Wyskakujace okna i otwierajace sie strony


(Karola 1650) #1

Witam mam problem jak juz sie zdarzyłem zorientować jak nie jeden tu sie znajdujący uzytkownik. 

Otwieraja mi sie strony z reklamami i jest to nie do ogarnięcia.

Zrobilem skan OTL. Oto on.


(Acorus) #2

Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

Raporty umieść na http://wklej.org/ i podaj link.


(Karola 1650) #3

http://wklej.org/id/1426537/ FRST


(Acorus) #4

Odinstaluj Genesis,Media Player Classic Packages.Otwórz Notatnik i wklej:

Task: {01478BA8-7F07-42E9-83F2-62727970ABCD} - \9c402e05-3dbb-480c-ac63-356184b4cc5b-5 No Task File <==== ATTENTION
Task: {0C804919-9F2E-465C-AEF8-B2EDB72A9D35} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {1628C229-9029-485B-8F3E-736FD8A3BB7E} - \The weDownload-codedownloader No Task File <==== ATTENTION
Task: {1E15DFBC-24FA-436E-90A4-1E8CB7464BBD} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {28349CEF-097A-44E7-9012-69F00731E802} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {3287A137-8A2F-434C-B501-B1362F817D2B} - \9c402e05-3dbb-480c-ac63-356184b4cc5b-7 No Task File <==== ATTENTION
Task: {36B67586-6044-4A2C-B665-971555D4AA74} - \BlockAndSurf Update No Task File <==== ATTENTION
Task: {3AF2235A-358E-4E5C-9A51-E204094BF58C} - \The weDownload-firefoxinstaller No Task File <==== ATTENTION
Task: {3CE76CD3-3AA1-45CC-A614-363E5301E841} - \SpeedUpMyPC Maintenance No Task File <==== ATTENTION
Task: {542320D0-ABA2-476F-9CAE-8B1CF14B296F} - \3ed075e9-733a-4d39-bf2a-a13b4aaa44ff-2 No Task File <==== ATTENTION
Task: {5BAD488A-2C3C-4A88-A32B-FF3CF22684C7} - \3ed075e9-733a-4d39-bf2a-a13b4aaa44ff-5 No Task File <==== ATTENTION
Task: {5E847582-C6D8-4C7D-AFB9-21F592FD4654} - \SpeedUpMyPC Startup No Task File <==== ATTENTION
Task: {7664FF60-A463-4921-95BB-DB428B5F6D34} - \9c402e05-3dbb-480c-ac63-356184b4cc5b-2 No Task File <==== ATTENTION
Task: {7A5B550A-31E9-4095-8D5A-28D6099CC6B4} - \9c402e05-3dbb-480c-ac63-356184b4cc5b-6 No Task File <==== ATTENTION
Task: {7EC18FAD-54BB-4FC6-80FE-AAC031CDB8A7} - \3ed075e9-733a-4d39-bf2a-a13b4aaa44ff-1 No Task File <==== ATTENTION
Task: {7FAD2D00-A51D-42CB-A4EF-CE7DD510522F} - \SaveSenseLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {869641CA-1839-478F-8986-7BE48C32D222} - \3ed075e9-733a-4d39-bf2a-a13b4aaa44ff-3 No Task File <==== ATTENTION
Task: {8BA03728-290B-478D-A20E-DDCFBF1AC63E} - \3ed075e9-733a-4d39-bf2a-a13b4aaa44ff-4 No Task File <==== ATTENTION
Task: {8EC5B050-1863-447D-B6CA-6B13734A6C4D} - \fa27329f-fd9b-408a-a020-8d9b0f867aef-3 No Task File <==== ATTENTION
Task: {928B3983-AAED-4911-ACB3-DCD63278590A} - \fa27329f-fd9b-408a-a020-8d9b0f867aef-4 No Task File <==== ATTENTION
Task: {9CD69C70-C6DD-4A6A-B239-96B90BD2E6D3} - \The weDownload-enabler No Task File <==== ATTENTION
Task: {9E05D43A-C476-4B1F-9A3E-7584ABB41CBF} - \SaveSenseLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {A949FE55-AF19-4081-8107-D5824017EBD5} - \9c402e05-3dbb-480c-ac63-356184b4cc5b-3 No Task File <==== ATTENTION
Task: {AA6066DE-CB93-4AD9-A867-6FD31E2FA5A0} - \fa27329f-fd9b-408a-a020-8d9b0f867aef-1 No Task File <==== ATTENTION
Task: {BC4B0FF2-7078-4342-B1BE-17DDC2639EFD} - \9c402e05-3dbb-480c-ac63-356184b4cc5b-4 No Task File <==== ATTENTION
Task: {C8BFDFF2-7B0C-4DD9-85E1-180146C5EC56} - \The weDownload-chromeinstaller No Task File <==== ATTENTION
Task: {CC4C846B-11F8-49FE-85C7-DFB73B0AF2D6} - \SaveSense No Task File <==== ATTENTION
Task: {D70414A0-4726-4EAB-82A7-1707EBDECCB9} - \BlockAndSurf_wd No Task File <==== ATTENTION
Task: {DC068650-CCF0-4BBD-ADC3-91FA9D924FD2} - \9c402e05-3dbb-480c-ac63-356184b4cc5b-1 No Task File <==== ATTENTION
Task: {DF2A3D69-97B0-43E6-BC0D-A2E49B046F34} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2906633856-3008282504-649187448-1002Core => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-17] (Facebook Inc.)
Task: {E5378AF9-25F5-4598-A0E7-416F86A59E90} - \The weDownload-updater No Task File <==== ATTENTION
Task: {EBCBCD64-179C-41B4-81B8-052FFBC88ED9} - \Speedial No Task File <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906633856-3008282504-649187448-1002Core.job => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906633856-3008282504-649187448-1002UA.job => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-x32\...\Run: [fst_de_7] => "C:\Program Files (x86)\fst_de_7\fst_de_7.exe"
HKU\S-1-5-21-2906633856-3008282504-649187448-1002\...\Run: [Facebook Update] => C:\Users\Robert\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-17] (Facebook Inc.)
HKU\S-1-5-21-2906633856-3008282504-649187448-1002\...\Run: [rvykose] => c:\users\robert\appdata\local\rvykose.exe [1683456 2014-07-24] ()
HKU\S-1-5-21-2906633856-3008282504-649187448-1002\...\MountPoints2: {03e085d9-2bc1-11e3-be8b-20898454a48b} - "E:\AutoRun.exe"
HKU\S-1-5-21-2906633856-3008282504-649187448-1002\...\MountPoints2: {1fc5ef14-29ba-11e3-be89-20898454a48b} - "E:\AutoRun.exe"
HKU\S-1-5-21-2906633856-3008282504-649187448-1002\...\MountPoints2: {6b6cc36d-1f7b-11e3-be88-20898454a48b} - "E:\AutoRun.exe"
HKU\S-1-5-21-2906633856-3008282504-649187448-1002\...\MountPoints2: {6b6cc3ba-1f7b-11e3-be88-20898454a48b} - "E:\AutoRun.exe"
Startup: C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rvykose.lnk
ShortcutTarget: rvykose.lnk -> C:\Users\Robert\AppData\Local\rvykose.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
FF Extension: Boo.ly Shopping - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\lp6eiw11.default\Extensions\getbooly@boo.ly.xpi [2014-06-29]
FF HKCU\...\Firefox\Extensions: [{11515805-111D-D2EA-6E8F-BDF7857399A3}] - C:\Program Files (x86)\BlockAndSurf-soft\161.xpi
CHR Extension: (Hide Porn Pro - Protect your children for Porn sit) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnekoclofbckijjfldbebkajlclgdcop [2014-07-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]
2014-07-27 15:50 - 2014-07-27 16:08 - 00000000 ____ D () C:\AdwCleaner
2014-07-24 12:03 - 2014-07-27 16:46 - 01043105 _____ () C:\Users\Robert\AppData\Local\rvykose.gss
2014-07-24 12:03 - 2014-07-27 16:46 - 00337920 _____ () C:\Users\Robert\AppData\Local\rvykose.gdb
2014-07-24 12:03 - 2014-07-24 12:03 - 01683456 _____ () C:\Users\Robert\AppData\Local\rvykose.exe
CMD: del /f /s /q %TEMP%\*.*

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Karola 1650) #5

Pomoglo! :slight_smile: Dziekuje bardzo!


(Acorus) #6

Nie wiem.Spróbuj uruchomić w trybie awaryjnym.Skasuj folder C:\FRST

Użyj http://www.bleepingcomputer.com/download/tfc/ (uruchom TFC i kliknij Start).