Witamy na forum PC Format Zapraszamy do REJESTRACJI


Użytkownicy przeglądający ten wątek: 1 gości

Awesomehp, i inne syfy w chrome

#1
Awesomehp, i inne syfy w chrome
Upierdliwe wirusy w przeglądarkach znowu mnie dopadły:
Addiction: http://wklej.org/id/1288181/
AdwCleaner: http://wklej.org/id/1288186/
AdwCleaner2: http://wklej.org/id/1288187/
Extras: http://wklej.org/id/1288188/
FRST: http://wklej.org/id/1288189/
info: http://wklej.org/id/1288190/
log: http://wklej.org/id/1288191/
OLT: http://wklej.org/id/1288192/
Rkill: http://wklej.org/id/1288194/
Shortcut: http://wklej.org/id/1288195/
 System operacyjny: windows_seven Przeglądarka: chrome
#2
RE: Awesomehp, i inne syfy w chrome
Odinstaluj awesomehp Browser Protecter, SupTab, WinZipper.

W OTL, w pole Własne opcje skanowania / skrypt wklej (bez frazy "Kod:"):
Kod:
:OTL
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge]  File not found
O33 - MountPoints2\{420a1156-8dc0-11e3-9d26-206a8a4fac8e}\Shell - "" = AutoRun
O33 - MountPoints2\{420a1156-8dc0-11e3-9d26-206a8a4fac8e}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011-12-07 15:05:55 | 000,463,189 | R--- | M] (Frozenbyte                                                  )
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011-12-07 15:05:55 | 000,463,189 | R--- | M] (Frozenbyte                                                  )
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:D1B5B4F1

:Files
AUTORUN.INF /alldrives
$RECYCLE.BIN /alldrives
RECYCLER /alldrives
C:\Program Files (x86)\Common Files\spigot
C:\Program Files (x86)\Conduit
C:\ProgramData\eSafe
C:\Users\Agata\AppData\Local\Conduit
C:\Users\Agata\AppData\LocalLow\Conduit
C:\Users\Agata\AppData\Roaming\defaulttab\defaulttab\DTReg.exe

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

:Commands
[emptytemp]
Kliknij Wykonaj skrypt. Potwierdź restart kompa. Zapisz log po restarcie.

Do Notatnika wklej (bez frazy "Kod:"):
Kod:
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&ts=1393430831&type=default&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&ts=1393430831&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&q={searchTerms}
URLSearchHook: HKCU - (No Name) - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&ts=1377993102
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1391547412&from=smt&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&ts=1393430831&type=default&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&ts=1393430831&type=default&q={searchTerms}
SearchScopes: HKCU - {5B5B9D15-45FB-4481-A403-311C661C1960} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
CHR DefaultSearchKeyword: delta-homes
CHR DefaultSearchProvider: delta-homes
CHR DefaultSearchURL: http://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=ds&from=wpm0226&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&ts=1393430831&type=default&q={searchTerms}
CHR Extension: (uTorrentControl_v2) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda [2014-02-27]
CHR Extension: (Lightning Newtab) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-02-26]
CHR Extension: (Extended Protection) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-02-26]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?utm_source=b&utm_medium=wpm0226&utm_campaign=installer&utm_content=sc&from=wpm0226&uid=TOSHIBAXMK6459GSXP_51SVC0KETXX51SVC0KET&ts=1393430831
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425104 2014-02-26] (Taiwan Shui Mu Chih Ching Technology Limited.)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [501904 2014-02-26] (Cherished Technololgy LIMITED)
2014-02-04 21:58 - 2014-02-26 17:07 - 00000000 ____D () C:\ProgramData\WPM
2014-02-04 21:58 - 2014-02-04 21:58 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-04 21:57 - 2014-02-04 21:57 - 00000000 ____D () C:\Users\Agata\AppData\Roaming\awesomehp
2014-02-04 21:58 - 2014-03-01 13:54 - 00000000 ____D () C:\ProgramData\IePluginService
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
Plik > Zapisz jako: fixlist.txt w katalogu w którym jest FRST. Uruchom FRST: Fix. Zapisz log.

Zamknij wszystkie przeglądarki > uruchom AdwCleaner > Szukaj > Usuń > zapisz log.
Uruchom OTL >> ustawienia - Skanuj - zapisz logi (szt. 2), uruchom RSIT > log i FRST (zaznacz Addition.txt) > 2 logi.
Wklej wszystkie logi (pojedynczo) na: http://wklej.org (jeśli serwis nie działa: http://www.wklejto.pl ). Daj (opisane) linki.

Plik > Zapisz jako: fixlist.txt w katalogu w którym jest FRST. Uruchom FRST: Fix. Zapisz log.
Nie pomagam na PW (ew. odpłatnie). 
I osobom z roszczeniowym podejściem. I osobom niedbającym o poprawność językową.
Jak podawać logi
Jeśli nie odpowiadam w danym wątku przez >3 dni - proszę o przypomnienie na PW z linkiem do wątku w treści.




 System operacyjny: windows_xp_2003 Przeglądarka: firefox
Programy: Polecane / Nowe / Inne




Podobne wątki (Awesomehp, i inne syfy w chrome)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  "Syfy" w przeglądarce adwcleaner nie odpowiada luckyskill 1 8671 01.06.2017, 12:48
Ostatni post: broda99
Big Grin Problem Firefox,chrome. Wyskakują inne strony rmp 4 3748 05.11.2015, 10:45
Ostatni post: rmp
  Awesomehp czapa 5 3203 23.02.2014, 15:26
Ostatni post: broda99

Skocz do: