Pomoc w oczyszczeniu komputera - pobierały się dziwne rzeczy

Dla specjalistów Bezpieczeństwo
#1

Witam,

prosiłbym o sprawdzenie i pomoc w oczyszczeniu komputera przez ostatnie dni pobierały się różne dziwne rzeczy z którymi w różny sposób walczyłem

 

FRST - http://www.wklej.org/id/1615144/

Addition - http://www.wklej.org/id/1615146/

#2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1277975526-1215735550-1235745539-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKU\S-1-5-21-1277975526-1215735550-1235745539-500\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
CHR StartupUrls: Default -> "hxxp://www.tvn24.pl/",
         "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422231087&from=cor&uid=ST9320423AS_5VH0MTGG",
         "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1422231130&from=cor&uid=ST9320423AS_5VH0MTGG"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR Extension: (jkkenjlnjfemconejajakbijbheoffli) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli [2015-01-29]
CHR HKLM-x32\...\Chrome\Extension: [ohcnfgobhkfkdbbfnkhpbdkofoiggokd] - C:\ProgramData\Browse2save\ohcnfgobhkfkdbbfnkhpbdkofoiggokd.crx [Not Found]
C:\ProgramData\Browse2save
OPR Extension: (iWebar) - C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-01-26]
S3 gfiark; system32\drivers\gfiark.sys [X]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S1 ntiomin; No ImagePath
2015-01-26 20:18 - 2015-01-26 20:18 - 00730528 _____ ( ) C:\Users\Administrator\Downloads\Malwarebytes-AntiMalware(13117)-dp.exe
2015-01-26 06:48 - 2015-01-26 06:48 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Administrator\Downloads\SpyHunter-Installer.exe
2015-01-26 06:48 - 2015-01-26 06:48 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2015-01-26 01:32 - 2015-01-26 01:32 - 00000000 ____ D () C:\Program Files (x86)\630b03bf-b9ec-4952-b4f6-b6d93ca2a50a
2015-01-26 01:14 - 2015-01-26 01:14 - 00000000 ____ D () C:\Users\Public\Documents\YTAHelper
2015-01-26 01:14 - 2015-01-26 01:14 - 00000000 ____ D () C:\Users\Public\Documents\ShopperPro
2015-01-26 01:14 - 2015-01-26 01:14 - 00000000 ____ D () C:\Users\Public\Documents\GOOBZO
2015-01-29 17:20 - 2014-08-19 10:30 - 00000000 ____ D () C:\AdwCleaner
C:\ProgramData\*.log
Task: {41396AC8-3323-4FE4-9E8B-C094028DC061} - System32\Tasks\{0420F5E9-9F6D-478B-95D6-91E0B7AF6931} => pcalua.exe -a C:\Users\Administrator\Downloads\the_settlers_7_1.10full.exe -d C:\Users\Administrator\Downloads
Task: {46CAA397-1A63-47C1-85D9-5114D69EC07E} - System32\Tasks\{88FC0666-FC04-436D-BE13-B8A493495B3E} => pcalua.exe -a C:\Users\Administrator\Downloads\epson326529eu.exe -d C:\Users\Administrator\Downloads
Task: {4D074A6C-6D0D-4E53-A241-5ABABDED2455} - System32\Tasks\{31492068-772B-4D82-842B-152268E9FF53} => pcalua.exe -a H:\epson326525eu.exe -d D:\Firefox
Task: {A53697A5-CA11-42E4-9369-54462FA511DB} - System32\Tasks\{F3E2DD88-E49F-4B07-ADF6-A969C58A1FC5} => pcalua.exe -a C:\Users\Administrator\Desktop\ArcaSetup2012-PL-32bit.exe -d D:\Firefox
Task: {ADC219DF-37F3-436C-80DD-4D5FC6363BA4} - System32\Tasks\{3940346A-219F-4373-989B-B12DF877586C} => pcalua.exe -a C:\Users\Administrator\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== ATTENTION
Task: {C2B595EF-2980-4683-A76C-C6D396614634} - System32\Tasks\{0094D54D-8F86-401C-8596-DE19637AC0E1} => pcalua.exe -a C:\Users\Administrator\Downloads\ENP_2_6_0_EN.exe -d C:\Users\Administrator\Downloads
Task: {C905B81E-8895-455B-B4AD-48FC923318A7} - System32\Tasks\{9E0380E3-7564-4BBA-AF84-95F38D5EC65B} => pcalua.exe -a H:\jxpiinstall.exe -d D:\Firefox
Task: {F022AE86-3DB4-40EA-AFC2-36D1BCF7C486} - System32\Tasks\{1A5D67E0-9515-4FE1-B63A-48B2161C32D9} => pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe"
HKU\S-1-5-21-1277975526-1215735550-1235745539-500\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\S-1-5-21-1277975526-1215735550-1235745539-500\Software\Classes\exefile: <===== ATTENTION!
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

#3

Fixlog - http://www.wklej.org/id/1616702/

FRST - http://www.wklej.org/id/1616709/

Shortcut - http://www.wklej.org/id/1616711/

#4

Usuń adres omiga: Otwórz konkretną stronę lub zestaw stron

Skasuj folder C:\FRST

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Java 7 Update 55

Java 7 Update 5

JavaFX 2.1.1

Zainstaluj Java 8 Update 31