Dezynfekcja systemu - wyskakujące reklamy w okienkach

Dla specjalistów Bezpieczeństwo
#21

http://wklej.to/rvVKt

http://wklej.to/OPniz

#22

Odinstaluj Foxtab,SupTab,WinZipper,Microsoft Word Packages.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

#23

.

#24

Raporty umieść na http://wklej.org/ i podaj link.

#25

http://wklej.org/id/1583710/

http://wklej.org/id/1583713/

#26

Otwórz notatnik systemowy i wklej:

Task: {4EF5CBFF-AF8A-4C44-A88E-6C612E387972} - \{306F8CE5-5245-4078-87A7-780F34B385DE} No Task File ==== ATTENTION
Task: {71281DC4-6BA3-4784-980F-EED53AB64D42} - \MirageAgent No Task File ==== ATTENTION
Task: {7E57F1D6-1854-4C17-949E-DAF744D17268} - \User_Feed_Synchronization-{D990EEBD-2E45-4537-A4DE-9BBE25B948E1} No Task File ==== ATTENTION
Task: {8D889D50-9188-40E3-A497-BE362A6541A6} - \{40DD948C-29BF-4C99-A74A-1F19A0717A7D} No Task File ==== ATTENTION
Task: {C092443E-C773-420C-B2D8-91E0B1C90FE1} - \Registration No Task File ==== ATTENTION
Task: {E62C2FA4-C627-410C-B44C-4E964392A96B} - \User_Feed_Synchronization-{971B0196-38D8-44ED-A1FC-44A074101790} No Task File ==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [] = [X]
HKU\S-1-5-20\...\RunOnce: [] = [X]
HKU\S-1-5-21-2953473155-3206495261-747377301-1000\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-2953473155-3206495261-747377301-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2616320 2012-01-16] (Microsoft Corporation) ==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [] = [X]
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {5AA9FD08-99C1-4536-91EE-94E11B53395E} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}ei={inputEncoding}fr=chr-hp-psgtype=HPNTDF
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2953473155-3206495261-747377301-1000 - {5AA9FD08-99C1-4536-91EE-94E11B53395E} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2953473155-3206495261-747377301-1000 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://pl.search.yahoo.com/search?p={searchTerms}ei={inputEncoding}fr=chr-hp-psgtype=HPNTDF
BHO: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - D:\ALLPlayer\Iplex\IplexToALLPlayer.dll No File
Toolbar: HKU\S-1-5-21-2953473155-3206495261-747377301-1000 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF HKLM\...\Firefox\Extensions: [ext@RichMediaViewV1release4432.net] - C:\Program Files\RichMediaViewV1\RichMediaViewV1release4432\ff
FF HKLM\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha1777.net] - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha1777\ff
FF Extension: No Name - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1861\ff [Not Found]
FF Extension: No Name - C:\Program Files\RichMediaViewV1\RichMediaViewV1release4432\ff [Not Found]
FF Extension: No Name - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha1777\ff [Not Found]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files\pandasecuritytb\chrome-newtab-search.crx [Not Found]
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 adp94xx; \SystemRoot\system32\drivers\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\drivers\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\drivers\adpu320.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 amdagp; \SystemRoot\system32\drivers\amdagp.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\drivers\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\system32\drivers\amdppm.sys [X]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X]
S3 amdsbs; \SystemRoot\system32\drivers\amdsbs.sys [X]
S0 amdxata; system32\drivers\amdxata.sys [X]
2015-01-03 17:04 - 2015-01-04 16:16 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#27

http://www.wklej.org/id/1608255/

http://www.wklej.org/id/1608257/

#28

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

#29

http://www.wklej.org/id/1608303/

http://www.wklej.org/id/1608305/

#30

aż tak źle? :slight_smile:

#31

Dobrze nie jest.Odinstaluj Remote Desktop Access (VuuPC).Otwórz notatnik systemowy i wklej:

Task: {4856A04A-A50E-4047-8776-9FFEEC7E8086} - System32\Tasks\{310AF4CD-0084-4C7F-B1E0-9A392ED64147} = pcalua.exe -a C:\Users\mariusz\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp ==== ATTENTION
Task: {9C4617E2-3476-4C88-9340-513B57A43B35} - \SaveSenseLiveUpdateTaskMachineCore No Task File ==== ATTENTION
Task: {BA1FA38A-1D92-449B-81D3-4024D63D267D} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA = C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe ==== ATTENTION
Task: {ED4D612C-2E59-4E9E-B7EF-9F3474E5C9C6} - \SaveSense No Task File ==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job = C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe ==== ATTENTION
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] = C:\Program Files (x86)\Winamp\winampa.exe [74752 2010-07-12] (Nullsoft, Inc.)
GroupPolicyUsers\S-1-5-21-2629211961-2116059595-516981629-1002\User: Group Policy restriction detected ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=dsts=1408744521from=expuid=ST9250827AS_5RG1A8EXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=dsts=1408744521from=expuid=ST9250827AS_5RG1A8EXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hpts=1408744521from=expuid=ST9250827AS_5RG1A8EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hpts=1408744521from=expuid=ST9250827AS_5RG1A8EX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=dsts=1408744521from=expuid=ST9250827AS_5RG1A8EXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=dsts=1408744521from=expuid=ST9250827AS_5RG1A8EXq={searchTerms}
HKU\S-1-5-21-2629211961-2116059595-516981629-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalkiutm_medium=installerutm_campaign=instalki
HKU\S-1-5-21-2629211961-2116059595-516981629-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hpts=1408744521from=expuid=ST9250827AS_5RG1A8EX
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=scts=1408744521from=expuid=ST9250827AS_5RG1A8EX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1408744521from=expuid=ST9250827AS_5RG1A8EXq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1408744521from=expuid=ST9250827AS_5RG1A8EXq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1408744521from=expuid=ST9250827AS_5RG1A8EXq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1408744521from=expuid=ST9250827AS_5RG1A8EXq={searchTerms}
SearchScopes: HKU\S-1-5-21-2629211961-2116059595-516981629-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1408744521from=expuid=ST9250827AS_5RG1A8EXq={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
CHR HomePage: Default - hxxp://istart.webssearches.com/?type=hpts=1408744521from=expuid=ST9250827AS_5RG1A8EX
CHR Extension: (SaveSense) - C:\Users\mariusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\khcceooakamlehbimaepcldnnlnkcmfk [2013-12-22]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-08-22] (Cherished Technololgy LIMITED)
S2 Update Adanak; "C:\Program Files (x86)\Adanak\updateAdanak.exe" [X]
R1 {2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64; C:\Windows\System32\drivers\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}Gw64.sys [61112 2014-08-22] (StdLib)
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.