Wyskakujące denerwujące reklamy

[midzio90]

Witam. Mam problem z wyskakującymi reklamami. W załączniku przesyłam wszystkie potrzebne logi z OTL oraz GMER. Proszę o pomoc z tym problemem

[ordynat]

1) Odinstaluj
"AdvanceElite" = AdvanceElite

2) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport C:\AdwCleaner\AdwCleaner[S].txt.

3) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
SRV:64bit: - [2014-11-26 23:04:36 | 000,683,848 | ---- | M] () [Auto | Running] -- C:\Program Files\007\nkdytjtjsw32.exe -- (nkdytjtjsw32)
SRV - [2015-01-27 13:04:36 | 000,123,632 | ---- | M] () [Auto | Running] -- C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b\maintainer.exe -- (MaintainerSvc1.20.7247763)
SRV - [2014-11-26 21:51:18 | 000,172,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD\auhhlzqovx64.exe -- (CouponMonkeyService64)
DRV:64bit: - [2014-11-26 21:51:18 | 000,044,176 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netfilter64.sys -- (netfilter64)
DRV:64bit: - [2014-11-06 21:24:50 | 000,048,832 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys -- ({10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64)
DRV:64bit: - [2014-11-03 15:11:06 | 000,048,832 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys -- ({f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64)
DRV:64bit: - [2014-10-31 14:41:20 | 000,048,832 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64.sys -- ({fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64)
DRV:64bit: - [2014-10-28 19:39:30 | 000,048,832 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys -- ({255a824a-3cde-4dee-9785-284605606456}Gw64)
DRV:64bit: - [2014-10-25 20:33:22 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys -- ({b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64)
DRV:64bit: - [2014-10-23 04:37:52 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys -- ({f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64)
DRV:64bit: - [2014-10-22 00:31:18 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys -- ({dc592624-f532-4311-9fc7-6920126fc404}Gw64)
DRV:64bit: - [2014-10-21 04:03:54 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys -- ({4530e639-76ab-4435-889d-a5e81ae090a4}Gw64)
DRV:64bit: - [2014-10-20 00:04:20 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys -- ({67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64)
DRV:64bit: - [2014-10-19 10:09:54 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys -- ({6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64)
DRV:64bit: - [2014-10-19 03:04:18 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64.sys -- ({fce396ae-d8d1-4789-946e-2106fbe4292b}Gw64)
DRV:64bit: - [2014-10-17 23:12:08 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64.sys -- ({3fa44d1f-c300-4673-a8c1-5ba05468b4bd}Gw64)
DRV:64bit: - [2014-10-17 09:07:52 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64.sys -- ({02bbe9df-d3b0-43f4-8dcb-e24500d3308f}Gw64)
DRV:64bit: - [2014-10-17 02:02:24 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64.sys -- ({5d78e0ee-ca60-46a4-9492-4f24429cc925}Gw64)
DRV:64bit: - [2014-10-16 05:24:50 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{949aba83-1d7f-4d0b-b0ba-203450825231}Gw64.sys -- ({949aba83-1d7f-4d0b-b0ba-203450825231}Gw64)
DRV:64bit: - [2014-10-15 14:29:54 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{46a147d8-5171-42d8-b8a8-6a187525781d}Gw64.sys -- ({46a147d8-5171-42d8-b8a8-6a187525781d}Gw64)
DRV:64bit: - [2014-10-15 03:46:50 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{00aec75d-051f-41a9-9837-e94ac4f56303}Gw64.sys -- ({00aec75d-051f-41a9-9837-e94ac4f56303}Gw64)
DRV:64bit: - [2014-10-13 11:52:06 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64.sys -- ({1de2a23f-1c23-4ea1-8ef4-79bc5c5cea78}Gw64)
RV:64bit: - [2014-10-13 02:05:34 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{3b808196-ff63-49ee-b33b-efdf51723eca}Gw64.sys -- ({3b808196-ff63-49ee-b33b-efdf51723eca}Gw64)
DRV:64bit: - [2014-10-12 19:28:30 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{fd600559-a688-4110-b9b9-0f1a9beae8ae}Gw64.sys -- ({fd600559-a688-4110-b9b9-0f1a9beae8ae}Gw64)
DRV:64bit: - [2014-10-12 06:46:54 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64.sys -- ({e9629596-2cbd-4eea-9329-7470e8b0fdae}Gw64)
DRV:64bit: - [2014-10-11 20:46:04 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64.sys -- ({32c6b9d7-6b2c-4b03-9178-01abbf9c7194}Gw64)
DRV:64bit: - [2014-10-11 08:14:54 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64.sys -- ({336e37ae-3235-4f16-98ec-8cdf679be7d2}Gw64)
DRV:64bit: - [2014-10-11 02:16:52 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64.sys -- ({84e24724-32a5-4ef8-b981-cc669543b4a4}Gw64)
DRV:64bit: - [2014-09-04 15:47:10 | 000,061,072 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys -- ({c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64)
O3:64bit: - HKLM\..\Toolbar: (no name) - {768D4F0B-3AB4-49C3-9F15-AA50BA5438A6} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {768D4F0B-3AB4-49C3-9F15-AA50BA5438A6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
[2014-12-30 08:51:09 | 000,000,000 | ---D | C] -- C:\Users\marzena\AppData\Roaming\PriceFountain
[2015-01-23 21:10:08 | 000,000,112 | ---- | M] () -- C:\ProgramData\387PrCs1h.dat

:Files
C:\Program Files\007
C:\ProgramData\d2446020-ddff-402b-b064-199d2ce66b2b
C:\Program Files (x86)\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

4) Zrób logi z FRST > http://forum.programosy.pl/frst-otl-zoek-vt139692.html
Przed skanem zaznacz "Additional" oraz "Shortcut"

.

[midzio90]

Dołączam wszystkie skany:

[ordynat]

Otwórz Notatnik i wklej w nim:

roupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-21\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Toolbar: HKU\S-1-5-21-3298878671-270804247-3107373238-1001 -> FindWide Toolbar - {768D4F0B-3AB4-49C3-9F15-AA50BA5438A6} - C:\Program Files (x86)\TNT2\Profiles\11147\passport64.dll No File
FF Plugin HKU\S-1-5-21-3298878671-270804247-3107373238-1001: @tnt2npapi.com/Plugin -> C:\Users\marzena\AppData\Local\TNT2\2.0.0.1895\npTNT2.dll No File
FF Extension: Lampy Lighty 1.0.1 - C:\Users\marzena\AppData\Roaming\Mozilla\Firefox\Profiles\bu6nfg33.default-1415031669078\Extensions\{8c4455bd-ac86-4642-bd11-e6a961982650}.xpi [2014-12-24]
CHR Extension: (Lampy Lighty) - C:\Users\marzena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghjellfmijldnapbenacklaeddbkgpig [2015-01-02]
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1419398851&from=tugs&uid=ST500LT012-1DG142_S3P48WL2XXXXS3P48WL2"
C:\Program Files\CouponMonkey
Hosts:
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij przycisk Fix.

Raportu z tego już nie dawaj.

Uruchom Google Chrome
> Naciśnij klawisze: lewy Alt+F i kliknij przycisk Ustawienia >
> Sekcja: Po uruchomieniu > wybierz: Otwórz konkretną stronę lub zestaw stron >
> Kliknij: Wybierz strony >
> Usuń: isearch.omiga-plus.com, wpisz nowy adres strony głównej i kliknij przycisk OK.

> w sekcji Wyszukiwanie wybierz: Zarządzaj wyszukiwarkami >
> z prawokliku ustaw nową domyślną wyszukiwarkę (np. Google),
> z prawokliku usuń: isearch.omiga-plus.com i kliknij przycisk: Gotowe

Kończymy:
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST

W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
.