Samoistnie otwierające się reklamy i strony


(Magirm) #1

Witam

Proszę o pomoc samoistnie otwierające się strony i reklamy utrudniają mi nawet wpisy na forum

uzyłam Farbar Recovery Scan Tool

http://wklej.org/id/1662134/

http://wklej.org/id/1662137/


(Acorus) #2

Odinstaluj Adobe Reader 9.4.6 - Polish.Otwórz notatnik systemowy i wklej:

Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job = C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job = C:\WINDOWS\system32\xp_eos.exe
HKLM\...\Run: [RTHDCPL] = C:\WINDOWS\RTHDCPL.EXE [16844800 2007-09-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] = C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [WinampAgent] = "C:\Documents and Settings\xxx\Pulpit\Winamp\winampa.exe"
HKLM\...\Run: [GrooveMonitor] = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [nltide_2] = regsvr32 /s /n /i:U shell32
HKU\S-1-5-19\...\RunOnce: [nltide_3] = rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [nltide_2] = regsvr32 /s /n /i:U shell32
HKU\S-1-5-20\...\RunOnce: [nltide_3] = rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1960408961-1229272821-682003330-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-06-01] (Nero AG)
HKU\S-1-5-21-1960408961-1229272821-682003330-1003\...\MountPoints2: {17914791-14eb-11dd-a54b-001d926baa42} - F:\fr.com
HKU\S-1-5-21-1960408961-1229272821-682003330-1003\...\MountPoints2: {196d1128-d905-11dd-b545-001d926baa42} - fr.com
HKU\S-1-5-21-1960408961-1229272821-682003330-1003\...\MountPoints2: {6335a49e-053d-11e0-bb42-004f6a030f68} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe
HKU\S-1-5-21-1960408961-1229272821-682003330-1003\...\MountPoints2: {80e286fb-5c20-11e2-8028-004f6a030f68} - E:\g8k.exe
HKU\S-1-5-21-1960408961-1229272821-682003330-1003\...\MountPoints2: {f7904930-f885-11dd-b57d-001d926baa42} - F:\g8k.exe
HKU\S-1-5-18\...\RunOnce: [nltide_2] = regsvr32 /s /n /i:U shell32
HKU\S-1-5-18\...\RunOnce: [nltide_3] = rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1960408961-1229272821-682003330-1003 - {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
SearchScopes: HKU\S-1-5-21-1960408961-1229272821-682003330-1003 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1960408961-1229272821-682003330-1003 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL =
FF Extension: Zoom It - C:\Documents and Settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\4rq7gm2y.default\Extensions\{9890d69d-2ac4-3783-d70c-88d53d9a74bd} [2015-03-14]
S2 MaintainerSvc2.14.9041534; "C:\Documents and Settings\All Users\Dane aplikacji\aea8cc93-2213-47cf-a265-0391e3461dbb\maintainer.exe" [X]
S3 e4usbaw; system32\DRIVERS\e4usbaw.sys [X]
S3 GMSIPCI; \\I:\INSTALL\GMSIPCI.SYS [X]
S2 IKANLOADER2; System32\Drivers\e4ldr.sys [X]
S4 IntelIde; No ImagePath
S3 MSICPL; \\I:\install4\MSICPL.sys [X]
S3 NTACCESS; \\I:\NTACCESS.sys [X]
S3 PCAMPR5; \\C:\WINDOWS\system32\PCAMPR5.SYS [X]
S3 SetupNTGLM7X; \\I:\NTGLM7X.sys [X]
U1 WS2IFSL; No ImagePath
2015-03-14 13:49 - 2015-03-14 13:54 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Magirm) #3

Postąpiłam krok po kroku wg instrukcji i jest dobrze WIELKIE DZIĘKI za pomoc!

Pozdrawiam


(Magirm) #4

 

Witam ponownie ten sam problem pojawia się teraz na laptopie

FRST

http://wklej.org/id/1664895/

http://wklej.org/id/1664896/


(Acorus) #5

Odinstaluj ContentEdit,coupon monkey,DeaoLExopress,Gameo,MinIMauamPricee,omiga-plus uninstall,PennyBeeUpdate,PennyBee,Red AdBlocker,RRoboSaver,UniDeals,UpDown page without arrows,Window Tiler,youtubeadblocker.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Pokaż nowe logi z FRST.


(Magirm) #6

http://wklej.org/id/1664961/


(Acorus) #7

Pomiń to i wykonaj resztę.


(Magirm) #8

FRST

http://wklej.org/id/1664996/


(Acorus) #9

Otwórz notatnik systemowy i wklej:

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UCam_Menu] = C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKU\S-1-5-21-3135873756-1747778033-1847798441-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
2015-03-17 19:36 - 2015-03-17 19:36 - 00003394 _____ () C:\Windows\System32\Tasks\{01790AB3-0B52-4642-8996-DD4B416F5C82}
2015-03-17 19:30 - 2015-03-17 19:46 - 00000000 ____ D () C:\AdwCleaner
2015-03-17 18:57 - 2015-03-17 18:57 - 00003354 _____ () C:\Windows\System32\Tasks\{E08F4498-ED08-43F9-9138-7385192638A9}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.