Pojawiające się same reklamy

Obojętnie co nie kliknę mam same reklamy.

 

http://wklej.to/sdbAt

http://wklej.to/BQyFq

Co Ty instalujesz?Przez Panel sterowania odinstaluj

 

To nie mój komputer tylko znajomego. Tak to już jest gdy mam dużo znajomych, którzy są zieloni z komputerów.

http://wklej.to/Sm9mj

http://wklej.to/WyZFe

Przez Panel sterowania odinstaluj

 

Wklej do notatnika:

CloseProcesses:
HKLM\...\Run: [gpuminer] => C:\Users\Jarek\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
HKLM\...\Run: [cpuminer] => C:\Windows\system32\cpuminer-gw64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2898350105-1872382386-508321475-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEYzwmkwM3HPmqx4YVbzqJo55U3U2o6M6oSCIuSvS3w3hJR-AVkLqOC-ZVYW4YzkWrftwMcXC4e9XzJw6570_rP7RYzBm1fCBdifYCt9ymxqRb32CPrB6RTqi4BsSU3oTFY8ZOTm4KrX4M-4ZofVD4kLb6W&q={searchTerms}
HKU\S-1-5-21-2898350105-1872382386-508321475-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEYzwmkwM3HPmqx4YVbzqJo55U3U2o6M6oSCIuSvS3w3hJR-AVkLqOC-ZVYW4YzkWrftwMcXC4e9XzJw6570_rP7RYzBm1fCBdifYCt9ymxqRb32CPrB6RTqi4BsSU3oTFY8ZOTm4KrX4M-4ZofVD4kLb6W&q={searchTerms}
HKU\S-1-5-21-2898350105-1872382386-508321475-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEYzwmkwM3HPmqx4YVbzqJo55U3U2o6M6oSCIuSvS3w3hJR-AVkLqOC-ZVYW4YzkWrftwMcXC4e9XzJw6570_rP7RYzBm1fCBdifYCt9ymxqRb32CPrB6RTqi4BsSU3oTFY8ZOTm4KrX4M-4ZofVD4kLb6W&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2898350105-1872382386-508321475-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2898350105-1872382386-508321475-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEYzwmkwM3HPmqx4YVbzqJo55U3U2o6M6oSCIuSvS3w3hJR-AVkLqOC-ZVYW4YzkWrftwMcXC4e9XzJw6570_rP7RYzBm1fCBdifYCt9ymxqRb32CPrB6RTqi4BsSU3oTFY8ZOTm4KrX4M-4ZofVD4kLb6W&q={searchTerms}
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bl-bfr-is __alt__ ddc_dss_bd_com&p={searchTerms}
FF Extension: Web Protector - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\27i4j22l.default\Extensions\{c980daa9-620d-ebbe-5a9d-1e5145bc671f} [2015-08-12]
FF Extension: Filter Results - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\27i4j22l.default\Extensions\{6774d900-ad1f-4dd0-8c32-99994e7e87b8}.xpi [2015-08-07]
FF HKLM\...\Firefox\Extensions: [{3ea54411-9f2a-4a18-a93a-84312350f7c1}] - C:\Program Files\shopperz12082015\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{3ea54411-9f2a-4a18-a93a-84312350f7c1}] - C:\Program Files\shopperz12082015\Firefox
FF Extension: No Name - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\27i4j22l.default\extensions\defsearchp@gmail.com [not found]
FF Extension: No Name - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\27i4j22l.default\extensions\deskCutv2@gmail.com [not found]
FF Extension: No Name - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\27i4j22l.default\extensions\8hffxtbr@download.allin1convert.com [not found]
FF Extension: No Name - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\27i4j22l.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [not found]
FF Extension: No Name - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\27i4j22l.default\extensions\f8783004-c434-4bd0-9f81-9a39dd64baaa@08ad07c4-3f21-451d-9045-9e0d5dc8aa9e.com [not found]
CHR Extension: (Filter Results) - C:\Users\Jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbcggkgjkfapollndmndmnejhemekkp [2015-08-15]
OPR Extension: (Filter Results) - C:\Users\Jarek\AppData\Roaming\Opera Software\Opera Stable\Extensions\mcbcggkgjkfapollndmndmnejhemekkp [2015-08-07]
R2 comyninu; C:\Program Files (x86)\AE88465D-1439408456-B549-A9E2-4EC8F54440A1\hnsx9BB0.tmp [161792 2015-08-12] () [File not signed]
R2 gilefifo; C:\Program Files (x86)\AE88465D-1439408456-B549-A9E2-4EC8F54440A1\knsa263F.tmp [747008 2015-08-15] () [File not signed]
R2 hyverumu; C:\Program Files (x86)\AE88465D-1439408456-B549-A9E2-4EC8F54440A1\jnst8364.tmp [209920 2015-08-12] () [File not signed]
2015-08-16 13:14 - 2015-08-16 13:14 - 08143312 _____ (TeamViewer GmbH) C:\Users\Jarek\Downloads\TeamViewer_Setup_pl-irm (1).exe
2015-08-16 13:14 - 2015-08-16 13:14 - 01330845 _____ (TeamViewer GmbH) C:\Users\Jarek\Downloads\TeamViewer_Setup_pl-irm (2).exe.opdownload
2015-08-16 13:13 - 2015-08-16 13:13 - 00004728 _____ C:\Windows\SysWOW64\Uiviuuj.ini
2015-08-16 13:13 - 2015-08-16 13:13 - 00002440 _____ C:\Windows\SysWOW64\UiviuujOff.ini
2015-08-16 13:13 - 2015-08-16 13:13 - 00002440 _____ C:\Windows\system32\UiviuujOff.ini
2015-08-16 13:13 - 2015-08-12 10:45 - 00353608 _____ C:\Windows\system32\Uiviuuj64.dll
2015-08-16 13:13 - 2015-08-12 10:45 - 00283464 _____ C:\Windows\SysWOW64\Uiviuuj.dll
2015-08-15 17:59 - 2015-08-15 17:59 - 08143312 _____ (TeamViewer GmbH) C:\Users\Jarek\Downloads\TeamViewer_Setup_pl-irm.exe
2015-08-15 17:50 - 2015-08-15 17:51 - 00000000 ____ D C:\ProgramData\eWinManProe
2015-08-15 17:12 - 2015-08-16 13:39 - 00000000 ____ D C:\Users\Jarek\AppData\Local\Unity
2015-08-15 17:11 - 2015-08-15 17:11 - 00000000 ____ D C:\Users\Public\QiYi
2015-08-15 17:07 - 2015-08-16 14:16 - 00001014 _____ C:\Windows\Tasks\fRcyTiAErvSR0Xo.job
2015-08-15 17:07 - 2015-08-16 14:16 - 00001002 _____ C:\Windows\Tasks\JxlFxtHji.job
2015-08-15 17:07 - 2015-08-15 17:07 - 00004014 _____ C:\Windows\System32\Tasks\fRcyTiAErvSR0Xo
2015-08-15 17:07 - 2015-08-15 17:07 - 00004004 _____ C:\Windows\System32\Tasks\JxlFxtHji
2015-08-15 17:05 - 2015-08-16 13:14 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-15 17:04 - 2015-08-15 17:04 - 00000217 _____ C:\task.vbs
2015-08-15 17:03 - 2015-08-15 17:03 - 00000000 ____ D C:\ProgramData\aWinManProa
2015-08-15 17:03 - 2015-08-15 17:03 - 00000000 _____ C:\Windows\prleth.sys
2015-08-15 17:03 - 2015-08-15 17:03 - 00000000 _____ C:\Windows\hgfs.sys
2015-08-12 21:35 - 2015-08-12 21:35 - 00000000 ____ D C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2015-08-12 21:34 - 2015-08-12 21:34 - 00517384 _____ ( ) C:\Users\Jarek\Downloads\adblockplus-2.4.1-sm_tb_fn_fx.zip.exe
2015-08-12 21:33 - 2015-08-12 21:33 - 00844176 _____ (Installer Program ) C:\Users\Jarek\Downloads\setup.exe
2015-08-12 21:32 - 2015-08-12 21:32 - 00858448 _____ (Installer Program ) C:\Users\Jarek\Downloads\adobe_flash_player.exe
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Jarek\AppData\Roaming\fRcyTiAErvSR0Xo
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Jarek\AppData\Roaming\fRcyTiAErvSR0Xo.exe
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Jarek\AppData\Roaming\JxlFxtHji
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Jarek\AppData\Roaming\JxlFxtHji.exe
2015-06-28 08:06 - 2015-08-16 14:16 - 0000125 _____ () C:\Users\Jarek\AppData\Roaming\sp_data.sys
Task: {1D30939F-4830-4F05-99FB-042C58373D1F} - System32\Tasks\snp => C:\ProgramData\Dongtam\5hskah0r.exe
Task: {795995B4-E327-4B34-8A46-ED41C0DD8D34} - System32\Tasks\snf => C:\ProgramData\Dongtam\5hskah0r.exe
Task: {9D3CD289-1B16-4ACC-95CB-75A604AEAB0C} - System32\Tasks\fRcyTiAErvSR0Xo => C:\Users\Jarek\AppData\Roaming\fRcyTiAErvSR0Xo.exe [2015-04-20] () <==== ATTENTION
Task: {AEE5B3EA-E4AB-40D8-9EAE-5FEF64196B73} - System32\Tasks\{9F5272D8-4843-45EF-9540-F4F4FBABC96C} => pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_194_Plugin.exe -c -maintain plugin
Task: {C5AF48EC-AD91-4027-81C5-5188CC298A6A} - System32\Tasks\JxlFxtHji => C:\Users\Jarek\AppData\Roaming\JxlFxtHji.exe [2015-04-20] () <==== ATTENTION
Task: C:\Windows\Tasks\fRcyTiAErvSR0Xo.job => C:\Users\Jarek\AppData\Roaming\fRcyTiAErvSR0Xo.exe <==== ATTENTION
Task: C:\Windows\Tasks\JxlFxtHji.job => C:\Users\Jarek\AppData\Roaming\JxlFxtHji.exe <==== ATTENTION
C:\Program Files (x86)\AE88465D-1439408456-B549-A9E2-4EC8F54440A1
C:\Program Files (x86)\baidu
EmptyTemp:

Plik zapisz jako fixlist.txt i umieść w tym samym katalogu co FRST Uruchom FRST klikasz Fix Raport z usuwania pokaż na forum. Następnie ponownie uruchom FRST klikasz Scan pokaż nowy raport FRST.txt na forum

Nowe logi:

http://wklej.to/6mcdh

http://wklej.to/UaRcf

Mówisz że nowe a podajesz stary FRST.txt, ogarnij się.

http://wklej.to/6YJeS

http://wklej.to/OMNtY

Uważnie przeczytaj o jakie raporty proszę i postaraj się je dostarczyć.

 

 

Przez Panel sterowania odinstaluj

Tego niema w Panelu sterowania, ani w CCleanerze.

 

http://wklej.to/qVTsJ

 

http://wklej.to/s0Twh

http://wklej.to/0prlt

Wklej do notatnika:

CloseProcesses:
HKU\S-1-5-21-2898350105-1872382386-508321475-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hpts=1439729248z=a8abbc7e093d4d2031b53e7g5zac6tbm5o7t4gawawfrom=faceuid=HGSTXHTS541010A7E630_S0A000SSGA3EAKGA3EAKX
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF SearchPlugin: C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\27i4j22l.default\searchplugins\istartsurf.xml [2015-08-16]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\27i4j22l.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\27i4j22l.default\extensions\deskCutv2@gmail.com
2015-08-18 21:31 - 2015-08-18 21:31 - 00000000 ____ D C:\Program Files (x86)\predm
2015-08-16 14:15 - 2015-08-16 14:15 - 00178968 _____ C:\AdwCleaner[C3].txt
2015-08-16 14:13 - 2015-08-16 14:15 - 00288637 _____ C:\AdwCleaner[S3].txt
2015-08-16 14:07 - 2015-08-16 14:08 - 00581660 _____ C:\AdwCleaner[C2].txt
2015-08-16 14:02 - 2015-08-16 14:06 - 00836645 _____ C:\AdwCleaner[S2].txt
Task: {0E9D0019-2E92-45A3-94CA-A3D9C0E57CCF} - System32\Tasks\globalUpdateUpdateTaskMachineUA = C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe ==== ATTENTION
Task: {16934AD9-2884-4677-93A2-8DA7B006C6E1} - \01838cee-1f05-492f-a57d-c98fa9adce60-1-6 - No File ==== ATTENTION
Task: {36D6F3EF-2F6F-4D89-ADB3-6EA4240EB443} - \01838cee-1f05-492f-a57d-c98fa9adce60-1-7 - No File ==== ATTENTION
Task: {51101D42-CB91-4095-8D6E-DA791205D3C4} - \01838cee-1f05-492f-a57d-c98fa9adce60-7 - No File ==== ATTENTION
Task: {51305C52-B771-4207-9EEB-27253FD08600} - \01838cee-1f05-492f-a57d-c98fa9adce60-11 - No File ==== ATTENTION
Task: {632D7BF5-DE0E-4EC3-8BA2-0BEFCFC2F8C3} - \01838cee-1f05-492f-a57d-c98fa9adce60-6 - No File ==== ATTENTION
Task: {728C1C52-4205-425D-94FE-C7644668059B} - System32\Tasks\01838cee-1f05-492f-a57d-c98fa9adce60-10_user = C:\Program Files (x86)\Plus.HD_3.5V14.08\01838cee-1f05-492f-a57d-c98fa9adce60-10.exe ==== ATTENTION
Task: {883812B7-B7EC-4C61-965D-B910994E3882} - \OL5fG3iTexqCL - No File ==== ATTENTION
Task: {8C2E87F8-F79C-48E8-BD61-297CDDD1BC7F} - System32\Tasks\globalUpdateUpdateTaskMachineCore = C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe ==== ATTENTION
Task: {AA6DF408-EF9D-4DB5-AC32-894EDA6ED102} - \01838cee-1f05-492f-a57d-c98fa9adce60-3 - No File ==== ATTENTION
Task: {ABADEFD9-BDBF-4BC9-BEFC-B1F57C2FE41C} - \01838cee-1f05-492f-a57d-c98fa9adce60-4 - No File ==== ATTENTION
Task: {F1C7BAC4-942F-451E-9CD4-8358B84B83E2} - \ylRpiDPd2Cb1bMrsj5uYbMZB - No File ==== ATTENTION
Task: {FB374FDE-244B-46E4-8BE6-DF67E99174F7} - \01838cee-1f05-492f-a57d-c98fa9adce60-5 - No File ==== ATTENTION
Task: {FFFA9D9F-9FFB-4E6A-9418-D4CF5A4FA3CB} - System32\Tasks\01838cee-1f05-492f-a57d-c98fa9adce60-5_user = C:\Program Files (x86)\Plus.HD_3.5V14.08\01838cee-1f05-492f-a57d-c98fa9adce60-5.exe ==== ATTENTION
EmptyTemp:

Plik zapisz jako fixlist.txt i umieść w tym samym katalogu co FRST Uruchom FRST klikasz Fix Raport z usuwania pokaż na forum. Następnie usuń z dysku foldery C:\FRST oraz Adwcleaner

 

Wykonaj pełny skan Malwarebytes http://www.dobreprogramy.pl/Malwarebyte … 13117.html (w trakcie instalacji odznacz okres testowy) Wykonaj pełny skan, jeśli program coś wykryje nic nie usuwaj tylko pokaż raport na forum.