Problem z wyskakującymi oknami - śmieci dostały się do komputera

maridok · November 13, 2013

Witam.

Problem polega na tym, że w momencie otwierania stron lub nowych kart w przeglądarce chrome, otwierają się nowe okna z jakimiś reklamami, ankietami i innym chłamem. Dodatkowo szyfrowanie stron się zmieniło (czerwona czcionka https, przekreślone i kłódka z krzyżykiem).

Zrobiłem głupotę i ściągnąłem niedawno nie ze strony producenta, tylko polskiskype, czy darmowyskype.pl albo coś w tym stylu. A chodziło o kilka punktów do pewnej gry. Teraz nie wiem jak to wywalić. Skan nic nie wykrył (choć było ostrzeżenie przed pobraniem) i w "dodaj lub usuń programy" również nic nie widać. Czym mogę wyczyścić kompa?

cr!s · November 13, 2013

Na początek AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/), ewentualnie Malwarebytes Anti-Malware. Koniecznie wstaw logi z wynikami skanowania.

Pozdrawiam

maksv6 · November 13, 2013

przeskanuj kompa Malwarebytes Anti-Malware

maridok · November 13, 2013

# AdwCleaner v3.012 - Log utworzony 13/11/2013 o 19:28:51

# Aktualizacja 11/11/2013 przez Xplode

# System operacyjny : Windows 7 Professional (64 bits)

# Użytkownik : Boguś - KOPYDŁOWO

# Ścieżka : C:\Users\Boguś\Downloads\AdwCleaner.exe

# Opcja : Szukaj

***** [ Usługi ] *****

***** [ Pliki / Foldery ] *****

Folder Znaleziono C:\ProgramData\eSafe

Folder Znaleziono C:\Users\BOGU~1\AppData\Local\Temp\eIntaller

***** [ Skróty ] *****

***** [ Rejestr ] *****

Dane Znaleziono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=smt&utm_campaign=eXQ&utm_content=sc&from=smt&uid=WDCXWD3200AAJS-00L7A0_WD-WCAV2895898758987&ts=1382375612

Klucz Znaleziono : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Klucz Znaleziono : HKCU\Software\AppDataLow\Software\Crossrider

Klucz Znaleziono : HKCU\Software\BI

Klucz Znaleziono : HKCU\Software\InstalledThirdPartyPrograms

Klucz Znaleziono : HKCU\Software\Softonic

Klucz Znaleziono : [x64] HKCU\Software\BI

Klucz Znaleziono : [x64] HKCU\Software\InstalledThirdPartyPrograms

Klucz Znaleziono : [x64] HKCU\Software\Softonic

Klucz Znaleziono : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Klucz Znaleziono : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Klucz Znaleziono : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Klucz Znaleziono : HKLM\Software\dosearchessoftware

Klucz Znaleziono : HKLM\SOFTWARE\Google\Chrome\Extensions\cekcjpgehmohobmdiikfnopibipmgnml

Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32

Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs

Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opengl_RASAPI32

Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_opengl_RASMANCS

Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_unity-web-player_RASAPI32

Klucz Znaleziono : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_unity-web-player_RASMANCS

Klucz Znaleziono : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}

Klucz Znaleziono : [x64] HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}

Klucz Znaleziono : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

Klucz Znaleziono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v8.0.7600.16385

-\\ Mozilla Firefox v

-\\ Google Chrome v

[ Plik : C:\Users\Boguś\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3117 octets] - [13/11/2013 19:28:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3177 octets] ##########

cr!s · November 13, 2013

Usunąłeś to co wykrył program, czy tylko kliknąłeś na 'Szukaj'? Bo jak nie, to po skanowaniu musisz kliknąć 'Usuń'. Daj znać czy problem dalej występuje.

maridok · November 16, 2013

Po użyciu programu i usunięciu tego co wykazał problem nadal występuje. Obawiam się, że to może być jakiś wirus, coś szpiegowskiego. A na pewno jest to strasznie irytujące.

cr!s · November 16, 2013

W takim razie ściągnij OTL, wykonaj pełny skan i wrzuć powstałe logi na forum. Przeskanowanie systemu Malwarebytes Anti-Malware też nie zaszkodzi.

Pozdrawiam.

maridok · November 16, 2013

OTL Extras logfile created on: 2013-11-16 14:57:54 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Boguś\Downloads

64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,00 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 29,38% Memory free

6,00 Gb Paging File | 2,78 Gb Available in Paging File | 46,29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 49,03 Gb Total Space | 14,34 Gb Free Space | 29,25% Space Free | Partition Type: NTFS

Drive D: | 249,05 Gb Total Space | 69,44 Gb Free Space | 27,88% Space Free | Partition Type: NTFS

Drive G: | 5,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: KOPYDŁOWO | User Name: Boguś | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)

.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)

.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)

.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- "%1" %*

.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)

.cmd [@ = cmdfile] -- "%1" %*

.com [@ = comfile] -- "%1" %*

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.exe [@ = exefile] -- "%1" %*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)

.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)

.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.pif [@ = piffile] -- "%1" %*

.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

.scr [@ = scrfile] -- "%1" /S

.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)

.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML.AZS6XPYSBXSGMCGSU3DLQKPMGU] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)

jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)

jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)

regfile [open] -- regedit.exe "%1" (Microsoft Corporation)

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)

vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)

wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)

wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]