Masa reklam

Dla specjalistów Bezpieczeństwo
#1

Witam

Mam problem z przegladarka chrome, podczas korzystania z niej wyskakuja mi okienka z reklamami, nawet teraz mialem problem zalozyc tu temat. Bardzo prosilbym o pomoc, oto logi :

 

http://www.wklej.org/id/1763321/

http://www.wklej.org/id/1763322/

http://www.wklej.org/id/1763323/

#2

W panelu sterowania odinstaluj:

Plus.HD_3.5V13.07

WordShark 1.10.0.20

Trend Micro Titanium Internet Security

YAC(Yet Another Cleaner

Pobierz i uruchom AdwCleaner Kliknij Skanuj i później Usuń.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

#3

Programu WordShark 1.10.0.20 nie bylo na liscie, reszte usunalem, o to nowy log:

http://wklej.org/id/1763423/

#4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\...\Run: [cpuminer] => C:\Windows\system32\cpuminer-gw64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR Extension: (Assist Point) - C:\Users\Rafal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpokbcnhimjlcihflpfalannhgcbikjm [2015-07-13]
S2 wssvc_1.10.0.20; "C:\Program Files (x86)\WordShark_1.10.0.20\Service\wssvc.exe" [X]
R1 wsfd_vt_1_10_0_20; C:\Windows\System32\drivers\wsfd_vt_1_10_0_20.sys [61312 2015-07-06] (WS)
2015-07-26 17:42 - 2015-07-26 17:48 - 00002872 _____ C:\Windows\system32\TmInstall.log
2015-07-26 17:42 - 2015-07-26 17:42 - 00004280 _____ C:\Windows\SysWOW64\TmInstall.log
2015-07-26 17:14 - 2015-07-26 17:45 - 00000000 ____ D C:\AdwCleaner
2015-07-26 17:42 - 2010-09-17 10:52 - 00232272 _____ (Trend Micro Inc.) C:\Windows\TmNSCIns.dll
2015-07-22 14:50 - 2015-07-22 14:51 - 00000000 ____ D C:\Users\Rafal\AppData\Local\{6969BDA1-E6DA-451F-9291-12509D1EE4A8}
2015-07-22 14:50 - 2015-07-22 14:50 - 00000000 ____ D C:\Users\Rafal\AppData\Local\{E97D6301-625A-4AA1-B9EB-A2B2FAA46BDE}
2015-07-20 13:47 - 2015-07-20 13:47 - 00867672 _____ () C:\Users\Rafal\Downloads\yet_another_cleaner_sk_7449892.exe
2015-07-13 11:59 - 2015-07-26 15:19 - 00000000 ____ D C:\Users\Rafal\AppData\Roaming\Lavasoft
2015-07-13 11:55 - 2015-07-13 14:06 - 00000000 ____ D C:\Program Files (x86)\b406c6d8-f836-417c-aa7e-b78cbb29ba9f
2015-07-13 11:54 - 2015-07-13 14:06 - 00000000 ____ D C:\Program Files (x86)\Plus.HD_3.5V13.07
2015-07-13 11:54 - 2015-07-13 11:54 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-13 11:31 - 2015-07-26 15:19 - 00000000 ____ D C:\ProgramData\Lavasoft
2015-07-13 11:31 - 2015-07-13 14:06 - 00000000 ____ D C:\Users\Rafal\AppData\Roaming\FEAECA80-1436779862-81E0-36D6-5404A6171020
2015-07-13 11:31 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-07-13 11:29 - 2015-07-13 11:29 - 00000000 _____ C:\Windows\prleth.sys
2015-07-13 11:29 - 2015-07-13 11:29 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-13 10:54 - 2015-07-13 10:54 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Rafal\Downloads\SpyHunter-Installer.exe
2015-07-13 10:54 - 2015-07-13 10:54 - 00000000 ____ D C:\Program Files\Enigma Software Group
2015-07-06 21:11 - 2015-07-06 21:11 - 00061312 _____ (WS) C:\Windows\system32\Drivers\wsfd_vt_1_10_0_20.sys
2015-07-06 21:11 - 2015-07-06 21:11 - 00057728 _____ (WS) C:\Windows\system32\Drivers\wsfd_vw_1_10_0_20.sys
2015-07-26 17:42 - 2011-04-01 11:24 - 00000000 ____ D C:\ProgramData\Trend Micro
2015-07-20 13:55 - 2015-04-20 23:30 - 00000000 ____ D C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56
2015-04-17 04:00 - 2015-04-17 04:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-04-17 03:59 - 2015-04-17 04:00 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Task: {022872FB-0DB5-49B3-A01F-801260587485} - System32\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-5_user => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-5.exe <==== ATTENTION
Task: {13509DEC-D9C4-4F1D-97AE-A8AF018AC9C2} - System32\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-1-6 => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-1-6.exe <==== ATTENTION
Task: {5B000C70-849C-4370-A05D-BE71E5945CF4} - System32\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-3 => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-3.exe <==== ATTENTION
Task: {645EE425-6501-4846-8FD7-ABCE1CD847D1} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Core => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe [2015-07-06] (WS) <==== ATTENTION
Task: {7E52EE72-B2FC-4820-A04C-AE383BE49F0E} - System32\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-5 => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-5.exe <==== ATTENTION
Task: {B2712926-3A17-4A6E-B8BC-261D9FFC2725} - \b2d0fe7c-ca62-4708-bf88-a36acbbae15a-6 No Task File <==== ATTENTION
Task: {CA7B0CAE-7E4A-410E-916F-4DFE6BCFC46F} - System32\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-7 => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-7.exe <==== ATTENTION
Task: {D5B51C10-C7F1-4346-BF58-B83517755609} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe [2015-07-06] (WS) <==== ATTENTION
Task: {D7A64404-D4E9-4BF1-B4CC-30F4F818A2B1} - System32\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-1-7 => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-1-7.exe <==== ATTENTION
Task: {D8BFE517-90CC-4189-A85F-45E401680421} - System32\Tasks\6s2QDFywuAXnPbhS8H3fu => C:\Users\Rafal\AppData\Roaming\6s2QDFywuAXnPbhS8H3fu.exe <==== ATTENTION
Task: {E428B8CC-423B-4B76-8F13-5DA036B0F02C} - System32\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-10_user => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\6s2QDFywuAXnPbhS8H3fu.job => C:\Users\Rafal\AppData\Roaming\6s2QDFywuAXnPbhS8H3fu.exe <==== ATTENTION
Task: C:\Windows\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-1-6.job => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-1-7.job => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-10_user.job => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-3.job => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-5.job => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-5_user.job => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-6.job => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-7.job => C:\Program Files (x86)\Plus.HD_3.5V13.07\b2d0fe7c-ca62-4708-bf88-a36acbbae15a-7.exe <==== ATTENTION
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

#5

Zrobilem wszystko jak napisales, nowe logi :

http://wklej.org/id/1763441/

http://wklej.org/id/1763443/

#6

Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK

Odinstaluj:

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Zainstaluj:

Flash Player 18.0.0.209 ActiveX

Flash Player 18.0.0.209 NPAPI

#7

Zrobilem powyzsze, problem nadal wystepuje , kolejny log :

http://wklej.org/id/1763464/