Nowe wyskakujące reklamy - Solution Real


(Moje Konta Sg) #1

Od wczoraj w mojej przeglądarce pojawiły się nowe wyskakujące reklamy na których napisane jest Solution Real. Podejrzewam że pojawiły się razem z pobraniem programu do edycji zdjęć. Ktoś pomoże mi się ich pozbyć?

 

 

FRST http://wklej.org/id/1600747/

 

Addition http://wklej.org/id/1600752/


(Acorus) #2

Odinstaluj Adobe Reader 9.5.0 - Polish,Solution Real.Otwórz notatnik systemowy i wklej:

Task: {162F845A-7A0F-4C83-AE21-6EDE9B2AEBCA} - System32\Tasks\{63FC9619-1546-472A-816E-0C89B19E3767} = pcalua.exe -a "C:\Users\Sylwia Gaweł\AppData\Roaming\webssearches\UninstallManager.exe" -c -ptid=exp ==== ATTENTION
Task: {24A3F0FC-C1C0-4D5C-BC06-94784B4EE80D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4141374535-311919606-3590139362-1000Core = C:\Users\Sylwia Gaweł\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {8AD04C63-653D-464B-8278-338F06A8E4AA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4141374535-311919606-3590139362-1000UA = C:\Users\Sylwia Gaweł\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {CF96ACDE-0AE4-4668-90BB-A630872645B0} - \SpyHunter4Startup No Task File ==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141374535-311919606-3590139362-1000Core.job = C:\Users\Sylwia GaweB\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4141374535-311919606-3590139362-1000UA.job = C:\Users\Sylwia GaweB\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] = C:\Program Files (x86)\Winamp\winampa.exe [37888 2009-07-01] ()
HKLM-x32\...\Run: [TkBellExe] = c:\program files (x86)\real\realplayer\Update\realsched.exe [296056 2012-02-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [YouCam Service] = C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-31] (CyberLink Corp.)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1421349062from=coruid=SAMSUNGXHM321HI_S26VJ9AZB46153q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1421349062from=coruid=SAMSUNGXHM321HI_S26VJ9AZB46153q={searchTerms}
HKU\S-1-5-21-4141374535-311919606-3590139362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1421349062from=coruid=SAMSUNGXHM321HI_S26VJ9AZB46153q={searchTerms}
HKU\S-1-5-21-4141374535-311919606-3590139362-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1421349062from=coruid=SAMSUNGXHM321HI_S26VJ9AZB46153q={searchTerms}
SearchScopes: HKU\S-1-5-21-4141374535-311919606-3590139362-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Solution Real 1.0.0.6 - {1bb456da-878f-44a5-b013-4bfe0ae02fce} - C:\Program Files (x86)\Solution Real\SolutionRealbho.dll (Solution Real)
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
FF Extension: cosstminn - C:\Users\Sylwia Gaweł\AppData\Roaming\Mozilla\Firefox\Profiles\0uaawbzh.default\Extensions\d_aa@fuwsmqqiu.co.uk [2014-12-29]
FF Extension: Site Matcher Pro - C:\Users\Sylwia Gaweł\AppData\Roaming\Mozilla\Firefox\Profiles\0uaawbzh.default\Extensions\matchersiteprosrc@matchersiteprosrc.com [2014-12-29]
FF Extension: Solution Real 1.0.1 - C:\Users\Sylwia Gaweł\AppData\Roaming\Mozilla\Firefox\Profiles\0uaawbzh.default\Extensions\{693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}.xpi [2015-01-15]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Sylwia Gaweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Solution Real) - C:\Users\Sylwia Gaweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhobkkmfkjcnjbidcjgahclnibmdhhcm [2015-01-19]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 Update Solution Real; C:\Program Files (x86)\Solution Real\updateSolutionReal.exe [529144 2015-01-19] ()
R2 Util Solution Real; C:\Program Files (x86)\Solution Real\bin\utilSolutionReal.exe [529144 2015-01-19] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-15] (SysTool PasSame LIMITED) [File not signed]
R1 {693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64; C:\Windows\System32\drivers\{693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64.sys [48792 2015-01-14] (StdLib)
R1 {6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64; C:\Windows\System32\drivers\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64.sys [48792 2015-01-16] (StdLib)
2015-01-16 17:24 - 2015-01-16 00:44 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64.sys
2015-01-15 20:19 - 2015-01-14 22:39 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64.sys
2015-01-15 20:13 - 2015-01-15 20:13 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-01-15 20:12 - 2015-01-19 15:34 - 00000000 ____ D () C:\Program Files (x86)\Solution Real
2015-01-15 20:12 - 2015-01-15 20:13 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-01-15 20:11 - 2015-01-16 23:30 - 00000000 ____ D () C:\Users\Sylwia Gaweł\AppData\Roaming\omiga-plus
2015-01-15 20:11 - 2015-01-15 20:12 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.