Wyskakujące reklamy i przekierowania - Mozilla i Chrome

Witam.

 

Od kilku dni mam problem z wykakującymi reklamami i przekierowaniem na inne strony.

Najpierw próbowałem sobie poradzić sam, ale pewnie poinstalowałem za dużo badziewia.

Na Chrome jest już ok, pozostaje Mozilla.

 

FRST http://wklej.org/id/1681502/

Addition http://wklej.org/id/1681507/

 

Można z tym coś zrobić?

W panelu sterowania odinstaluj:

Ask Toolbar

BitGuard

browse pulse

McAfee Security Scan Plus

Search App by Ask

SiteAdvisor

Trojan Killer

Usuń szkodliwe rozszerzenia w przeglądarce Firefox i Chrome

Ask Toolbar, Search App by Ask, vShare, browse pulse.

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{16cdf~1\loader.dll => c:\progra~3\bitguard\271832~1.68\{16cdf~1\loader.dll File Not Found
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{16cdf~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{16cdf~1\loader.dll File Not Found
AppInit_DLLs-x32: c:\progra~3\bitguard\271832~1.68\{16cdf~1\bitguard.dll => "c:\progra~3\bitguard\271832~1.68\{16cdf~1\bitguard.dll" File Not Found
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150401
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150401
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1420131975&from=smt&uid=WDCXWD5000BEVT-24A0RT0_WD-WXC1A30K9744K9744
HKU\S-1-5-21-3414093091-1407969057-2599203553-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150401
HKU\S-1-5-21-3414093091-1407969057-2599203553-1000\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=110819&tt=120912_pcp_3912_8&babsrc=HP_ss&mntrId=22b7b4b3000000000000002682b4bcc7
URLSearchHook: HKU\S-1-5-21-3414093091-1407969057-2599203553-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-3414093091-1407969057-2599203553-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-3414093091-1407969057-2599203553-1000 -> {0C61E53F-40A3-4B4B-B34F-281A86326887} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=A6BEEC10-08F3-40BF-B286-84E540E5DE1B&apn_sauid=795B18D6-9BE2-444A-A5D2-26D8A159C9DB
SearchScopes: HKU\S-1-5-21-3414093091-1407969057-2599203553-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO-x32: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File
BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO-x32: browse pulse -> {ed8e593d-1965-4e45-9d55-d56162dcde14} -> C:\Program Files (x86)\browse pulse\Extensions\ed8e593d-1965-4e45-9d55-d56162dcde14.dll [2015-04-01] ()
Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKU\S-1-5-21-3414093091-1407969057-2599203553-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF Extension: Ask Toolbar - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\l3uusq0i.default\Extensions\toolbar@ask.com [2012-04-06]
FF Extension: Search App by Ask - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\l3uusq0i.default\Extensions\toolbar_ORJ-SPE@apn.ask.com [2015-02-16]
FF Extension: vShare - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\l3uusq0i.default\Extensions\vshare@toolbar [2012-03-27]
FF Extension: browse pulse - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\l3uusq0i.default\Extensions\{17d80537-52f5-462b-b7c7-b8d65a73f32c} [2015-04-01]
FF Extension: McAfee Security Scan Plus - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\l3uusq0i.default\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8} [2014-05-21]
FF Extension: Search App by Ask - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\l3uusq0i.default\Extensions\toolbar_ORJ-SPE@apn.ask.com.xpi [2014-11-24]
FF Extension: browse pulse - C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\l3uusq0i.default\Extensions\{17d80537-52f5-462b-b7c7-b8d65a73f32c}.xpi [2015-04-01]
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-02-23]
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR Extension: (browse pulse) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oagpcbbigoaebkabieccfhgfdgmdlnfm [2015-04-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-31]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-03-31]
S2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe [X]
S2 tor; "C:\Program Files (x86)\Tor\tor.exe" --nt-service "-ControlPort" "9051" [X]
U3 BcmSqlStartupSvc; No ImagePath
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath
2015-04-06 13:59 - 2015-04-06 13:59 - 00000000 _____ () C:\windows\SysWOW64\shoFAA7.tmp
2015-04-06 13:11 - 2015-04-06 13:12 - 00000000 _____ () C:\Users\Sebastian\Downloads\yet_another_cleaner_sk_7459195.exe
2015-04-06 13:00 - 2015-04-06 13:00 - 00738232 _____ (Generic internet ) C:\Users\Sebastian\Downloads\CCleaner(13061)-dp.exe
2015-04-01 21:17 - 2015-04-06 19:25 - 00000000 ____ D () C:\ProgramData\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15
2015-04-01 21:17 - 2015-04-01 21:17 - 00000000 ____ D () C:\Program Files (x86)\browse pulse
2015-04-01 21:16 - 2015-04-01 21:16 - 00713496 _____ (Software ) C:\Users\Sebastian\Downloads\Rzeznik-MPEGow(11725)-dp.exe
2015-03-13 08:14 - 2015-03-13 08:14 - 00000000 _____ () C:\windows\SysWOW64\sho62C8.tmp
2015-03-11 11:24 - 2015-03-11 11:24 - 00000000 _____ () C:\windows\SysWOW64\sho3582.tmp
2015-04-06 13:58 - 2013-08-31 20:34 - 00000000 ____ D () C:\Program Files (x86)\Tor
Task: {00B1C645-3576-4060-B47F-AC22BE23D0D5} - System32\Tasks\{CEF883B4-8C37-4222-A4AB-6ECD558EB930} => C:\Users\Sebastian\Desktop\Symulator MCS51\SYMUL.exe
Task: {0E68E361-A3CD-45B0-8B90-8ADE84EE81A5} - \AdobeFlashPlayerUpdate 2 No Task File <==== ATTENTION
Task: {1029BD66-5742-4C7B-9010-C2C74FC26584} - System32\Tasks\{347292A9-61DC-461E-B238-B402EEB9C276} => C:\Users\Sebastian\Desktop\Symulator MCS51\SYMUL.exe
Task: {1A736EDA-CFC4-4E03-B123-D1CFD8762D9A} - \AdobeFlashPlayerUpdate No Task File <==== ATTENTION
Task: {2F842FC8-154D-4AFC-9F2D-C36EEDF89148} - System32\Tasks\{871950EE-5B86-438C-9DA4-1CEA4DFA8665} => C:\Users\Sebastian\Desktop\Symulator MCS51\SYMUL.exe
Task: {37E4611F-E247-4728-958C-92D9AC3B79E6} - System32\Tasks\{D6D1AA15-509F-40D6-B5AB-3DDFA6A3288A} => C:\Users\Sebastian\Desktop\My Shared Folder\ea games - (pc game) - need for speed underground {ea games}(2).exe
Task: {3BEAE163-8997-4EF1-858F-64BA9E7B4F31} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe [2015-04-06] (GridinSoft LLC.)
Task: {4683754D-386D-46E8-A154-CA89B5A31B11} - System32\Tasks\RunAsStdUser Task => C:\Program Files\r2 Studios\Startup Delayer\Startup Delayer.exe
Task: {8607D601-8FF7-427C-994A-749D4712FF47} - System32\Tasks\{613B7469-3B7A-4F59-A0D5-5C8898F266F3} => C:\Users\Sebastian\Desktop\My Shared Folder\ea games - (pc game) - need for speed underground {ea games}(2).exe
Task: {9214D7AE-13C7-410D-9B1A-EA30EC57B20B} - System32\Tasks\{FA9B946E-3A10-4FE3-A8B8-BEB4854944CE} => C:\Users\Sebastian\Desktop\Symulator MCS51\SYMUL.exe
Task: {B1E0F6E7-553A-4A15-86A3-F973FFA2241C} - \BitGuard No Task File <==== ATTENTION
Task: {CBFD5C47-2EEA-4BA8-BEA2-39E94B738D4B} - System32\Tasks\{A52F4379-7BB4-4182-B2AD-04ECC0876BEF} => C:\Users\Sebastian\Desktop\Symulator MCS51\SYMUL.exe
Task: {EBFD8D42-716C-44B5-BFC0-16775EBFD5A8} - \CPU Grid Computing No Task File <==== ATTENTION
Task: {F12D61B2-FB41-4971-B46C-2EBB250F5FD3} - System32\Tasks\{E6040912-BC62-4E9F-ADAF-D4EAEE1F152A} => C:\Users\Sebastian\Desktop\uP\Symulator MCS51\SYMUL.exe
Task: {F8F064C2-159E-4D98-9D0E-F12604FB3342} - System32\Tasks\{20E48005-93B0-49AC-96B1-2CF6F7282619} => C:\Users\Sebastian\Desktop\Symulator MCS51\SYMUL.exe
Task: {FC85C3C8-0F86-47C1-811E-18F0B5E024D6} - System32\Tasks\{F5BAC69A-4867-4FD4-8670-02D6834ADF1B} => C:\Users\Sebastian\Desktop\uP\Symulator MCS51\SYMUL.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

Fixlog http://wklej.org/id/1683397/

FRST http://wklej.org/id/1683398/

Wygląda to dobrze.

Dzięki za pomoc.

Nie cytuj moich odpowiedzi.

Pokaż cały log.

To jest cały raport Fixlog tak jak prosiłeś.

Na końcu powinno być End Of Log: http://wklej.org/id/1683398/

http://wklej.org/id/1683614/

Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Java 7 Update 21

Java 8 Update 25

Java 6 Update 31

Zainstaluj:

Flash Player 17.0.0.134 Plugin

Flash Player 17.0.0.134 ActiveX

Java 8 Update 40

Zrobione wszystko wg zaleceń.

Dzięki za pomoc.