Wyskakująca reklama, zmulony komputer

Od jakiegoś czasu wyskakuje mi reklama na chrome w nowym oknie, co bywa uciążliwe np. przy oglądaniu filmu. Szukałem w programach i nie mam pojęcia co powoduje te wyskakujące okna. Komputer mi zaczął mulić, podejrzewam, że jest zainfekowany czymś groźnym. Proszę o pomoc!

 

OTL

http://wklej.org/id/1513498/

Extras:

http://wklej.org/id/1513500/

 

 

FRST:

http://wklej.org/id/1513478/

ADDITION:

http://wklej.org/id/1513480/

 

Odinstaluj AVG Security Toolbar,Bundled software uninstaller,McAfee Security Scan Plus,SweetIM for Messenger 3.6,SweetIM Toolbar for Internet Explorer 4.3,Version Checker for Funmoods.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.

http://wklej.org/id/1513599/

Otwórz Notatnik i wklej:

HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [facemoods] = "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
HKU\S-1-5-21-256876934-2932070365-57667433-1000\...\Run: [Google Update] = C:\Users\Julka\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-20] (Google Inc.)
HKU\S-1-5-21-256876934-2932070365-57667433-1000\...\MountPoints2: {80298104-3f98-11e1-85df-78843ce2a5cd} - E:\KODAK_Software_Downloader.exe
BootExecute: autocheck autochk *
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.holasearch.com/?affID=121962tt=gc_babsrc=HP_ssmntrId=9214B2004EC9B8F7
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.holasearch.com/?affID=121962tt=gc_babsrc=HP_ssmntrId=9214B2004EC9B8F7
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
FF SearchPlugin: C:\Users\Julka\AppData\Roaming\Mozilla\Firefox\Profiles\0ex9h9p9.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Julka\AppData\Roaming\Mozilla\Firefox\Profiles\0ex9h9p9.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Julka\AppData\Roaming\Mozilla\Firefox\Profiles\0ex9h9p9.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Julka\AppData\Roaming\Mozilla\Firefox\Profiles\0ex9h9p9.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Julka\AppData\Roaming\Mozilla\Firefox\Profiles\0ex9h9p9.default\searchplugins\holasearch.xml
FF SearchPlugin: C:\Users\Julka\AppData\Roaming\Mozilla\Firefox\Profiles\0ex9h9p9.default\searchplugins\softonic.xml
FF Extension: incredibar.com - C:\Users\Julka\AppData\Roaming\Mozilla\Firefox\Profiles\0ex9h9p9.default\Extensions\ffxtlbr@incredibar.com [2013-01-03]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-09-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2014-09-25]
CHR HomePage: Default - hxxp://www.delta-search.com/?affID=119535tt=190313_wctrlbabsrc=HP_ssmntrId=9214B2004EC9B8F7
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx []
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx []
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 jqlsvmja; \\C:\Windows\system32\drivers\jqlsvmja.sys [X]
S1 kfkvexrb; \\C:\Windows\system32\drivers\kfkvexrb.sys [X]
S3 X6va005; \\C:\Users\Julka\AppData\Local\Temp\0057223.tmp [X]
2014-11-08 17:30 - 2014-11-08 17:31 - 00000000 ____ D () C:\AdwCleaner
2014-11-08 17:32 - 2013-06-07 21:37 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-11-08 17:32 - 2013-05-31 18:03 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-11-08 17:26 - 2013-12-25 14:26 - 00000290 _____ () C:\Windows\Tasks\Dealply.job
C:\Users\Julka\ACE.dll
C:\Users\Julka\adbeape.dll
C:\Users\Julka\AdobeLinguistic.dll
C:\Users\Julka\AdobeOwl.dll
C:\Users\Julka\AdobePDFL.dll
C:\Users\Julka\AdobePIP.dll
C:\Users\Julka\AdobeXMP.dll
C:\Users\Julka\AdobeXMPFiles.dll
C:\Users\Julka\AdobeXMPScript.dll
C:\Users\Julka\adobe_caps.dll
C:\Users\Julka\AGM.dll
C:\Users\Julka\ahclient.dll
C:\Users\Julka\aif_core.dll
C:\Users\Julka\aif_ocl.dll
C:\Users\Julka\aif_ogl.dll
C:\Users\Julka\AlignmentLib.dll
C:\Users\Julka\amtlib.dll
C:\Users\Julka\ARE.dll
C:\Users\Julka\AXE8SharedExpat.dll
C:\Users\Julka\AXEDOMCore.dll
C:\Users\Julka\Bib.dll
C:\Users\Julka\BIBUtils.dll
C:\Users\Julka\boost_date_time.dll
C:\Users\Julka\boost_signals.dll
C:\Users\Julka\boost_system.dll
C:\Users\Julka\boost_threads.dll
C:\Users\Julka\cg.dll
C:\Users\Julka\cgGL.dll
C:\Users\Julka\chromeinstall-7u55.exe
C:\Users\Julka\CIT.dll
C:\Users\Julka\CITThreading.dll
C:\Users\Julka\convert.exe
C:\Users\Julka\CoolType.dll
C:\Users\Julka\dvaaudiodevice.dll
C:\Users\Julka\dvacore.dll
C:\Users\Julka\dvamarshal.dll
C:\Users\Julka\dvamediatypes.dll
C:\Users\Julka\dvaplayer.dll
C:\Users\Julka\dvatransport.dll
C:\Users\Julka\dvaunittesting.dll
C:\Users\Julka\dynamiclink.dll
C:\Users\Julka\ExtendScript.dll
C:\Users\Julka\FileInfo.dll
C:\Users\Julka\filter_graph.dll
C:\Users\Julka\Firefox Setup 5.0.1.exe
C:\Users\Julka\icucnv40.dll
C:\Users\Julka\icudt40.dll
C:\Users\Julka\imslib.dll
C:\Users\Julka\JP2KLib.dll
C:\Users\Julka\libcurl.dll
C:\Users\Julka\libeay32.dll
C:\Users\Julka\libexpat.dll
C:\Users\Julka\libifcoremd.dll
C:\Users\Julka\libiomp5md.dll
C:\Users\Julka\libmmd.dll
C:\Users\Julka\LogSession.dll
C:\Users\Julka\mediacoreif.dll
C:\Users\Julka\MPS.dll
C:\Users\Julka\msvcm80.dll
C:\Users\Julka\msvcm90.dll
C:\Users\Julka\msvcp100.dll
C:\Users\Julka\msvcp110.dll
C:\Users\Julka\msvcp71.dll
C:\Users\Julka\msvcp80.dll
C:\Users\Julka\msvcp90.dll
C:\Users\Julka\msvcr100.dll
C:\Users\Julka\msvcr110.dll
C:\Users\Julka\msvcr71.dll
C:\Users\Julka\msvcr80.dll
C:\Users\Julka\msvcr90.dll
C:\Users\Julka\PatchMatch.dll
C:\Users\Julka\pdfsettings.dll
C:\Users\Julka\Photoshop-node.exe
C:\Users\Julka\Photoshop.dll
C:\Users\Julka\Photoshop.exe
C:\Users\Julka\Plugin.dll
C:\Users\Julka\PlugPlugOwl.dll
C:\Users\Julka\PSArt.dll
C:\Users\Julka\PSViews.dll
C:\Users\Julka\Rar.exe
C:\Users\Julka\RarExt.dll
C:\Users\Julka\RarExt64.dll
C:\Users\Julka\rarnew.dat
C:\Users\Julka\SCCore.dll
C:\Users\Julka\ScriptUIFlex.dll
C:\Users\Julka\shfolder.dll
C:\Users\Julka\sniffer.exe
C:\Users\Julka\ssleay32.dll
C:\Users\Julka\svml_dispmd.dll
C:\Users\Julka\tbb.dll
C:\Users\Julka\tbbmalloc.dll
C:\Users\Julka\Uninstall.exe
C:\Users\Julka\UnRAR.exe
C:\Users\Julka\WinRAR.exe
C:\Users\Julka\WRServices.dll
C:\Users\Julka\zipnew.dat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

http://wklej.org/id/1513625/

Skasuj folder C:\FRST

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

dzięki wielkie :slight_smile: