Wyskakujące reklamy, wyskakujące nowe karty. Proszę o pomoc!


(Domagalski Lukasz) #1

Witam, na rodziców laptopie od pewnego czasu wyskakują reklamy i otwierają się samoczynnie nowe karty. Mogę prosić o pomoc?

 

FRST - http://wklej.org/id/1635288/

 

Addition - http://wklej.org/id/1635289/


(Acorus) #2

Otwórz notatnik systemowy i wklej:

HKU\S-1-5-21-600667251-3016782913-1232272701-1000\...\Run: [Yahoo! Search] = C:\Users\HP\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe
HKU\S-1-5-21-600667251-3016782913-1232272701-1000\...\MountPoints2: {1c47547b-f87d-11e3-8c1d-806e6f6e6963} - F:\Autorun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hpts=1423520768from=coruid=ST9250320AS_5SW2MVJZ
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hpts=1423520768from=coruid=ST9250320AS_5SW2MVJZ
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-600667251-3016782913-1232272701-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hpts=1423520768from=coruid=ST9250320AS_5SW2MVJZ
HKU\S-1-5-21-600667251-3016782913-1232272701-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hpts=1423520768from=coruid=ST9250320AS_5SW2MVJZ
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dsts=1423520768from=coruid=ST9250320AS_5SW2MVJZq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dsts=1423520768from=coruid=ST9250320AS_5SW2MVJZq={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-600667251-3016782913-1232272701-1000 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9250320AS_5SW2MVJZts=1423520877type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-600667251-3016782913-1232272701-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9250320AS_5SW2MVJZts=1423520877type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-600667251-3016782913-1232272701-1000 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9250320AS_5SW2MVJZts=1423520877type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-600667251-3016782913-1232272701-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9250320AS_5SW2MVJZts=1423520877type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-600667251-3016782913-1232272701-1000 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9250320AS_5SW2MVJZts=1423520877type=defaultq={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\XTab\SupTab.dll (Thinknice Co. Limited)
FF DefaultSearchEngine: key-find
FF SelectedSearchEngine: key-find
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\kh6qe179.default\searchplugins\key-find.xml
FF Extension: Fast Start - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\kh6qe179.default\Extensions\faststartff@gmail.com [2015-02-09]
FF Extension: FF Toolbar - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\kh6qe179.default\Extensions\fftoolbar2014@etech.com [2015-02-09]
FF Extension: Zoom It - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\kh6qe179.default\Extensions\{2b7eff86-aadb-7b2b-35ad-d9a7c0803e40} [2015-02-12]
FF Extension: Zoom It - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\kh6qe179.default\Extensions\{d210c5e7-e491-4232-2d0c-b36010bfc36b} [2015-02-14]
FF HKLM\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\kh6qe179.default\extensions\fftoolbar2014@etech.com
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\kh6qe179.default\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-600667251-3016782913-1232272701-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR HomePage: Default - hxxp://www.key-find.com/?type=hpts=1423520768from=coruid=ST9250320AS_5SW2MVJZ
CHR StartupUrls: Default - "hxxp://www.key-find.com/?type=hpts=1423520768from=coruid=ST9250320AS_5SW2MVJZ"
CHR DefaultSearchKeyword: Default - key-find
CHR Extension: (SunriseBrowse) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\piebencamdbkgodmjjondhafckljhpml [2014-12-05]
CHR HKU\S-1-5-21-600667251-3016782913-1232272701-1000\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - No Path
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system
R2 MaintainerSvc2.61.4907295; C:\ProgramData\89c775be-12de-4e15-846c-6b3e6a8c39a2\maintainer.exe [123640 2015-02-14] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-09] (SysTool PasSame LIMITED)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
2015-02-09 23:28 - 2015-02-09 23:28 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-02-09 23:27 - 2015-02-09 23:28 - 00000000 ____ D () C:\Program Files\XTab
2015-02-09 23:27 - 2015-02-09 23:27 - 00000000 ____ D () C:\Users\HP\AppData\Roaming\key-find
2015-02-09 23:27 - 2015-02-09 23:27 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Domagalski Lukasz) #3

Jest troszkę lepiej ale jeszcze coś się pojawia, nie wiem czy dobrze ale to są nowe logi.

 

FRST - http://wklej.org/id/1635332/

 

Addition - http://wklej.org/id/1635333/


(Acorus) #4

Odinstaluj,McAfee Security Scan Plus.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [144784 2008-06-10] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-28]
R2 pfsvc_1.10.0.8; C:\Program Files\PhraseFinder_1.10.0.8\Service\pfsvc.exe [278608 2015-01-21] (Phrase Finder)
R1 pfnfd_1_10_0_8; C:\Windows\System32\drivers\pfnfd_1_10_0_8.sys [52728 2015-01-21] (Phrase Finder)
2015-02-09 23:25 - 2015-02-09 23:25 - 00000000 ____ D () C:\Program Files\PhraseFinder_1.10.0.8
2015-01-21 20:41 - 2015-01-21 20:41 - 00052728 _____ (Phrase Finder) C:\Windows\system32\Drivers\pfnfd_1_10_0_8.sys
2015-02-14 15:24 - 2014-12-29 20:46 - 00000000 ____ D () C:\AdwCleaner

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Domagalski Lukasz) #5

Wygląda na to, że pomogło. Dziękuję za pomoc!


(Acorus) #6

Skasuj folder C:\FRST