Wyskakujące reklamy i nowe okienka

bat123 · 9 Marzec 2015 07:49

wyskakują mi reklamy i nowe okna na każdej stronie jaką otworze, jest to na tyle uciążliwe że nawet nie idzie nic przeczytać bo strona się automatycznie sama zmienia;/

Acorus · 9 Marzec 2015 08:27

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

bat123 · 9 Marzec 2015 08:35

FRST http://www.wklej.org/id/1657966/

Acorus · 9 Marzec 2015 08:53

Odinstaluj Round World,WinZipper.Otwórz notatnik systemowy i wklej:

Task: {266AD997-B54D-467D-A954-BEE52645030A} - System32\Tasks\{3610F2D7-EF8D-43A0-8946-859E167A1879} = pcalua.exe -a C:\Users\Admin\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
Task: {F0072B94-6F19-468F-8113-4C14115FDEAD} - System32\Tasks\{FF6E39C3-43BB-49D4-B278-E3CAA7C1ECFC} = pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe"
Task: {F00CB256-BB7A-4A8F-A27C-9B1A1313792C} - System32\Tasks\{BA117FBA-6E03-4EEB-A47F-58678920BA06} = pcalua.exe -a C:\Users\Admin\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1418838096from=wpm12173uid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1E
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1418838096from=wpm12173uid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1E
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1413547061from=coruid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1Eq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1413547061from=coruid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1Eq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1418838096from=wpm12173uid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1E
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1418838096from=wpm12173uid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1E
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1413547061from=coruid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1Eq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1413547061from=coruid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1Eq={searchTerms}
HKU\S-1-5-21-638886111-1582532877-1728652596-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=dsts=1418838096from=wpm12173uid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1Eq={searchTerms}
HKU\S-1-5-21-638886111-1582532877-1728652596-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1418838096from=wpm12173uid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1E
HKU\S-1-5-21-638886111-1582532877-1728652596-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1418838096from=wpm12173uid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1E
HKU\S-1-5-21-638886111-1582532877-1728652596-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=dsts=1418838096from=wpm12173uid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1Eq={searchTerms}
SearchScopes: HKLM - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM-x32 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=dsts=1421835165from=zbd1uid=st1000dm003-1er162_z4y0kv1exxxxz4y0kv1eq={searchTerms}
SearchScopes: HKLM-x32 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=dsts=1421835165from=zbd1uid=st1000dm003-1er162_z4y0kv1exxxxz4y0kv1eq={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=dsts=1421835165from=zbd1uid=st1000dm003-1er162_z4y0kv1exxxxz4y0kv1eq={searchTerms}
SearchScopes: HKU\.DEFAULT - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=dsts=1421835165from=zbd1uid=st1000dm003-1er162_z4y0kv1exxxxz4y0kv1eq={searchTerms}
SearchScopes: HKU\S-1-5-19 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=dsts=1421835165from=zbd1uid=st1000dm003-1er162_z4y0kv1exxxxz4y0kv1eq={searchTerms}
SearchScopes: HKU\S-1-5-19 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=dsts=1421835165from=zbd1uid=st1000dm003-1er162_z4y0kv1exxxxz4y0kv1eq={searchTerms}
SearchScopes: HKU\S-1-5-20 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=dsts=1421835165from=zbd1uid=st1000dm003-1er162_z4y0kv1exxxxz4y0kv1eq={searchTerms}
SearchScopes: HKU\S-1-5-20 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=dsts=1421835165from=zbd1uid=st1000dm003-1er162_z4y0kv1exxxxz4y0kv1eq={searchTerms}
SearchScopes: HKU\S-1-5-21-638886111-1582532877-1728652596-1000 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=dsts=1421835165from=zbd1uid=st1000dm003-1er162_z4y0kv1exxxxz4y0kv1eq={searchTerms}
SearchScopes: HKU\S-1-5-21-638886111-1582532877-1728652596-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1418838096from=wpm12173uid=ST1000DM003-1ER162_Z4Y0KV1EXXXXZ4Y0KV1Eq={searchTerms}
SearchScopes: HKU\S-1-5-21-638886111-1582532877-1728652596-1000 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://www.v9.com/web?type=dsts=1421835165from=zbd1uid=st1000dm003-1er162_z4y0kv1exxxxz4y0kv1eq={searchTerms}
SearchScopes: HKU\S-1-5-21-638886111-1582532877-1728652596-1000 - {7E33F127-1A21-464E-A345-15811B2C537B} URL = http://search.yahoo.com/search?p={searchTerms}fr=tightropetbtype=11147
SearchScopes: HKU\S-1-5-21-638886111-1582532877-1728652596-1000 - {FACDD11F-7997-452C-9B87-62583910C65D} URL = http://search.findwide.com/serp?guid={75055F44-404A-48E5-9BA8-189B459B5462}action=default_searchk={searchTerms}
BHO-x32: Round World 1.0.0.7 - {78549bde-b964-4d2a-b7b1-c4ac15ddff64} - C:\Program Files (x86)\Round World\RoundWorldbho.dll [2015-02-18] (Round World)
FF Extension: flashbugcoursevectorcom - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\indijnu9.default\Extensions\flashbug@coursevector.com [2014-10-21]
FF Extension: iWebar - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\indijnu9.default\Extensions\ROUAILDE73397174@UXGZI17268980.com [2014-10-17]
FF Extension: Senses - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\indijnu9.default\Extensions\warnerroberts@hotmail.com [2014-10-17]
CHR Extension: (Round World) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnafnilpgjiaekgnfgpomfjflfmeiboo [2015-03-09]
CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [Not Found]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [705416 2014-09-24] (Cherished Technololgy LIMITED)
R2 Update Round World; C:\Program Files (x86)\Round World\updateRoundWorld.exe [408304 2015-03-09] ()
R2 Util Round World; C:\Program Files (x86)\Round World\bin\utilRoundWorld.exe [408304 2015-03-09] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485376 2014-12-16] (Fuyu LIMITED) [File not signed]
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [424624 2015-01-12] (Taiwan Shui Mu Chih Ching Technology Limited.) ==== ATTENTION
R1 {3bcd1a06-f942-43b2-83f3-1b446001ad4c}Gw64; C:\Windows\System32\drivers\{3bcd1a06-f942-43b2-83f3-1b446001ad4c}Gw64.sys [48832 2014-11-05] (StdLib)
R1 {72502b1b-b916-4994-814e-c516f9f681b2}Gw64; C:\Windows\System32\drivers\{72502b1b-b916-4994-814e-c516f9f681b2}Gw64.sys [48784 2015-02-25] (StdLib)
R1 {7eca9cfa-8eb0-4cc4-b008-3419a1b1582a}Gw64; C:\Windows\System32\drivers\{7eca9cfa-8eb0-4cc4-b008-3419a1b1582a}Gw64.sys [48784 2015-02-17] (StdLib)
R1 {8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw64; C:\Windows\System32\drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw64.sys [48784 2015-03-08] (StdLib)
S1 iSafeKrnlMon; \\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
2015-03-08 17:06 - 2015-03-08 17:07 - 01262992 _____ (Elex do Brasil Participações Ltda) C:\Users\Admin\Downloads\yet_another_cleaner_gam_setup_18184.exe
2015-03-08 17:06 - 2015-03-08 08:25 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw64.sys
2015-02-18 17:13 - 2015-03-09 09:22 - 00000000 ____ D () C:\Program Files (x86)\Round World
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

bat123 · 9 Marzec 2015 09:24

dzięki wielkie za pomoc!

Acorus · 9 Marzec 2015 09:40

Skasuj folder C:\FRST