Problem z wyskakującymi okienkami


(Atkatka) #1

Wyskakuje wszystko zadngeo klika sie nie da dokonać.... 


(Acorus) #2

http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowiązkowy-t478727/


(Atkatka) #3

już jest :smiley:


(Acorus) #4

Odinstaluj AnyProtect,CinemaPlus-3.2cV19.08,GamesDesktop 008.005010071,GamesDesktop 008.005010075,GoHD,Magical Find,PhraseProfessor 1.10.0.22,shopperz12082015 2.0.0.475.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Pokaż nowe logi z FRST.


(Atkatka) #5

http://wklejto.pl/231804 z Adw Cleanier


(Acorus) #6

Odinstaluj GamesDesktop 008.005010075,PhraseProfessor 1.10.0.22.Otwórz notatnik systemowy i wklej:

Task: {17030512-7D79-4634-8E4D-878C6338A9E7} - System32\Tasks\{6B43FC8A-4115-4C75-B0CB-14BE66659F31} = Chrome.exe http://ui.skype.com/ui/0/6.18.64.106/pl/abandoninstall?page=tsProgressBar
Task: {85556355-6496-4748-92D3-CCB278745228} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.22 Pending Update = C:\Program Files (x86)\PhraseProfessor_1.10.0.22\Update\PhraseProfessorAutoUpdateClient.exe [2015-08-14] (PhraseProfessor) ==== UWAGA
Task: {AE72C007-FF6D-4E9A-B028-A3805CA9047D} - System32\Tasks\{651C4FCC-9CA4-47ED-BF99-B744D489DCF0} = Chrome.exe http://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsMain
Task: {DC4FA144-3425-4A97-91FE-7CACAAA92378} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.22 Core = C:\Program Files (x86)\PhraseProfessor_1.10.0.22\Update\PhraseProfessorAutoUpdateClient.exe [2015-08-14] (PhraseProfessor) ==== UWAGA
Task: C:\Windows\Tasks\c70ba78c-bad8-4990-9af2-a5fe71843518-5.job = C:\Program Files (x86)\SavePass 1.1\c70ba78c-bad8-4990-9af2-a5fe71843518-5.exe ==== UWAGA
Task: C:\Windows\Tasks\c70ba78c-bad8-4990-9af2-a5fe71843518-5_user.job = C:\Program Files (x86)\SavePass 1.1\c70ba78c-bad8-4990-9af2-a5fe71843518-5.exe ==== UWAGA
HKLM\...\Run: [shopperz12082015] = C:\Program Files\shopperz12082015\Tuejet.exe [433528 2015-08-12] ()
HKLM\...\Run: [shopperz1208201564] = C:\Program Files\shopperz12082015\Tuejet64.exe [464760 2015-08-12] ()
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [ospd_us_013010064] = [X]
HKLM-x32\...\Run: [gmsd_pl_005010065] = [X]
HKLM-x32\...\Run: [gmsd_pl_005010068] = [X]
HKLM-x32\...\Run: [gmsd_pl_005010071] = [X]
HKLM-x32\...\Run: [gmsd_pl_005010075] = C:\Program Files (x86)\gmsd_pl_005010075\gmsd_pl_005010075.exe [3979408 2015-08-30] ()
HKLM-x32\...\RunOnce: [upgmsd_pl_005010075.exe] = C:\Users\user\AppData\Local\gmsd_pl_005010075\upgmsd_pl_005010075.exe [3314320 2015-08-30] ()
HKU\S-1-5-21-969234745-953165167-220753346-1000\...\Run: [KHJZ] = rundll32 "C:\Users\user\AppData\Roaming\vpnikeapi6.dll",Xiiuuma
HKU\S-1-5-21-969234745-953165167-220753346-1000\...\Run: [Yahoo! Search] = C:\Users\user\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.6\dsrlte.exe
AppInit_DLLs: C:\ProgramData\ExtTag\ZumRemsoft.dll = Brak pliku
AppInit_DLLs-x32: C:\ProgramData\ExtTag\Silverstock.dll = Brak pliku
GroupPolicy: Zasady grupy Chrome wykryto ======= UWAGA
GroupPolicy-x32: Zasady grupy Chrome wykryto ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń ======= UWAGA
HKU\S-1-5-21-969234745-953165167-220753346-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdQPk3D4CX4SnZ06nNbjIrBCtR0Yw7VHMKzcLyWoVhVH_lnEJtA52JCdr_T3NxxLS7656pqqfejvBjXRXeD9BJAP3V7qBf_C6YPlJKFu5EZy8TAIemW3JIG3-F2NIYslY0pAgcihWyC7s-APq={searchTerms}
HKU\S-1-5-21-969234745-953165167-220753346-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdQPk3D4CX4SnZ06nNbjIrBCtR0Yw7VHMKzcLyWoVhVH_lnEJtA52JCdr_T3NxxLS7656pqqfejvBjXRXeD9BJAP3V7qBf_C6YPlJKFu5EZy8TAIemW3JIG3-F2NIYslY0pAgcihWyC7s-APq={searchTerms}
HKU\S-1-5-21-969234745-953165167-220753346-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdQPk3D4CX4SnZ06nNbjIrBCtR0Yw7VHMKzcLyWoVhVH_lnEJtA52JCdr_T3NxxLS7656pqqfejvBjXRXeD9BJAP3V7qBf_C6YPlJKFu5EZy8TAIemW3JIG3-F2NIYslY0pAgcihWyC7s-APq={searchTerms}
SearchScopes: HKLM - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM-x32 - DefaultScope {ielnksrch} URL =
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-969234745-953165167-220753346-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-969234745-953165167-220753346-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Brak nazwy - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - Brak pliku
FF DefaultSearchEngine: V9
FF SearchEngineOrder.1: V9
FF SelectedSearchEngine: V9
FF Extension: WebConnect 1.0.1 - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iv6lmav6.default\Extensions\{78621d41-c71d-4d6b-a4da-c1af0f310e3e}.xpi [2014-11-27]
FF Extension: Magical Find - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iv6lmav6.default\Extensions\{d592d1d6-e861-4369-a4aa-4302b916eac7}.xpi [2015-08-23]
CHR Extension: (WebConnect) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kelheppgiophoagmlfhpkfkojeafleaa [2015-01-13]
CHR Extension: (Brak nazwy) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkndmigholgfjlniaohblojbhgjbkakn [2014-01-30]
CHR HKLM\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
OPR Extension: (Magical Find) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\cdanbmhicnipdleoligapgdjbmbhnmni [2015-08-28]
R2 hyverumu; C:\Program Files (x86)\174137A8-1439995854-954E-84F1-047D7B550284\jnsj6E40.tmp [209920 2015-08-19] () [Brak podpisu cyfrowego]
R2 jybiqyqo; C:\Program Files (x86)\174137A8-1439995854-954E-84F1-047D7B550284\hnszA662.tmp [137728 2015-08-19] () [Brak podpisu cyfrowego]
R2 misetufy; C:\Program Files (x86)\174137A8-1439995854-954E-84F1-047D7B550284\knsw4F35.tmp [1329664 2015-09-01] () [Brak podpisu cyfrowego]
R2 WdsManPro; C:\ProgramData\SWdsManProS\WdsManPro.exe [709288 2015-09-01] (DTools LIMITED)
S2 0122921440526548mcinstcleanup; C:\Users\user\AppData\Local\Temp\012292~1.EXE -cleanup -nolog [X]
S2 gopibeko; C:\Users\user\AppData\Local\174137A8-1440003135-954E-84F1-047D7B550284\snsp61C5.tmp [X]
S1 gixqiehs; \\C:\Windows\system32\drivers\gixqiehs.sys [X]
2015-09-01 13:33 - 2015-09-01 13:33 - 00004210 _____ C:\Windows\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.22 Pending Update
2015-09-01 13:33 - 2015-09-01 13:33 - 00004200 _____ C:\Windows\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.22 Core
2015-09-01 13:32 - 2015-09-01 13:33 - 00000000 ____ D C:\Program Files (x86)\PhraseProfessor_1.10.0.22
2015-09-01 13:23 - 2015-09-01 13:23 - 00000000 ____ D C:\Program Files\igfx32
2015-09-01 13:17 - 2015-09-01 13:18 - 00000000 ____ D C:\ProgramData\SWdsManProS
2015-08-30 21:24 - 2015-09-01 13:32 - 00000000 ____ D C:\Users\user\AppData\Local\gmsd_pl_005010075
2015-08-30 21:24 - 2015-08-30 21:24 - 00000000 ____ D C:\Program Files (x86)\gmsd_pl_005010075
2015-08-23 10:31 - 2015-08-25 21:18 - 00000000 ____ D C:\Program Files\shopperz12082015
2015-08-19 16:50 - 2015-09-01 12:25 - 00000000 ____ D C:\Program Files (x86)\174137A8-1439995854-954E-84F1-047D7B550284
2015-08-14 20:52 - 2015-08-14 20:52 - 00061328 _____ (PhraseProfessor) C:\Windows\system32\Drivers\ppfd_vt_1_10_0_22.sys
2015-08-14 20:52 - 2015-08-14 20:52 - 00057744 _____ (PhraseProfessor) C:\Windows\system32\Drivers\ppfd_vw_1_10_0_22.sys
2015-09-01 13:23 - 2015-01-17 18:55 - 00000000 ____ D C:\AdwCleaner
2015-08-30 21:26 - 2015-08-30 21:26 - 0613255 _____ (CMI Limited) C:\Users\user\AppData\Local\nseE735.tmp
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware https://www.malwarebytes.org/downloads/