Reklamy, dziwne okna

kamil125 · 13 Listopad 2014 19:17

Witam, od kilku dni mam problem z wyskakującymi oknami systemu (na czarnym tle), reklamy w przeglądarkach, ogólne zmulenie komupera, obawiam sie ze w kompie jest ogrom syfu z internetu…

OTL:http://www.wklej.org/id/1520535/

Extras: http://wklej.org/id/1520537/

Proszę o pomoc i z gory dzieki

Acorus · 13 Listopad 2014 19:30

Odinstaluj TrustedShopper,Smileys We Love Toolbar for IE,AllSaveer,Akamai NetSession Interface,awesomehp Browser Protecter,Movies Toolbar for Chrome (Dist. by Bandoo Media, Inc.),Movies Toolbar for Internet Explorer,Music Box Toolbar for Chrome,Music Box Toolbar for Internet Explorer,Lyrmix,Media View,Qtrax Player,Akamai NetSession Interface,FLV Player Packages,Microsoft PowerPoint Packages,PDF Creator Packages,UpdateChecker.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

kamil125 · 13 Listopad 2014 20:39

Addition : http://wklej.org/id/1520657/

FRST: http://wklej.org/id/1520659/

Acorus · 14 Listopad 2014 08:52

Odinstaluj Quiknowledge.Otwórz Notatnik i wklej:

Task: C:\WINDOWS\Tasks\At2.job = C:\DOCUME~1\NETWOR~1\DANEAP~1\SAVESE~1\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-2000478354-682003330-1003Core.job = C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-2000478354-682003330-1003UA.job = C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\Lyrmix Update.job = C:\Program Files\Lyrmix\LymxUD.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job = C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job = C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Torntv V6.0-chromeinstaller.job = C:\Program Files\Torntv V6.0\Torntv V6.0-chromeinstaller.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\Torntv V6.0-codedownloader.job = C:\Program Files\Torntv V6.0\Torntv V6.0-codedownloader.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\Torntv V6.0-enabler.job = C:\Program Files\Torntv V6.0\Torntv V6.0-enabler.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\Torntv V6.0-firefoxinstaller.job = C:\Program Files\Torntv V6.0\Torntv V6.0-firefoxinstaller.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\Torntv V6.0-updater.job = C:\Program Files\Torntv V6.0\Torntv V6.0-updater.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\WS.Enabler-S-525323585.job = c:\documents and settings\all users\dane aplikacji\setapp\ws.enabler\WS.Enabler.exe ==== ATTENTION
HKLM\...\Run: [] = [X]
HKLM\...\Run: [fst_pl_52] = [X]
HKLM\...\Run: [upfst_pl_52.exe] = C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\fst_pl_52\upfst_pl_52.exe -runhelper
HKLM\...\Run: [NPSStartup] = [X]
HKLM\...\Run: [KernelFaultCheck] = %systemroot%\system32\dumprep 0 -k
HKLM\...\RunOnce: [AvgUninstallURL] = cmd.exe /c start http://www.avg.com/pl.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT""inst=NzctMTE2OTUzMDQ3OS1GTDEwKzEtRERUKzI2NTktVFVHKzMtREQxMEYrM (the data entry has 95 more characters).
HKLM\...\Policies\Explorer\Run: [18322] = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mszrozsoo.exe No File
HKU\S-1-5-21-1177238915-2000478354-682003330-1003\...\Run: [Security Updates] = "C:\DOCUME~1\Home\USTAWI~1\Temp\install-security-updates.exe" ===== ATTENTION
HKU\S-1-5-21-1177238915-2000478354-682003330-1003\...\Run: [M-Downloader] = C:\Program Files\M-Downloader\Updater.exe
HKU\S-1-5-21-1177238915-2000478354-682003330-1003\...\Run: [Yahoo! Search] = C:\Documents and Settings\Home\Dane aplikacji\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe
HKU\S-1-5-18\...\RunOnce: [nltide_3] = rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [_nltide_3] = rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [Del2795984] = cmd.exe /Q /D /c del "C:\WINDOWS\TEMP\0.del" ===== ATTENTION
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-1177238915-2000478354-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
SearchScopes: HKLM - Backup.Old.DefaultScope {56256A51-B582-467e-B8D4-7786EDA79AE0}
SearchScopes: HKCU - Backup.Old.DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233}
BHO: Music Box Toolbar (Dist. by iMesh, Inc.) - {45177936-603b-4261-8d42-df6f7091d5d0} - C:\PROGRA~1\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
BHO: Lyrmix - {5AF86092-4118-405C-AA1B-3CE1324F051A} - C:\Program Files\Lyrmix\128.dll No File
BHO: Media View - {9f45558e-c7cc-4e35-a5ad-aed67d6954db} - C:\Program Files\MediaViewV1\MediaViewV1alpha1115\ie\MediaViewV1alpha1115.dll No File
Toolbar: HKLM - Music Box Toolbar (Dist. by iMesh, Inc.) - {45177936-603b-4261-8d42-df6f7091d5d0} - C:\PROGRA~1\MUSICT~1\Datamngr\SRTOOL~1\IE\searchresultsDx.dll No File
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha1115.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha1115\ff
CHR HKLM\...\Chrome\Extension: [aaaaihhnfnbnpbhpagnmoplpcjbediml] - C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\imeshmusicboxtoolbar\GC\toolbar.crx [2013-06-19]
CHR HKLM\...\Chrome\Extension: [fdjkhamgopgokjmllcmpkiijndjeidcl] - C:\Documents and Settings\Home\Ustawienia lokalne\temp\twsfiles\trustedshopper.crx [2013-06-19]
CHR HKLM\...\Chrome\Extension: [fibbpolejomdcpiahkgcmdmaliooeien] - C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\CRE\fibbpolejomdcpiahkgcmdmaliooeien.crx [2014-10-15]
CHR HKLM\...\Chrome\Extension: [gfdifeicmijiobaflmbcnohpplhiipka] - C:\Documents and Settings\Home\Dane aplikacji\youtube2mp3\youtube2mp3.crx [2012-11-19]
CHR HKLM\...\Chrome\Extension: [kidmhllhjmmmnpbiaihafgchacpmokof] - C:\Program Files\Lyrmix\128.crx [2012-11-19]
CHR HKLM\...\Chrome\Extension: [naipdapbimiiikbbgjcpbgmfhnlbagpj] - C:\Documents and Settings\Home\Ustawienia lokalne\Dane aplikacji\CRE\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx [2012-11-19]
CHR HKLM\...\Chrome\Extension: [npgpgjiajblpbldjkelafjjhfjcddlba] - C:\Program Files\HomeTab\chrome\HomeTab.crx [2012-11-19]
CHR HKLM\...\Chrome\Extension: [ohojmlimeolbjgcldlmffjpgkgdjpakj] - C:\Program Files\MediaViewV1\MediaViewV1alpha1115\ch\MediaViewV1alpha1115.crx [2012-11-19]
S2 d93cc0a5; "C:\WINDOWS\system32\rundll32.exe" "c:\docume~1\alluse~1\daneap~1\assist~1\AssistantSvc.dll",service
S2 qksvc; "C:\Program Files\Quiknowledge\Service\qksvc.exe" [X]
S4 vToolbarUpdater15.5.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [X]
S4 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-08-14] (AVG Technologies)
S3 catchme; \\C:\DOCUME~1\Home\USTAWI~1\Temp\catchme.sys [X]
S3 EagleXNt; \\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S4 IntelIde; No ImagePath
S3 LLRING0; \\C:\Program Files\DsNet\MuGuard\llck.sys [X]
S3 RTLVLANMP; system32\DRIVERS\RTLVLAN.SYS [X]
S2 X4HSEx_Pr143; \\C:\Program Files\FantastiGames\X4HSEx_Pr143.Sys [X]
2014-11-13 21:12 - 2014-11-13 21:12 - 00000000 ____ D () C:\Program Files\AllSaveer
2014-11-13 21:32 - 2014-09-23 12:59 - 00000000 ____ D () C:\AdwCleaner
C:\Windows\Tasks\At2.job
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.