Reklamy, sweet-pack, delta i inne

Witam, proszę o sprawdzenie logów, 

adwcleaner wykonany, niestety nie odnalazł nic i nie pomogło w żadnym stopniu. 

 

FRST

http://wklej.org/id/1490699/

 

Addition

http://wklej.org/id/1490700/

 

Dziękuję, pozdrawiam

Odinstaluj Term Tutor.Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.2.1012.exe

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

Usuń wszystko.Pokaż nowe logi z FRST.

Odinstalowany Term Tutor. 

Przeskanowany - wszystko usunięte.

 

Nowe logi:

FRST

http://wklej.org/id/1491224/

 

Addition

http://wklej.org/id/1491225/

 

Pozdrawiam

Otwórz Notatnik i wklej:

Task: {26612A5B-3727-45F3-B23E-4CFA2EA64034} - System32\Tasks\GoforFilesUpdate = C:\Program Files (x86)\GoforFiles\GFFUpdater.exe ==== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hpts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hpts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMX
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?utm_source=butm_medium=wpm0226utm_campaign=installerutm_content=dsfrom=wpm0226uid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMXts=1393433076type=defaultq={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?utm_source=butm_medium=wpm0226utm_campaign=installerutm_content=dsfrom=wpm0226uid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMXts=1393433076type=defaultq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hpts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hpts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hpts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hpts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMXq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=scts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMX
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMXq={searchTerms}
SearchScopes: HKLM - {4527CB95-16CD-49B3-BEAA-21188CB7C87F} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKLM-x32 - {1AE74F19-B1B5-4BA2-AE9B-01678CDEF931} URL = http://startsear.ch/?aff=1src=spcf=886dc7f2-2372-11e1-947e-441ea1d876eeq={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1393275954from=wpcuid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMXq={searchTerms}
SearchScopes: HKLM-x32 - {4527CB95-16CD-49B3-BEAA-21188CB7C87F} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKCU - {1AE74F19-B1B5-4BA2-AE9B-01678CDEF931} URL = http://startsear.ch/?aff=1src=spcf=886dc7f2-2372-11e1-947e-441ea1d876eeq={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1402583252from=wpm0612uid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMXq={searchTerms}
SearchScopes: HKCU - {4527CB95-16CD-49B3-BEAA-21188CB7C87F} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKCU - {4A30A62B-01EA-47FB-95C1-37AEC88B3764} URL = http://search.babylon.com/?q={searchTerms}affID=109220tt=0313_1babsrc=SP_ssmntrId=1e90d8f4000000000000ac8112967034
SearchScopes: HKCU - {7EBE5680-07C5-44A6-A8AC-B9FC16B58CC1} URL = http://search.babylon.com/?q={searchTerms}affID=111378babsrc=SP_ssmntrId=1e90d8f4000000000000ac8112967034
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: CouponDownloader - {c817d3d8-b9da-521d-971d-2c0a747ea697} - C:\Program Files\C78087A8-C960-4464-A618-3D351DF6C0D7\gohymlmtrh.dll ()
Toolbar: HKLM-x32 - StartSearchToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\StartSearch plugin\ssBarLcher.dll ()
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll (StartSearch )
FF SearchPlugin: C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF Extension: Codecv - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\Extensions\4f7dffe1cbb5f@4f7dffe1cbb60.info [2012-04-06]
FF Extension: VaUdix - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\Extensions\98k.qfgn@waaj-iiwyaogvx.net [2014-02-24]
FF Extension: Fast Start - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\Extensions\faststartff@gmail.com [2014-08-09]
FF Extension: Babylon Toolbar - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\Extensions\ffxtlbr@babylon.com [2012-04-06]
FF Extension: Quick Start - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\Extensions\quick_start@gmail.com [2014-08-08]
FF Extension: shortcut - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\Extensions\shortcutff@gmail.com [2014-08-08]
FF Extension: YoutubeAdblocker - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\Extensions\zz6pjcwv@al-.co.uk [2014-02-24]
FF Extension: CouponDownloader - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\Extensions\j004-efxyrmbzyotmaw@jetpack.xpi [2014-07-28]
FF Extension: Torntv - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\Extensions\torntv@torntv.com.xpi [2013-01-17]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-10-13]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Kate\AppData\Roaming\Mozilla\Firefox\Profiles\eydrtbgn.default\extensions\shortcutff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Users\Kate\AppData\Roaming\BabSolution\CR\BabylonChrome1.crx [2014-06-12]
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx [2014-02-26]
CHR StartMenuInternet: Google Chrome - C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?type=scts=1402583252from=wpm0612uid=HitachiXHTS543232A7A384_E20342431ZMGBM1ZMGBMX
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [761968 2014-06-12] () [File not signed]
S1 ttnfd; system32\drivers\ttnfd.sys [X]
2014-10-17 16:52 - 2014-02-24 23:04 - 00000000 ____ D () C:\ProgramData\YoutubeAdblocker
2014-10-17 14:56 - 2014-02-26 18:45 - 00000000 ____ D () C:\Program Files (x86)\SupTab
2014-10-17 14:56 - 2014-02-24 23:04 - 00000000 ____ D () C:\Program Files (x86)\YoutubeAdblocker
2014-10-16 23:15 - 2014-02-24 23:06 - 00000000 ____ D () C:\ProgramData\WPM
2014-10-16 23:15 - 2014-02-24 23:04 - 00000000 ____ D () C:\Program Files (x86)\Vauidix
2014-10-16 23:08 - 2014-08-11 11:28 - 00000000 ____ D () C:\Program Files\CouponDownloader
2014-10-16 22:54 - 2014-08-11 11:23 - 00000000 ____ D () C:\Users\Kate\AppData\Roaming\Systweak
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Zrobione, wielkie dzięki. 

 

Pozdrawiam serdecznie!