Browse plus ads

Dla specjalistów Bezpieczeństwo
#1

Witam,

na komputerze mojej córki wyskakują non stop jakieś reklamy Browse plus ads.

Proszę o pomoc w usunięciu tego badziewia.

Być może coś poza tym jest w systemie :frowning:

 

W załacznikach FRST

 

 

Z góry wielkie dzięki za pomoc

Shortcut.txt

Addition.txt

FRST.txt

#2
#3

Jest i na w wklej.org:

 

FRST

Addition

Shortcut

#4

W panelu sterowania odinstaluj Video Converter Packages.

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

#5

Zrobione

 

FRTS

#6

Użyj kavremover

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-459252184-4264318590-593381910-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-459252184-4264318590-593381910-1001 -> OldSearch URL = 
Toolbar: HKU\S-1-5-21-459252184-4264318590-593381910-1001 -> No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
CHR Extension: (Bookmark Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-30]
CHR Extension: (browse pulse) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oagpcbbigoaebkabieccfhgfdgmdlnfm [2015-06-04]
OPR Extension: (browse pulse) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\oagpcbbigoaebkabieccfhgfdgmdlnfm [2015-05-01]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
2015-06-05 20:02 - 2015-06-05 20:02 - 00000000 ____ D C:\Users\Admin\Downloads\FRST-OlderVersion
2015-06-06 08:58 - 2014-07-12 18:02 - 00000000 ____ D C:\AdwCleaner
2015-03-15 11:44 - 2015-03-15 11:44 - 0000120 _____ () C:\Users\Admin\AppData\Roaming\ce8d29c3.dat
2014-07-10 20:18 - 2014-07-14 20:42 - 9423632 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
CustomCLSID: HKU\S-1-5-21-459252184-4264318590-593381910-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> "C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-459252184-4264318590-593381910-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll No File
Task: {0C120FC6-DB6B-482F-8676-D66E0D5672A8} - System32\Tasks\{716DBC11-DFE6-4752-BD6B-9493F915B1C9} => Chrome.exe http://ui.skype.com/ui/0/6.3.0.107/pl/abandoninstall?source=lightinstaller&amp;page=tsProgressBar
Task: {31DD751F-766F-479A-887D-AF31D09D8E61} - System32\Tasks\{1A8A785A-F600-4110-BBEE-5627A61C46FF} => C:\Users\Admin\Desktop\MinecraftZyczu.exe [2013-12-28] (Zyczu)
Task: {83E666FC-6EF4-4805-8F44-114CB64A0DB4} - System32\Tasks\{DC438CB0-801F-411D-B171-A84261CD795D} => Chrome.exe http://ui.skype.com/ui/0/7.4.64.102/pl/abandoninstall?page=tsMain
Task: {8EED02FB-29D5-4884-BBB3-B3E68886A037} - System32\Tasks\{4A09673D-97A6-46B2-A57F-F71BE541A08A} => pcalua.exe -a H:\DeviceSetup.exe -d H:\
Task: {9F49DB9A-6F9D-4AE6-A98B-49E9CFD2D563} - System32\Tasks\{70A9B420-4586-4879-BD9D-74A2E8FD6C52} => C:\Users\Admin\Desktop\MinecraftSP.exe
Task: {A6B726C1-9961-44EB-807B-B012B1A46529} - \e29193b0-b61f-4d86-ada8-6277dd849368-6 No Task File <==== ATTENTION
Task: {BF0CC031-2FF2-4518-9A8E-FA817D38A60B} - System32\Tasks\{AF890291-874E-4027-ABD6-BD5692E7896B} => pcalua.exe -a C:\Users\Admin\Desktop\MinecraftZyczu.exe -d C:\Users\Admin\Desktop
Task: {C9EB4267-7F50-4F80-8CA2-3E0E6DED9644} - System32\Tasks\{EA64F74E-278D-4D18-82DF-27C6CD3307EE} => pcalua.exe -a H:\SETUP.EXE -d H:\
Task: {D0EE93E1-979B-4A4E-8B81-086CB96222A5} - System32\Tasks\{6F4CA3F3-81FF-4EDB-B92C-54A175C2AC30} => C:\Program Files\Kangurek KAO\kao.exe
Task: {D1D4E7A5-8B18-4B57-BB6A-858B68476E2A} - System32\Tasks\{4FEDDF63-ADA9-46B3-ADD3-865137A4C9A4} => C:\Users\Admin\Desktop\MinecraftZyczu.exe [2013-12-28] (Zyczu)
Task: {E731DECD-A02B-4462-AF6F-9E86DA8F188E} - System32\Tasks\{E64DA2E8-EC70-477D-802E-EA188A19E76E} => Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/pl/go/help.faq.installer?LastError=1618
Task: {FA887AFE-96DD-4235-96BC-2F66D364D621} - System32\Tasks\{F210D022-BA52-4146-9040-BB30FA07B98E} => pcalua.exe -a "C:\Users\Admin\Downloads\RIDMSC-00203516-732 (3).EXE" -d C:\Users\Admin\Downloads
Task: {FAD55FD9-D818-473D-A58E-EC405A01A348} - System32\Tasks\{BE097685-7C5B-4561-AFBA-BBE8F0217A9F} => pcalua.exe -a "C:\Users\Admin\Downloads\RIDMSC-00203516-732 (2).EXE" -d C:\Users\Admin\Downloads
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.