Wyskakujące reklamy przy korzystaniu z internetu


(Bal Kuba) #1

Witam

Mam problem z dojściem do ładu z moim komputerem. Poinstalowały mi się jaies programy spamerskie. Większość z nich udało mi sie odinstalować , a część usunąć przez spy-bot search&destroy. Jednak nadal pozostaje problrem z wyskakującymi reklamami. W tle działają dwa podejrzane procesy trivia_games_notification_service.exe i helper_king_notfication_service.exe.

Prosze o sprawdzenie logów.

FRST.txt http://wklej.org/id/1680199/

Addition.txt http://wklej.org/id/1680200/

 


(Acorus) #2

Odinstaluj McAfee Security Scan Plus,Spybot - Search & Destroy,Windows XP Service Pack 3 Packages.Otwórz notatnik systemowy i wklej:

Task: C:\WINDOWS\Tasks\3Vk0oHIpFdvebBBg.job = C:\Documents and Settings\Mikoaj\Dane aplikacji\3Vk0oHIpFdvebBBg.exe
Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-1.job = C:\Program Files\Torntv V9.0\Torntv V9.0-codedownloader.exeř/PEkTOtrv /BEgyH=task /SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=8C4942698FD24DCFB171814217DA82EEIE /gRMsA=077a51c2262dfeefc7e3f0f4ccddd271 /oxPbBmKZ=1_34_05_12 /nflasGzBy=1.34.5.12 /MNGad=1401289347 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /dxMDrPipt=http:/cr.install-daddy.com /PviVuL=ch /Vzwlk /zUjti='http:/update.clientstaticserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso ==== ATTENTION
Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.job = C:\Program Files\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-2.exeß/rrjVClNe /SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=8C4942698FD24DCFB171814217DA82EEIE /gRMsA=077a51c2262dfeefc7e3f0f4ccddd271 /oxPbBmKZ=1_34_05_12 /MNGad=1401289347 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /PIppLG=11111111-1111-1111-1111-110511131190 /PviVuL=ch /Vzwlk /zUjti='http:/update.clientstaticserv.com/ie_enable_agent_updates/{CAMP_ID}/update.jso ==== ATTENTION
Task: C:\WINDOWS\Tasks\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.job = C:\Program Files\Torntv V9.0\a7982934-0630-49b5-bdb1-d23d83f53ffd-5.exe/JMriPzevx /SBwmFc='Torntv V9.0' /BBlBcB=51390 /LpWwwgnS='001062' /WvheJND='0' /ucLho='0' /fflpXyJRs=8C4942698FD24DCFB171814217DA82EEIE /gRMsA=077a51c2262dfeefc7e3f0f4ccddd271 /oxPbBmKZ=1_34_05_12 /MNGad=1401289347 /KAWIFfEy=http:/stats.clientstaticserv.com /LlrQwPe=http:/errors.clientstaticserv.com /KiMNO=http:/ipgeoapi.com/ /mRrSTLpUC=http:/update.clientstaticserv.com /mmmzpi=2 /MfNyMEV=http:/logs.clientstaticserv.com /zUjti='http:/update.clientstaticserv.com/updater_agent_updates/{CAMP_ID}/update.jso ==== ATTENTION
Task: C:\WINDOWS\Tasks\At1.job = C:\DOCUME~1\MIKOAJ~1\DANEAP~1\Dealply\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job = C:\DOCUME~1\MIKOAJ~1\DANEAP~1\FoxTab\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
Task: C:\WINDOWS\Tasks\At5.job = C:\DOCUME~1\MIKOAJ~1\DANEAP~1\PennyBee\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search Destroy).job = C:\Program Files\Spybot - Search Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-18Core.job = C:\Documents and Settings\MikoBaj\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-18UA.job = C:\Documents and Settings\MikoBaj\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-790525478-602162358-839522115-1001Core.job = C:\Documents and Settings\MikoBaj\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-790525478-602162358-839522115-1001UA.job = C:\Documents and Settings\MikoBaj\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job = C:\Program Files\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job = C:\Program Files\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\helper_king_notification_service.job = C:\Documents and Settings\MikoBaj\Ustawienia lokalne\Dane aplikacji\helper king\helper_king_notification_service.exeç/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='helper king' /appid='73143' /srcid='2913' /bic='6e78eeeebbc27d049863e13f69483138' /verifier='57f4faa50541ebb2fe8ecd824e005a49' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif
Task: C:\WINDOWS\Tasks\helper_king_updating_service.job = C:\Documents and Settings\MikoBaj\Ustawienia lokalne\Dane aplikacji\helper king\helper_king_updating_service.exe¬ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=helper_king_updating_service /funurl=http:/stats.buildomserv.com
Task: C:\WINDOWS\Tasks\NdT8xlUXbBbu1tk0Gsu.job = C:\Documents and Settings\Mikoaj\Dane aplikacji\NdT8xlUXbBbu1tk0Gsu.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job = C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job = C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\R96IRrOeiAFcVizidiSemu.job = C:\Documents and Settings\Mikoaj\Dane aplikacji\R96IRrOeiAFcVizidiSemu.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search Destroy).job = C:\Program Files\Spybot - Search Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search Destroy).job = C:\Program Files\Spybot - Search Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\SmartPCFix Task.job = C:\Program Files\SmartPCFix\SmartPCFix.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\trivia_games_notification_service.job = C:\Documents and Settings\MikoBaj\Ustawienia lokalne\Dane aplikacji\trivia games\trivia_games_notification_service.exeč/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='trivia games' /appid='73143' /srcid='2913' /bic='6e78eeeebbc27d049863e13f69483138' /verifier='57f4faa50541ebb2fe8ecd824e005a49' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif
Task: C:\WINDOWS\Tasks\trivia_games_updating_service.job = C:\Documents and Settings\MikoBaj\Ustawienia lokalne\Dane aplikacji\trivia games\trivia_games_updating_service.exe/campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=trivia_games_updating_service /funurl=http:/stats.buildomserv.com
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [SDTray] = C:\Program Files\Spybot - Search Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-18\...\Run: [Facebook Update] = "C:\Documents and Settings\Mikołaj\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-18\...\RunOnce: [Del66359] = cmd.exe /Q /D /c del "C:\WINDOWS\system32\config\SYSTEM~1\USTAWI~1\Temp\0.del" ===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [Del1178281] = cmd.exe /Q /D /c del "C:\WINDOWS\system32\config\SYSTEM~1\USTAWI~1\Temp\0.del" ===== ATTENTION
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL = C:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found
IFEO\chrome.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=dsts=1401289399from=ilduid=ST3160215A_9RA1BPE3XXXX9RA1BPE3q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=dsts=1401289399from=ilduid=ST3160215A_9RA1BPE3XXXX9RA1BPE3q={searchTerms}
HKU\S-1-5-21-790525478-602162358-839522115-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-790525478-602162358-839522115-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1397491685from=coruid=ST3160215A_9RA1BPE3XXXX9RA1BPE3q={searchTerms}
HKU\S-1-5-21-790525478-602162358-839522115-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1397491685from=coruid=ST3160215A_9RA1BPE3XXXX9RA1BPE3q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchboxes.info/?l=1q={searchTerms}pid=1249r=2013/07/28hid=2379156848lg=ENcc=PLunqvl=28
SearchScopes: HKU\.DEFAULT - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-790525478-602162358-839522115-1001 - 3AC374FC-8DCB-4AE5-8637-483CDFE8E029 URL = http://searchou.com/q=
SearchScopes: HKU\S-1-5-21-790525478-602162358-839522115-1001 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT3288691CUI=UN66575469214551860UM=2
SearchScopes: HKU\S-1-5-21-790525478-602162358-839522115-1001 - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}fr=ntg
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-16] (McAfee, Inc.)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll No File
Toolbar: HKLM - IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files\IVONA\IVONA Reader\integr\IR_iexplorer2.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=scts=1401289399from=ilduid=ST3160215A_9RA1BPE3XXXX9RA1BPE3
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\delta-homes.xml [2014-12-27]
CHR HomePage: Default - hxxp://www.delta-homes.com/?type=hpts=1419694070from=wpm12262uid=ST3160215A_9RA1BPE3XXXX9RA1BPE3
CHR StartupUrls: Default - "hxxp://www.delta-homes.com/?type=hpts=1419694070from=wpm12262uid=ST3160215A_9RA1BPE3XXXX9RA1BPE3"
CHR DefaultSearchKeyword: Default - delta-homes
CHR DefaultSearchURL: Default - http://search.delta-homes.com/web/?type=dsts=1419694070from=wpm12262uid=ST3160215A_9RA1BPE3XXXX9RA1BPE3q={searchTerms}
CHR Extension: (BatBrowse) - C:\Documents and Settings\Mikołaj\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff [2013-11-05]
CHR Extension: (safuey sAivve) - C:\Documents and Settings\Mikołaj\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\npohhekeegponlnphphffecgkbhdjphj [2013-07-28]
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Documents and Settings\Mikołaj\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-27]
CHR HKLM\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Documents and Settings\Mikołaj\Ustawienia lokalne\Dane aplikacji\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [2013-10-16]
CHR HKU\S-1-5-21-790525478-602162358-839522115-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKU\S-1-5-21-790525478-602162358-839522115-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pkmpcdbgnfjfeelcpebpkflcmbkclfho] - C:\Documents and Settings\Mikołaj\Ustawienia lokalne\Dane aplikacji\CRE\pkmpcdbgnfjfeelcpebpkflcmbkclfho.crx [2013-10-16]
StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?type=scts=1419694070from=wpm12262uid=ST3160215A_9RA1BPE3XXXX9RA1BPE3
OPR Extension: (gadafnnkijfmbbmeielphlapddbmgbgo) - C:\Documents and Settings\Mikołaj\Dane aplikacji\Opera Software\Opera Stable\Extensions\gadafnnkijfmbbmeielphlapddbmgbgo [2015-04-01]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S4 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe" [X]
S4 IntelIde; No ImagePath
U4 Messenger; No ImagePath
S3 TuneUpUtilitiesDrv; \\C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [X]
S3 WinRing0_1_2_0; \\C:\Documents and Settings\Mikołaj\Game Booster 3\Driver\WinRing0.sys [X]
U1 WS2IFSL; No ImagePath
S3 WSIMD; system32\DRIVERS\wsimd.sys [X]
2015-04-04 18:30 - 2015-04-05 08:01 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search Destroy).job
2015-04-04 18:30 - 2015-04-04 22:01 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2015-04-04 18:30 - 2015-04-04 18:30 - 00001842 _____ () C:\Documents and Settings\All Users\Menu Start\Programy\Spybot-SD Start Center.lnk
2015-04-04 18:30 - 2015-04-04 18:30 - 00001836 _____ () C:\Documents and Settings\All Users\Pulpit\Spybot-SD Start Center.lnk
2015-04-04 18:30 - 2015-04-04 18:30 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search Destroy).job
2015-04-04 18:30 - 2015-04-04 18:30 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search Destroy).job
2015-04-04 18:29 - 2015-04-04 21:45 - 00000000 ___DC () C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy
2015-04-04 18:29 - 2015-04-04 18:36 - 00000000 ____ D () C:\Program Files\Spybot - Search Destroy 2
2015-04-04 18:29 - 2015-04-04 18:30 - 00000000 ____ D () C:\Documents and Settings\All Users\Menu Start\Programy\Spybot - Search Destroy 2
2015-04-04 18:29 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2015-04-01 23:19 - 2015-04-01 23:19 - 00000000 ____ D () C:\Documents and Settings\Mikołaj\Ustawienia lokalne\Dane aplikacji\helper king
2015-03-31 10:14 - 2015-03-31 10:14 - 00005655 _____ () C:\Documents and Settings\Mikołaj\Dane aplikacji\3Vk0oHIpFdvebBBg
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Documents and Settings\Mikołaj\Dane aplikacji\xwyqiM64Rbi
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Documents and Settings\Mikołaj\Dane aplikacji\R96IRrOeiAFcVizidiSemu
2015-03-31 10:14 - 2015-03-31 10:14 - 00004387 _____ () C:\Documents and Settings\Mikołaj\Dane aplikacji\NdT8xlUXbBbu1tk0Gsu
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At5.job
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Bal Kuba) #3

Wykonałem wszystkie czynności. Problem nadal występuje. Załączam logi.

http://wklej.org/id/1680510/

http://wklej.org/id/1680511/


(Acorus) #4

Otwórz notatnik systemowy i wklej:

BootExecute: autocheck autochk * sdnclean.exe
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {8664889D-ED18-4713-918F-E2BB69D8452B} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
CHR DefaultSearchKeyword: Default - delta-homes
CHR DefaultSearchURL: Default - http://search.delta-homes.com/web/?type=dsts=1419694070from=wpm12262uid=ST3160215A_9RA1BPE3XXXX9RA1BPE3q={searchTerms}
2015-04-05 17:14 - 2015-04-05 17:16 - 00000000 ___DC () C:\AdwCleaner
2015-04-02 23:10 - 2015-04-02 23:10 - 00000000 ____ D () C:\Documents and Settings\Mikołaj\Ustawienia lokalne\Dane aplikacji\trivia games

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.