Mnóstwo reklam

Dla specjalistów Bezpieczeństwo
#1

Po raz kolejny reklamy…

Wszędzie… W mailu, przy każdej stronie, na yt…

OTL:

http://wklej.org/id/1467986/

 

Extras:

http://wklej.org/id/1467987/

 

Ktoś, coś pomoże?

#2

Może adblock czy coś?

#3

Odinstaluj Ask Toolbar,BrowseToSave,BestSaveForYOOu,McAfee Security Scan Plus,Norton Security Scan.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

Raporty umieść na http://wklej.org/ i podaj link.

#4

Addition:

http://wklej.org/id/1468010/

 

FRST:

http://wklej.org/id/1468011/

#5

Otwórz Notatnik i wklej:

CustomCLSID: HKU\S-1-5-21-1614895754-1606980848-725345543-1003_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 - D:\DOCUME~1\Ann\MOJEDO~1\DOWNLO~1\BESTPL~1.EXE No File
Task: D:\WINDOWS\Tasks\At5.job = D:\DOCUME~1\Ann\DANEAP~1\Dealply\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
Task: D:\WINDOWS\Tasks\Norton Security Scan for Ann.job = D:\PROGRA~1\NORTON~2\Engine\376~1.5\Nss.exe
HKLM\...\Run: [ROC_ROC_NT] = "D:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
HKLM\...\Run: [] = [X]
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] ==== ATTENTION!
HKU\S-1-5-21-1614895754-1606980848-725345543-1003\...\Run: [minerd] = "D:\Documents and Settings\Ann\Dane aplikacji\minerd\nircmd.exe" exec hide "D:\Documents and Settings\Ann\Dane aplikacji\minerd\start.bat"
HKU\S-1-5-21-1614895754-1606980848-725345543-1003\...\Run: [aiko] = D:\Documents and Settings\Ann\Dane aplikacji\SexGameDevil\aiko.exe [87040 2013-10-24] ()
HKU\S-1-5-21-1614895754-1606980848-725345543-1003\...\MountPoints2: {9274d432-08d2-11e3-8831-001e6862d1bb} - H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
HKU\S-1-5-21-1614895754-1606980848-725345543-1003\...\MountPoints2: {a90a13c6-01c8-11e3-8807-001e6862d1bb} - H:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
HKU\S-1-5-21-1614895754-1606980848-725345543-1003\...\Winlogon: [Shell] D:\WINDOWS\system32\Windows Server\wserver.exe [351744 2014-05-10] (Microsoft Corporation) ==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
ShellIconOverlayIdentifiers: 00avast - {472083B0-C522-11CF-8763-00608CC02F24} = No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - D:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll No File
BHO: WiaatchItAadBluocike - {4653ABFA-07AC-D24D-BD90-A80F79B2EC67} - D:\Documents and Settings\All Users\Dane aplikacji\WiaatchItAadBluocike\E.dll ()
FF Extension: WiaatchItAadBluocike - D:\Documents and Settings\Ann\Dane aplikacji\Mozilla\Firefox\Profiles\qez04yeh.default\Extensions\ueo6c@dvuya.co.uk [2014-09-19]
CHR Extension: (WiaatchItAadBluocike) - D:\Documents and Settings\Ann\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cijhbcjgkpcflhpjohdmkghnpmhbffch [2014-01-30]
CHR Extension: (DealEexPress) - D:\Documents and Settings\All Users\Dane aplikacji\ojdfnilkhlklepkaolpfcphijpmhmbjc\ [2013-02-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
S3 McComponentHostService; "D:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe" [X]
2014-09-19 17:23 - 2014-09-19 17:25 - 00000000 ____ D () D:\AdwCleaner
D:\Windows\Tasks\At1.job
D:\Windows\Tasks\At2.job
D:\Windows\Tasks\At3.job
D:\Windows\Tasks\At4.job
D:\Windows\Tasks\At5.job
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#6

Już po kłopocie i poszło szybciej niż myślałem. Dziękuję!

#7

Skasuj folder C:\FRST