Wyskakujące reklamy proszę o pomoc w usunięciu


(Kalafior24) #1

Witam,

proszę o pomoc w usunięciu wyskakujących reklam na komputerze.

 

FRST - http://wklejto.pl/224491

 

Additional - http://wklejto.pl/224492

 

Dziękuję z góry za pomoc.


(Atis) #2

Odinstaluj McAfee Security Scan Plus i YAC(Yet Another Cleaner!.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKU\S-1-5-21-1229272821-1284227242-725345543-500\...\Run: [Yahoo! Search] => C:\Documents and Settings\Administrator\Dane aplikacji\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe [644816 2015-02-27] (Pay By Ads LTD)
HKU\S-1-5-21-1229272821-1284227242-725345543-500\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Administrator\Dane aplikacji\skype.dat <==== ATTENTION 
HKU\S-1-5-21-1229272821-1284227242-725345543-500\...\InprocServer32: [Default-pngfilt] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\1165.tmp <==== ATTENTION!
Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://q.search-simple.com/?m=tab&affID=na" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1229272821-1284227242-725345543-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1229272821-1284227242-725345543-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1229272821-1284227242-725345543-500 -> {B330B3C4-1EB1-45B1-B908-4BE75B61777F} URL = http://search.delta-homes.com/web/?type=ds&ts=1418202557&from=wpm12103&uid=ST3808110AS_4LR24ABQXXXX4LR24ABQ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1229272821-1284227242-725345543-500 -> {CF739809-1C6C-47C0-85B9-569DBB141420} URL = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BT
SearchScopes: HKU\S-1-5-21-1229272821-1284227242-725345543-500 -> {D4DB3A47-290F-4D56-94FB-D831A8566881} URL = http://q.search-simple.com/?affID=na&q={searchTerms}&r=249
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=616_pr __alt__ ddc_dsssyctab_bd_com
FF DefaultSearchEngine: Yahoo! Search
FF SearchEngineOrder.1: V9
FF SelectedSearchEngine: Yahoo! Search
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=616_pr __alt__ ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=616_pr __alt__ ddc_dss_bd_com&p=
FF SearchPlugin: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\usea25on.default\searchplugins\dsrlte.xml [2015-02-27]
FF SearchPlugin: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\usea25on.default\searchplugins\search-simple.xml [2015-03-19]
FF SearchPlugin: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\usea25on.default\searchplugins\V9.xml [2015-01-20]
FF HKU\S-1-5-21-1229272821-1284227242-725345543-500\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Dane aplikacji\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR HomePage: Default -> hxxp://www.delta-homes.com/?type=hp&ts=1418202557&from=wpm12103&uid=ST3808110AS_4LR24ABQXXXX4LR24ABQ
CHR RestoreOnStartup: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=616_pr __alt__ ddc_dsssyc_bd_com"
CHR Extension: (AppEnable) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\chfpmfingabfmmoennkbpldlobfeleib [2015-02-26]
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-03-12] (Elex do Brasil Participações Ltda)
S1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-03-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83752 2015-03-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-03-12] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-03-12] (Elex do Brasil Participações Ltda)
S3 e4usbaw; system32\DRIVERS\e4usbaw.sys [X]
S2 IKANLOADER2; System32\Drivers\e4ldr.sys [X]
S4 IntelIde; No ImagePath
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X]
S3 PCAMPR5; \??\C:\WINDOWS\system32\PCAMPR5.SYS [X]
2015-03-27 11:04 - 2015-03-27 11:09 - 00000000 ___DC () C:\AdwCleaner
2015-02-27 18:50 - 2015-02-27 18:50 - 00000000 ____ D () C:\Documents and Settings\Administrator\Dane aplikacji\Pay-By-Ads
C:\Program Files\Elex-tech
CustomCLSID: HKU\S-1-5-21-1229272821-1284227242-725345543-500_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Documents and Settings\All Users\Dane aplikacji\GameXN\ezGameXN.dll No File
CustomCLSID: HKU\S-1-5-21-1229272821-1284227242-725345543-500_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Documents and Settings\All Users\Dane aplikacji\GameXN\ezGameXN.dll No File
CustomCLSID: HKU\S-1-5-21-1229272821-1284227242-725345543-500_Classes\CLSID\{4A077B32-4C72-476C-900A-B6EA9B60E7FD}\InprocServer32 -> C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\{1A1C4D9C-B9F9-47B0-A9A3-5C5A42721AD1}\SDPlugins\SDMailNotify2.dl (the data entry has 9 more characters).
CustomCLSID: HKU\S-1-5-21-1229272821-1284227242-725345543-500_Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}\InprocServer32 -> C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\1165.tmp No File
CustomCLSID: HKU\S-1-5-21-1229272821-1284227242-725345543-500_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Documents and Settings\All Users\Dane aplikacji\GameXN\ezGameXN.dll No File
CustomCLSID: HKU\S-1-5-21-1229272821-1284227242-725345543-500_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Documents and Settings\All Users\Dane aplikacji\GameXN\ezGameXN.dll No File
CustomCLSID: HKU\S-1-5-21-1229272821-1284227242-725345543-500_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1229272821-1284227242-725345543-500_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Documents and Settings\All Users\Dane aplikacji\GameXN\ezGameXN.dll No File
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{3833B2BA-B08D-4B56-A227-D076E02C0B00}.job => C:\WINDOWS\system32\msfeedssync.exe
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Kalafior24) #3

FRST - http://wklejto.pl/224671

 

Fixlog - http://wklejto.pl/224672

 

reklamy już nie wyskakują :slight_smile:

Dzięki wielkie :slight_smile:


(Atis) #4

Przecież napisałem, że masz odinstalować McAfee Security Scan Plus.