Elektroda.pl
Elektroda.pl
X

Search our partners

Find the latest content on electronic components. Datasheets.com
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Wyskakujące reklamy w przeglądarkach otwieranie nowych okien...

gromkrzy 04 Jun 2014 10:51 2172 13
  • #2
    Kolobos
    IT specialist
    Odinstaluj:
    Java (TM) 6 Update 23 (64-bit)
    ESET Online Scanner v3

    Zainstaluj http://ninite.com/java-firefox/

    Wykonaj skrypt w OTL:

    :OTL
    DRV:64bit: - [2014-05-22 18:18:04 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64.sys -- ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64)
    DRV:64bit: - [2014-04-24 12:32:28 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys -- ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64)
    CHR - homepage: http://pl.yahoo.com?fr=fpc-comodo
    O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
    O15 - HKCU\..Trusted Domains: mks.com.pl ([]http in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.17.2)
    [2014-06-04 10:26:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014-06-03 22:22:32 | 000,061,120 | ---- | C] (StdLib) -- C:\windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64.sys
    [2014-05-22 18:18:04 | 000,061,120 | ---- | M] (StdLib) -- C:\windows\SysNative\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64.sys
    [2014-05-18 23:04:30 | 000,081,920 | ---- | C] () -- C:\windows\gmt.exe


    Zrób pełny skan przy pomocy Mbam:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
  • #4
    Kolobos
    IT specialist
    Wybierz w OTL Sprzątanie i to wszystko.
  • #5
    gromkrzy
    Level 9  
    Załatwione, wszystko jak po sznurku.

    Dziękuję za pomoc.

    Temat do zamknięcia.
  • #6
    gromkrzy
    Level 9  
    I znów to samo...

    Za chwilę wrzucę pliki skanowania.
  • #7
    Kolobos
    IT specialist
    Daj logi z FRST, instrukcje masz w wiekszosci watkow.
  • #9
    Acorus 20
    Level 43  
    Odinstaluj Deal Keeper.Otwórz Notatnik i wklej:

    Task: {874F3650-FB24-4244-B79D-F470B42B5B8B} - \GoforFilesUpdate No Task File <==== ATTENTION
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    BHO-x32: Greener Web -> {1973d53b-7311-45d7-8270-f44571c041a0} -> C:\Program Files (x86)\Greener Web\767C5DE3-F1D0-4FED-9184-8F3744B39177.dll (Greener Web)
    R2 Update Deal Keeper; C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe [323320 2014-08-03] ()
    R2 Update Greener Web; C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe [318240 2014-06-20] ()
    R2 Util Deal Keeper; C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-03] ()
    R2 Util Greener Web; C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe [318240 2014-06-20] ()
    S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
    S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 NSNDIS5; \??\C:\windows\system32\NSNDIS5.SYS [X]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
    2014-08-01 15:35 - 2014-07-30 02:24 - 00061072 _____ (StdLib) C:\windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
    2014-08-01 08:57 - 2014-08-03 21:57 - 00000000 ____D () C:\Users\krzygrom\AppData\Roaming\Systweak
    2014-08-01 08:57 - 2014-07-16 16:43 - 00020280 _____ () C:\windows\system32\roboot64.exe
    2014-08-01 08:54 - 2014-08-01 15:35 - 00000000 ____D () C:\Program Files (x86)\Deal Keeper
    2014-08-01 09:17 - 2014-08-01 09:16 - 00000000 __SHD () C:\Users\krzygrom\AppData\Roaming\wyUpdate AU
    CMD: del /f /s /q %TEMP%\*.*

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix.
  • Helpful post
    #11
    Kolobos
    IT specialist
    Fixlist.txt dla FRST:
    () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe
    () C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe
    () C:\Program Files (x86)\EnterDigital\bin\utilEnterDigital.exe
    () C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter.exe
    () C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe
    () C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe
    () C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BOASHelper.exe
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    BHO-x32: EnterDigital -> {91b8f7a9-1558-40b3-b1e9-824ae5a2089f} -> C:\Program Files (x86)\EnterDigital\EnterDigitalbho.dll (EnterDigital)
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    FF Extension: EnterDigital - C:\Users\Wiola\AppData\Roaming\Mozilla\Firefox\Profiles\zp3jy7cg.default\Extensions\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}.xpi [2014-11-11]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    R2 Update EnterDigital; C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe [526064 2014-11-11] ()
    R2 Util EnterDigital; C:\Program Files (x86)\EnterDigital\bin\utilEnterDigital.exe [526064 2014-11-11] ()
    R1 {9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw64; C:\Windows\System32\drivers\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw64.sys [48784 2014-11-08] (StdLib)
    R1 {dbe9acb7-ca74-4c18-ad13-f0270d74c42d}Gw64; C:\Windows\System32\drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}Gw64.sys [48784 2014-11-09] (StdLib)
    S3 AIDA64Driver; \??\F:\aida\AIDA64 Extreme 2.60.2100\kerneld.x64 [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\
    C:\Program Files (x86)\EnterDigital\
    2014-11-10 19:15 - 2014-11-10 19:33 - 00000000 ____D () C:\Users\Wiola\AppData\Roaming\Systweak
    2014-11-10 19:15 - 2014-10-06 16:36 - 00020296 _____ () C:\Windows\system32\roboot64.exe
    2014-11-10 12:42 - 2014-11-11 13:26 - 00000000 ____D () C:\Users\Wiola\AppData\Local\PriceFountain
    2014-11-10 12:42 - 2014-11-10 18:06 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-11-10 12:42 - 2014-11-10 12:42 - 00000000 ____D () C:\Users\Wiola\AppData\Roaming\PriceFountain
    2014-11-10 12:24 - 2014-11-10 12:36 - 00753704 _____ ( ) C:\Users\Wiola\Downloads\pobierz_adblocker_setup.exe
    2014-11-09 15:59 - 2014-11-09 05:26 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{dbe9acb7-ca74-4c18-ad13-f0270d74c42d}Gw64.sys
    2014-11-08 21:31 - 2014-11-11 13:21 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
    2014-11-08 21:02 - 2014-11-08 03:26 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{9015bae7-cdbb-4473-a5d0-ecfa559b2ca5}Gw64.sys
    2014-11-08 19:57 - 2014-11-11 14:22 - 00000000 ____D () C:\Program Files (x86)\EnterDigital
    2014-11-08 19:57 - 2014-11-08 19:57 - 21360800 _____ (Mooii) C:\Users\Wiola\Downloads\PhotoScape_V3.7.exe
    2014-11-08 19:56 - 2014-11-08 19:56 - 00777088 _____ ( ) C:\Users\Wiola\Downloads\Photoscape(12505)-dp.exe

    Radze unikac PhotoScape, wszyskie szkodliwe programy zainstalowaly sie razem z nim.
  • #13
    incred
    Level 1  
    Witam,
    mam ten sam problem, po otwarciu przeglądarki internetowej pojawia mi się mnóstwo okienek z reklamami. W załączniku moje pliki z FRST. Proszę o pomoc, bo nie jestem biegły w tym temacie, a coś strasznie blokuje mi komputer.
    Pliki z FRST musiałem zapisać w Wordzie, bo coś blokuje mi możliwość zapisania plików z notatnika na dysku komputera.
  • #14
    Kolobos
    IT specialist
    Mogles wkleic na wklej.org i podac linki.

    Do tego nie podczepiaj sie pod inne watki.