Witam
Co jakiś czas wyskakuje mi reklama
np.teraz wyszkoczyło to:
Nie wiem jak się tego pozbyć w mozilli. Ściągnałem spybot, malwarebytes, adwcleaner, avast… nic nie pomaga. Prosze o pomoc
Zapoznaj się z przyklejonymi tematami w dziale “Bezpieczeństwo” i wstaw logi wykonane programem FRST:
Raport obowiązkowy - Farbar Recovery Scan Tool .
FRST http://www.wklej.org/id/3085330/
Addition http://www.wklej.org/id/3085331/
Shortcut http://www.wklej.org/id/3085332/
Odinstaluj McAfee WebAdvisor i Spybot - Search & Destroy.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:
CloseProcesses:
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
Tcpip\..\Interfaces\{c5650513-5ab5-4c14-a8f8-569d147fad10}: [NameServer] 77.234.40.79
HKU\S-1-5-21-1843966288-675828269-1838198955-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-1843966288-675828269-1838198955-1001 -> DefaultScope {2041E55B-BE29-46E3-95E7-ADAE76671503} URL =
SearchScopes: HKU\S-1-5-21-1843966288-675828269-1838198955-1001 -> {2041E55B-BE29-46E3-95E7-ADAE76671503} URL =
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\641732328.js [2017-04-09] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\641732328.cfg [2017-04-09] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1843966288-675828269-1838198955-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
R2 Telephone; C:\Windows\desktop-u49n401\oxy.exe [373248 2016-01-22] (The Privoxy team - www.privoxy.org) [File not signed]
S2 Windefender; C:\Windows\desktop-u49n401\Audiodlg.exe [X]
2017-04-02 02:38 - 2017-04-11 13:59 - 00000000 ____D C:\Program Files\f7365a03dcc30382aed283860a78fa30
2017-04-02 02:37 - 2017-04-11 13:59 - 00000000 ____D C:\Users\simps\AppData\Local\jjaturres
2017-04-02 02:37 - 2017-04-02 02:51 - 00000000 ____D C:\Users\simps\AppData\Local\mapkj
2017-04-02 02:37 - 2017-04-02 02:42 - 00000000 ____D C:\Windows\desktop-u49n401
2017-04-02 02:37 - 2017-04-02 02:37 - 00041472 _____ () C:\Windows\act_win_0316.exe
2017-03-16 19:21 - 2017-04-11 19:54 - 00000000 ____D C:\AdwCleaner
Task: {3AEAEAE2-3AEB-4956-8D96-55E1D76EEB61} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-21] ()
Task: {9DDDD26C-3CB8-4888-BB11-5B1EE4C8AD1F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D6115023-F0F2-4857-B1EE-E469D051EE95} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
C:\Users\simps\AppData\Roaming\Browsers
Shortcut: C:\Users\simps\Desktop\skrot\Gоogle Сhrоmе.lnk -> C:\Users\simps\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\simps\Desktop\skrot\Аvаst SafeZоne Brоwser.lnk -> C:\Users\simps\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
Shortcut: C:\Users\simps\Desktop\pulpit\Gооgle Chrome.lnk -> C:\Users\simps\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\simps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Еxplorеr.lnk -> C:\Users\simps\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\simps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Chrоmе.lnk -> C:\Users\simps\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\Users\simps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzilla Firеfох (2).lnk -> C:\Users\simps\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\Users\simps\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzilla Firеfох.lnk -> C:\Users\simps\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоoglе Сhrоme.lnk -> C:\Users\simps\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Аvast SafеZоne Вrоwser.lnk -> C:\Users\simps\AppData\Roaming\Browsers\exe.rehcnual.bat (No File) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Мozilla Firеfоx.lnk -> C:\Users\simps\AppData\Roaming\Browsers\exe.xoferif.bat (No File) <===== Cyrillic
Hosts:
RemoveProxy:
EmptyTemp:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.
Skasuj folder C:\FRST
Czyszczenie folderów Przywracania systemu
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK
hej Atis, mam zeskanować c:\FRST ale czym konkretnie ?
Co do czyszczenia folderów to tak zrobiłem jak tam napisali.
Napisałem skasuj czyli usuń ręcznie folder C:\FRST
Witam
Zrobiłem tak jak napisałeś powyżej i niestety dalej mam nova.rambler