Yontoo, BrowseStudio - wirusy z reklamami

Witam, na komputerze siostry zalęgły się wirusy, niestety podstawowa ‘Aspiryna’ w postaci zwyczajnego odinstalowania tradycyjnie nie działa, więc zwracam się do Was z prośbą o przejrzenie logów i pomoc w wyleczeniu tego biednego laptopika :slight_smile:

 

OTL.txt: http://www.wklej.org/id/1564890/

 

Extras.txt: http://www.wklej.org/id/1564894/

 

FRST.txt: http://www.wklej.org/id/1564900/

 

Addition.txt: http://www.wklej.org/id/1564901/

 

Proszę o pomoc i życzę wesołych świąt :slight_smile:

Odinstaluj AnyProtect,BrowseStudio,SpyHunter 4.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.

Sciagnij te dwa programy i potraktuj kompa nimi, powinno pomóc

http://www.dobreprogramy.pl/AdwCleaner,Program,Windows,38865.html

http://www.dobreprogramy.pl/Malwarebytes-AntiMalware,Program,Windows,13117.html

Odinstalowane, wyczyszczone z pomocą AdwCleaner. Nowe logi z FRST:

 

FRST.txt: http://www.wklej.org/id/1564941/

 

Addition.txt: http://www.wklej.org/id/1564943/

Otwórz notatnik systemowy i wklej:

HKLM-x32\...\Run: [CLVirtualDrive] = C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EfficientStickyNotes] = [X]
HKU\S-1-5-21-94318057-4070914936-490444792-1001\...\RunOnce: [Adobe Speed Launcher] = 1419252031
HKU\S-1-5-21-94318057-4070914936-490444792-1001\...\MountPoints2: {929f3518-39e3-11e4-be9c-20689d392248} - "F:\AutoRun.exe"
HKU\S-1-5-21-94318057-4070914936-490444792-1001\...\MountPoints2: {cda82538-101f-11e2-be71-806e6f6e6963} - "E:\autorun.exe"
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKLM - {B4FAC00D-DB09-4BAA-B137-E788BBFC2EFA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8tag=hp-us2-vsb-20link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}keyword={searchTerms}
SearchScopes: HKLM-x32 - {B4FAC00D-DB09-4BAA-B137-E788BBFC2EFA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8tag=hp-us2-vsb-20link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}ei={inputEncoding}fr=chr-hp-psgtype=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}keyword={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-94318057-4070914936-490444792-1001 - {B4FAC00D-DB09-4BAA-B137-E788BBFC2EFA} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8tag=hp-us2-vsb-20link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-94318057-4070914936-490444792-1001 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}keyword={searchTerms}
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 EraserUtilDrv11411; \\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]
2014-12-22 13:35 - 2014-12-22 13:36 - 00000000 ____ D () C:\AdwCleaner
2014-12-20 21:19 - 2014-12-20 21:19 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\darekk\Downloads\SpyHunter-installer.exe
2014-11-29 20:30 - 2014-11-29 20:35 - 00000000 ____ D () C:\Users\darekk\AppData\Roaming\EurekaLog
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

wszystko zrobione, w końcu brak uporczywych reklam co stronę.

Dzięki za pomoc, pozdrawiam :wink:

Skasuj folder C:\FRST