Adware, robaki, nieusuwalne: savesense, vuuPC, optimizer pro

piotrekplay · 16 Lipiec 2014 13:27

System Windows 8, zasypywany reklamami niemalże natychmiastowo po uruchomieniu. Występują problemy z odpaleniem skrzynek pocztowych klientów online (zwiecha w trakcie ładowania), ogólne spowolenienie pracy systemu. Logi:

FRST.txt http://wklej.org/id/1418442/

Addition.txt http://wklej.org/id/1418439/

OTL.txt http://wklej.org/hash/d250b4fb928/

Extras.txt http://wklej.org/id/1418481/

Atis · 16 Lipiec 2014 13:47

W panelu sterowania odinstaluj:

Bonanza Deals

ConvertAd

CouponDownloader

Fast And Safe

Free Games 115

fst_pl_110

Genesis

LinkSwift 1.0.0

LiveSupport

Mobogenie

Optimizer Pro v3.2

SaveSense

SupTab

Sweet Page

VuuPC Packages

WinZipper

Yahoo! Search

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

piotrekplay · 16 Lipiec 2014 14:14

Coupondownloader nie widnieje w aplecie odinstaluj programy z panelu sterowania.

FRST.txt : http://wklej.org/id/1418517/

Atis · 16 Lipiec 2014 15:23

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

piotrekplay · 16 Lipiec 2014 15:47

FRST.txt http://wklej.org/id/1418574/

Atis · 16 Lipiec 2014 16:03

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [ConvertAd] => C:\Users\Malgorzata\AppData\Local\ConvertAd\ConvertAd.exe
HKLM-x32\...\Run: [fst_pl_110] => [X]
HKU\.DEFAULT\...\RunOnce: [Application Restart #0] - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [394624 2014-06-11] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295072 2013-01-20] (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {35D7D68B-DD25-411B-A401-1BE956B8F47F} URL = http://rts.dsrlte.com/?q={searchTerms}&r=214
SearchScopes: HKCU - {FAD68047-A3FA-4971-9223-E6904AF4314C} URL = 
BHO: TxtMaKueR -> {18362F7C-6EEA-0774-FA30-4C6B957685F3} -> C:\ProgramData\TxtMaKueR\1lkAJ.x64.dll ()
BHO: Free Games 115 -> {3EEF222A-E2BD-4650-A1B9-A1C2EF0B700A} -> C:\Program Files (x86)\Free Games 115\ScriptHost64.dll (BestOffers)
BHO-x32: Free Games 115 -> {3EEF222A-E2BD-4650-A1B9-A1C2EF0B700A} -> C:\Program Files (x86)\Free Games 115\ScriptHost.dll (BestOffers)
BHO-x32: No Name -> {804efe7d-a8d7-4351-a6df-014d1ed7c6fc} -> No File
Hosts:
FF HKCU\...\Firefox\Extensions: [{dde15e35-c9b3-4c30-b055-730c5f4a45d3}] - C:\Program Files (x86)\Lyrmix\133.xpi
FF HKCU\...\Firefox\Extensions: [freegames115@BestOffers] - C:\Users\Malgorzata\AppData\Roaming\Mozilla\Extensions\freegames115@BestOffers
FF Extension: Free Games 115 - C:\Users\Malgorzata\AppData\Roaming\Mozilla\Extensions\freegames115@BestOffers [2014-02-25]
CHR HKLM-x32\...\Chrome\Extension: [kidmhllhjmmmnpbiaihafgchacpmokof] - C:\Program Files (x86)\Lyrmix\133.crx [2012-11-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 rqpbhevlkc64; C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=C78087A8-C960-4464-A618-3D351DF6C0D7 [X]
R1 {25d71abf-7776-46f5-a269-9951331f9030}w64; C:\Windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys [61112 2014-06-18] (StdLib)
C:\Program Files\004
C:\Program Files (x86)\Free Games 115
C:\ProgramData\TxtMaKueR
C:\Windows\System32\drivers\{25d71abf-7776-46f5-a269-9951331f9030}w64.sys
C:\AdwCleaner
C:\Users\Malgorzata\Downloads\PCSpeedMaximizer.exe
C:\Users\Malgorzata\Downloads\yet_another_cleaner_brob.exe
Task: {19BFEFAC-7EED-49ED-B884-21CF838D5D36} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-10] (SaveSense) <==== ATTENTION
Task: {2A95A279-4FB4-4F9E-8876-AB25478626F0} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-21] (BonanzaDeals) <==== ATTENTION
Task: {3180BA5B-2A83-421C-BE8B-78CE4E73CF12} - System32\Tasks\SaveSense => C:\Users\Malgorzata\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {34DF7E85-500F-40E5-8FB4-BBC621870D76} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-10] (SaveSense) <==== ATTENTION
Task: {37095A59-C1B1-45AD-A454-79D324536466} - System32\Tasks\ESTsoft RunAsStdUser 565937171Task => C:\Program Files (x86)\ESTsoft\ALPlayer\ALPlayer.exe [2010-11-01] (ESTsoft corp.)
Task: {5A5DD12B-F743-4521-820C-942528A4B653} - System32\Tasks\Yahoo! Search => C:\Users\Malgorzata\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe [2014-06-15] (Pay By Ads LTD)
Task: {5E3A310A-01F8-4BEF-9A82-069FAB86490A} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-21] (BonanzaDeals) <==== ATTENTION
Task: {7BD18C67-C222-4441-AC7F-C38903D7E11C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1586171665-3355057351-3443591465-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {841E6B8C-F5F6-43CF-93D8-E922981C5AD7} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {927215EC-6214-4513-80C0-BB74F26BEE76} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-02-12] () <==== ATTENTION
Task: {A06CA598-69E3-4672-9F76-411F2F4EC796} - System32\Tasks\bench-S-1-5-21-1586171665-3355057351-3443591465-1001 => C:\Program Files (x86)\Bench\Updater\updater.exe [2014-02-12] () <==== ATTENTION
Task: {A1FAB791-5A09-4451-B6E4-7F36678D87B9} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1586171665-3355057351-3443591465-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {BE3C7C85-0363-4FF0-85DE-779D2574A371} - System32\Tasks\DTReg => C:\Users\Malgorzata\AppData\Roaming\defaulttab\defaulttab\DTReg.exe <==== ATTENTION
Task: {C9BABDBD-5611-4B50-80FE-E56D18453F00} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe [2014-04-26] (Search Results, LLC) <==== ATTENTION
Task: {D6D798EB-DCD7-465C-9EFC-1B879527AE29} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1586171665-3355057351-3443591465-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-30] (RealNetworks, Inc.)
Task: {DC994EE7-CE0E-484A-BF87-AEA92261320C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1586171665-3355057351-3443591465-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {E7343887-45C8-4D5C-ADBC-D42E069E5CBC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1586171665-3355057351-3443591465-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\bench-S-1-5-21-1586171665-3355057351-3443591465-1001.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\MALGOR~1\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
CMD: del /f /s /q %TEMP%\*.*

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

piotrekplay · 16 Lipiec 2014 16:34

Fixlog.txt http://wklej.org/id/1418611/

FRST.txt http://wklej.org/id/1418614/

Atis · 16 Lipiec 2014 16:52

Skasuj folder C:\FRST

Usuń stare punkty przywracania: Przywracanie systemu i kopie w tle

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK