Wirus rzucający reklamy


(Talar Ewelina) #1

Witam. Mam problem z wirusem, który rzucał reklamy na strony internetowe, zainstalowałam ad blockera i trochę pomogło, ale teraz strasznie wolno działa komputer, strony otwierają się straaaaasznie długo. Proszę o pomoc.

oto raporty z farbar recovery scan tool:

FRST:  http://www.wklej.org/id/1717976/

Addition.txt: http://www.wklej.org/id/1717979/

Shortcut.txt: http://www.wklej.org/id/1717980/

 

 


(Acorus) #2

Odinstaluj Spybot - Search & Destroy.Otwórz notatnik systemowy i wklej:

Task: {61273BFE-B3AF-46DE-BB9E-1F87CA36A488} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates = C:\Program Files (x86)\Spybot - Search Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {F6D90341-0674-4964-96C8-494DA03F39A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system = C:\Program Files (x86)\Spybot - Search Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {FF54070F-5B7F-419E-9EA6-DB7A9AEDE3A9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization = C:\Program Files (x86)\Spybot - Search Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [SDTray] = C:\Program Files (x86)\Spybot - Search Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL =
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3002224247-1065169226-1508379291-1001 - DefaultScope {DACF7609-762E-489B-A88D-4F88A7F4DAC8} URL =
SearchScopes: HKU\S-1-5-21-3002224247-1065169226-1508379291-1001 - {DACF7609-762E-489B-A88D-4F88A7F4DAC8} URL =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
CHR Extension: (Bookmark Manager) - C:\Users\Krzys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
U2 AVControlCenter; No ImagePath
S1 SABKUTIL; \\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [X]
S3 SABProcEnum; \\C:\Program Files (x86)\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys [X]
2015-05-12 23:41 - 2015-05-12 23:45 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Talar Ewelina) #3

Dzień dobry.

Zalecenia wykonałam, a to najnowsze raporty z Farbar

 

FRST:  http://www.wklej.org/id/1718291/

Addition: http://www.wklej.org/id/1718292/

Shortcut: http://www.wklej.org/id/1718293/


(Acorus) #4

Skasuj folder C:\FRST

Przeskanuj programem Malwarebytes Anti-Malware http://www.malwarebytes.org/8/