Uciązliwe reklamy,


(tores1977) #1

Kliknięcie jakiego kolwiek linku powoduje otwarcie paru stron z reklamami, natomiast adres klinięty nie otwiera się.

raport z FRST

http://www.wklej.org/id/1748310/

 

http://www.wklej.org/id/1748309/


(Acorus) #2

Otwórz notatnik systemowy i wklej:

CloseProcesses:
Task: {E9C99A83-E2A1-48FE-8F47-4EE3DF535E48} - System32\Tasks\Binkiland dare => C:\ProgramData\{3843D080-68C1-0106-D947-718409C5A20A}\1.9.2.1\f <==== ATTENTION
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3598675895-1680108393-3044120241-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3598675895-1680108393-3044120241-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.search.yahoo.com/?fr=hp-ddc-bd&type=pr-bir-is __alt__ ddc_dsssyc_bd_com
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3598675895-1680108393-3044120241-1000 -> OldSearch URL = http://searchsimple-a.akamaihd.net/?affID=is&q={searchTerms}&r=209
FF NewTab: hxxp://fr.search.yahoo.com/?fr=hp-ddc-bd-tab&type=pr-bfr-is __alt__ ddc_dsssyctab_bd_com
FF SelectedSearchEngine: Yahoo! Search
FF Keyword.URL: hxxp://fr.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=pr-bfr-is __alt__ ddc_dss_bd_com&p=
FF SearchPlugin: C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\5ib9y6ab.default\searchplugins\keepmysearch.xml [2014-07-16]
FF Extension: Strong Signal - C:\Users\michal\AppData\Roaming\Mozilla\Firefox\Profiles\5ib9y6ab.default\Extensions\{6dc74982-0c33-45a3-aaec-8285d2089296}.xpi [2015-04-02]
U3 catchme; \\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-06-28 18:35 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-28 18:35 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-28 18:35 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-28 18:35 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-28 18:35 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-28 18:35 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-28 18:35 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-28 18:35 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-28 18:43 - 2014-11-03 17:34 - 00000000 ____ D C:\Qoobox
2015-06-28 12:40 - 2014-11-03 17:20 - 00000000 ____ D C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.