Komputer zwolnił, wyskakują reklamy

Dla specjalistów Bezpieczeństwo
#1

Witam wszystkich. Proszę o pomoc w oczyszczeniu komputera z infekcji, wirusów.Od pewnego czasu wyskakuje mnóstwo okien z reklamami, otwierają się nowe karty, niektóre wyrazy podkreślają się i wytłuszczają po kliknięciu na taki wyraz przekierowuje na stronę z reklamą.  Korzystam z przeglądarki Chrome. 

FRST http://wklej.org/id/1686510/

Addition http://wklej.org/id/1686515/

 

#2

Odinstaluj Adobe Reader 9.3 - Polish,AnyProtect,ConvertAd,foxydeal,GamesDesktop 008.56,GoHDV26.03,istartsurf uninstall,Java 6 Update 20,Remote Desktop Access (VuuPC),SmartWeb,Steel Cut.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Pokaż nowe logi z FRST.

#3

FRST http://wklej.org/id/1686597/

Addition http://wklej.org/id/1686600/

#4

Otwórz notatnik systemowy i wklej:

Task: {4DDBBA57-4CCE-4F08-8B70-42BA214FA24F} - \XVESD No Task File ==== ATTENTION
Task: {99087ECF-2B45-4C20-885E-28E73858A92E} - \RFXK No Task File ==== ATTENTION
Task: {99710D2E-8ECA-4CBE-8405-498D3BE59671} - \QOIW No Task File ==== ATTENTION
Task: {F17279B2-C0F8-4A95-8CC8-10323065CA49} - \b200321a-3845-42bf-9257-929d1fd12462-11 No Task File ==== ATTENTION
Task: {F3C84E05-72A3-4C5D-8DDB-73C3AB6B8521} - \XASSLL No Task File ==== ATTENTION
Task: C:\Windows\Tasks\QOIW.job = C:\Users\Pati\AppData\Roaming\QOIW.exe ==== ATTENTION
Task: C:\Windows\Tasks\RFXK.job = C:\Users\Pati\AppData\Roaming\RFXK.exe ==== ATTENTION
Task: C:\Windows\Tasks\XVESD.job = C:\Users\Pati\AppData\Roaming\XVESD.exe ==== ATTENTION
HKLM-x32\...\Run: [gmsd_pl_56] = [X]
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4260458395-3345424633-2641663925-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
FF Extension: FoxxIt-B - C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\xhewqljo.default\Extensions\{8d43d421-1dc6-47bf-a788-198db71fb00f} [2014-12-11]
FF Extension: No Name - C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\xhewqljo.default\extensions\fftoolbar2014@etech.com [Not Found]
FF Extension: No Name - C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\xhewqljo.default\extensions\searchengine@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Pati\AppData\Roaming\Mozilla\Firefox\Profiles\xhewqljo.default\extensions\istart_ffnt@gmail.com [Not Found]
R2 cysofehu; C:\Users\Pati\AppData\Local\30464E43-1428263526-4731-4258-C80AA9C15110\insk7571.tmp [156672 2015-04-05] () [File not signed]
S2 Update Steel Cut; "C:\Program Files (x86)\Steel Cut\updateSteelCut.exe" [X]
S1 innfd_1_10_0_13; system32\drivers\innfd_1_10_0_13.sys [X]
2015-04-13 10:37 - 2015-04-13 10:46 - 00000000 ____ D () C:\AdwCleaner
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Pati\AppData\Roaming\QOIW
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 _____ () C:\Users\Pati\AppData\Roaming\RFXK
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 _____ () C:\Users\Pati\AppData\Roaming\XASSLL
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Pati\AppData\Roaming\XVESD
2015-03-21 15:41 - 2015-03-21 15:41 - 0613255 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsd8836.tmp
2015-01-22 00:44 - 2015-01-22 00:44 - 0613057 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsg23EB.tmp
2015-02-21 22:15 - 2015-02-21 22:15 - 0613057 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsi1B99.tmp
2015-01-22 01:15 - 2015-01-22 01:15 - 0613057 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsi7134.tmp
2015-01-30 00:14 - 2015-01-30 00:14 - 0613057 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsiDD23.tmp
2015-04-01 23:28 - 2015-04-01 23:27 - 0613255 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsj3A3C.tmp
2015-01-27 15:52 - 2015-01-27 15:52 - 0613057 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsnD508.tmp
2015-02-26 15:15 - 2015-02-26 15:15 - 0613057 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsnF47.tmp
2015-01-21 14:46 - 2015-01-21 14:46 - 0613057 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsqEF4A.tmp
2015-03-26 20:29 - 2015-03-26 20:29 - 0613255 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nss7F71.tmp
2015-04-05 19:53 - 2015-04-05 19:53 - 0613255 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsvCCA8.tmp
2015-01-21 14:44 - 2015-01-21 14:44 - 0628496 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsvE836.tmp
2015-03-30 19:41 - 2015-03-30 19:41 - 0613255 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsw2E2F.tmp
2015-01-27 00:19 - 2015-01-27 00:19 - 0613057 _____ (CMI Limited) C:\Users\Pati\AppData\Local\nsz3A30.tmp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.1.4.1018.exe

Java 8 Update 40 http://www.java.com/pl/download/windows_offline.jsp

#5

Maszyna śmiga aż miło ;>  Dziękuję za pomoc :slight_smile:

#6

Skasuj folder C:\FRST.