Problem z wyskakującymi reklamami Jungle Net Ads

Dla specjalistów Bezpieczeństwo
#1

Witam.

Mam problem z wyskakującymi reklamami Jungle Net Ads

FRST http://www.wklej.org/id/1841938/

Addition http://www.wklej.org/id/1841940/

Shortcut http://www.wklej.org/id/1841942/

Bardzo proszę o pomoc.

#2

Przez Panel sterowania Aplet Dodaj Usuń programy odinstaluj:

#3

Odinstalowałem wskazane programy.

Raport z czyszczenia adwcleaner http://www.wklej.org/id/1842083/

FRST http://www.wklej.org/id/1842084/

 

#4

Wklej do notatnika:

CloseProcesses:
HKU\S-1-5-21-3573334426-3324954707-1616522580-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
C:\Program Files (x86)\Lavasoft
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-21-3573334426-3324954707-1616522580-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUQdq5NRk7s528JdkafKWCo9FAhVPTmtf6XJQcGq85rx-lTZX9bkmFDwnBfacMmhMGMP22uZ9LRPKrABrdOsT0z6N2Bc3qc1CQpVtNNINViEnGhW3k3VvGhjbym4ZYlpIJsA,,&q={searchTerms}
HKU\S-1-5-21-3573334426-3324954707-1616522580-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUQdq5NRk7s528JdkafKWCo9FAhVPTmtf6XJQcGq85rx-lTZX9bkmFDwnBfacMmhMGMP22uZ9LRPKrABrdOsT0z6N2Bc3qc1CQpVtNNINViEnGhW3k3VvGhjbym4ZYlpIJsA,,&q={searchTerms}
HKU\S-1-5-21-3573334426-3324954707-1616522580-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUQdq5NRk7s528JdkafKWCo9FAhVPTmtf6XJQcGq85rx-lTZX9bkmFDwnBfacMmhMGMP22uZ9LRPKrABrdOsT0z6N2Bc3qc1CQpVtNNINViEnGhW3k3VvGhjbym4ZYlpIJsA,,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQENWQEXEQwbbV8MBQpcFQIbdxQAWFoVDAERcQwLA1tJF1FHeB9aFQQTSEcFME0FCFwEURNNfXNND14dRHtGNA==&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQENWQEXEQwbbV8MBQpcFQIbdxQAWFoVDAERcQwLA1tJF1FHeB9aFQQTSEcFME0FCFwEURNNfXNND14dRHtGNA==&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-3573334426-3324954707-1616522580-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/search?fr=vmn&type=vmn __webcompa__ 1_0 __ya__ ch_WCYID10195_swoc_campaign_150901__yaie&p={searchTerms}
FF SearchPlugin: C:\Users\lap\AppData\Roaming\Mozilla\Firefox\Profiles\qf3wlks9.default-1436006882527\searchplugins\yahoo-lavasoft.xml [2015-09-01]
FF Extension: Jungle Net - C:\Users\lap\AppData\Roaming\Mozilla\Firefox\Profiles\qf3wlks9.default-1436006882527\Extensions\{50f50d18-0631-4b6a-b6bd-248f65babe6f}.xpi [2015-09-14] [Brak podpisu cyfrowego]
FF Extension: Brak nazwy - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [Brak podpisu cyfrowego]
OPR Extension: (Jungle Net) - C:\Users\lap\AppData\Roaming\Opera Software\Opera Stable\Extensions\jjifmfgckfhieojidolmomnflabkijih [2015-10-02]
2015-11-12 23:20 - 2015-11-12 23:20 - 00003284 _____ C:\Windows\System32\Tasks\psv_Triodex
2015-11-12 23:14 - 2015-11-12 23:14 - 00003286 _____ C:\Windows\System32\Tasks\psv_Beta-Fan
2015-11-12 23:14 - 2015-11-12 23:14 - 00003284 _____ C:\Windows\System32\Tasks\psv_Dom-Touch
2015-11-12 23:13 - 2015-11-12 23:13 - 00003288 _____ C:\Windows\System32\Tasks\psv_Blackis
2015-11-13 22:51 - 2015-11-13 22:56 - 00000000 ____ D C:\AdwCleaner
Task: {25B81D42-A7B3-4D80-A720-6D5B989BD186} - System32\Tasks\snp => C:\ProgramData\BluetoothPoint\BluetoothPoint.exe [2015-10-14] () <==== UWAGA
Task: {33EFE5A7-3D71-4BFA-8E9F-7E8B3E26166F} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2015-08-18] (Reimage ltd.) <==== UWAGA
Task: {387C4D17-2E65-4C9B-B15F-78D26FC68CFD} - System32\Tasks\psv_uvudtlzi => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\idxc33id.d0u.reg" &amp; del "C:\ProgramData\Itstock\idxc33id.d0u.reg" &amp; SCHTASKS /Delete /TN "psv_uvudtlzi" /F <==== UWAGA
Task: {3D46FC0F-E633-4F18-99B7-1691054E996E} - System32\Tasks\psv_4yhui1cj => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\mvz5dcla.kzl.reg" &amp; del "C:\ProgramData\Itstock\mvz5dcla.kzl.reg" &amp; SCHTASKS /Delete /TN "psv_4yhui1cj" /F <==== UWAGA
Task: {40E79EDC-0A8B-4631-9A28-94564E61E544} - System32\Tasks\snf => C:\ProgramData\BluetoothPoint\BluetoothPoint.exe [2015-10-14] () <==== UWAGA
Task: {4C022B9F-8641-4783-A1BE-42F66B27270B} - System32\Tasks\psv_21pnk5ti => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\vtdi41ns.cdl.reg" &amp; del "C:\ProgramData\Itstock\vtdi41ns.cdl.reg" &amp; SCHTASKS /Delete /TN "psv_21pnk5ti" /F <==== UWAGA
Task: {61A51C6A-FE4A-4A46-874F-0218F1313242} - System32\Tasks\psv_Dom-Touch => cmd.exe /c regedit.exe /s "C:\ProgramData\BluetoothPoint\LaTex.reg" &amp; del "C:\ProgramData\BluetoothPoint\LaTex.reg" &amp; SCHTASKS /Delete /TN "psv_Dom-Touch" /F <==== UWAGA
Task: {6478AAA2-77A6-4F0B-A722-211A9203E8E0} - System32\Tasks\psv_Superron => cmd.exe /c regedit.exe /s "C:\ProgramData\BluetoothPoint\GroovePhase.reg" &amp; del "C:\ProgramData\BluetoothPoint\GroovePhase.reg" &amp; SCHTASKS /Delete /TN "psv_Superron" /F <==== UWAGA
Task: {7FD2227A-5807-4C80-A51A-E853B7E5C136} - System32\Tasks\psv_iq5hrov4 => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\wtzy0bsq.gxi.reg" &amp; del "C:\ProgramData\Itstock\wtzy0bsq.gxi.reg" &amp; SCHTASKS /Delete /TN "psv_iq5hrov4" /F <==== UWAGA
Task: {99EA5B81-A9ED-4758-AAED-87685849183D} - System32\Tasks\psv_Hay-It => cmd.exe /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Finplus.reg" &amp; del "C:\ProgramData\BluetoothPoint\Finplus.reg" &amp; SCHTASKS /Delete /TN "psv_Hay-It" /F <==== UWAGA
Task: {9B3D8797-7954-4DB2-96EF-94DA19D99AEE} - System32\Tasks\psv_cw5dqsfa => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\ku4v0iit.25k.reg" &amp; del "C:\ProgramData\Itstock\ku4v0iit.25k.reg" &amp; SCHTASKS /Delete /TN "psv_cw5dqsfa" /F <==== UWAGA
Task: {A2C4FE38-D7E7-44C1-BB8A-59BD2D80DD6A} - System32\Tasks\psv_Zotsoft => cmd.exe /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Trantom.reg" &amp; del "C:\ProgramData\BluetoothPoint\Trantom.reg" &amp; SCHTASKS /Delete /TN "psv_Zotsoft" /F <==== UWAGA
Task: {A2E1A942-501F-42F3-B2C1-BD7E94B5D96E} - System32\Tasks\psv_Triodex => cmd.exe /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Sanlax.reg" &amp; del "C:\ProgramData\BluetoothPoint\Sanlax.reg" &amp; SCHTASKS /Delete /TN "psv_Triodex" /F <==== UWAGA
Task: {A93E2272-B154-4823-825A-CA81DDA1268D} - System32\Tasks\psv_Blackis => cmd.exe /c regedit.exe /s "C:\ProgramData\BluetoothPoint\WarmFix.reg" &amp; del "C:\ProgramData\BluetoothPoint\WarmFix.reg" &amp; SCHTASKS /Delete /TN "psv_Blackis" /F <==== UWAGA
Task: {AC8E2D41-622F-4278-9C99-0EA558E18E8F} - System32\Tasks\psv_viuifopc => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\o5lo3psc.hg2.reg" &amp; del "C:\ProgramData\Itstock\o5lo3psc.hg2.reg" &amp; SCHTASKS /Delete /TN "psv_viuifopc" /F <==== UWAGA
Task: {B794899A-FF01-496D-A0A2-15C37CD0E6EC} - System32\Tasks\psv_v2okhosi => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\smdkxuil.43q.reg" &amp; del "C:\ProgramData\Itstock\smdkxuil.43q.reg" &amp; SCHTASKS /Delete /TN "psv_v2okhosi" /F <==== UWAGA
Task: {BF39FBEF-749D-423E-932B-034200F1106F} - System32\Tasks\psv_e33ooyrf => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\tnkdvjw5.5cc.reg" &amp; del "C:\ProgramData\Itstock\tnkdvjw5.5cc.reg" &amp; SCHTASKS /Delete /TN "psv_e33ooyrf" /F <==== UWAGA
Task: {C1C37562-BC93-487F-860A-F500E8C04FE1} - System32\Tasks\{A485D8B7-F8CF-4C96-801A-8E500395FD31} => pcalua.exe -a C:\Users\lap\Desktop\StarStableSetup.exe -d C:\Users\lap\Desktop
Task: {C5E0DF87-E8D9-46D6-A8EB-1883D1083EED} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== UWAGA
Task: {D0CA3813-23FB-4C43-AF63-4B30EEA5E761} - System32\Tasks\psv_r51mty2f => cmd.exe /c regedit.exe /s "C:\ProgramData\Itstock\m4vq5m1o.cjc.reg" &amp; del "C:\ProgramData\Itstock\m4vq5m1o.cjc.reg" &amp; SCHTASKS /Delete /TN "psv_r51mty2f" /F <==== UWAGA
Task: {E3629674-5290-46F7-B744-A56D27F59154} - System32\Tasks\psv_Beta-Fan => cmd.exe /c regedit.exe /s "C:\ProgramData\BluetoothPoint\Kaneco.reg" &amp; del "C:\ProgramData\BluetoothPoint\Kaneco.reg" &amp; SCHTASKS /Delete /TN "psv_Beta-Fan" /F <==== UWAGA
EmptyTemp:

Plik zapisz jako fixlist.txt i umieść w tym samym katalogu co FRST Uruchom FRST klikasz Napraw Raport z usuwania pokaż na forum. Następnie ponownie uruchom FRST klikasz Skanuj pokaż nowy raport FRST.txt na forum

#5

Fixlog http://www.wklej.org/id/1842505/

FRST http://www.wklej.org/id/1842506/

 

Wygląda na to, że pomogło.

Dzięki wielkie za pomoc. Pozdrawiam serdecznie.

#6

OK na zakończenie. Usuń z dysku folder C:\FRST

Użyj DelFix instrukcja http://www.fixitpc.pl/topic/5-dezynfekcja-kroki-finalizuj�’> pokaż raport na forum

Uruchom FF zakładka Pomoc - O programie firefox, pozwól by pobrał i zainstalował aktualizacje.