Cześć wszystkim użytkownikom.
Od jakiegoś czasu na moich przeglądarkach pojawiały się wyskakujące reklamy. Z początku myślałem że to zwykłe reklamy aż do chwili obecnej, gdy nie da się normalnie przeglądać stron. Reklamy wyskakują wszędzie na nowych kartach itp.
Poczytałem trochę i mam tu przygotowane
OTL.
http://www.wklej.org/id/1611517/
Extras
http://www.wklej.org/id/1611520/
Z góry dziękuję za odpowiedź i pomoc
Acorus
(Acorus)
27 Styczeń 2015 14:34
#2
Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.
Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.
Acorus
(Acorus)
27 Styczeń 2015 15:14
#4
Otwórz notatnik systemowy i wklej:
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HomePage: Default - hxxp://isearch.omiga-plus.com/?type=hpts=1421759202from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2
CHR StartupUrls: Default - "hxxp://isearch.omiga-plus.com/?type=hpts=1421759202from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2"
CHR DefaultSearchKeyword: Default - omiga-plus
CHR Extension: (ace race) - C:\Users\DAmian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgjlhdhfnbiepeegkmkjaeblhhcdping [2015-01-20]
S2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [X]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [X]
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [X]
S3 cpuz138; \\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \\C:\Windows\TEMP\GPUZ.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-19 13:24 - 2015-01-27 15:39 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
**Acorus , **dzięki wielkie wszystko wróciło do normy :-)
piszę ponownie ponieważ problem znowu wrócił chociaż nie instalowałem żadnych dziwacznych programów
dodam że zauważyłem że mam zainstalowany dodatek w przeglądarce “omiga-plus” ma to jakiś wpływ na te nieszczęsne reklamy ?
proszę o wskazówki co robić
Acorus
(Acorus)
1 Luty 2015 13:01
#8
Musisz dać nowe logi z FRST.
Acorus
(Acorus)
2 Luty 2015 08:47
#10
Odinstaluj ace race.Otwórz notatnik systemowy i wklej:
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1422542122from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1422542122from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1422542058from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsppts=1422542122from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1422542122from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1422542122from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1422542058from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsppts=1422542122from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2q={searchTerms}
HKU\S-1-5-21-833218052-3258593315-87900063-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1422542058from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2q={searchTerms}
HKU\S-1-5-21-833218052-3258593315-87900063-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-833218052-3258593315-87900063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpppts=1422542122from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2
HKU\S-1-5-21-833218052-3258593315-87900063-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpppts=1422542122from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2
HKU\S-1-5-21-833218052-3258593315-87900063-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1422542058from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2q={searchTerms}
SearchScopes: HKU\S-1-5-21-833218052-3258593315-87900063-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2ts=1422542156type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-833218052-3258593315-87900063-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2ts=1422542156type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-833218052-3258593315-87900063-1000 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2ts=1422542156type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-833218052-3258593315-87900063-1000 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2ts=1422542156type=defaultq={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: ace race 1.0.0.7 - {68182220-3c75-49d9-a9c4-4093d3986279} - C:\Program Files (x86)\ace race\aceracebho.dll (ace race)
CHR HomePage: Default - hxxp://isearch.omiga-plus.com/?type=hpppts=1422542122from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2
CHR StartupUrls: Default - "hxxp://isearch.omiga-plus.com/?type=hpppts=1422542122from=coruid=ST9500325AS_6VE7Q0D2XXXX6VE7Q0D2"
CHR DefaultSearchKeyword: Default - omiga-plus
CHR Extension: (ace race) - C:\Users\DAmian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdohfcdfbmkplifgaijhgccjenbcfjop [2015-01-30]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-29] (SysTool PasSame LIMITED) [File not signed]
R1 {ebf755a7-a244-4bc6-ac93-a366f9eccf49}Gw64; C:\Windows\System32\drivers\{ebf755a7-a244-4bc6-ac93-a366f9eccf49}Gw64.sys [48784 2015-01-31] (StdLib)
R1 {f2944598-b89f-4e10-b544-5173761572df}Gw64; C:\Windows\System32\drivers\{f2944598-b89f-4e10-b544-5173761572df}Gw64.sys [48784 2015-01-28] (StdLib)
S3 ALSysIO; \\C:\Users\DAmian\AppData\Local\Temp\ALSysIO64.sys [X]
2015-01-31 22:21 - 2015-01-31 06:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{ebf755a7-a244-4bc6-ac93-a366f9eccf49}Gw64.sys
2015-01-30 13:49 - 2015-02-01 19:39 - 00000000 ____ D () C:\Users\DAmian\Downloads\FRST-OlderVersion
2015-01-29 16:19 - 2015-01-29 16:19 - 00000000 ____ D () C:\Users\DAmian\AppData\Roaming\OpenCandy
2015-01-29 15:40 - 2015-01-28 21:44 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{f2944598-b89f-4e10-b544-5173761572df}Gw64.sys
2015-01-29 15:36 - 2015-01-29 15:36 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-01-29 15:36 - 2015-01-29 15:36 - 00000000 ____ D () C:\Program Files\Core Temp
2015-01-29 15:35 - 2015-01-29 15:36 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-01-29 15:35 - 2015-01-29 15:35 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-01-29 15:34 - 2015-01-30 13:55 - 00000000 ____ D () C:\Users\DAmian\AppData\Roaming\omiga-plus
2015-01-29 15:33 - 2015-02-01 19:40 - 00000000 ____ D () C:\Program Files (x86)\ace race
2015-01-29 15:33 - 2015-01-29 15:33 - 01314151 _____ (Arthur Liberman ) C:\Users\DAmian\Downloads\Core-Temp-setup_0.99.8.0(dobreprogramy.pl).exe
2015-01-29 15:32 - 2015-01-29 15:32 - 00730528 _____ ( ) C:\Users\DAmian\Downloads\Core-Temp(20716)-dp.exe
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Acorus
(Acorus)
28 Wrzesień 2015 07:19
#12
Otwórz notatnik systemowy i wklej:
CHR Extension: (High Stairs) - C:\Users\DAmian\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaolmmfpmeobdobmoikgcnfoiddljkjc [2015-09-21]
OPR Extension: (High Stairs) - C:\Users\DAmian\AppData\Roaming\Opera Software\Opera Stable\Extensions\eaolmmfpmeobdobmoikgcnfoiddljkjc [2015-09-20]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
2015-09-26 12:45 - 2015-09-26 12:47 - 00000000 ____ D C:\AdwCleaner
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.