Wyskakujące reklamy w chrome

kaczooorek · 19 Luty 2015 14:42

Witam wyskakują mi reklamy w chrome. Jak odpalę stronkę to odrazu w tej samej karcie nowa strona się otwiera z jakąś reklamą i jak już się odpali żądana strona to jest na niej milion reklam gdzieś po bokach

oto logi Farbar Recovery Scan Tools

FRST.txt http://wklej.org/id/1640413/

Addition.txt http://wklej.org/id/1640414/

te reklamy to jakieś hold pages

Z góry Dziękuje

Acorus · 19 Luty 2015 14:59

Odinstaluj SmartPCFix 3.09.Otwórz notatnik systemowy i wklej:

Task: {9EE3AC88-9275-453D-A80A-A39A4C1E4718} - \{877483C4-20FE-4F9C-AD74-F3284F52247A} No Task File ==== ATTENTION
Task: {C8ED0A84-A68B-4168-805B-F39A7D26F12F} - System32\Tasks\APSnotifierPP3 = C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe ==== ATTENTION
Task: {F3B186D3-796C-479E-BA62-2672FAD8FA57} - System32\Tasks\APSnotifierPP1 = C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe ==== ATTENTION
Task: {F6F615D5-86EF-482E-9BA2-1AF945C3D783} - System32\Tasks\APSnotifierPP2 = C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe ==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job = C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job = C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job = C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
HKU\S-1-5-21-3322185647-3728636149-2410453221-1000\...\Run: [SpeedUpMyComputer] = C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss
HKU\S-1-5-21-3322185647-3728636149-2410453221-1000\...\Run: [FixMyRegistry] = C:\Program Files (x86)\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as /ss
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL = C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL = C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=dsts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYTq={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hpts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYT
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=dsts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYTq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=dsts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYTq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hpts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hpts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=dsts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYTq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com/web/?type=dsts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYTq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hpts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.com/?type=hpts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com/web/?type=dsts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYTq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=scts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYT
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476aid=175itype=aver=12627tm=349src=dsp={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=dsts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYTq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.qone8.com/web/?type=dsts=1400249593from=smtuid=TOSHIBAXMK2565GSX_40UUT0NYTXX40UUT0NYTq={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476aid=175itype=aver=12627tm=349src=dsp={searchTerms}
SearchScopes: HKCU - DefaultScope {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {381D1A8D-2F5F-4ED3-8F8B-60B378A159CF} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476aid=175itype=aver=12627tm=349src=dsp={searchTerms}
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKCU - {BE114F08-7282-4729-824F-1514FBEA2B0E} URL = http://www.amazon.co.uk/gp/search?ie=UTF8keywords={searchTerms}tag=tochibauk-win7-ie-search-21index=blendedlinkCode=ur2
BHO: No Name - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - No File
BHO-x32: No Name - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File
CHR Extension: (Hold Page) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaikkjcipbnkplpaecabmeggakeeihg [2014-12-07]
CHR Extension: (iLivid) - C:\Users\Toshiba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2014-12-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
S2 51cdb72; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 UI Assistant Service; C:\Program Files (x86)\PLAY ONLINE\AssistantServices.exe [X]
S2 Update Hold Page; "C:\Program Files (x86)\Hold Page\updateHoldPage.exe" [X]
S2 Update webporpoise; "C:\Program Files (x86)\webporpoise\updatewebporpoise.exe" [X]
S2 Util webporpoise; "C:\Program Files (x86)\webporpoise\bin\utilwebporpoise.exe" [X]
R1 {078ad437-dc9f-4228-9edb-b3d1c0246ff8}w64; C:\Windows\System32\drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}w64.sys [48784 2014-12-08] (StdLib)
R1 {2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}w64; C:\Windows\System32\drivers\{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}w64.sys [48784 2014-12-06] (StdLib)
R1 {507a9b68-2b48-4a22-b662-e674fb6a16f7}w64; C:\Windows\System32\drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}w64.sys [48776 2014-12-05] (StdLib)
R1 {572f484b-455f-44b0-9d6a-da3ad2071365}Gw64; C:\Windows\System32\drivers\{572f484b-455f-44b0-9d6a-da3ad2071365}Gw64.sys [61120 2014-04-24] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys [61112 2014-07-10] (StdLib)
R1 {f9d2f209-1697-4837-85f2-d88e4c9f7c81}w64; C:\Windows\System32\drivers\{f9d2f209-1697-4837-85f2-d88e4c9f7c81}w64.sys [61120 2014-04-24] (StdLib)
2015-02-19 15:05 - 2014-05-16 15:13 - 00000000 ____ D () C:\Users\Toshiba\AppData\Roaming\qone8
C:\ProgramData\svchost.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

kaczooorek · 19 Luty 2015 15:33

Raport adwcleaner[s1] http://wklej.org/id/1640469/

Raport adwcleaner[r1] http://wklej.org/id/1640472/

Raport Fixlog http://wklej.org/id/1640475/

Acorus · 19 Luty 2015 15:44

Skasuj folder C:\FRST

kaczooorek · 19 Luty 2015 16:01

dobra usunołem. użyć jeszcze TFC do wyczyszczenia śmieci ?

Acorus · 19 Luty 2015 16:08

Masz wyczyszczony Temp.Odinstaluj Java 7 Update 55.Zainstaluj Java 8 Update 31 http://www.java.com/pl/download/windows_offline.jsp