Niechciane reklamy w przeglądarce i w systemie


(exekutor12) #1

Witam, po włączeniu komputera automatycznie uruchamiają się okna przeglądarki z reklamami, pomocy!!

 

http://wklej.to/6a5VU

 

http://wklej.to/TMSVq


(Acorus) #2

Odinstaluj FreeSoftToday 008.209,FreeSoftToday 008.210,Remote Desktop Access (VuuPC),videos+Media+Players,WindowsMangerProtect20.0.0.722,Yontoo 1.10.02.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.


(exekutor12) #3

mam problem z usunięciem Yontoo


(Acorus) #4

Pomiń i wykonaj resztę.


(exekutor12) #5

zainstalowalem program spyhunter 4, czy można z niego bezpiecznie usuwać infekcje?


(Acorus) #6

A kto Ci kazał instalować spyhunter? Odinstaluj go i wykonaj zadane czynności.


(exekutor12) #7

wklejam nowe logi

 

http://wklej.to/mBNBq

 

http://wklej.to/ITNAu


(Acorus) #8

Otwórz Notatnik i wklej:

Task: C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-1.job = C:\Program Files\HQVP1.9V23.09\HQVP1.9V23.09-codedownloader.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-11.job = C:\Program Files\HQVP1.9V23.09\21504615-5d5e-49df-b466-316c8799db1e-11.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-2.job = C:\Program Files\HQVP1.9V23.09\21504615-5d5e-49df-b466-316c8799db1e-2.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-3.job = C:\Program Files\HQVP1.9V23.09\21504615-5d5e-49df-b466-316c8799db1e-3.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-4.job = C:\Program Files\HQVP1.9V23.09\21504615-5d5e-49df-b466-316c8799db1e-4.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-5.job = C:\Program Files\HQVP1.9V23.09\21504615-5d5e-49df-b466-316c8799db1e-5.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-6.job = C:\Program Files\HQVP1.9V23.09\21504615-5d5e-49df-b466-316c8799db1e-6.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-7.job = C:\Program Files\HQVP1.9V23.09\21504615-5d5e-49df-b466-316c8799db1e-7.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\57b804b3-4b83-46d8-b032-38c755932201.job = C:\Program Files\HQVP1.9V23.09\57b804b3-4b83-46d8-b032-38c755932201.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\AOV.job = C:\Documents and Settings\user\Dane aplikacji\AOV.exe
Task: C:\WINDOWS\Tasks\bae98028-e55b-403c-848b-f2ebac98c74a.job = C:\Program Files\HQVP1.9V23.09\bae98028-e55b-403c-848b-f2ebac98c74a.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\GDUUKUMR.job = C:\Documents and Settings\user\Dane aplikacji\GDUUKUMR.exe
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore1cfd75455f90532.job = C:\Program Files\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\HIMESDO.job = C:\Documents and Settings\user\Dane aplikacji\HIMESDO.exe
Task: C:\WINDOWS\Tasks\LTVWORZ.job = C:\Documents and Settings\user\Dane aplikacji\LTVWORZ.exe
HKLM\...\Run: [upfst_pl_206.exe] = C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\fst_pl_206\upfst_pl_206.exe [3303416 2014-09-23] ()
HKLM\...\Run: [fst_pl_210] = [X]
HKLM\...\Run: [fst_pl_209] = [X]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchpage.net
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hpts=1411493402from=tugsuid=ST3500418AS_9VMHR1J8XXXX9VMHR1J8
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://search.babylon.com/?affID=110819tt=3212_4babsrc=NT_ssmntrId=0c77744f0000000000006cf0490c7c9c" ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-527237240-1935655697-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1411493402from=tugsuid=ST3500418AS_9VMHR1J8XXXX9VMHR1J8q={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6q={searchTerms}crg=3.1010000.10011
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ietb=ARSo=15084src=crmq={searchTerms}locale=en_USapn_ptnrs=AGapn_dtid=YYYYYYYYPLapn_uid=F3C63A36-A546-4DF8-AF9A-CC67C896D101apn_sauid=4514C040-5EEF-4329-B693-AF330A74C76F
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1411493402from=tugsuid=ST3500418AS_9VMHR1J8XXXX9VMHR1J8q={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6q={searchTerms}crg=3.1010000.10011
BHO: BlockAndSurf - {86DA3544-4CE5-EF95-7622-F56A2C0B2F72} - C:\Program Files\ver0BlockAndSurf\179.dll ()
FF SearchPlugin: C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\7841g5o0.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\7841g5o0.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: HQVP1.9V23.09 - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\7841g5o0.default\Extensions\0cd1569197354ecf9be03@d3ee3bc4210848f7b5a58324f064f.com [2014-09-23]
FF Extension: Yontoo - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\7841g5o0.default\Extensions\plugin@yontoo.com.xpi [2013-02-21]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\7841g5o0.default\extensions\faststartff@gmail.com
FF Extension: No Name - C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\7841g5o0.default\extensions\975af956-6d8c-4897-837a-25c267d2cec1@gmail.com [Not Found]
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Documents and Settings\user\Dane aplikacji\BabylonToolbar\CR\BabylonChrome1.crx []
CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files\1ClickDownload\1click11.crx []
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\DOCUME~1\user\USTAWI~1\Temp\YontooLayers.crx []
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Documents and Settings\user\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-09-23]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-09-23] (globalUpdate) [File not signed]
R2 IePluginServices; C:\Documents and Settings\All Users\Dane aplikacji\IePluginServices\PluginService.exe [705416 2014-09-16] (Cherished Technololgy LIMITED)
S3 catchme; \\C:\ComboFix\catchme.sys [X]
S3 gdrv; \\C:\WINDOWS\gdrv.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S4 IntelIde; No ImagePath
U3 TlntSvr; No ImagePath
2014-11-04 17:14 - 2014-11-04 17:14 - 00000000 ____ D () C:\Documents and Settings\user\Moje dokumenty\FRST-OlderVersion
2014-10-30 16:54 - 2014-11-04 16:36 - 00000000 ____ D () C:\AdwCleaner
2014-10-30 16:02 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-10-30 16:02 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-10-30 16:02 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-10-30 16:02 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-10-30 16:02 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-10-30 16:02 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-10-30 16:02 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-10-30 16:02 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-10-30 16:02 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-10-22 17:48 - 2014-11-04 16:21 - 00000000 ____ D () C:\Program Files\fst_pl_210
2014-11-04 17:12 - 2014-09-23 18:32 - 00002740 _____ () C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-1.job
2014-11-04 17:12 - 2014-09-23 18:32 - 00002416 _____ () C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-5.job
2014-11-04 17:12 - 2014-09-23 18:32 - 00002080 _____ () C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-2.job
2014-11-04 17:12 - 2014-09-23 18:32 - 00001412 _____ () C:\WINDOWS\Tasks\bae98028-e55b-403c-848b-f2ebac98c74a.job
2014-11-04 17:12 - 2014-09-23 18:32 - 00001368 _____ () C:\WINDOWS\Tasks\HIMESDO.job
2014-11-04 17:12 - 2014-09-23 18:32 - 00001360 _____ () C:\WINDOWS\Tasks\AOV.job
2014-11-04 17:12 - 2014-09-23 18:32 - 00000872 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore1cfd75455f90532.job
2014-11-04 17:12 - 2014-09-23 18:31 - 00004466 _____ () C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-11.job
2014-11-04 17:12 - 2014-09-23 18:31 - 00003784 _____ () C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-4.job
2014-11-04 17:12 - 2014-09-23 18:31 - 00003784 _____ () C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-3.job
2014-11-04 17:12 - 2014-09-23 18:31 - 00003440 _____ () C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-6.job
2014-11-04 17:12 - 2014-09-23 18:31 - 00003104 _____ () C:\WINDOWS\Tasks\21504615-5d5e-49df-b466-316c8799db1e-7.job
2014-11-04 17:12 - 2014-09-23 18:31 - 00001714 _____ () C:\WINDOWS\Tasks\GDUUKUMR.job
2014-11-04 17:12 - 2014-09-23 18:31 - 00001712 _____ () C:\WINDOWS\Tasks\LTVWORZ.job
2014-11-04 17:12 - 2014-09-23 18:31 - 00000602 _____ () C:\WINDOWS\Tasks\57b804b3-4b83-46d8-b032-38c755932201.job
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe


(exekutor12) #9

dzieki za pomoc