Problem z wyskakujacymi reklamami

zacpac · 10 Maj 2015 18:03

dd, zgodnie z sugestia nowy temat, mam problem z wyskakujacymi reklamami log ponizej

http://wklej.org/id/1708088/ prosze pomoc pozdr

spandaupol · 11 Maj 2015 14:58

Przez Panel sterowania odinstaluj

Odinstaluj Google Chrome https://support.google.com/chrome/answer/95319?hl=pl i zainstaluj aktualną wersję https://www.google.pl/chrome/browser/desktop/

Wklej do notatnika:

CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3923169853-1675104880-3691337407-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
BHO: No Name -> {3dc1077b-2a76-484f-b51d-75f135ae8b4a} ->  No File
BHO: No Name -> {75102310-1dad-48bd-be4e-e7639dc36ef5} ->  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF Extension: Sale Charger - C:\Users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\445k3ujh.default\Extensions\{2300a61e-a619-4b24-a7c8-e9c3c5310d5c}.xpi [2015-05-10]
R2 7f11b722; c:\program files (x86)\AppendRunner\AppendRunner.dll [2273280 2015-05-09] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Service Mgr SaleCharger; C:\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugincontainer.exe [556304 2015-05-10] () <==== ATTENTION
R2 Update Mgr SaleCharger; C:\Program Files (x86)\Common Files\322cb724-1680-423d-8862-1b52ca5027ad\updater.exe [478992 2015-05-10] () <==== ATTENTION
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-05-10 16:58 - 2015-05-10 18:34 - 00000000 ____ D () C:\ProgramData\Spybot - Search & Destroy
2015-05-10 16:58 - 2015-05-10 16:58 - 00001405 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-10 16:58 - 2015-05-10 16:58 - 00001393 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-05-10 16:58 - 2015-05-10 16:58 - 00000000 ____ D () C:\Windows\System32\Tasks\Safer-Networking
2015-05-10 16:58 - 2015-05-10 16:58 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-10 16:57 - 2015-05-10 18:03 - 00000000 ____ D () C:\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad
2015-05-10 16:57 - 2015-05-10 17:01 - 00000000 ____ D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-05-10 16:57 - 2015-05-10 16:57 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Zac\Downloads\spybot-2.4.exe
2015-05-10 16:57 - 2015-05-10 16:57 - 00000000 ____ D () C:\Program Files (x86)\Sale Charger
2015-05-10 16:56 - 2015-05-10 16:56 - 00741672 _____ (Web software ) C:\Users\Zac\Downloads\Spybot-Search-Destroy(12546)-dp.exe
2015-05-10 16:45 - 2015-05-10 16:46 - 00000000 ____ D () C:\ProgramData\14555134769450183308
2015-05-09 20:20 - 2015-05-09 20:20 - 00000000 ____ D () C:\Program Files (x86)\AppendRunner
2015-04-16 11:31 - 2015-04-18 11:59 - 00000000 ____ D () C:\ProgramData\8708eaaa-1c2b-4faa-8923-a6c9f88eeb0e
Task: {F2A9AF62-CBA0-42F5-AFFE-25F79FDE3C8E} - System32\Tasks\{3F3051EF-1BCE-43B2-9CA7-2927A3F600FA} => pcalua.exe -a D:\Programy\InsERT_GT.exe -d D:\Programy
Task: {92A6825C-9623-4937-A389-5F1F4E56EA93} - System32\Tasks\{1C7E1E32-63CB-445F-918A-6CD4A399126E} => pcalua.exe -a C:\Users\Karol\Desktop\slownictwo_60.exe -d C:\Users\Karol\Desktop
Task: {946E6D0D-D10F-4D8C-84B5-1E9D7AFACB78} - System32\Tasks\{B14C5E9E-B31A-458A-BECA-7AA78FE14BDC} => pcalua.exe -a C:\Users\Karol\AppData\Local\Temp\$PowerISO$\Setup.exe -d "E:\Red Alert 2 - Allied &amp; Soviet"
2015-04-18 12:12 - 2014-11-11 13:00 - 00000000 ____ D () C:\Users\Zac\AppData\Local\Lavasoft
2015-04-18 12:12 - 2014-11-11 12:59 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-04-18 12:12 - 2014-11-11 12:56 - 00000000 ____ D () C:\ProgramData\Lavasoft
2015-05-10 18:53 - 2014-06-14 10:24 - 00000000 ____ D () C:\AdwCleaner
2015-04-16 11:32 - 2015-04-18 12:12 - 00000000 ____ D () C:\Program Files (x86)\Trojan Remover
EmptyTemp:

Plik zapisz jako fixlist.txt i umieść w tym samym katalogu co FRST Uruchom FRST klikasz Fix Raport z usuwania pokaż na forum. Następnie ponownie uruchom FRST klikasz Scan pokaż nowy raport FRST.txt na forum

zacpac · 11 Maj 2015 15:54

nie moge znalezc tego pdfforge Toolbar v11.3 (HKLM-x32…{EB0B5926-421D-46E7-AB2C-47C7BDEFF9D6}) (Version: 11.3 - Spigot, Inc.) , w panelu nie ma moze jest jakos ukryte??

spandaupol · 11 Maj 2015 17:11

Nie przejmuj się wykonaj resztę

zacpac · 11 Maj 2015 19:49

http://wklej.org/id/1709063/ pierwszy

http://wklej.org/id/1709067/ drugi pozdr

spandaupol · 11 Maj 2015 20:11

Wklej do notatnika:

CloseProcesses:
OPR Extension: (Sale Charger) - C:\Users\Zac\AppData\Roaming\Opera Software\Opera Stable\Extensions\eaahbboohphmngjkppofodpajjbajlij [2015-05-11]
2015-04-16 11:14 - 2014-11-09 02:37 - 00000000 ____ D () C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7
2015-05-09 20:41 - 2015-05-09 20:41 - 0000079 _____ () C:\Program Files (x86)\prefs.js
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
Task: {DBF4A959-5392-43B4-A67E-BDE21F9FC237} - System32\Tasks\{8D90BD44-2BE0-40B1-B93D-875A698C9C1B} = pcalua.exe -a "C:\Program Files (x86)\ShopperPro\SPremove.exe" ==== ATTENTION
Task: {C2B9B366-649A-4F4E-8D9C-DC236D313E29} - \avastBCLRestartS-1-5-21-3923169853-1675104880-3691337407-1000 No Task File ==== ATTENTION
Task: {9A8D5570-B231-47AC-B2AE-EFA947DB29B3} - System32\Tasks\{98491183-BB63-415B-BA4E-D473E7F995F5} = pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe"
Task: {41596BA4-E30C-4692-A203-5C4C50E6DA52} - \Installer_iwebar No Task File ==== ATTENTION
EmptyTemp:

Plik zapisz jako fixlist.txt i umieść w tym samym katalogu co FRST Uruchom FRST klikasz Fix Raport z usuwania pokaż na forum.

Usuń z dysku Folder C:\FRST

Wykonaj pełny skan Malwarebytes http://www.dobreprogramy.pl/Malwarebyte … 13117.html (w trakcie instalacji nie godzisz się na okres testowy) Wykonaj pełny skan, jeśli program coś wykryje pokaż raport na forum.

zacpac · 11 Maj 2015 20:43

http://wklej.org/id/1709113/ - raport z FRST

http://wklej.org/id/1709123/ - malware

spandaupol · 11 Maj 2015 21:06

Usuń co znalazł Malwarebytes

Przez Panel sterowania odinstaluj Javę

zacpac · 11 Maj 2015 22:24

zrobione, na razie wyglada , ze wszystko ok, dziekuje za pomoc!:)pozdr