solwinka
29 Listopad 2014 11:20
#1
Kilka miesiący temu w mojej przegladarce pojawiły sie reklamy z tekstem “Adding by NetCrawl”. Zainstalowałam AdBlocka i reklamy zniknęły. Teraz jednak znowu się pojawiły. AdBlock nadal działa. Zresetowałam przegladarkę ale to nic nie dało. Programy, które miały mi pomóc, też nic nie dały
Nie wiem czy to ma związek, ale w obu przypadkach ustawienia przegladarki sie zmieniły i jako strona startowa pojawia się teraz yahoo.com .
PS. Jestem totalna amatorką. Proszę, nie wsciekajcie się że czegoś nie wiem.
Acorus
29 Listopad 2014 11:35
#2
Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
solwinka
29 Listopad 2014 12:40
#3
Acorus
29 Listopad 2014 12:52
#4
Odinstaluj avast! Free Antivirus,cosstminn,CouponSupport,McAfee Security Scan Plus,UpdateChecker,webssearches uninstall,WindowsMangerProtect20.0.0.722,Yahoo! Search.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.
Pokaż nowe logi z FRST.
solwinka
29 Listopad 2014 13:51
#5
Acorus
29 Listopad 2014 14:53
#6
Otwórz Notatnik i wklej:
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4141374535-311919606-3590139362-1000\...\Run: [Facebook Update] = "C:\Users\Sylwia GaweB\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-4141374535-311919606-3590139362-1000\...\Run: [iBard24] = er Kluczy\ComarchMLTray.exe
Startup: C:\Users\Sylwia Gaweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TorpedoCopy.lnk
ShortcutTarget: TorpedoCopy.lnk - C:\Users\Sylwia Gaweł\AppData\Local\Torpedo\Torpedo.exe (No File)
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
ShellIconOverlayIdentifiers-x32: [IB24SynchronizationPending] - {08ad9864-e486-4cdb-8781-d507026cf5d6} = C:\Program Files (x86)\iBard24\\2.9.8.13275\IB24VirtualDrive.dll No File
ShellIconOverlayIdentifiers-x32: [IB24Synchronized] - {08ad9864-e486-4cdb-8781-d507026cf5d7} = C:\Program Files (x86)\iBard24\\2.9.8.13275\IB24VirtualDrive.dll No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
ProxyServer: [S-1-5-21-4141374535-311919606-3590139362-1000] = http=127.0.0.1:14326;https=127.0.0.1:14326
URLSearchHook: HKU\S-1-5-21-4141374535-311919606-3590139362-1000 - (No Name) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\.DEFAULT - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-4141374535-311919606-3590139362-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4141374535-311919606-3590139362-1000 - {4E801BAE-C547-4DEB-A8D4-AE9F6FFA52EF} URL = http://search.yahoo.com/search?fr=mcafeep={SearchTerms}
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
FF DefaultSearchEngine: Yahoo! Search
FF SelectedSearchEngine: Yahoo! Search
FF SearchPlugin: C:\Users\Sylwia Gaweł\AppData\Roaming\Mozilla\Firefox\Profiles\0uaawbzh.default\searchplugins\aol-search.xml
FF SearchPlugin: C:\Users\Sylwia Gaweł\AppData\Roaming\Mozilla\Firefox\Profiles\0uaawbzh.default\searchplugins\BearShareWebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\webssearches.xml
FF Extension: Site Matcher Pro - C:\Users\Sylwia Gaweł\AppData\Roaming\Mozilla\Firefox\Profiles\0uaawbzh.default\Extensions\matchersiteprosrc@matchersiteprosrc.com [2014-08-12]
FF Extension: NetCrawl - C:\Users\Sylwia Gaweł\AppData\Roaming\Mozilla\Firefox\Profiles\0uaawbzh.default\Extensions\{3c9eada7-386c-4a04-ab1e-4eb122397ced}.xpi [2014-10-21]
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll No File
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Sylwia Gaweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
R2 MaintainerSvc2.04.9173792; C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe [123680 2014-11-29] ()
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-11-29] (Enigma Software Group USA, LLC.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-11-29] ()
S1 grosmhdp; \\C:\Windows\system32\drivers\grosmhdp.sys [X]
S1 irdgkncd; \\C:\Windows\system32\drivers\irdgkncd.sys [X]
S1 mlmcfthx; \\C:\Windows\system32\drivers\mlmcfthx.sys [X]
2014-11-29 11:06 - 2014-11-29 11:06 - 00000000 ____ D () C:\Users\Sylwia Gaweł\AppData\Roaming\Enigma Software Group
2014-11-29 11:05 - 2014-11-29 11:05 - 00003352 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-11-29 11:05 - 2014-11-29 11:05 - 00001047 _____ () C:\Users\Sylwia Gaweł\Desktop\SpyHunter.lnk
2014-11-29 11:05 - 2014-11-29 11:05 - 00000000 ____ D () C:\sh4ldr
2014-11-29 11:03 - 2014-11-29 11:03 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Sylwia Gaweł\Downloads\SpyHunter-Installer (2).exe
2014-11-29 15:17 - 2014-05-29 16:46 - 00000000 ____ D () C:\AdwCleaner
2014-11-29 15:16 - 2014-09-11 11:37 - 00000000 ____ D () C:\Program Files (x86)\SupTab
2014-11-29 15:16 - 2014-06-30 20:50 - 00000000 ____ D () C:\Program Files (x86)\NetCrawl
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
solwinka
30 Listopad 2014 20:18
#7
Dzięki za pomoc. Reklamy zniknęły :).