Dużo reklam

Dla specjalistów Bezpieczeństwo
#1

Cześć. Mój kolega ma problem, wyskakuje mu tyle reklam że nawet sam nie może wejść na forum.

Mam nadzieję że mu pomożecie.

 

FRST

http://www.wklej.org/id/1678175/

 

Addition

http://www.wklej.org/id/1678178/

#2

Odinstaluj Browser Configuration Utility,Round World.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6711840 2009-01-13] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] = C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] = C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] = C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] = C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKU\S-1-5-21-3951538144-78383542-2625621098-1000\...\Run: [AdobeBridge] = [X]
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3951538144-78383542-2625621098-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3951538144-78383542-2625621098-1000 - {C4E4FFA4-F2E3-46EC-9EFA-3FEE3321CF03} URL = http://q.search-simple.com/?affID=naq={searchTerms}r=527
BHO: Round World 1.0.0.7 - {78549bde-b964-4d2a-b7b1-c4ac15ddff64} - C:\Program Files\Round World\RoundWorldbho.dll [2015-03-09] (Round World)
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tabtype=616_pr __alt__ ddc_dsssyctab_bd_com
FF SelectedSearchEngine: Yahoo! Search
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bdtype=616_pr __alt__ ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddchsimp=yhs-ddc_bdtype=616_pr __alt__ ddc_dss_bd_comp=
FF Extension: 5C46D283ABDE4dceB83C08881401921C - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dp3ib0z1.default\Extensions\{5C46D283-ABDE-4dce-B83C-08881401921C} [2014-09-07]
FF Extension: Round World 1.0.1 - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\dp3ib0z1.default\Extensions\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}.xpi [2015-03-09]
CHR Extension: (Round World) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocekllebeigbcjpbjkefokofhbdmaodp [2015-03-10]
R2 Update Round World; C:\Program Files\Round World\updateRoundWorld.exe [405232 2015-04-02] ()
R2 Util Round World; C:\Program Files\Round World\bin\utilRoundWorld.exe [405232 2015-04-02] ()
R1 {237a87b5-881c-4fd8-b80a-c3b471ff75d7}Gw; C:\Windows\System32\drivers\{237a87b5-881c-4fd8-b80a-c3b471ff75d7}Gw.sys [43152 2015-03-13] (StdLib)
R1 {4cc550cb-ad95-48a3-ae71-6ab7c8433971}Gw; C:\Windows\System32\drivers\{4cc550cb-ad95-48a3-ae71-6ab7c8433971}Gw.sys [43152 2015-03-11] (StdLib)
R1 {8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw; C:\Windows\System32\drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw.sys [43152 2015-03-09] (StdLib)
S3 ALSysIO; \\C:\Users\Robert\AppData\Local\Temp\ALSysIO.sys [X]
S3 avchv; system32\DRIVERS\avchv.sys [X]
2015-03-09 19:42 - 2015-04-02 19:09 - 00000000 ____ D () C:\Program Files\Round World
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Wszystko wykonał jak należy i niechciane reklamy zniknęły  :-) 

Wrzucił nowe logi, możecie sprawdzić czy z nimi już na pewno wszystko jest dobrze?

 

FRST

http://www.wklej.org/id/1679125/

Addition

http://www.wklej.org/id/1679127/

#4

Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-03-14 15:16 - 2015-03-13 19:21 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{237a87b5-881c-4fd8-b80a-c3b471ff75d7}Gw.sys
2015-03-11 19:47 - 2015-03-11 02:24 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{4cc550cb-ad95-48a3-ae71-6ab7c8433971}Gw.sys
2015-03-09 19:44 - 2015-03-09 11:18 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw.sys
2015-04-03 18:54 - 2014-09-03 21:19 - 00000000 ____ D () C:\AdwCleaner

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.