Po otwarciu przeglądarki wyskakują reklamy, okna

Po otwarciu przeglądarki wyskakują reklamy, okna. Komputer bardzo wolno chodzi. Windows 8.

 

Logi:

http://www.wklej.org/id/1639132/

 

http://www.wklej.org/id/1639134/

Odinstaluj BlockAndSurf,GamesDesktop 008.44,IGS,igsc,Lollipop,omiga-plus uninstall,PriceFountain (remove only),Remote Desktop Access (VuuPC),SmartWeb,Solution Real,Super Optimizer v3.2,Word Proser 1.10.0.6.Pobierz i uruchom jako administrator AdwCleaner   https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Pokaż nowe logi z FRST.

logi

http://www.wklej.org/id/1639225/

 

http://www.wklej.org/id/1639226/

Otwórz notatnik systemowy i wklej:

Task: {8A7B2591-76C9-455F-AE51-650DFDCFA55A} - System32\Tasks\KULFODS = C:\Users\Vaio!\AppData\Roaming\KULFODS.exe [2015-02-08] (HD CinemaV08.02) ==== ATTENTION
Task: {97C8CC89-63BC-4215-AF7E-F9E274BB1775} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4211889094-3425971281-442225126-1002Core = C:\Users\Vaio!\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-15] (Facebook Inc.)
Task: {A21C96E5-FA1A-4DE3-9F8E-20A320A66685} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4211889094-3425971281-442225126-1002UA = C:\Users\Vaio!\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-15] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4211889094-3425971281-442225126-1002Core.job = C:\Users\Vaio!\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4211889094-3425971281-442225126-1002UA.job = C:\Users\Vaio!\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\KULFODS.job = C:\Users\Vaio!\AppData\Roaming\KULFODS.exe ==== ATTENTION
HKLM\...\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [TkBellExe] = C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2014-01-04] (RealNetworks, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4211889094-3425971281-442225126-1001\...\Run: [Facebook Update] = C:\Users\Vaio!\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-15] (Facebook Inc.)
HKU\S-1-5-21-4211889094-3425971281-442225126-1001\...\MountPoints2: H - "H:\SETUP.EXE"
HKU\S-1-5-21-4211889094-3425971281-442225126-1001\...\MountPoints2: {72679e31-6fc4-11e3-be79-3423877bcc12} - "E:\AutoRun.exe"
HKU\S-1-5-21-4211889094-3425971281-442225126-1001\...\MountPoints2: {ceec8267-95a7-11e3-be82-3423877bcc12} - "E:\AutoRun.exe"
HKU\S-1-5-21-4211889094-3425971281-442225126-1002\...\Run: [Facebook Update] = C:\Users\Vaio!\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-15] (Facebook Inc.)
HKU\S-1-5-21-4211889094-3425971281-442225126-1002\...\MountPoints2: H - "H:\SETUP.EXE"
HKU\S-1-5-21-4211889094-3425971281-442225126-1002\...\MountPoints2: {72679e31-6fc4-11e3-be79-3423877bcc12} - "E:\AutoRun.exe"
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4211889094-3425971281-442225126-1001 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4211889094-3425971281-442225126-1001 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}babsrc=SP_ssmntrId=52C2582C80139263affID=128492tsp=5201
CHR StartupUrls: Default - "hxxp://isearch.omiga-plus.com/?type=hpppts=1422648152from=coruid=TOSHIBAXMQ01ABF050_Y35AW4OFTXXY35AW4OFT"
CHR Extension: (Solution Real) - C:\Users\Vaio!\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnpbdjpnfoddiffejmciilgkphacgoeb [2015-01-31]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S1 pfnfd_1_10_0_8; system32\drivers\pfnfd_1_10_0_8.sys [X]
2015-02-18 12:37 - 2015-02-18 12:41 - 00000000 ____ D () C:\AdwCleaner
2015-02-08 17:25 - 2015-02-18 12:44 - 00001694 _____ () C:\Windows\Tasks\KULFODS.job
2015-02-08 17:25 - 2015-02-08 17:25 - 02043864 _____ (HD CinemaV08.02) C:\Users\Vaio!\AppData\Roaming\KULFODS.exe
2015-02-08 17:25 - 2015-02-08 17:25 - 00004692 _____ () C:\Windows\System32\Tasks\KULFODS
2015-02-08 17:25 - 2015-02-08 17:25 - 00000000 ____ D () C:\Program Files (x86)\5a073271-08cb-4230-97d0-d854da93a056
2015-02-08 17:24 - 2015-02-08 17:26 - 00000000 ____ D () C:\Program Files (x86)\HD Cinema Pro 1.8cV08.02
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Zrobione. Jeśli to wszystko to dziękuję :slight_smile:

Jak wszystko gra to skasuj folder C:\FRST

Niestety dalej są problemy: 

 

Logi z FRST:

http://www.wklej.org/id/1657975/

Najlepiej zrobisz jak nic nowego nie będziesz instalował.Odinstaluj cheap-o,Lollipop,SegmentLifter.Otwórz notatnik systemowy i wklej:

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4211889094-3425971281-442225126-1002Core.job = C:\Users\Vaio!\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4211889094-3425971281-442225126-1002UA.job = C:\Users\Vaio!\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4211889094-3425971281-442225126-1001\...\Run: [Facebook Update] = C:\Users\Vaio!\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-15] (Facebook Inc.)
HKU\S-1-5-21-4211889094-3425971281-442225126-1002\...\Run: [Facebook Update] = C:\Users\Vaio!\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-15] (Facebook Inc.)
HKU\S-1-5-21-4211889094-3425971281-442225126-1002\...\MountPoints2: H - "H:\SETUP.EXE"
HKU\S-1-5-21-4211889094-3425971281-442225126-1002\...\MountPoints2: {72679e31-6fc4-11e3-be79-3423877bcc12} - "E:\AutoRun.exe"
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4211889094-3425971281-442225126-1001 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4211889094-3425971281-442225126-1001 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}babsrc=SP_ssmntrId=52C2582C80139263affID=128492tsp=5201
BHO: lowpriicees - {9674aa80-d892-4347-8d01-bbde48a3b20e} - C:\Program Files (x86)\lowpriicees\umsUqqo8C0BQpq.x64.dll [2015-03-07] ()
BHO-x32: lowpriicees - {9674aa80-d892-4347-8d01-bbde48a3b20e} - C:\Program Files (x86)\lowpriicees\umsUqqo8C0BQpq.dll [2015-03-07] ()
FF Extension: buyofaSit - C:\Users\Vaio!\AppData\Roaming\Mozilla\Firefox\Profiles\zxwycgkd.default\Extensions\6@K2yG.org [2015-03-08]
FF Extension: offfersoftt - C:\Users\Vaio!\AppData\Roaming\Mozilla\Firefox\Profiles\zxwycgkd.default\Extensions\c1ts@v5IU2.edu [2015-03-08]
CHR StartupUrls: Default - "hxxp://isearch.omiga-plus.com/?type=hpppts=1422648152from=coruid=TOSHIBAXMQ01ABF050_Y35AW4OFTXXY35AW4OFT"
CHR Extension: (geeljcibkkackafmeepgadbfgmpjmdeg) - C:\Users\Vaio!\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg [2015-02-22]
CHR Extension: (Tab Manager) - C:\Users\Vaio!\AppData\Local\Google\Chrome\User Data\Default\Extensions\coonecdghnepgiblpccbbihiahajndda [2015-03-01]
R2 5683ea5d; c:\Program Files (x86)\SegmentLifter\SegmentLifter.dll [1596928 2015-02-28] () [File not signed]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S1 pfnfd_1_10_0_8; system32\drivers\pfnfd_1_10_0_8.sys [X]
2015-03-07 15:46 - 2015-03-07 15:47 - 00000000 ____ D () C:\Program Files (x86)\lowpriicees
2015-03-01 16:13 - 2015-03-01 16:14 - 00000000 ____ D () C:\Program Files (x86)\Tab Manager
2015-03-01 16:13 - 2015-03-01 16:13 - 00000000 ____ D () C:\Program Files (x86)\Offerdeal
2015-03-01 16:12 - 2015-03-07 15:46 - 00000000 ____ D () C:\ProgramData\8336182942398583919
2015-03-01 16:12 - 2015-03-07 15:46 - 00000000 ____ D () C:\Program Files (x86)\noituRodeal
2015-03-01 16:12 - 2015-03-07 15:46 - 00000000 ____ D () C:\Program Files (x86)\Cheap4AAlull
2015-03-01 16:12 - 2015-03-01 16:12 - 00000000 ____ D () C:\ProgramData\hhfledajfammddkpfnhabifmonolomdn
2015-03-01 16:12 - 2015-03-01 16:12 - 00000000 ____ D () C:\Program Files (x86)\buyofaSit
2015-03-01 16:11 - 2015-03-01 16:12 - 00000000 ____ D () C:\Program Files (x86)\offfersoftt
2015-02-28 15:37 - 2015-02-28 15:37 - 00000000 ____ D () C:\ProgramData\cheap-o
2015-02-28 15:17 - 2015-02-28 15:17 - 00000000 ____ D () C:\Program Files (x86)\SegmentLifter
2015-02-18 12:37 - 2015-02-18 12:41 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Zrobione. Coś dalej?

Skasuj folder C:\FRST

Pobierz i uruchom jako administrator AdwCleaner   https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Zrobione logi FRST, bo dalej wywala reklamy

 

http://www.wklej.org/id/1658051/

 

http://www.wklej.org/id/1658053/

Wrzuć na forum shortcut.txt (jest na pulpicie)

Prosze

W AdwCleaner użyj opcji Odinstaluj.

Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.

Najpierw możesz wyeksportować zakładki: https://support.google.com/chrome/answer/96816?hl=pl

Później zainstaluj stabilną wersję: https://www.google.pl/chrome/browser/desktop/

Zainstalowałam tez wersje testowa Eseta i skanuje na razie, bo się okazało, że nie było antywira (to nie mój komp). Jak coś będzie jeszcze źle to napiszę. Dziękuję

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.4.1028.exe

udało sie przeskanowac wszystko

To wszystko.

Byłoby super :slight_smile: