Digital more ads


(Jborowska1995) #1

Witam, od kilku dni nieskutecznie walczę z pozbyciem się digital more ads, najpierw usunęłam go z rozszerzeń w ustawieniach google chrome, pózniej pobrałam polecany na forach spyhunter, następnie Malwarebytes Anti-malware. Oba programy dokonały skanu komputera i rzekomo usunęły zarażone pliki ale to nic nie dało, digital more ads nadal zatruwa mi przeglądarke, prosze o pomoc!

http://www.wklej.org/id/1712308/


(Atis) #2

Masz reklamiarza od firmy Lenovo: http://www.dobreprogramy.pl/Afera-SuperFish-znacznie-powazniejsza-niz-sie-wydawalo-dla-bezpieczenstwa-to-prawdziwa-katastrofa,News,61197.html

W panelu sterowania odinstaluj:

McAfee LiveSafe – Internet Security i użyj MCPR.exe: http://download.mcafee.com/molbin/iss-loc/SupportTools/MCPR/MCPR.exe

McAfee Security Scan Plus

SpyHunter 4

Superfish Inc. VisualDiscovery

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1469057289-2938303205-3494823952-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1469057289-2938303205-3494823952-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1469057289-2938303205-3494823952-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
CHR HomePage: Default -> hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0Fzz0DtCtCtCyBzztA0D0FzyyB0AyDzytN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2081733560
CHR StartupUrls: Default -> "hxxp://google.pl/", "hxxp://do-search.com/?type=hp&ts=1429297219&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9GF806439"
CHR DefaultSearchKeyword: Default -> do-search
CHR Extension: (Bookmark Manager) - C:\Users\Justyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
2015-05-15 11:47 - 2015-05-15 11:47 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-05-15 11:46 - 2015-05-15 11:46 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Justyna\Downloads\sh-remover.exe
2015-05-14 21:39 - 2015-05-14 21:39 - 00000969 _____ () C:\Users\Public\Desktop\Wznów Instalację Reimage Repair.lnk
2015-05-14 21:38 - 2015-05-14 21:38 - 00768512 _____ (Reimage®) C:\Users\Justyna\Downloads\ReimageRepair.exe
2015-05-14 18:24 - 2015-05-15 12:58 - 00001158 _____ () C:\Users\Justyna\Desktop\SpyHunter.lnk
2015-05-14 18:24 - 2015-05-15 11:48 - 00003336 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-05-14 18:24 - 2015-05-14 18:24 - 00000000 ____ D () C:\Users\Justyna\AppData\Roaming\Enigma Software Group
2015-05-14 18:24 - 2015-05-14 18:24 - 00000000 ____ D () C:\sh4ldr
2015-05-14 18:19 - 2015-05-15 11:47 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2015-05-14 18:19 - 2015-05-14 18:19 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Justyna\Downloads\SpyHunter-Installer (1).exe
2015-05-14 18:18 - 2015-05-14 18:19 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Justyna\Downloads\SpyHunter-Installer.exe
Task: {6C5D1D2E-1DF0-4FE1-9F50-37867E95BDDA} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-05-15] (Enigma Software Group USA, LLC.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
ShortcutWithArgument: C:\Users\Public\Desktop\Wznów Instalację Reimage Repair.lnk -> C:\Users\Justyna\Downloads\ReimageRepair.exe (Reimage®) -> /ResumeInstall=2 /Language=1045 /ABver=Default /pxkp=Delete /bundle=0 /ScanSilent=0
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Jborowska1995) #3

Fixog:

http://www.wklej.org/id/1712421/


(Atis) #4

Usuń szkodliwy adres: Otwórz konkretną stronę lub zestaw stron

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR Extension: (Bookmark Manager) - C:\Users\Justyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-15]
CHR HomePage: Default -> hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0Fzz0DtCtCtCyBzztA0D0FzyyB0AyDzytN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2081733560
CHR StartupUrls: Default -> "hxxp://google.pl/", "hxxp://do-search.com/?type=hp&ts=1429297219&from=cor&uid=ST1000LM024XHN-M101MBB_S30YJ9GF806439"
2015-05-15 16:29 - 2015-05-15 16:44 - 00000000 ____ D () C:\AdwCleaner
2015-05-15 16:24 - 2014-09-01 12:41 - 00000000 ____ D () C:\ProgramData\McAfee
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Przywracanie systemu i kopie w tle

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK