Problem z przeglądarką - wyskakujące reklamy - prośba o sprawdzenie logów


(tomacha22) #1

Jak w temacie - mam problem z uciążliwymi reklamami w przeglądarce firefox. Skanowałem komputer adwcleanerem, combofixem, malwarabyte, i eset online ale reklamy nadal są.Załączam niżej logi z FSRT z prośbą o pomoc.

 

Addition_07-05-2015_17-15-59.txt

FRST_07-05-2015_17-15-59.txt


(Acorus) #2

Otwórz notatnik systemowy i wklej:

ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-398850611-2976082521-306817007-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-398850611-2976082521-306817007-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_fe229d3c-21f7-401e-94cf-94b69d368bdf
HKU\S-1-5-21-398850611-2976082521-306817007-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_fe229d3c-21f7-401e-94cf-94b69d368bdf
HKU\S-1-5-21-398850611-2976082521-306817007-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://q.search-simple.com/?affID=bl_fe229d3c-21f7-401e-94cf-94b69d368bdf
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_fe229d3c-21f7-401e-94cf-94b69d368bdfq={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_fe229d3c-21f7-401e-94cf-94b69d368bdfq={searchTerms}
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-398850611-2976082521-306817007-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_fe229d3c-21f7-401e-94cf-94b69d368bdfq={searchTerms}
SearchScopes: HKU\S-1-5-21-398850611-2976082521-306817007-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_fe229d3c-21f7-401e-94cf-94b69d368bdfq={searchTerms}
SearchScopes: HKU\S-1-5-21-398850611-2976082521-306817007-1000 - {6A1806CD-94D4-4689 URL = http://q.search-simple.com/?affID=bl_fe229d3c-21f7-401e-94cf-94b69d368bdfq={searchTerms}
SearchScopes: HKU\S-1-5-21-398850611-2976082521-306817007-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_fe229d3c-21f7-401e-94cf-94b69d368bdfq={searchTerms}
SearchScopes: HKU\S-1-5-21-398850611-2976082521-306817007-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://q.search-simple.com/?affID=bl_fe229d3c-21f7-401e-94cf-94b69d368bdfq={searchTerms}
SearchScopes: HKU\S-1-5-21-398850611-2976082521-306817007-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - {6A1806CD-94D4-4689 URL = http://q.search-simple.com/?affID=bl_fe229d3c-21f7-401e-94cf-94b69d368bdfq={searchTerms}
BHO-x32: Strong Signal - {c723a437-2eaf-466d-a95b-3fa0966bf88c} - C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll No File
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tabtype=bg_616_bl-is-19 __alt__ ddc_dsssyctab_bd_com
FF DefaultSearchEngine: Yahoo! Search
FF SelectedSearchEngine: Yahoo! Search
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddchsimp=yhs-ddc_bdtype=bg_616_bl-is-19 __alt__ ddc_dss_bd_comp={searchTerms}
FF Extension: Strong Signal - C:\Users\jarek\AppData\Roaming\Mozilla\Firefox\Profiles\twcrnl3f.default\Extensions\{cf2e72d6-ff45-4f2e-8c1a-e2f060b90cec}.xpi [2015-05-07]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-24]
CHR RestoreOnStartup: Default - "hxxp://search.yahoo.com/?fr=hp-ddc-bdtype=bg_616_bl-is-16 __alt__ ddc_dsssyc_bd_com"
CHR StartupUrls: Default - "hxxp://search.yahoo.com/?fr=hp-ddc-bdtype=bg_616_bl-is-16 __alt__ ddc_dsssyc_bd_com"
CHR Extension: (Bookmark Manager) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-02]
CHR Extension: (Strong Signal) - C:\Users\jarek\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmkmbmnjmjbophpmmnimpiaoifmknph [2015-05-07]
R2 Update Mgr StrongSignal; C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [478992 2015-05-07] ()
S3 catchme; \\C:\ComboFix\catchme.sys [X]
2015-05-07 16:41 - 2015-05-07 16:41 - 00000000 ____ D () C:\Program Files (x86)\Strong Signal
2015-05-07 16:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-07 16:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-07 16:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-07 16:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-07 16:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-07 16:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-07 16:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-07 16:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-07 16:19 - 2015-05-07 16:30 - 00000000 ____ D () C:\Qoobox
2015-05-07 16:15 - 2015-05-07 16:17 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(tomacha22) #3

Bardzo dziękję - wszystko już działą jak należy :slight_smile:


(Acorus) #4

Skasuj folder C:\FRST


(tomacha22) #5

Ponownie zwracam się s prośbą o pomoc i przeanalizowanie logów. Ta sama historia - reklamy i samootwierające strony w przeglądarce…Z góry dziękuję…

Addition.txt

FRST.txt


(Acorus) #6

Otwórz notatnik systemowy i wklej:

Task: {11DB0455-CDF0-4E33-9756-E79DD90F07C2} - \bench-S-1-5-21-186939755-2977596662-2055803407-1000 No Task File ==== ATTENTION
Task: {C8BEA160-1967-4B9F-8D64-E6F68B39595F} - \{F84B4F46-5296-40C6-B2E8-ADF37364FE2D} No Task File ==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-186939755-2977596662-2055803407-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avasttype=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbclhspart=avasthsimp=yhs-001p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-186939755-2977596662-2055803407-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/?fr=hp-avasttype=avastbcl
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbclhspart=avasthsimp=yhs-001p={searchTerms}
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-186939755-2977596662-2055803407-1000 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchUrl: https://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: https://www.yahoo.com/?fr=hp-avasttype=avastbcl
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF SearchPlugin: C:\Users\Dawid\AppData\Roaming\Mozilla\Firefox\Profiles\ko07u7x9.default\searchplugins\yahoo-avast.xml [2015-07-30]
StartMenuInternet: (HKLM) Opera - C:\Program Files (x86)\Opera\Opera.exe http://istart.webssearches.com/?type=scts=1412181514from=brduid=TOSHIBAXMK3265GSX_81KSB0YCBXX81KSB0YCB
S3 catchme; \\C:\ComboFix\catchme.sys [X]
S3 X6va022; \\C:\Windows\SysWOW64\Drivers\X6va022 [X]
2015-07-30 21:50 - 2015-07-30 22:09 - 00000000 ____ D C:\Qoobox
2015-07-30 21:50 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-30 21:50 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-30 21:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-30 21:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-30 21:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-30 21:50 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-30 21:50 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-30 21:50 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-30 21:35 - 2015-07-30 21:43 - 00000000 ____ D C:\AdwCleaner
2015-07-30 18:07 - 2015-07-30 18:07 - 00003138 _____ C:\Windows\System32\Tasks\{42637739-9342-4270-A0D8-D2AF07C99729}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.