Witam

Niestety, po raz kolejny jestem zmuszony poprosić o pomoc. Przez jakiś czas było dobrze, teraz znów jest problem.

Oto wymagane raporty:

FRST

Addition

Schortcut

Proszę o pomoc, ostatnio staje się to coraz bardziej uciążliwe.

Z góry dziękuję.

Otwórz notatnik systemowy i wklej:

Startup: C:\Users\Pawel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The.Settlers.3.Ultimate.Collection-I_KnoW.rar.lnk [2015-04-21]
ShortcutTarget: The.Settlers.3.Ultimate.Collection-I_KnoW.rar.lnk - C:\ProgramData\{dd8c78b6-ba7f-471e-dd8c-c78b6ba7e2da}\The.Settlers.3.Ultimate.Collection-I_KnoW.rar.exe (No File)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goodforsearch.info/?pid=3925r=2015/04/21hid=13964349492807565080lg=ENcc=PLunqvl=86
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997q={searchTerms}
HKU\S-1-5-21-1358194102-1008838803-2234743365-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.goodforsearch.info/?pid=3925r=2015/04/21hid=13964349492807565080lg=ENcc=PLunqvl=86
HKU\S-1-5-21-1358194102-1008838803-2234743365-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1q={searchTerms}pid=3925r=2015/04/21hid=13964349492807565080lg=ENcc=PLunqvl=86
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997q={searchTerms}
SearchScopes: HKLM-x32 - {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1q={searchTerms}pid=3925r=2015/04/21hid=13964349492807565080lg=ENcc=PLunqvl=86
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1358194102-1008838803-2234743365-1002 - DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1q={searchTerms}pid=3925r=2015/04/21hid=13964349492807565080lg=ENcc=PLunqvl=86
SearchScopes: HKU\S-1-5-21-1358194102-1008838803-2234743365-1002 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1429374143from=wpcuid=WDCXWD5000BPVT-80HXZT3_WD-WXH1A91V8997V8997q={searchTerms}
SearchScopes: HKU\S-1-5-21-1358194102-1008838803-2234743365-1002 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1358194102-1008838803-2234743365-1002 - {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goodforsearch.info/?l=1q={searchTerms}pid=3925r=2015/04/21hid=13964349492807565080lg=ENcc=PLunqvl=86
FF DefaultSearchEngine: mystartsearch
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.goodforsearch.info/?pid=3925r=2015/04/21hid=13964349492807565080lg=ENcc=PLunqvl=86l=1q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: mystartsearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.goodforsearch.info/?pid=3925r=2015/04/21hid=13964349492807565080lg=ENcc=PLunqvl=86
FF Keyword.URL: hxxp://websearch.goodforsearch.info/?pid=3925r=2015/04/21hid=13964349492807565080lg=ENcc=PLunqvl=86l=1q=
FF SearchPlugin: C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\sntksjqa.default\searchplugins\mystartsearch.xml [2015-04-27]
FF Extension: SalePluss - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\sntksjqa.default\Extensions\cMR@pRt8avNm.com [2015-04-18]
FF Extension: SalePuluS - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\sntksjqa.default\Extensions\CncH@iCT.com [2015-04-21]
FF Extension: bestadblocker - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\sntksjqa.default\Extensions\fq7@M.com [2015-04-21]
FF Extension: Search Enginer - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\sntksjqa.default\Extensions\sweetsearch@gmail.com [2015-04-18]
FF Extension: SalePlous - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\sntksjqa.default\Extensions\t@X6MzmNo.edu [2015-04-21]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\sntksjqa.default\extensions\sweetsearch@gmail.com
R4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
R4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
R4 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
S1 lwnfd_1_10_0_12; system32\drivers\lwnfd_1_10_0_12.sys [X]
2015-04-27 19:23 - 2015-04-27 19:23 - 00000000 ____ D () C:\Users\Pawel\Desktop\FRST-OlderVersion
2015-04-22 18:54 - 2015-04-22 18:54 - 00003324 _____ () C:\Windows\System32\Tasks\{65FC0D7B-BCC8-4283-BE61-32F6CE86D8DA}
2015-04-21 23:44 - 2015-04-21 23:44 - 00003082 _____ () C:\Windows\System32\Tasks\{7429AE7A-851C-4D62-9628-DD2B7BA81F68}
2015-04-21 23:31 - 2015-04-21 23:31 - 00000000 ____ D () C:\Program Files (x86)\SalePuluS
2015-04-21 23:26 - 2015-04-21 23:26 - 00000000 ____ D () C:\Program Files (x86)\Gett on Outlookcom
2015-04-21 23:26 - 2015-04-21 23:26 - 00000000 ____ D () C:\Program Files (x86)\bestadblocker
2015-04-21 23:25 - 2015-04-26 23:25 - 00000404 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-04-21 23:25 - 2015-04-21 23:26 - 00000000 ____ D () C:\Program Files (x86)\SalePlous
2015-04-21 23:25 - 2015-04-21 23:25 - 00003316 _____ () C:\Windows\System32\Tasks\Bidaily Synchronize Task
2015-04-21 23:25 - 2015-04-21 23:25 - 00000000 _____ () C:\C000.tmp
2015-04-21 14:22 - 2015-04-21 14:22 - 00003122 _____ () C:\Windows\System32\Tasks\{F29B27BA-EABD-472A-8AF0-D8855E6B5937}
2015-04-18 18:21 - 2015-04-21 23:31 - 00000000 ____ D () C:\ProgramData\13920844712443016235
2015-04-18 18:21 - 2015-04-21 23:31 - 00000000 ____ D () C:\Program Files (x86)\SalePlus
2015-04-18 18:21 - 2015-04-18 18:22 - 00000000 ____ D () C:\Program Files (x86)\SalePluss
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Wykonano. Oto nowe logi:

Fixlog

AdwareCleaner[s0]

Skasuj folder C:\FRST

I już. Wygląda na to że wszystko działa, więc jeśli to koniec to wielkie dzięki!

Oczywiście jeśli jest coś jeszcze, to poczekam

Nie masz na co czekać.

W takim razie problem uznaję za rozwiązany i jeszcze raz Wielkie Dzięki!