ____ D () C:\Program Files (x86)\unisAles
2015-01-10 09:45 - 2015-01-10 09:45 - 00000000 ____ D () C:\ProgramData\gpcppffigeokampdjajandkodfinibde
2011-09-28 16:04 - 2011-09-28 16:04 - 0012393 _____ () C:\Users\Rodzina\AppData\Local\Bron.tok.A12.em.bin
2011-09-28 16:31 - 2011-09-28 16:31 - 0000141 _____ () C:\Users\Rodzina\AppData\Local\BronNetDomList.bat
C:\Windows\Tasks\{1A3B7E7F-3F52-4C82-98AA-1FD2F71B426A}.job
C:\Windows\Tasks\{5EDC91D3-8BF7-4122-B1CF-3C25052AD3E4}.job
C:\Windows\Tasks\{C059A2C8-FD46-48CB-902A-0642E08E6B7E}.job
C:\Windows\Tasks\{F2E40F8D-BF4C-4E52-BD1E-C67A6801BB23}.job
C:\Windows\Tasks\{F3E36E4F-FAD4-402E-9857-55E4F06F8FDA}.job
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Kamil777444) #5

a jak uruchomić ten notatnik systemowy? :smiley:


(Acorus) #6

Takie pytanie?

Wyszukaj programy i pliki-Notepad


(Kamil777444) #7

Dziękuje chyba pomogło narazie nic się nie dzieje.


(Acorus) #8

Jak wszystko gra to skasuj folder C:\FRST


(Kamil777444) #9

Dziękuje


(Acorus) #10

Może coś pobrałeś.Reset Chrome: https://support.google.com/chrome/answer/3296214?hl=pl


(Kamil777444) #11

pomogło jeżeli będzie się coś dziać napisze :slight_smile: