Problem z wyskakującymi reklamami/adware


(Mateusz 1992) #1

Tak jak w tytule, Adwcleaner i Malwarybates nie poradziły sobie z tym. Wklejam logi z FRST:

Addition:http://wklej.org/id/1758354/

Shortcut:http://wklej.org/id/1758355/

FRST:http://wklej.org/id/1758356/

 


(Acorus) #2

Odinstaluj McAfee Security Scan Plus.Otwórz notatnik systemowy i wklej:

Task: {400813C2-2D4B-4D39-9778-2AE535D08473} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3378583819-416147970-3236872963-1002UA = C:\Users\Mati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-03] (Facebook Inc.)
Task: {A075321B-55EF-4E7D-887F-B08DB61EA155} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3378583819-416147970-3236872963-1002Core = C:\Users\Mati\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-03] (Facebook Inc.)
Task: {B2AA8697-9C6D-45EB-9A41-9B127E7B6DF1} - System32\Tasks\FlavorFixer = c:\programdata\{090e0da5-9855-3c75-090e-e0da59853696}\4077923380378261016b.exe ==== ATTENTION
Task: {F1EBE386-D154-4BD9-ABFC-449B9734F72C} - System32\Tasks\SpyHunter4Startup = C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-07-16] (Enigma Software Group USA, LLC.)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3378583819-416147970-3236872963-1002Core.job = C:\Users\Mati\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3378583819-416147970-3236872963-1002UA.job = C:\Users\Mati\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FlavorFixer.job = c:\programdata\{090e0da5-9855-3c75-090e-e0da59853696}\4077923380378261016b.exe ==== ATTENTION
HKLM-x32\...\Run: [LManager] = [X]
HKU\S-1-5-21-3378583819-416147970-3236872963-1002\...\Run: [Facebook Update] = C:\Users\Mati\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-03] (Facebook Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-01-15]
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-3378583819-416147970-3236872963-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3378583819-416147970-3236872963-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3378583819-416147970-3236872963-1002 - {C4DBEECA-DE11-4DD3-BE6C-315805BBB7C1} URL =
FF Extension: SapacueOffers - C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\tjblals2.default\Extensions\l1ASLmp@m.com [2015-06-16]
FF Extension: SapacueOffers - C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\tjblals2.default\Extensions\l1ASLmp@m.com [2015-06-16]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-07-16] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-07-16] ()
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
U4 WMCoreService; No ImagePath
2015-07-16 20:36 - 2015-07-16 20:36 - 00000000 _____ C:\autoexec.bat
2015-07-16 20:35 - 2015-07-16 20:35 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-07-16 20:35 - 2015-07-16 20:35 - 00003320 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-07-16 20:35 - 2015-07-16 20:35 - 00001107 _____ C:\Users\Mati\Desktop\SpyHunter.lnk
2015-07-16 20:35 - 2015-07-16 20:35 - 00001107 _____ C:\Users\Mati\Desktop\SpyHunter.lnk
2015-07-16 20:35 - 2015-07-16 20:35 - 00000000 ____ D C:\Users\Mati\AppData\Roaming\Enigma Software Group
2015-07-16 20:35 - 2015-07-16 20:35 - 00000000 ____ D C:\sh4ldr
2015-07-16 20:35 - 2015-07-16 20:35 - 00000000 ____ D C:\Program Files\Enigma Software Group
2015-07-16 20:34 - 2015-07-16 20:34 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Mati\Desktop\SpyHunter-Installer.exe
2015-07-16 20:34 - 2015-07-16 20:34 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Mati\Desktop\SpyHunter-Installer.exe
2015-07-16 21:17 - 2014-01-17 15:12 - 00000000 ____ D C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.