Yontoo, BrowseStudio - wirusy z reklamami

falkirk · 30 Grudzień 2014 18:56

Witam, mam ten sam problem co niedawno kolega

michu325

, bardzo proszę o pomoc.

OTL.txt http://www.wklej.org/id/1580125/

Extras.txt: http://www.wklej.org/id/1580126/

FRST.txt http://www.wklej.org/id/1580141/

Addition.txt: http://www.wklej.org/id/1580142/

Acorus · 30 Grudzień 2014 19:06

Odinstaluj AellTubeNoAds,AllSAver,BoUyNSavE,DAEMON Tools Toolbar,DDownload keepeer,DigiCoupon,McAfee Security Scan Plus,SaeverEaxTeinsionn,WebGeniuos,Yontoo 1.12.02.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.

falkirk · 30 Grudzień 2014 19:45

http://www.wklej.org/id/1580186/

Acorus · 31 Grudzień 2014 09:07

Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [Adobe ARM] = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] = C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] = C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDCPL] = C:\windows\RTHDCPL.EXE [17567744 2009-03-24] (Realtek Semiconductor Corp.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKLM - URL http://startsear.ch/?aff=1q={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1292428093-1220945662-1801674531-1004 - URL http://startsear.ch/?aff=1q={searchTerms}
Toolbar: HKU\S-1-5-21-1292428093-1220945662-1801674531-1004 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Extension: AellTubeNoAds - C:\Documents and Settings\Asus\Dane aplikacji\Mozilla\Firefox\Profiles\2kk5gamr.default\Extensions\l7liuo@ozowm.co.uk [2014-01-31]
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U16) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Documents and Settings\Asus\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll No File
CHR Plugin: (vShare.tv plug-in) - C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll No File
CHR Extension: (No Name) - C:\Documents and Settings\Asus\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\fmihfgcnofbeifoccmfgdbogigmmocpe [2013-10-04]
CHR Extension: (BoUyNSavE) - C:\Documents and Settings\All Users\Dane aplikacji\bmgbckfnhdegelpbjopegdngoeihaipn\ [2013-12-07]
CHR Extension: (BuyNsAve) - C:\Documents and Settings\All Users\Dane aplikacji\mmahdbhkcgbbbkafeggiclmbjhokbnfm\ [2013-12-07]
CHR Extension: (SaeverEaxTeinsionn) - C:\Documents and Settings\All Users\Dane aplikacji\nkochmamchhcfmapjgbacliblinofppn\ [2013-12-07]
S4 IntelIde; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
U1 WS2IFSL; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
U3 a1mz609n; No ImagePath
2014-12-30 20:08 - 2014-12-30 20:26 - 00000000 ____ D () C:\AdwCleaner
2014-12-16 21:30 - 2014-12-30 20:32 - 00000000 ____ D () C:\Program Files\BoUyNSavE
2014-12-16 21:29 - 2014-12-16 21:29 - 00000000 ____ D () C:\Documents and Settings\All Users\Dane aplikacji\bmgbckfnhdegelpbjopegdngoeihaipn
2014-12-15 21:43 - 2014-12-20 12:31 - 00000000 ____ D () C:\Program Files\YouTuuBeAdaBlockE
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.