Reklamy i samootwierające sie strony

pawel_55 · 10 Luty 2015 16:03

Prosił bym o pomoc, zalewają mnie reklamy i strony się same otwierają, nie mam pojęcia cóż tym robić.

Zgodnie z podpowiedzią kolegów z forum zrobiłem scan.

http://wklej.org/id/1631127/

http://wklej.org/id/1631140/

I na tym się kończy, bo nie mam pojęcia, co dalej robić.

Pozdrawiam Paweł

Acorus · 10 Luty 2015 16:21

Odinstaluj ASUS WebStorage Sync Agent.Otwórz notatnik systemowy i wklej:

Task: {25D272D2-82D5-47BB-ABB1-D549E92F9548} - System32\Tasks\{9D97FECA-AA14-4E41-B4CC-F01B351D9C31} = pcalua.exe -a C:\Users\PC\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] = C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [PWRISOVM.EXE] = C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-30] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs-x32: c:/progra~3/{38e6d~1/171~1.0/rile.dll = "c:/progra~3/{38e6d~1/171~1.0/rile.dll" File Not Found
ShellIconOverlayIdentifiers: [SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} = No File
ShellIconOverlayIdentifiers: [SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} = No File
ShellIconOverlayIdentifiers: [SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} = No File
ShellIconOverlayIdentifiers-x32: [SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} = No File
ShellIconOverlayIdentifiers-x32: [SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} = No File
ShellIconOverlayIdentifiers-x32: [SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} = No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKLM - {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: reocCkeetsale - {0e946f4b-e89a-4b1e-b421-b9197c0c82cb} - C:\Program Files (x86)\reocCkeetsale\EWEsHND6WCHrbT.x64.dll ()
CHR Extension: (Ask Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2015-02-10]
CHR Extension: (Astromenda New Tab) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2015-02-10]
CHR Extension: (buyafastu) - C:\ProgramData\ahelkbbelbjgcdhhcnecngodpdhbghhk\ [2014-05-09]
R2 MaintainerSvc1.92.5302915; C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840\maintainer.exe [123640 2015-02-10] ()
U0 msahci; No ImagePath
2015-02-10 16:13 - 2015-02-10 16:13 - 00000000 ____ D () C:\Users\PC\AppData\Roaming\sweet-page
2015-02-10 16:13 - 2015-02-10 16:13 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-02-10 16:13 - 2015-02-10 16:13 - 00000000 ____ D () C:\ProgramData\7605237220382387661
2015-02-10 16:13 - 2015-02-10 16:13 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-02-10 16:13 - 2015-02-10 16:13 - 00000000 ____ D () C:\Program Files (x86)\Security Updates Service
2015-02-10 16:13 - 2015-02-10 16:13 - 00000000 ____ D () C:\Program Files (x86)\offerrsofT
2015-02-10 16:13 - 2015-02-10 16:13 - 00000000 ____ D () C:\Program Files (x86)\nitrodeal
2015-02-10 16:13 - 2015-02-10 16:13 - 00000000 ____ D () C:\Program Files (x86)\dailypuriZe
2015-02-10 16:12 - 2015-02-10 16:12 - 00000000 ____ D () C:\Users\PC\Documents\PC Speed Maximizer
2015-02-10 16:12 - 2015-02-10 16:12 - 00000000 ____ D () C:\Users\PC\AppData\Roaming\Speedial
2015-02-10 16:12 - 2015-02-10 16:12 - 00000000 ____ D () C:\Users\PC\AppData\Local\SearchProtect
2015-02-10 16:12 - 2015-02-10 16:12 - 00000000 ____ D () C:\Users\PC\AppData\Local\AskPartnerNetwork
2015-02-10 16:12 - 2015-02-10 16:12 - 00000000 ____ D () C:\ProgramData\WindowsProtectManger
2015-02-10 16:12 - 2015-02-10 16:12 - 00000000 ____ D () C:\ProgramData\IePluginServices
2015-02-10 16:12 - 2015-02-10 16:12 - 00000000 ____ D () C:\ProgramData\AskPartnerNetwork
2015-02-10 16:12 - 2015-02-10 16:12 - 00000000 ____ D () C:\Program Files (x86)\SupTab
2015-02-10 16:12 - 2015-02-10 16:12 - 00000000 ____ D () C:\Program Files (x86)\Speedial
2015-02-10 16:12 - 2015-02-10 16:12 - 00000000 ____ D () C:\Program Files (x86)\SearchProtect
2015-02-10 16:12 - 2015-02-10 16:12 - 00000000 ____ D () C:\Program Files (x86)\AskPartnerNetwork
2015-01-31 17:56 - 2015-01-31 17:56 - 00000000 ____ D () C:\Program Files (x86)\buyafastu
2015-01-31 17:55 - 2015-01-31 17:55 - 00000000 ____ D () C:\ProgramData\ahelkbbelbjgcdhhcnecngodpdhbghhk
2015-01-31 17:55 - 2015-01-31 17:55 - 00000000 ____ D () C:\Program Files (x86)\reocCkeetsale
2015-02-10 16:14 - 2015-01-01 12:26 - 00000000 ____ D () C:\AdwCleaner
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.