Wirus Online Browser Advertising proszę o pomoc

BaciodDPS · 4 Lipiec 2014 08:18

Witam,

Atis · 4 Lipiec 2014 12:23

Pobierz Farbar Recovery Scan Tool zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

Raporty umieść na http://wklej.org/ i podaj link.

BaciodDPS · 9 Lipiec 2014 20:21

Witam,

zrobiłem tak jak napisałeś.

Link do FRST : http://wklej.org/id/1413319/

Link do Addition: http://wklej.org/id/1413322/

Dziękuje z góry za pomoc.

Pozdrawiam

Atis · 9 Lipiec 2014 22:39

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-2486593243-1608908620-4103656765-1000\...\Run: [Google Update] => "C:\Users\BATMAN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
Startup: C:\Users\BATMAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VDownloader.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {2E10B2F8-EFE4-4B79-8711-B87C61CD1565} URL = 
SearchScopes: HKCU - {A4306AB0-1C35-40C1-BD71-159AF06AABAB} URL = http://websearch.ask.com/redirect?client=ie&tb=VD&o=14778&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=VX&apn_dtid=YYYYYYYYPL&apn_uid=2F254BE7-666E-44F1-A835-2D4A7FECE4D3&apn_sauid=617AB189-F9C0-4E32-9380-BEB6397FA98C
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
FF Extension: DowwnSave - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\aeo5.t@fvarpiuu-.org [2014-06-29]
FF Extension: save. on - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\c8xljottu@mpkcs.edu [2014-06-22]
FF Extension: Fun2Seave - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\eio6yea@ahayya.co.uk [2014-07-06]
FF Extension: save oN - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\fcdvgu_z@aoyuuusjrmoeia.com [2014-06-22]
FF Extension: Adblocker - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\ouis@gpwplzc.org [2014-06-22]
FF Extension: Adblocker - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\qwpfjpeei@uoa-uuy.net [2014-06-17]
FF Extension: save oOnn - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\rsoxhg@j-.org [2014-06-17]
CHR Extension: (save oN) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgmmlncdacilpbhohgffcjnkocnolcl [2014-06-22]
CHR Extension: (Adblocker) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmhlgkpcickenflmekchnpkgkpknpcbm [2014-06-17]
CHR Extension: (DowwnSave) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhfkjdcebpnaggpnoaiaheeaichknep [2014-06-29]
CHR Extension: (save oOnn) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\okjlffoidjdiakdgmkgpanofgmdbjgfh [2014-06-17]
CHR Extension: (save. on) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\onjhmadccoamafodkoajkccicfmplgne [2014-06-22]
CHR Extension: (save oN) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgmmlncdacilpbhohgffcjnkocnolcl\2.14 [2014-06-22]
CHR Extension: (save oOnn) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\okjlffoidjdiakdgmkgpanofgmdbjgfh\2.14 [2014-06-17]
CHR Extension: (save. on) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\onjhmadccoamafodkoajkccicfmplgne\2.14 [2014-06-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 29850aa3; "C:\Windows\system32\rundll32.exe" "c:\progra~2\so_boo~1\AssistantSvc.dll",service
S2 Aspi32; System32\drivers\aspi32.sys [X]
S2 eamonm; system32\DRIVERS\eamonm.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
C:\ProgramData\Fun2iSave
C:\ProgramData\Adblocker
C:\ProgramData\e5dc5a4e88351f72
C:\Users\Gość
C:\Users\Administrator
C:\ProgramData\InstallMate
C:\AdwCleaner
C:\Users\BATMAN\*.js
C:\Users\BATMAN\AppData\Local\Temp\*.exe
C:\Users\BATMAN\AppData\Local\Temp\*.dll
Task: {53F3E914-23FF-40B3-906A-A786D774E73F} - \SO_Booster-S-2355932470 No Task File <==== ATTENTION
Task: {8BC3C1FB-C4A0-42F3-9A4A-00C07C6E9C8E} - System32\Tasks\{EA0953EE-B007-4598-8331-BC247D52ADE5} => Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar
Task: {97D2AE1D-E062-4B84-B6CD-DD716B05390F} - \SO_Booster-S-845708974 No Task File <==== ATTENTION

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

BaciodDPS · 9 Lipiec 2014 22:57

Atis:

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist: HKU\S-1-5-21-2486593243-1608908620-4103656765-1000…\Run: [Google Update] => “C:\Users\BATMAN\AppData\Local\Google\Update\GoogleUpdate.exe” /c Startup: C:\Users\BATMAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VDownloader.lnk GroupPolicy: Group Policy on Chrome detected <======= ATTENTION SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {2E10B2F8-EFE4-4B79-8711-B87C61CD1565} URL = SearchScopes: HKCU - {A4306AB0-1C35-40C1-BD71-159AF06AABAB} URL = http://websearch.ask.com/redirect?client=ie&tb=VD&o=14778&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=VX&apn_dtid=YYYYYYYYPL&apn_uid=2F254BE7-666E-44F1-A835-2D4A7FECE4D3&apn_sauid=617AB189-F9C0-4E32-9380-BEB6397FA98C Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File FF Extension: DowwnSave - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\aeo5.t@fvarpiuu-.org [2014-06-29] FF Extension: save. on - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\c8xljottu@mpkcs.edu [2014-06-22] FF Extension: Fun2Seave - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\eio6yea@ahayya.co.uk [2014-07-06] FF Extension: save oN - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\fcdvgu_z@aoyuuusjrmoeia.com [2014-06-22] FF Extension: Adblocker - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\ouis@gpwplzc.org [2014-06-22] FF Extension: Adblocker - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\qwpfjpeei@uoa-uuy.net [2014-06-17] FF Extension: save oOnn - C:\Users\BATMAN\AppData\Roaming\Mozilla\Firefox\Profiles\i3srvz7i.default\Extensions\rsoxhg@j-.org [2014-06-17] CHR Extension: (save oN) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgmmlncdacilpbhohgffcjnkocnolcl [2014-06-22] CHR Extension: (Adblocker) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmhlgkpcickenflmekchnpkgkpknpcbm [2014-06-17] CHR Extension: (DowwnSave) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhfkjdcebpnaggpnoaiaheeaichknep [2014-06-29] CHR Extension: (save oOnn) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\okjlffoidjdiakdgmkgpanofgmdbjgfh [2014-06-17] CHR Extension: (save. on) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\onjhmadccoamafodkoajkccicfmplgne [2014-06-22] CHR Extension: (save oN) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgmmlncdacilpbhohgffcjnkocnolcl\2.14 [2014-06-22] CHR Extension: (save oOnn) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\okjlffoidjdiakdgmkgpanofgmdbjgfh\2.14 [2014-06-17] CHR Extension: (save. on) - C:\Users\BATMAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\onjhmadccoamafodkoajkccicfmplgne\2.14 [2014-06-22] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION S2 29850aa3; “C:\Windows\system32\rundll32.exe” “c:\progra~2\so_boo~1\AssistantSvc.dll”,service S2 Aspi32; System32\drivers\aspi32.sys [X] S2 eamonm; system32\DRIVERS\eamonm.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] C:\ProgramData\Fun2iSave C:\ProgramData\Adblocker C:\ProgramData\e5dc5a4e88351f72 C:\Users\Gość C:\Users\Administrator C:\ProgramData\InstallMate C:\AdwCleaner C:\Users\BATMAN*.js C:\Users\BATMAN\AppData\Local\Temp*.exe C:\Users\BATMAN\AppData\Local\Temp*.dll Task: {53F3E914-23FF-40B3-906A-A786D774E73F} - \SO_Booster-S-2355932470 No Task File <==== ATTENTION Task: {8BC3C1FB-C4A0-42F3-9A4A-00C07C6E9C8E} - System32\Tasks{EA0953EE-B007-4598-8331-BC247D52ADE5} => Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/en/abandoninstall?page=tsProgressBar Task: {97D2AE1D-E062-4B84-B6CD-DD716B05390F} - \SO_Booster-S-845708974 No Task File <==== ATTENTION Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog. Kliknij Scan i pokaż nowy raport z FRST bez Addition.

Chyba pomogło nie widzę już reklam

Link do fixlog: http://wklej.org/id/1413439/

Link do FRST po skanowaniu: http://wklej.org/id/1413443/

Atis · 9 Lipiec 2014 23:05

Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

BaciodDPS · 10 Lipiec 2014 00:33

Zrobione czy coś jeszcze?? Bardzo dziękuję za pomoc