Problem po instalawłączające się reklamy, instalacja niechcianych programów, raport FRS

Witam!

Odinstaluj CinemaPlus-3.2cV22.07,Crossbrowse,GamesDesktop 008.005010038,istartsurf uninstall,Jump Flip,mystartsearch uninstall,shopperz20072015 2.0.0.471,SmartWeb,Torch.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Pokaż nowe logi z FRST.

Zrobione, teraz wygląda to tak:

Otwórz notatnik systemowy i wklej:

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [39136 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [gmsd_pl_005010037] = [X]
HKLM-x32\...\Run: [gmsd_pl_005010038] = [X]
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: GoodTab Class - {1F91A9A1-01BA-4c81-863D-3BA0751E1419} - C:\Program Files (x86)\MiuiTab\SupTab.dll No File
FF Extension: Jungle Net - C:\Users\euro\AppData\Roaming\Mozilla\Firefox\Profiles\ffgmxb43.default\Extensions\{2ac625b6-c616-4fe6-ae2d-5a4e7a340751}.xpi [2015-07-22]
FF HKLM\...\Firefox\Extensions: [{1457d95f-dd62-4e3c-820f-ccef2bea9201}] - C:\Program Files\shopperz20072015\Firefox
OPR Extension: (Jungle Net) - C:\Users\euro\AppData\Roaming\Opera Software\Opera Stable\Extensions\bjgfhhoojikohfpleamjchjcfapgmnpo [2015-07-22]
R2 hiqesulu; C:\Program Files (x86)\35304533-1437549053-3045-3044-383331314531\knsk5809.tmp [243712 2015-07-23] () [File not signed]
R2 hyverumu; C:\Program Files (x86)\35304533-1437549053-3045-3044-383331314531\jnsg7BD3.tmp [209920 2015-07-22] () [File not signed]
R2 vicoqudu; C:\Program Files (x86)\35304533-1437549053-3045-3044-383331314531\hnsm91E5.tmp [165376 2015-07-22] () [File not signed]
S3 SwitchBoard; "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [X]
S2 wsasvc_1.10.0.19; "C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe" [X]
S3 cpuz135; \\C:\Users\euro\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
U0 sr; No ImagePath
2015-07-23 16:48 - 2015-07-23 16:54 - 00000000 ____ D C:\AdwCleaner
2015-07-23 15:17 - 2015-07-23 15:17 - 00003146 _____ C:\Windows\System32\Tasks\{8F0AFF11-AD49-4301-AE53-433B6640764A}
2015-07-22 14:31 - 2015-07-22 14:31 - 00003142 _____ C:\Windows\System32\Tasks\{AC55DBDE-2F5D-4486-A293-21320E6131ED}
2015-07-22 10:01 - 2015-07-23 16:23 - 00000000 ____ D C:\Program Files\shopperz20072015
2015-07-22 10:01 - 2015-07-22 10:01 - 00613255 _____ (CMI Limited) C:\Users\euro\AppData\Local\nsaA547.tmp
2015-07-22 10:01 - 2015-07-22 10:01 - 00000000 ____ D C:\shoplog
2015-07-22 09:28 - 2015-07-22 09:28 - 00613255 _____ (CMI Limited) C:\Users\euro\AppData\Local\nsi7B21.tmp
2015-07-22 09:11 - 2015-07-22 14:34 - 00000000 ____ D C:\Program Files (x86)\60a8a7a0-d1a3-4df9-93a1-84467369ff0a
2015-07-22 09:10 - 2015-07-23 11:06 - 00000000 ____ D C:\Program Files (x86)\35304533-1437549053-3045-3044-383331314531
2013-02-10 01:40 - 2013-02-10 01:40 - 0000051 _____ () C:\Users\euro\AppData\Local\Kosong.Bron.Tok.txt
2015-07-22 10:01 - 2015-07-22 10:01 - 0613255 _____ (CMI Limited) C:\Users\euro\AppData\Local\nsaA547.tmp
2015-07-22 09:28 - 2015-07-22 09:28 - 0613255 _____ (CMI Limited) C:\Users\euro\AppData\Local\nsi7B21.tmp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware https://www.malwarebytes.org/downloads/

Dziękuję bardzo za pomoc! :slight_smile:

Skasuj folder C:\FRST