Witam,
w laptopie znajomej zagościły różnej maści szkodniki.
Odinstalowane podejrzane aplikacje z poziomu dodaj/usuń programy oraz
dwukrotnie wykonane czyszczenie adwcleanerem.
W logach z FRST trochę pozostałości jeszcze widać, dlatego prosiłbym o pomoc
shortcuts: http://wklej.org/id/1756944/txt/
Otwórz notatnik systemowy i wklej:
Task: {1AFAA455-317C-437E-8B0F-DF72217D7A30} - System32\Tasks\{8C4E68E2-9BCF-4346-98DB-AB8B2F47F9DA} = pcalua.exe -a C:\Users\Maja\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=amt ==== ATTENTION
Task: {28BC754A-AC13-41A8-9B73-DC6E731987AB} - System32\Tasks\ProPCCleaner_Start = C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe ==== ATTENTION
Task: {31658B90-430D-4EC4-A4E1-F1B2D7755770} - System32\Tasks\{0EF57227-4E5F-42D9-AFE5-A0D9F231497D} = pcalua.exe -a C:\Users\Maja\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=tugs ==== ATTENTION
Task: {74C36A7A-EB04-4A49-BD92-C471A8170021} - System32\Tasks\Steam-S-1-8-22-9865GUI = C:\Users\Maja\AppData\Roaming\Steam\Reversed\steam.exe [2014-08-07] () ==== ATTENTION
Task: {BF4FFE73-C384-46AD-8D6A-682A9AB1D0DB} - System32\Tasks\Browser Updater\Browser Updater = C:\Program Files (x86)\HomeTab\WBrowserUpdater.exe ==== ATTENTION
Task: {C70486D1-B260-42B4-AF1D-D12E91310324} - System32\Tasks\ProPCCleaner_Popup = C:\Program Files (x86)\Pro PC Cleaner\Splash.exe ==== ATTENTION
Task: {DC2B7AFF-9D04-4597-80C8-8FE543D8E87D} - System32\Tasks\SystemSockets\SystemSockets = C:\Program Files (x86)\HomeTab\WBrowserProductivity.exe ==== ATTENTION
Task: {E3F11407-E5DF-4BEA-9459-CC7E90D31382} - System32\Tasks\ProtectedSearch\Protected Search = C:\Program Files (x86)\HomeTab\WBrowserKeeper.exe ==== ATTENTION
HKLM-x32\...\Run: [fst_gb_56] = [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_gb_116] = [X]
HKU\S-1-5-21-30750624-3862034694-4062925387-1001\...\MountPoints2: {d6bf03ae-926a-11e4-bf15-28924a48130e} - "H:\install.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] ======= ATTENTION (Policy restriction on ProxySettings)
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
CHR Extension: (No Name) - C:\Users\Maja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmkefpehlolmdiloilglfcojbomaoii [2015-06-01]
CHR HKLM-x32\...\Chrome\Extension: [lkcfnokgklfkmdchkhpdjjmkhmjpcplg] - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx [Not Found]
OPR Extension: (indebdooekgjhkncmgbkeopjebofdoid) - C:\Users\Maja\AppData\Roaming\Opera Software\Opera Stable\Extensions\indebdooekgjhkncmgbkeopjebofdoid [2015-06-01]
S2 DTMUpdater; C:\Users\Maja\AppData\Local\DesktopTemperature\DTM_Updater.exe [X]
S2 GamesBotService; "C:\Program Files (x86)\Games Bot\GamesBotSvc.exe" /svc [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 scsvc_1.10.0.16; "C:\Program Files (x86)\SuperClick_1.10.0.16\Service\scsvc.exe" [X]
2015-07-14 14:28 - 2014-09-16 15:22 - 00000000 ____ D C:\AdwCleaner
2014-08-04 10:11 - 2014-08-04 10:11 - 0301608 _____ (VuuPC Limited) C:\Users\Maja\AppData\Local\nsf73EB.tmp
2015-02-01 18:56 - 2015-02-01 18:56 - 0628496 _____ (CMI Limited) C:\Users\Maja\AppData\Local\nsh83A4.tmp
2014-08-04 10:11 - 2014-08-04 10:11 - 0301608 _____ (VuuPC Limited) C:\Users\Maja\AppData\Local\nsl8F91.tmp
2015-05-01 16:41 - 2015-05-01 16:41 - 0613255 _____ (CMI Limited) C:\Users\Maja\AppData\Local\nsmD828.tmp
C:\ProgramData\U72wRu1x.dat
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Skasuj folder C:\FRST