Reklamy, bezradny, pomocy

**Posty:** 4 · przez **bartekkos17** 05 Gru 2015, 10:36

Moja mozille zaatakowal wirus, nowe karty otwieraja sie same, wyskakuje milion reklam, prosze o pomoc, nie wiem co mam już zrobic
ponizej zamieszczam logi

**Posty:** 4765 · przez **ordynat** 05 Gru 2015, 12:02

1) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"

2) Otwórz Notatnik i wklej w nim:

Task: {0B111FB6-0BE8-40EC-84B2-F22D24683F44} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" <==== UWAGA
C:\ProgramData\Tmp0x0x
C:\ProgramData\Baidu Security
AppInit_DLLs: C:\ProgramData\Lightzap\Stringla.dll => C:\ProgramData\Lightzap\Stringla.dll [518656 2015-11-25] ()
AppInit_DLLs-x32: C:\ProgramData\Lightzap\Med-Dex.dll => C:\ProgramData\Lightzap\Med-Dex.dll [320512 2015-11-25] ()
C:\ProgramData\Lightzap
C:\ProgramData\Lightzaps
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.133394.0\BavShx64.dll Brak pliku
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
C:\Program Files (x86)\Baidu Security
HKU\S-1-5-21-1438467945-4215422738-4100672246-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csuWjYmRQKC4GhVt9474sANGF-HSAIub5f5tmwPhQui4eVpwOr4C59wSRyr10dgnzwAoFxQxjF1zPmAygc_PXoeBJRRofEd1OhnuOK3JhRFB-z5viUwXoG5CNESlZOZMvlPGQIr9d31tfQ,,&q={searchTerms}
HKU\S-1-5-21-1438467945-4215422738-4100672246-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csuWjYmRQKC4GhVt9474sANGF-HSAIub5f5tmwPhQui4eVpwOr4C59wSRyr10dgnzww-zB4XX4PhHpyQeLLLUSZVOTMeRUEUnQp6T8yBdCfeWyI5ETiNm-OjN96Z0ACL8df1JT7ecwNokw,,
HKU\S-1-5-21-1438467945-4215422738-4100672246-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csuWjYmRQKC4GhVt9474sANGF-HSAIub5f5tmwPhQui4eVpwOr4C59wSRyr10dgnzwAoFxQxjF1zPmAygc_PXoeBJRRofEd1OhnuOK3JhRFB-z5viUwXoG5CNESlZOZMvlPGQIr9d31tfQ,,&q={searchTerms}
HKU\S-1-5-21-1438467945-4215422738-4100672246-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csuWjYmRQKC4GhVt9474sANGF-HSAIub5f5tmwPhQui4eVpwOr4C59wSRyr10dgnzwAoFxQxjF1zPmAygc_PXoeBJRRofEd1OhnuOK3JhRFB-z5viUwXoG5CNESlZOZMvlPGQIr9d31tfQ,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csuWjYmRQKC4GhVt9474sANGF-HSAIub5f5tmwPhQui4eVpwOr4C59wSRyr10dgnzwAoFxQxjF1zPmAygc_PXoeBJRRofEd1OhnuOK3JhRFB-z5viUwXoG5CNESlZOZMvlPGQIr9d31tfQ,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1438467945-4215422738-4100672246-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csuWjYmRQKC4GhVt9474sANGF-HSAIub5f5tmwPhQui4eVpwOr4C59wSRyr10dgnzwAoFxQxjF1zPmAygc_PXoeBJRRofEd1OhnuOK3JhRFB-z5viUwXoG5CNESlZOZMvlPGQIr9d31tfQ,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1438467945-4215422738-4100672246-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csuWjYmRQKC4GhVt9474sANGF-HSAIub5f5tmwPhQui4eVpwOr4C59wSRyr10dgnzwAoFxQxjF1zPmAygc_PXoeBJRRofEd1OhnuOK3JhRFB-z5viUwXoG5CNESlZOZMvlPGQIr9d31tfQ,,&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1449246467&z=2550775f3e371c2f173d6ccg3z9z9teo3zeqfz6q3t&from=cor&uid=WDCXWD3200AAKS-00V1A0_WD-WMAWF208842088420
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findit.xml [2015-11-25]
FF Extension: YahooToolsProtected - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tl6rt729.default\extensions\yahooprotected@gmail.com [2015-12-04] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tl6rt729.default\extensions\deskCutv2@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\tl6rt729.default\extensions\yahooprotected@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.istartpageing.com/?type=sc&ts=1449246467&z=2550775f3e371c2f173d6ccg3z9z9teo3zeqfz6q3t&from=cor&uid=WDCXWD3200AAKS-00V1A0_WD-WMAWF208842088420
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-04] (Sysinternals process Explorer) <==== UWAGA
R1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X]
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mystartsearch uninstall" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgua32.exe" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdatem" /f
C:\Users\User\AppData\Roaming\istartpageing
C:\ProgramData\Tmp0x0x
C:\Users\User\AppData\Roaming\Baidu
C:\Users\User\Downloads\Adobe-Flash-Player-13091-dp.exe
C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
C:\ProgramData\Baidu
C:\Users\Public\Documents\Baidu
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Powstanie plik fixlog.txt.
Daj ten log.

3) Zrób nowe logi FRST.

4) Napisz, czy problem znikł?
.