Wyskakujace reklamy. wolna przeglądarka


(siemniaq) #1

Witam , wyskakuja mi jakieś pierdoły ( reklamy , itp ) w przeglądarce . Prosze o pomoc.

 

frst  :  http://wklejto.pl/225869

 

Addition : http://wklejto.pl/225870


(Acorus) #2

Odinstaluj Adobe Reader 9.5.0 - Polish,Java 7 Update 67,Yahoo! Search.Otwórz notatnik systemowy i wklej:

Task: {A3A9BCB1-4421-403F-B061-2A0074007D9D} - System32\Tasks\Yahoo! Search = C:\Users\Pakyer\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrlte.exe [2015-03-28] (Pay By Ads LTD) ==== ATTENTION
Task: {B9571AA7-2EE5-451F-AB63-D3A9248017E1} - System32\Tasks\Yahoo! Search Updater = C:\Users\Pakyer\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrsetup.exe [2015-03-28] (Pay By Ads LTD) ==== ATTENTION
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKU\S-1-5-21-1534801600-899841055-2755804120-1000\...\Run: [Yahoo! Search] = C:\Users\Pakyer\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.25.0\dsrlte.exe [644352 2015-03-28] (Pay By Ads LTD)
HKU\S-1-5-21-1534801600-899841055-2755804120-1000\...\Run: [BearShare] = C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe [31154176 2013-11-19] (MusicLab, LLC)
HKU\S-1-5-21-1534801600-899841055-2755804120-1000\...\MountPoints2: {7b776732-7ad7-11e4-9cf9-0025221b937d} - F:\autorun.exe
Startup: C:\Users\Pakyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1426672652from=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1426672652from=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6B
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1417608149from=smtuid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1417608149from=smtuid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1426672652from=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6B
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1426672652from=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6B
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1417608149from=smtuid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1417608149from=smtuid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bq={searchTerms}
HKU\S-1-5-21-1534801600-899841055-2755804120-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=dsts=1426672652from=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bq={searchTerms}
HKU\S-1-5-21-1534801600-899841055-2755804120-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=hp-ddc-bdtype=616_pr __alt__ ddc_dsssyc_bd_com
HKU\S-1-5-21-1534801600-899841055-2755804120-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hpts=1426672652from=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6B
HKU\S-1-5-21-1534801600-899841055-2755804120-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.search.ask.com/?tpid=ORJ-SPEo=APN11406pf=V7trgb=IEp2=%5EBBE%5EOSJ000%5EYY%5EPLgct=hpapn_ptnrs=BBEapn_dtid=%5EOSJ000%5EYY%5EPLapn_dbr=ieapn_uid=3B8DF203-6A45-41D1-8ED2-B29069866214itbv=12.24.1.51doi=2015-03-07psv=pt=tb
HKU\S-1-5-21-1534801600-899841055-2755804120-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=dsts=1426672652from=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bq={searchTerms}
URLSearchHook: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - (No Name) - {D8278076-BC68-4484-9233-6E7F1628B56C} - No File
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=20systemid=2v=n15724-657apn_uid=3101723293304262apn_dtid=IME002o=APN10641apn_ptnrs=AG2q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=101systemid=488v=n12521-424apn_uid=2144213019654104apn_dtid=TCH001o=APN11459apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=20systemid=2v=n15724-657apn_uid=3101723293304262apn_dtid=IME002o=APN10641apn_ptnrs=AG2q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=101systemid=488v=n12521-424apn_uid=2144213019654104apn_dtid=TCH001o=APN11459apn_ptnrs=AG1q={searchTerms}
SearchScopes: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://q.search-simple.com/?affID=pr_6c3e772b-b01f-4841-bc42-2fdd17f2c2a6q={searchTerms}
SearchScopes: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - OldSearch URL = http://www.delta-homes.com/web/?utm_source=butm_medium=wpm031832utm_campaign=install_ieutm_content=dsfrom=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bts=1426672692type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.delta-homes.com/web/?utm_source=butm_medium=wpm031832utm_campaign=install_ieutm_content=dsfrom=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bts=1426672692type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://q.search-simple.com/?affID=pr_6c3e772b-b01f-4841-bc42-2fdd17f2c2a6q={searchTerms}
SearchScopes: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - {2E929D0C-E69A-46EE-9254-C306E51E0D56} URL = http://www.delta-homes.com/web/?utm_source=butm_medium=wpm031832utm_campaign=install_ieutm_content=dsfrom=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bts=1426672692type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.delta-homes.com/web/?utm_source=butm_medium=wpm031832utm_campaign=install_ieutm_content=dsfrom=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bts=1426672692type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.delta-homes.com/web/?utm_source=butm_medium=wpm031832utm_campaign=install_ieutm_content=dsfrom=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bts=1426672692type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - {7CB332D6-BCFF-40EA-87CC-3CF28329B649} URL = http://www.delta-homes.com/web/?utm_source=butm_medium=wpm031832utm_campaign=install_ieutm_content=dsfrom=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bts=1426672692type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=20systemid=2v=n15724-657apn_uid=3101723293304262apn_dtid=IME002o=APN10641apn_ptnrs=AG2q={searchTerms}
SearchScopes: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = http://www.delta-homes.com/web/?utm_source=butm_medium=wpm031832utm_campaign=install_ieutm_content=dsfrom=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bts=1426672692type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.delta-homes.com/web/?utm_source=butm_medium=wpm031832utm_campaign=install_ieutm_content=dsfrom=wpm031832uid=ST3500418AS_6VMEYF6BXXXX6VMEYF6Bts=1426672692type=defaultq={searchTerms}
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll [2015-03-16] (Thinknice Co. Limited)
BHO-x32: Hold Page 1.0.0.7 - {6c14185e-4de6-4a79-985b-19f23fd1e638} - C:\Program Files (x86)\Hold Page\HoldPageBHO.dll [2015-01-27] (Hold Page)
Toolbar: HKU\S-1-5-21-1534801600-899841055-2755804120-1000 - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1417608149from=smtuid=ST3500418AS_6VMEYF6BXXXX6VMEYF6B
FF DefaultSearchEngine: delta-homes
FF SelectedSearchEngine: delta-homes
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bdtype=616_pr __alt__ ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddchsimp=yhs-ddc_bdtype=616_pr __alt__ ddc_dss_bd_comp=
FF SearchPlugin: C:\Users\Pakyer\AppData\Roaming\Mozilla\Firefox\Profiles\56b6ssyy.default\searchplugins\Ask.xml [2015-03-21]
FF SearchPlugin: C:\Users\Pakyer\AppData\Roaming\Mozilla\Firefox\Profiles\56b6ssyy.default\searchplugins\bing-.xml [2015-03-16]
FF SearchPlugin: C:\Users\Pakyer\AppData\Roaming\Mozilla\Firefox\Profiles\56b6ssyy.default\searchplugins\delta-homes.xml [2015-04-18]
FF SearchPlugin: C:\Users\Pakyer\AppData\Roaming\Mozilla\Firefox\Profiles\56b6ssyy.default\searchplugins\dsrlte.xml [2015-01-17]
FF SearchPlugin: C:\Users\Pakyer\AppData\Roaming\Mozilla\Firefox\Profiles\56b6ssyy.default\searchplugins\search-simple.xml [2015-03-21]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2015-03-21]
FF Extension: No Name - C:\Users\Pakyer\AppData\Roaming\Mozilla\Firefox\Profiles\56b6ssyy.default\Extensions\bingsearch.full@microsoft.com [2015-03-16]
FF Extension: No Name - C:\Users\Pakyer\AppData\Roaming\Mozilla\Firefox\Profiles\56b6ssyy.default\Extensions\quick_searchff@gmail.com [2015-04-14]
FF Extension: Search Enginer - C:\Users\Pakyer\AppData\Roaming\Mozilla\Firefox\Profiles\56b6ssyy.default\Extensions\searchengine@gmail.com [2015-03-18]
FF Extension: Hold Page 1.0.1 - C:\Users\Pakyer\AppData\Roaming\Mozilla\Firefox\Profiles\56b6ssyy.default\Extensions\{df47b99d-26f5-45f4-85c5-97b4da365f21}.xpi [2014-12-01]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Pakyer\AppData\Roaming\Mozilla\Firefox\Profiles\56b6ssyy.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Pakyer\AppData\Roaming\Mozilla\Firefox\Profiles\56b6ssyy.default\extensions\istart_ffnt@gmail.com
CHR Extension: (dmapjkjepgghkjajoahicmggbabonhbp) - C:\Users\Pakyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmapjkjepgghkjajoahicmggbabonhbp [2014-09-12]
OPR Extension: (V-9.1HD) - C:\Users\Pakyer\AppData\Roaming\Opera Software\Opera Stable\Extensions\gieanldgaaaifgdkimlkfakbpofihpdf [2014-09-08]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [714208 2014-12-03] (Cherished Technololgy LIMITED)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-03-16] (XTab system)
R2 Update Hold Page; C:\Program Files (x86)\Hold Page\updateHoldPage.exe [409328 2015-04-18] ()
R2 Util Hold Page; C:\Program Files (x86)\Hold Page\bin\utilHoldPage.exe [409328 2015-04-18] ()
R1 {078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64; C:\Windows\System32\drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}Gw64.sys [48784 2014-12-09] (StdLib)
R1 {27899312-155f-40f3-8661-fb6675d82b4b}Gw64; C:\Windows\System32\drivers\{27899312-155f-40f3-8661-fb6675d82b4b}Gw64.sys [48784 2014-12-21] (StdLib)
R1 {2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64; C:\Windows\System32\drivers\{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}Gw64.sys [48784 2014-12-05] (StdLib)
R1 {40d1e549-9fca-4f25-a19d-d845842dd635}Gw64; C:\Windows\System32\drivers\{40d1e549-9fca-4f25-a19d-d845842dd635}Gw64.sys [48784 2014-12-30] (StdLib)
R1 {507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64; C:\Windows\System32\drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64.sys [48776 2014-12-03] (StdLib)
R1 {8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64; C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}Gw64.sys [48784 2014-12-15] (StdLib)
R1 {84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64; C:\Windows\System32\drivers\{84edc66f-0e16-4519-bd1a-cead01f243ac}Gw64.sys [48784 2015-01-02] (StdLib)
R1 {91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64; C:\Windows\System32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64.sys [48784 2015-01-05] (StdLib)
R1 {a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64; C:\Windows\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}Gw64.sys [48784 2014-12-12] (StdLib)
R1 {c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64; C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw64.sys [48784 2014-12-27] (StdLib)
R1 {ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw64; C:\Windows\System32\drivers\{ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw64.sys [48784 2014-12-24] (StdLib)
R1 {df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64; C:\Windows\System32\drivers\{df47b99d-26f5-45f4-85c5-97b4da365f21}Gw64.sys [48776 2014-11-30] (StdLib)
R1 {fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64; C:\Windows\System32\drivers\{fb92e7a9-ee13-44c3-a51b-600382fe9211}Gw64.sys [48784 2014-12-18] (StdLib)
2015-04-18 17:37 - 2014-12-01 10:09 - 00000000 ____ D () C:\Program Files (x86)\Hold Page
2015-03-28 13:45 - 2015-01-17 08:18 - 00003512 _____ () C:\Windows\System32\Tasks\Yahoo! Search Updater
2015-03-28 13:45 - 2015-01-17 08:18 - 00003508 _____ () C:\Windows\System32\Tasks\Yahoo! Search
2015-03-21 18:18 - 2015-03-18 11:58 - 00000000 ____ D () C:\Program Files (x86)\WinZipper
2014-09-07 20:49 - 2014-09-07 20:49 - 0616240 _____ (ClickMeIn Limited) C:\Users\Pakyer\AppData\Local\nsnA87A.tmp
2014-09-07 20:25 - 2014-09-07 20:25 - 0616240 _____ (ClickMeIn Limited) C:\Users\Pakyer\AppData\Local\nsqE497.tmp
2014-09-07 20:46 - 2014-09-07 20:46 - 0616240 _____ (ClickMeIn Limited) C:\Users\Pakyer\AppData\Local\nsuECF7.tmp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Atis) #3

W panelu sterowania odinstaluj Hold Page i Yahoo! Search.

Usuń szkodliwe rozszerzenia w przeglądarce Firefox i Chrome

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(siemniaq) #4

Acorus i Atis zrobiłem to co chcieliście i daje nowy FRST:

 

http://wklejto.pl/225896


(Acorus) #5

Otwórz notatnik systemowy i wklej:

HKU\S-1-5-21-1534801600-899841055-2755804120-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=hp-ddc-bdtype=616_pr __alt__ ddc_dsssyc_bd_com
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tabtype=616_pr __alt__ ddc_dsssyctab_bd_com
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-04]
2015-04-19 09:29 - 2014-09-08 09:39 - 00000000 ____ D () C:\AdwCleaner

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Zainstaluj Foxit Reader http://ninite.com/foxit/