Problem z wyskakującymi oknami


(alien_cookie1) #1

Witam
Od niedawna mam problem z nieustannie wyskakującymi oknami z reklamami.
skany FRST
http://wklej.org/id/3253347/
http://wklej.org/id/3253349/
http://wklej.org/id/3253350/
Proszę o pomoc.


(Atis) #2

Farbar Recovery Scan Tool - Raport obowiązkowy


(alien_cookie1) #3

http://wklej.org/id/3253344/
http://wklej.org/id/3253345/
http://wklej.org/id/3253347/


(Atis) #4

Odinstaluj McAfee WebAdvisor.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
HKU\S-1-5-21-1052454833-10235811-49514-1001\...\Run: [zf0m4wdwctr] => C:\Users\k\AppData\Roaming\hjugqoo0q5f\eywjxoizdsz.exe [7168 2017-09-12] ()
HKU\S-1-5-21-1052454833-10235811-49514-1001\...\Run: [mumyzdwzk2r] => C:\Users\k\AppData\Roaming\syh3wtuf0nl\nw2swhhpp1k.exe [7168 2017-09-12] ()
HKU\S-1-5-21-1052454833-10235811-49514-1001\...\Run: [ljudyjt2ypi] => C:\Users\k\AppData\Roaming\yyrxkxhhtxo\snvqxwx1huc.exe [7168 2017-09-12] ()
HKU\S-1-5-21-1052454833-10235811-49514-1001\...\Run: [N0LGSQOJ9UXTM2E] => C:\Program Files\JAEFOQF6T5\JAEFOQF6T.exe [1305600 2017-09-12] (UDB64MJR9)
HKU\S-1-5-21-1052454833-10235811-49514-1001\...\Run: [5GEN2DWJHECG5L2] => C:\Program Files\GR0574U5SE\GR0574U5S.exe [1305600 2017-09-12] (UDB64MJR9)
HKU\S-1-5-21-1052454833-10235811-49514-1001\...\Run: [m2txjf00von] => C:\Users\k\AppData\Roaming\441ztwctgpd\vx5sce4rwat.exe [7168 2017-09-12] ()
HKU\S-1-5-21-1052454833-10235811-49514-1001\...\Run: [zkvwpqquups] => C:\Users\k\AppData\Roaming\fexdo2jss1k\e1ytr3r3dxj.exe [7168 2017-09-12] ()
HKU\S-1-5-21-1052454833-10235811-49514-1001\...\Run: [zt2jr1ku32q] => C:\Users\k\AppData\Roaming\jzurclolnhj\fgtvy5qrspq.exe [7168 2017-09-12] ()
HKU\S-1-5-21-1052454833-10235811-49514-1001\...\Run: [I3Q9KFFGZQH22BU] => C:\Program Files\REJ1WF7RSY\REJ1WF7RS.exe [1472512 2017-09-12] (D)
HKU\S-1-5-21-1052454833-10235811-49514-1001\...\Run: [8N0SMWPBKJGSYAX] => C:\Program Files\OVLHCHGDK6\OVLHCHGDK.exe [1472512 2017-09-12] (D)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\rvlkl.lnk [2016-11-19]
BootExecute: autocheck autochk * aswBoot.exe /M:50e2579 /wow /dir:"c:\program files\avast software\avast"
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
Tcpip\..\Interfaces\{7ce533df-584a-4a18-98a8-3b4a13c92d75}: [NameServer] 82.163.142.8,95.211.158.136
Tcpip\..\Interfaces\{901a2f23-7051-445d-958b-ed387d0fe6aa}: [NameServer] 82.163.142.8,95.211.158.136
C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
C:\Users\k\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl 
OPR Extension: (Tables) - C:\Users\k\AppData\Roaming\Opera Software\Opera Stable\Extensions\egafjhhpbipcmpoiomegbckljbbbphoj [2017-09-12]
OPR Extension: (Adblocker for Youtube™) - C:\Users\k\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgkbgflmbfpkbehmfneoglkjkagbkhgd [2017-09-12]
S2 0vxzGDrJpENw Updater; C:\Program Files (x86)\0vxzGDrJpENw Updater\0vxzGDrJpENw Updater.exe [X]
R1 wfcre; C:\WINDOWS\System32\drivers\wfcre.sys [124288 2017-07-04] ()
2017-09-12 20:19 - 2017-09-12 20:20 - 000000000 ____D C:\AdwCleaner
2017-09-12 19:57 - 2017-09-12 19:57 - 000000000 ____D C:\Users\k\AppData\Roaming\jzurclolnhj
2017-09-12 19:57 - 2017-09-12 19:57 - 000000000 ____D C:\Users\k\AppData\Roaming\fexdo2jss1k
2017-09-12 19:57 - 2017-09-12 19:57 - 000000000 ____D C:\Users\k\AppData\Roaming\441ztwctgpd
2017-09-12 19:57 - 2017-09-12 19:57 - 000000000 ____D C:\Program Files\REJ1WF7RSY
2017-09-12 19:57 - 2017-09-12 19:57 - 000000000 ____D C:\Program Files\OVLHCHGDK6
2017-09-12 19:27 - 2017-09-12 19:27 - 000000000 ____D C:\Program Files\GR0574U5SE
2017-09-12 19:26 - 2017-09-12 19:27 - 000000000 ____D C:\Program Files\JAEFOQF6T5
2017-09-12 19:26 - 2017-09-12 19:26 - 000000000 ____D C:\Users\k\AppData\Roaming\yyrxkxhhtxo
2017-09-12 19:26 - 2017-09-12 19:26 - 000000000 ____D C:\Users\k\AppData\Roaming\syh3wtuf0nl
2017-09-12 19:26 - 2017-09-12 19:26 - 000000000 ____D C:\Users\k\AppData\Roaming\hjugqoo0q5f
2017-09-12 19:20 - 2017-09-12 19:20 - 000000000 ____D C:\Users\k\AppData\LocalLow\HGQlVNXRXkVsT
2017-09-12 19:17 - 2017-09-12 19:19 - 000000000 ____D C:\Program Files\GC65E8THFI
2017-09-12 19:17 - 2017-09-12 19:17 - 000000000 ____D C:\Users\k\AppData\Roaming\c0ya0ugfhg2
2017-09-12 19:17 - 2017-08-25 23:33 - 001952256 ____N C:\Users\k\AppData\Roaming\trz375C.tmp
2017-09-12 19:13 - 2017-09-12 19:13 - 000000000 ____D C:\Program Files\IQCTM1NW67
2017-09-12 19:12 - 2017-09-12 19:17 - 000000000 ____D C:\Users\k\AppData\Roaming\zxvxkgzgaib
2017-09-12 19:12 - 2017-09-12 19:17 - 000000000 ____D C:\Users\k\AppData\Roaming\z4repwncgp0
2017-09-12 19:12 - 2017-09-12 19:17 - 000000000 ____D C:\Users\k\AppData\Roaming\h3xr1mw2l3d
2017-09-12 19:12 - 2017-09-12 19:17 - 000000000 ____D C:\Program Files\HEI9V5YQAN
2017-09-12 19:12 - 2017-09-12 19:13 - 000000000 ____D C:\Program Files (x86)\UCBrowser
2017-09-12 19:12 - 2017-09-12 19:12 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-09-12 19:12 - 2017-09-12 19:12 - 000000000 ____D C:\Users\k\AppData\Local\UCBrowser
2017-09-12 19:05 - 2017-09-12 19:05 - 000140800 _____ C:\Users\k\AppData\Local\installer.dat
2017-09-12 19:17 - 2017-08-25 23:33 - 001952256 ____N () C:\Users\k\AppData\Roaming\trz375C.tmp
2017-01-10 20:39 - 2017-01-10 20:56 - 000000184 _____ () C:\Users\k\AppData\Local\uts.ini
2016-12-26 00:52 - 2017-02-19 14:56 - 000005943 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-26 00:52 - 2017-02-12 18:34 - 000011774 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Brak pliku
Task: {B4C11ACA-BC88-43E7-9F08-26EF3C31EC3F} - System32\Tasks\SigmaTel C-Major Audio => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\SigmaTel C-Major Audio\SigmaTel C-Major Audio.dll",WPdYGEsAHSNS <==== UWAGA
C:\Program Files\SigmaTel C-Major Audio
Task: {C1E70608-B762-4F73-AD15-0106D812EFBA} - System32\Tasks\0vxzGDrJpENw => 0vxzgdrjpenw.exe
ShortcutWithArgument: C:\Users\k\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://pop.yeawindows.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://pop.yeawindows.com/
Hosts:
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.


(alien_cookie1) #5

przed: http://wklej.org/id/3253463/
i po: http://wklej.org/id/3253466/


(Atis) #6

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\QYERbvxRHIE\kgIYhUic.dll => Brak pliku
S2 0069601505326817mcinstcleanup; C:\Users\k\AppData\Local\Temp\006960~1.EXE -cleanup -nolog [X] <==== UWAGA
2017-09-12 20:35 - 2017-09-12 20:35 - 000272024 _____ C:\Users\k\Desktop\OTL.Txt
2017-09-12 20:35 - 2017-09-12 20:35 - 000148772 _____ C:\Users\k\Desktop\Extras.Txt
2017-09-12 20:23 - 2017-09-12 20:23 - 000602112 _____ (OldTimer Tools) C:\Users\k\Desktop\OTL.exe
2017-09-13 20:18 - 2016-11-18 18:00 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-09-12 19:25 - 2016-09-28 01:06 - 000000000 ____D C:\ProgramData\AVAST Software
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Później skasuj folder C:\FRST
Włącz przywracanie sytemu dla dysku systemowego C:
https://www.tenforums.com/tutorials/4533-turn-off-system-protection-drives-windows-10-a.html