Uciążliwe reklamy w przeglądarkach


(materaldo) #1

Witam,

tak jak w temacie mam problem z uciążliwymi reklamami wyskakującymi w oknie przeglądarki. Są reklamy typu "powered by man". Oprócz reklam strony są automatycznie przekierowywane na strony reklam. Jakiś czas temu usunąłem z komputera dwa programy, nazw niestety nie pamiętam (kiedy szukałem o nich informacji w google, pokazywało, że jest to złośliwe oprogramowanie). Nie wiem co w tym przypadku zrobić. Wykonałem logi otl oraz frst może to komuś rozjaśni w czym może leżeć problem.

 

FRST - http://wklej.org/id/1696963/

OTL - http://wklej.org/id/1696967/

OTL extras - http://wklej.to/YqIYX

FRST addiotion - http://wklej.org/id/1696968/

FRST shortcut - http://wklej.to/Alfhb

 


(Acorus) #2

Odinstaluj Nero Burning Rom Packages.Otwórz notatnik systemowy i wklej:

Task: {1C7C808E-6FDC-4061-A0A5-C424F0BF1098} - System32\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-11 = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-11.exe ==== ATTENTION
Task: {51C2DA0E-EDB3-4AB3-96FB-AD23F044718C} - System32\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-7 = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-7.exe ==== ATTENTION
Task: {547ACD1C-2695-426F-A789-BAF494475C6F} - System32\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-2 = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-2.exe ==== ATTENTION
Task: {6F7FD7D7-917E-4408-9F5D-96F62030254D} - System32\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-1 = C:\Program Files (x86)\Radio Canyon\Radio Canyon-codedownloader.exe ==== ATTENTION
Task: {72A6EB37-FE9C-4730-B252-BBA7C539C022} - System32\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-5 = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-5.exe ==== ATTENTION
Task: {748CA9A3-B2DF-4EE0-B18D-F78E22D0D3CA} - System32\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-4 = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-4.exe ==== ATTENTION
Task: {8DF8A4C1-519A-4CA8-A8B9-E1D9890B1653} - System32\Tasks\sup_games_updating_service = C:\Program Files (x86)\sup games\sup_games_updating_service.exe [2015-04-01] () ==== ATTENTION
Task: {8F156C35-1FD3-4D3F-A720-EF5A2A0E34FF} - System32\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-6 = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-6.exe ==== ATTENTION
Task: {91F1DA80-54AE-424D-AB64-5896CE8B42A0} - System32\Tasks\Optimizer Pro Schedule = C:\Program Files (x86)\Optimizer Pro 3.51\OptProLauncher.exe ==== ATTENTION
Task: {A043FA32-7428-4DF4-B866-C9FFD0894A5C} - System32\Tasks\sup_games_notification_service = C:\Program Files (x86)\sup games\sup_games_notification_service.exe [2015-04-01] (FileProperties_CompanyName) ==== ATTENTION
Task: {A72180DA-24CC-491C-901C-5377A9E554CC} - System32\Tasks\hrvhrYLwkDqyWsuU1AB = C:\Users\Joanna\AppData\Roaming\hrvhrYLwkDqyWsuU1AB.exe [2015-04-03] () ==== ATTENTION
Task: {C8038BAE-A973-40B3-936B-8C56D49D34F3} - System32\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-5_user = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-5.exe ==== ATTENTION
Task: {D4B67A62-62C8-4B07-981F-4EF0836BE2BB} - System32\Tasks\globalUpdateUpdateTaskMachineCore = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-18] (globalUpdate) ==== ATTENTION
Task: {F15F0645-BC49-464E-A704-B7A4409DEC20} - System32\Tasks\globalUpdateUpdateTaskMachineUA = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-18] (globalUpdate) ==== ATTENTION
Task: C:\Windows\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-1.job = C:\Program Files (x86)\Radio Canyon\Radio Canyon-codedownloader.exe ==== ATTENTION
Task: C:\Windows\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-11.job = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-11.exe ==== ATTENTION
Task: C:\Windows\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-2.job = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-2.exe ==== ATTENTION
Task: C:\Windows\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-4.job = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-4.exe ==== ATTENTION
Task: C:\Windows\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-5.job = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-5_user.job = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-6.job = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-6.exe ==== ATTENTION
Task: C:\Windows\Tasks\0030c55a-45f8-4037-a112-111fe7bcfd6b-7.job = C:\Program Files (x86)\Radio Canyon\0030c55a-45f8-4037-a112-111fe7bcfd6b-7.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\Windows\Tasks\hrvhrYLwkDqyWsuU1AB.job = C:\Users\Joanna\AppData\Roaming\hrvhrYLwkDqyWsuU1AB.exe ==== ATTENTION
Task: C:\Windows\Tasks\sup_games_notification_service.job = C:\Program Files (x86)\sup games\sup_games_notification_service.exeĺ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='sup games' /appid='73143' /srcid='2913' /bic='107ca17521356b1bffc8169955599dc9' /verifier='7a4b8fe716aa077602edd3287d24f8f6' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif ==== ATTENTION
Task: C:\Windows\Tasks\sup_games_updating_service.job = C:\Program Files (x86)\sup games\sup_games_updating_service.exeŞ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=sup_games_updating_service /funurl=http:/stats.buildomserv.com ==== ATTENTION
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL = C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [218384 2015-02-19] (Client Connect LTD)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk
ShortcutTarget: OptimizerPro.lnk - C:\ProgramData\{b8e3c069-cdec-fb1c-b8e3-3c069cde01a7}\OptimizerPro.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dsts=1425308987from=coruid=WDCXWD3200BPVT-22ZEST0_WD-WXF1AA07627276272q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dsts=1425308987from=coruid=WDCXWD3200BPVT-22ZEST0_WD-WXF1AA07627276272q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=dsts=1425308987from=coruid=WDCXWD3200BPVT-22ZEST0_WD-WXF1AA07627276272q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=dsts=1425308987from=coruid=WDCXWD3200BPVT-22ZEST0_WD-WXF1AA07627276272q={searchTerms}
HKU\S-1-5-21-3745390714-2171148227-3790290962-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll [2015-01-16] (Thinknice Co. Limited)
FF Extension: jid09XfBwUWnvPx4wWsfBWMCm4Jj69Ejetpack - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h6zujqnl.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack [2015-04-01]
FF Extension: No Name - C:\Users\Joanna\AppData\Roaming\Mozilla\Firefox\Profiles\h6zujqnl.default\Extensions\PXinhg@gmail.com [2015-04-01]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\my-prefs.js [2015-04-06] ==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\my.cfg [2015-04-06] ==== ATTENTION
CHR Extension: (fhffefhdkeibnkdldinbncimlojchnie) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhffefhdkeibnkdldinbncimlojchnie [2015-04-10]
CHR Extension: (gplegfbjlmmehdoakndmohflojccocli) - C:\Users\Joanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2015-04-01]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-18] (globalUpdate) [File not signed] ==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-18] (globalUpdate) [File not signed] ==== ATTENTION
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-02] (SysTool PasSame LIMITED)
S2 Orbiter; C:/Program Files (x86)/ORBTR/orbiter.dll [X]
S1 iSafeKrnlMon; \\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
R1 pfnfd_1_10_0_9; system32\drivers\pfnfd_1_10_0_9.sys [X]
2015-04-03 15:49 - 2015-04-03 15:49 - 01224704 _____ () C:\Users\Joanna\AppData\Roaming\hrvhrYLwkDqyWsuU1AB.exe
2015-04-01 21:27 - 2015-04-18 16:20 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-01 20:27 - 2015-04-18 16:27 - 00001310 _____ () C:\Windows\Tasks\sup_games_notification_service.job
2015-04-01 20:27 - 2015-04-18 16:27 - 00000672 _____ () C:\Windows\Tasks\sup_games_updating_service.job
2015-04-01 20:27 - 2015-04-18 16:20 - 00001014 _____ () C:\Windows\Tasks\hrvhrYLwkDqyWsuU1AB.job
2015-04-01 20:27 - 2015-04-01 20:27 - 00004348 _____ () C:\Windows\System32\Tasks\sup_games_notification_service
2015-04-01 20:27 - 2015-04-01 20:27 - 00004056 _____ () C:\Windows\System32\Tasks\hrvhrYLwkDqyWsuU1AB
2015-04-01 20:27 - 2015-04-01 20:27 - 00003712 _____ () C:\Windows\System32\Tasks\sup_games_updating_service
2015-04-01 20:27 - 2015-04-01 20:27 - 00000000 ____ D () C:\Program Files (x86)\sup games
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Joanna\AppData\Roaming\hrvhrYLwkDqyWsuU1AB
2015-04-03 15:49 - 2015-04-03 15:49 - 1224704 _____ () C:\Users\Joanna\AppData\Roaming\hrvhrYLwkDqyWsuU1AB.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(materaldo) #3

@Acorus

 

zrobiłem to co kazałeś, a oto wydruki

adwcleaner - http://wklej.to/aCKWx

frst fixlog - http://wklej.to/EeAEW

 

@basiston

 

/*ciach*/

Nie instruuj innych jak wrzucić niewymagane w regulaminie logi //drobok


(Acorus) #4

Skasuj folder C:\FRST