Przeglądarka sama się włącza, nowe karty z reklamami

smokniebios · 18 Listopada 2015

Otóż jak w temacie przeglądarka sama się włancza co kilka minut i otiwera różne strony z lekramami natomiast jak przeglądam internet to co chwile wyskakuja nowe karty z lekramami. Prosze o pomoc jestem nowicjuszem w takich sprawach wiec niewiem co robic antywirus nic nie wykrywa ;/

jeszcze dodam ze laptop nieraz instaluje różne niechciane programy

picasso · 19 Listopada 2015

Zasady działu: KLIK. Logi z przestarzałego OTL w ogóle tu nie są brane już pod uwagę, usuwam. Obowiązkowe są raporty z FRST i GMER.

smokniebios · 20 Listopada 2015

oto sa juz logi podane przez program który zalecany jest przez was

Addition.txt

FRST.txt

picasso · 21 Listopada 2015

Podałam powyżej linki opisujące szczegółowe tworzenie logów, a nadal brak trzeciego obowiązkowego pliku FRST Shortcut (na pewno są w Twoim systemie zmodyfikowane skróty), nie został podany także GMER.

Istotnie, mamy tu nalot śmieci adware. Operacje wstępne do wykonania:

1. Otwórz Notatnik i wklej w nim:

CloseProcesses:
CreateRestorePoint:
Task: {03A4A24C-F87D-4DBD-84AF-983CE636790D} - System32\Tasks\045046ba-99ea-4388-99ae-95274737524e-13 => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-13.exe 
Task: {18090F00-896B-430A-A146-52CC03646C27} - System32\Tasks\045046ba-99ea-4388-99ae-95274737524e-10_user => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-10.exe 
Task: {19DEA0A1-0FF6-403B-A66D-CD63500FC9CD} - System32\Tasks\045046ba-99ea-4388-99ae-95274737524e-1-7 => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-1-7.exe 
Task: {1A730687-8FDA-4F28-A3AC-55D46ADE15D5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku 
Task: {25A136B5-D0A7-4050-B0EE-3D3619C96111} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku 
Task: {28444E31-B373-4AB9-B7B8-3B1FD7BD8AF2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku 
Task: {387875A3-C5AA-4C50-815F-20CE57F178FC} - System32\Tasks\m5IHpLo4uqDaN8f8K2Zf => C:\Users\neonet\AppData\Roaming\m5IHpLo4uqDaN8f8K2Zf.exe 
Task: {4212DC6F-4BE9-4DD6-BE0F-11B8CDD8FF6F} - System32\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-5_user => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-5.exe 
Task: {49973EFE-93BA-405C-AA55-C9DFFC25415B} - System32\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-11 => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-11.exe 
Task: {4F69EB0D-FC88-45AF-B258-5849C8663194} - System32\Tasks\045046ba-99ea-4388-99ae-95274737524e-5_user => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-5.exe 
Task: {525409B0-442D-4533-95CB-55945E78209F} - System32\Tasks\f7c8f634-188b-4043-85a5-9c88a3375339-1-6 => C:\Program Files (x86)\MyBrowser 1.0.2V04.11\f7c8f634-188b-4043-85a5-9c88a3375339-1-6.exe [2015-11-04] (MyBrowser 1.0.2V04.11) 
Task: {58ECC50E-D9BA-48EB-AFCB-9736FD30723B} - System32\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-4 => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-4.exe 
Task: {605AAA22-68EA-4054-936F-7E8F82FE8B49} - System32\Tasks\094f5983-8906-4189-a0fe-4807871da8dd-14 => C:\Program Files (x86)\iWebar\094f5983-8906-4189-a0fe-4807871da8dd-14.exe 
Task: {65DBAA3A-CC8C-4278-919C-F5E5E2083CE8} - System32\Tasks\045046ba-99ea-4388-99ae-95274737524e-4 => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-4.exe 
Task: {66031C1A-0DB6-416C-A3C5-4DD11CA899A0} - System32\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-1-7 => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-1-7.exe 
Task: {67A773EB-2B10-4BAA-83E0-A1D5E8B611CD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku 
Task: {69249BCE-E9A2-4AAF-8828-1A982326122E} - System32\Tasks\f7c8f634-188b-4043-85a5-9c88a3375339-5_user => C:\Program Files (x86)\MyBrowser 1.0.2V04.11\f7c8f634-188b-4043-85a5-9c88a3375339-5.exe [2015-11-04] (MyBrowser 1.0.2V04.11) 
Task: {6C664244-7C2D-4FA1-9D44-57150B4C6CC1} - System32\Tasks\f7c8f634-188b-4043-85a5-9c88a3375339-5 => C:\Program Files (x86)\MyBrowser 1.0.2V04.11\f7c8f634-188b-4043-85a5-9c88a3375339-5.exe [2015-11-04] (MyBrowser 1.0.2V04.11) 
Task: {79376204-39CB-4A58-BE05-1B04AE66281D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku 
Task: {7B746560-A748-4392-ACD0-B6A7CCEE898B} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe 
Task: {7BBF58DE-1513-4C34-8012-2041B8ADE3AA} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Core => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe 
Task: {7D206AFD-CADB-42FB-A493-7136EAF5CBD1} - System32\Tasks\045046ba-99ea-4388-99ae-95274737524e-1-6 => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-1-6.exe [2015-11-01] (HD CinemaV26.10) 
Task: {7E124303-5020-41E1-B14A-7FA847F3AC5B} - System32\Tasks\045046ba-99ea-4388-99ae-95274737524e-5 => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-5.exe 
Task: {89A38C44-9570-4C18-AEE4-8B0DCBCF1522} - System32\Tasks\SPBIW_UpdateTask_Time_3637343837373033302d4a4a5b415a34782a456c375a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 
Task: {8C2E8158-33E7-40A5-A18B-0BA4DED8BAC2} - System32\Tasks\Driver Booster SkipUAC (neonet) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {91806277-8D88-44E4-ACD9-A48C44C215E5} - System32\Tasks\045046ba-99ea-4388-99ae-95274737524e-14 => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-14.exe [2015-11-01] (HD CinemaV26.10) 
Task: {939192D5-DE10-45A9-97E9-065C6B5A41AD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku 
Task: {93EA6110-A998-4D01-B427-E3AA274E9F12} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe 
Task: {99A7A3A8-17B5-4E36-A6D5-A51C5386507F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku 
Task: {9B32F0A8-73C1-4BBF-893B-501B2FF7ABE9} - System32\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-5 => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-5.exe 
Task: {A5B05EEB-A079-4FB6-AD33-E155E15A1475} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku 
Task: {AEA10757-FD64-4595-BE6B-4883E8DDBE3A} - System32\Tasks\{1DF75DBD-5781-4610-9A12-5D8532BE2AFA} => pcalua.exe -a C:\Users\neonet\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=tt4u
Task: {C6D18FCB-D384-410A-8DA8-CC42746A4CF3} - System32\Tasks\{683F0016-65F2-44BE-8E00-EC69146D06F4} => pcalua.exe -a C:\Users\neonet\Downloads\gw_setup_2.51.002_usa_downloader.exe -d C:\WINDOWS\system32
Task: {C838295B-C42F-41D7-8778-260E646BFC4F} - System32\Tasks\f7c8f634-188b-4043-85a5-9c88a3375339-4 => C:\Program Files (x86)\MyBrowser 1.0.2V04.11\f7c8f634-188b-4043-85a5-9c88a3375339-4.exe [2015-11-04] (MyBrowser 1.0.2V04.11) 
Task: {CDEC2BF1-025D-40DC-9164-63936B0B18A1} - System32\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-13 => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-13.exe 
Task: {D112501E-8E4A-4C2B-B6DE-02B5DFD307C5} - System32\Tasks\f7c8f634-188b-4043-85a5-9c88a3375339-1-7 => C:\Program Files (x86)\MyBrowser 1.0.2V04.11\f7c8f634-188b-4043-85a5-9c88a3375339-1-7.exe [2015-11-04] (MyBrowser 1.0.2V04.11) 
Task: {D3763718-9C6D-474D-A025-85A10B0F78D3} - System32\Tasks\EYACi2NV25e9IWYh => C:\Users\neonet\AppData\Roaming\EYACi2NV25e9IWYh.exe 
Task: {D544FD56-57A1-4038-AC57-8F4A0D25AD22} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe 
Task: {D5C9F833-EC48-4BFA-997F-841DFC00ED08} - System32\Tasks\SwiftSearch Auto Updater 1.10.0.25 Pending Update => C:\Program Files (x86)\SwiftSearch_1.10.0.25\Update\SwiftSearchAutoUpdateClient.exe 
Task: {D690F133-5971-4AB9-8996-BDAB89FE9E52} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku 
Task: {E3078225-F5D6-40CE-B9A6-CFE7008BD9FB} - System32\Tasks\Inst_Rep => C:\Users\neonet\AppData\Local\Installer\Install_29579\ytdieamodc_amodc_inst.exe 
Task: {EAF7F46F-DADC-4781-948D-308003A6094E} - System32\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-14 => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-14.exe 
Task: {F7A19F5F-C495-453F-B9B8-13FCEFA4A09B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku 
Task: {FB63CF76-B65B-4C56-BE5C-0A667D9399EA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku 
Task: C:\WINDOWS\Tasks\045046ba-99ea-4388-99ae-95274737524e-1-6.job => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-1-6.exe 
Task: C:\WINDOWS\Tasks\045046ba-99ea-4388-99ae-95274737524e-1-7.job => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-1-7.exe 
Task: C:\WINDOWS\Tasks\045046ba-99ea-4388-99ae-95274737524e-10_user.job => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-10.exe 
Task: C:\WINDOWS\Tasks\045046ba-99ea-4388-99ae-95274737524e-13.job => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-13.exe 
Task: C:\WINDOWS\Tasks\045046ba-99ea-4388-99ae-95274737524e-14.job => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-14.exe 
Task: C:\WINDOWS\Tasks\045046ba-99ea-4388-99ae-95274737524e-4.job => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-4.exe 
Task: C:\WINDOWS\Tasks\045046ba-99ea-4388-99ae-95274737524e-5.job => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-5.exe 
Task: C:\WINDOWS\Tasks\045046ba-99ea-4388-99ae-95274737524e-5_user.job => C:\Program Files (x86)\Plus.HD_3.5V26.10\045046ba-99ea-4388-99ae-95274737524e-5.exe 
Task: C:\WINDOWS\Tasks\094f5983-8906-4189-a0fe-4807871da8dd-1-6.job => C:\Program Files (x86)\iWebar\094f5983-8906-4189-a0fe-4807871da8dd-1-6.exe 
Task: C:\WINDOWS\Tasks\094f5983-8906-4189-a0fe-4807871da8dd-14.job => C:\Program Files (x86)\iWebar\094f5983-8906-4189-a0fe-4807871da8dd-14.exe 
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe 
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe 
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe 
Task: C:\WINDOWS\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-1-6.job => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-1-6.exe 
Task: C:\WINDOWS\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-1-7.job => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-1-7.exe 
Task: C:\WINDOWS\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-11.job => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-11.exe 
Task: C:\WINDOWS\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-13.job => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-13.exe 
Task: C:\WINDOWS\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-14.job => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-14.exe 
Task: C:\WINDOWS\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-4.job => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-4.exe 
Task: C:\WINDOWS\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-5.job => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-5.exe 
Task: C:\WINDOWS\Tasks\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-5_user.job => C:\Program Files (x86)\Object Browser\eb89db5c-4242-4c43-9ec6-bb4d110c51b8-5.exe 
Task: C:\WINDOWS\Tasks\EYACi2NV25e9IWYh.job => C:\Users\neonet\AppData\Roaming\EYACi2NV25e9IWYh.exe 
Task: C:\WINDOWS\Tasks\f7c8f634-188b-4043-85a5-9c88a3375339-1-6.job => C:\Program Files (x86)\MyBrowser 1.0.2V04.11\f7c8f634-188b-4043-85a5-9c88a3375339-1-6.exe 
Task: C:\WINDOWS\Tasks\f7c8f634-188b-4043-85a5-9c88a3375339-1-7.job => C:\Program Files (x86)\MyBrowser 1.0.2V04.11\f7c8f634-188b-4043-85a5-9c88a3375339-1-7.exe 
Task: C:\WINDOWS\Tasks\f7c8f634-188b-4043-85a5-9c88a3375339-10_user.job => C:\Program Files (x86)\MyBrowser 1.0.2V04.11\f7c8f634-188b-4043-85a5-9c88a3375339-10.exe 
Task: C:\WINDOWS\Tasks\f7c8f634-188b-4043-85a5-9c88a3375339-4.job => C:\Program Files (x86)\MyBrowser 1.0.2V04.11\f7c8f634-188b-4043-85a5-9c88a3375339-4.exe 
Task: C:\WINDOWS\Tasks\f7c8f634-188b-4043-85a5-9c88a3375339-5.job => C:\Program Files (x86)\MyBrowser 1.0.2V04.11\f7c8f634-188b-4043-85a5-9c88a3375339-5.exe 
Task: C:\WINDOWS\Tasks\f7c8f634-188b-4043-85a5-9c88a3375339-5_user.job => C:\Program Files (x86)\MyBrowser 1.0.2V04.11\f7c8f634-188b-4043-85a5-9c88a3375339-5.exe 
Task: C:\WINDOWS\Tasks\lKBXgShYBalL.job => C:\Users\neonet\AppData\Roaming\lKBXgShYBalL.exe 
Task: C:\WINDOWS\Tasks\m5IHpLo4uqDaN8f8K2Zf.job => C:\Users\neonet\AppData\Roaming\m5IHpLo4uqDaN8f8K2Zf.exe 
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
R2 NetTcpHandler; C:\Users\neonet\AppData\Roaming\NetService\netservice.exe [173088 2015-07-09] ()
S2 nycofopu; C:\Program Files (x86)\89F05967-1446378691-E311-9304-F8A963A25728\knsd9C24.tmp [295424 2015-11-01] () [brak podpisu cyfrowego]
R2 qymylofy; C:\Program Files (x86)\89F05967-1446378691-E311-9304-F8A963A25728\hnsm91A5.tmp [624640 2015-11-01] () [brak podpisu cyfrowego]
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170656 2015-11-20] (TODO: )
R1 swsedrvr_vw_1_10_0_25; C:\Windows\System32\drivers\swsedrvr_vw_1_10_0_25.sys [57720 2015-09-22] (SS)
R2 WdsManPro; C:\ProgramData\9WMiniPro9\WMiniPro.exe [301704 2015-11-04] (DTools LIMITED)
S2 dugihemu; Brak ImagePath
S2 globalUpdate; Brak ImagePath 
S2 jeqypocy; Brak ImagePath
S2 jofoqyze; Brak ImagePath
S2 pokorugi; Brak ImagePath
S2 pumoxobo; Brak ImagePath
S2 SPBIUpd; Brak ImagePath
S3 SPBIUpdd; Brak ImagePath
HKLM-x32\...\Run: [mbot_pl_014010132] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010135] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010136] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010137] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010141] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010142] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010145] => [X]
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-914788410-3469393587-4056872421-1002\...\Run: [OpenCL] => C:\Users\neonet\AppData\Roaming\OpenCL\nircmd.exe [44032 2013-08-11] (NirSoft)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130908526712282746&GUID=A29FEB64-C1DD-45A0-B0F7-2B780D26CEDC
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130908526712300327&GUID=A29FEB64-C1DD-45A0-B0F7-2B780D26CEDC
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1446378212&z=e523403e3bbbca8a3b9faa0g7zfz2q0c6mfb1o5gfo&from=amt&uid=wdcxwd5000lpvx-22v0tt0_wd-wxq1e34jajy4jajy4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1446378212&z=e523403e3bbbca8a3b9faa0g7zfz2q0c6mfb1o5gfo&from=amt&uid=wdcxwd5000lpvx-22v0tt0_wd-wxq1e34jajy4jajy4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1446378212&z=e523403e3bbbca8a3b9faa0g7zfz2q0c6mfb1o5gfo&from=amt&uid=wdcxwd5000lpvx-22v0tt0_wd-wxq1e34jajy4jajy4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1446378212&z=e523403e3bbbca8a3b9faa0g7zfz2q0c6mfb1o5gfo&from=amt&uid=wdcxwd5000lpvx-22v0tt0_wd-wxq1e34jajy4jajy4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446378212&z=e523403e3bbbca8a3b9faa0g7zfz2q0c6mfb1o5gfo&from=amt&uid=wdcxwd5000lpvx-22v0tt0_wd-wxq1e34jajy4jajy4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446378212&z=e523403e3bbbca8a3b9faa0g7zfz2q0c6mfb1o5gfo&from=amt&uid=wdcxwd5000lpvx-22v0tt0_wd-wxq1e34jajy4jajy4&q={searchTerms}
HKU\S-1-5-21-914788410-3469393587-4056872421-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130907533137517380&GUID=A29FEB64-C1DD-45A0-B0F7-2B780D26CEDC
HKU\S-1-5-21-914788410-3469393587-4056872421-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1446378212&z=e523403e3bbbca8a3b9faa0g7zfz2q0c6mfb1o5gfo&from=amt&uid=wdcxwd5000lpvx-22v0tt0_wd-wxq1e34jajy4jajy4
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-914788410-3469393587-4056872421-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1446378212&z=e523403e3bbbca8a3b9faa0g7zfz2q0c6mfb1o5gfo&from=amt&uid=wdcxwd5000lpvx-22v0tt0_wd-wxq1e34jajy4jajy4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-914788410-3469393587-4056872421-1002 -> {B9CBBF1D-E402-489E-911F-55D9F27BCE97} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1446378461&z=74258586c020f9dffcbde2bg0zaz7qcc5mfbczeqfg&from=tt4u&uid=WDCXWD5000LPVX-22V0TT0_WD-WXQ1E34JAJY4JAJY4
Edge HomeButtonPage: HKU\S-1-5-21-914788410-3469393587-4056872421-1002 -> hxxp://www.oursurfing.com/?type=hp&ts=1446378212&z=e523403e3bbbca8a3b9faa0g7zfz2q0c6mfb1o5gfo&from=amt&uid=wdcxwd5000lpvx-22v0tt0_wd-wxq1e34jajy4jajy4
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.istartpageing.com/?type=sc&ts=1448033137&z=d0f4768d4f94f44f110c7ecg1z0z6bae1cfc2g1o4t&from=cmi&uid=WDCXWD5000LPVX-22V0TT0_WD-WXQ1E34JAJY4JAJY4
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [brak pliku]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [brak pliku]
Reg: reg query HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions /s
Reg: reg export HKLM\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions C:\Users\neonet\Desktop\ff.reg
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\neonet\AppData\Roaming\Mozilla\Firefox\Profiles\mhe3ch4g.default\extensions\deskCutv2@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\neonet\AppData\Roaming\Mozilla\Firefox\Profiles\mhe3ch4g.default\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\neonet\AppData\Roaming\Mozilla\Firefox\Profiles\mhe3ch4g.default\extensions\yahooprotected@gmail.com
C:\Program Files\Common Files\ShopperPro
C:\Program Files (x86)\89F05967-1446378691-E311-9304-F8A963A25728
C:\Program Files (x86)\Crossbrowse
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\IObit
C:\Program Files (x86)\jogotempo
C:\Program Files (x86)\MyBrowser
C:\Program Files (x86)\Opera
C:\Program Files (x86)\SFK
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\ProgramData\{ACBCD40A-42A8-4FF9-BD42-ABCD14998CBA}
C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
C:\ProgramData\IObit
C:\ProgramData\Nero
C:\ProgramData\ProductData
C:\ProgramData\ShopperPro
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBrowser
C:\Users\Default\AppData\Roaming\IObit
C:\Users\neonet\AppData\Local\nsgCA8B.tmp
C:\Users\neonet\AppData\Local\89F05967-1446382352-E311-9304-F8A963A25728
C:\Users\neonet\AppData\Local\89F05967-1446648667-E311-9304-F8A963A25728
C:\Users\neonet\AppData\Local\89F05967-1446648686-E311-9304-F8A963A25728
C:\Users\neonet\AppData\Local\Crossbrowse
C:\Users\neonet\AppData\Local\globalUpdate
C:\Users\neonet\AppData\Local\MyBrowser
C:\Users\neonet\AppData\Local\Opera Software
C:\Users\neonet\AppData\Local\SmartWeb
C:\Users\neonet\AppData\LocalLow\IObit
C:\Users\neonet\AppData\LocalLow\SmartWeb
C:\Users\neonet\AppData\Roaming\apachesrvin.vbs
C:\Users\neonet\AppData\Roaming\die.bat
C:\Users\neonet\AppData\Roaming\gameboxsetup.exe
C:\Users\neonet\AppData\Roaming\lKBXgShYBalL
C:\Users\neonet\AppData\Roaming\AnyProtectEx
C:\Users\neonet\AppData\Roaming\Apple Computer
C:\Users\neonet\AppData\Roaming\cpuminer
C:\Users\neonet\AppData\Roaming\IObit
C:\Users\neonet\AppData\Roaming\istartpageing
C:\Users\neonet\AppData\Roaming\istartsurf
C:\Users\neonet\AppData\Roaming\mystartsearch
C:\Users\neonet\AppData\Roaming\NetService
C:\Users\neonet\AppData\Roaming\OpenCL
C:\Users\neonet\AppData\Roaming\Opera Software
C:\Users\neonet\AppData\Roaming\oursurfing
C:\Users\neonet\AppData\Roaming\ProductData
C:\Users\neonet\AppData\Roaming\RunDir
C:\Users\neonet\AppData\Roaming\shortCutStore
C:\Users\neonet\AppData\Roaming\systweak
C:\Users\neonet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jogotempo
C:\Users\neonet\Desktop\jogotempo.lnk
C:\Users\Public\Documents\ShopperPro
C:\Windows\system32\config\*.iobit
C:\Windows\System32\Drivers\swsedrvr_vw_1_10_0_25.sys
C:\Windows\system32\Drivers\etc\hp.bak
C:\Windows\Tasks\ImCleanDisabled
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
Folder: C:\Users\neonet\AppData\Local\NetworkTiles
CMD: for /d %f in (C:\ProgramData\*WMiniPro*) do rd /s /q "%f"
Reg: reg delete HKCU\Software\Google /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v ChomikBox /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v GG /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Napisy24Update /f
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Skype /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC} /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\NAUpdate /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f
CMD: netsh advfirewall reset
EmptyTemp:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

2. Deinstalacje:

Klawisz z flaą Windows + X > Programy i funkcje > odinstaluj stare wersje i adware: Adobe Reader XI (11.0.12) MUI, eBay Worldwide, IGG Web3D Player, iWebar, Java 8 Update 51, MyBrowser 1.0.2V04.11, Object Browser, Plus.HD_3.5V26.10, Remote Desktop Access (VuuPC). Jeśli coś będzie niewidoczne, lub zwróci błąd deinstalacji, kontynuuj dalej.
Uruchom narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście wpis globalupdate Helper > Dalej.

3. Wyczyść Firefox z adware:

Odłącz synchronizację (o ile włączona): KLIK.
Menu Pomoc > Informacje dla pomocy technicznej > Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone.
Menu Historia > Wyczyść całą historię przeglądania.

4. Zrób nowy log FRST z opcji Skanuj (Scan), z zaznaczonymi polami Addition i Shortcut. Dołącz też plik fixlog.txt. Na Pulpicie powstał także plik ff.reg - shostuj go gdzieś i podaj do niego link. Edytowane 2 Czerwca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso

Zaloguj się

Przeglądarka sama się włącza, nowe karty z reklamami

Rekomendowane odpowiedzi

smokniebios

Odnośnik do komentarza

picasso

Odnośnik do komentarza

smokniebios

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność