Protectedio search-jak usunąć, zamulony internet i wyskakujące reklamy

kienio · 19 Lipiec 2015 12:21

Od niedawna mam problem z internetem, gdyż strasznie mi zwolnił i pojawiła się wyszukiwarka protectedio search i wyskakuje reklama getprivate. jak to usunąć???

Proszę o jak najszybszą pomoc, bo sam nie dam rady.

Zrobiłem tylko skan FRST:FRST.txt Addition.txt

Acorus · 19 Lipiec 2015 12:32

Odinstaluj Adobe Reader 8.1.2,Google Chrome Extension Updater 1.12.02,InetStat,Yontoo 1.10.02.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.Pokaż nowe logi z FRST.

kienio · 19 Lipiec 2015 14:08

Yontoo się nie da odinstalować pisze system initializing error, a google chrome updater nie znalazlem.

Reszta odinstalowana.

Acorus · 19 Lipiec 2015 14:19

Pomiń to i wykonaj resztę.

kienio · 19 Lipiec 2015 15:11

Zrobiłem skan adw cleanerem i FRST.

Oto nowe logi z FRST: FRST.txt Addition.txt

Acorus · 19 Lipiec 2015 16:06

Otwórz notatnik systemowy i wklej:

CloseProcesses:
Task: {24A72522-9A0C-440B-A48B-C2D67A12B053} - System32\Tasks\Alfasistem Memory Job => C:\Program Files (x86)\Alfasistem Memory\ tmjob.exe [2015-07-09] (SecureSoft)
Task: {9A8BA340-8541-4FB9-995F-607192005620} - System32\Tasks\Windows Defrag => C:\Users\Konrad\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {BBC08C0A-A70B-42D0-BF65-4DB102514777} - System32\Tasks\0 => Chrome.exe <==== ATTENTION
Task: {E54F95B4-57CD-4878-BB9B-17EF5B315131} - System32\Tasks\{C2B756E9-D58F-45D0-9E0E-66FFC8617775} => C:\Program Files (x86)\Alfasistem Memory\swchromium.exe [2015-07-09] (Secure Soft)
HKLM-x32\...\Run: [tuto4pc_pl_5] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-21-2370776019-2709016871-1335353104-1000\...\Run: [T1702622TT4] => C:\Windows\system32\55172188316l.exe
HKU\S-1-5-21-2370776019-2709016871-1335353104-1000\...\Run: [T1TT4] => \l.exe
HKU\S-1-5-18\...\RunOnce: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2014-03-26]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (No File)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2370776019-2709016871-1335353104-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.protectedio.com/?u=8929ca6b0cad4e33de200ce2e991da4f&c=p1&src=hp&inst=1437206488
SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=8929ca6b0cad4e33de200ce2e991da4f&c=p1&src=srch&inst=1437206488
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2370776019-2709016871-1335353104-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=8929ca6b0cad4e33de200ce2e991da4f&c=p1&src=srch&inst=1437206488
FF NewTab: https://search.protectedio.com/?u=5d966904-fd54-de3c-774d-d150ef584b3c&c=p1&s=nt&inst=1436172281
FF DefaultSearchEngine: prot
FF Homepage: https://search.protectedio.com/?u=5d966904-fd54-de3c-774d-d150ef584b3c&c=p1&s=hp&inst=1436172281
CHR Extension: (Block site) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-02]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
U0 sr; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-07-19 16:27 - 2015-07-19 16:47 - 00000000 ____ D C:\AdwCleaner
2015-07-19 12:45 - 2015-07-19 12:45 - 00000000 ____ D C:\Users\Konrad\Desktop\FRST-OlderVersion
2015-07-16 14:00 - 2015-07-16 14:00 - 00003084 _____ C:\Windows\System32\Tasks\{730CFDBB-D3A1-4764-B9EA-ED54F8FC9322}
2015-07-01 17:21 - 2015-07-01 17:21 - 00002992 _____ C:\Windows\System32\Tasks\{C2B756E9-D58F-45D0-9E0E-66FFC8617775}
2015-07-01 10:40 - 2015-07-01 10:41 - 00803840 _____ C:\Users\Konrad\AppData\Roaming\F97B.tmp.exe
2015-07-01 10:40 - 2015-07-01 10:41 - 00000000 ____ D C:\Program Files (x86)\Alfasistem Memory
2015-07-01 10:40 - 2015-07-01 10:40 - 00000000 _____ C:\Users\Konrad\AppData\Roaming\F97B.tmp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://www.malwarebytes.org/8/

kienio · 19 Lipiec 2015 17:44

Acorus:

Otwórz notatnik systemowy i wklej: CloseProcesses: Task: {24A72522-9A0C-440B-A48B-C2D67A12B053} - System32\Tasks\Alfasistem Memory Job => C:\Program Files (x86)\Alfasistem Memory\ tmjob.exe [2015-07-09] (SecureSoft) Task: {9A8BA340-8541-4FB9-995F-607192005620} - System32\Tasks\Windows Defrag => C:\Users\Konrad\AppData\Roaming\Updater\winupd.exe <==== ATTENTION Task: {BBC08C0A-A70B-42D0-BF65-4DB102514777} - System32\Tasks\0 => Chrome.exe <==== ATTENTION Task: {E54F95B4-57CD-4878-BB9B-17EF5B315131} - System32\Tasks{C2B756E9-D58F-45D0-9E0E-66FFC8617775} => C:\Program Files (x86)\Alfasistem Memory\swchromium.exe [2015-07-09] (Secure Soft) HKLM-x32…\Run: [tuto4pc_pl_5] => [X] HKLM-x32…\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation) HKU\S-1-5-19…\RunOnce: [] => [X] HKU\S-1-5-20…\RunOnce: [] => [X] HKU\S-1-5-21-2370776019-2709016871-1335353104-1000…\Run: [T1702622TT4] => C:\Windows\system32\55172188316l.exe HKU\S-1-5-21-2370776019-2709016871-1335353104-1000…\Run: [T1TT4] => \l.exe HKU\S-1-5-18…\RunOnce: [] => [X] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2014-03-26] ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (No File) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2370776019-2709016871-1335353104-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.protectedio.com/?u=8929ca6b0cad4e33de200ce2e991da4f&c=p1&src=hp&inst=1437206488 SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=8929ca6b0cad4e33de200ce2e991da4f&c=p1&src=srch&inst=1437206488 SearchScopes: HKU.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2370776019-2709016871-1335353104-1000 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = https://search.protectedio.com/search.php/?q={searchTerms}&u=8929ca6b0cad4e33de200ce2e991da4f&c=p1&src=srch&inst=1437206488 FF NewTab: https://search.protectedio.com/?u=5d966904-fd54-de3c-774d-d150ef584b3c&c=p1&s=nt&inst=1436172281 FF DefaultSearchEngine: prot FF Homepage: https://search.protectedio.com/?u=5d966904-fd54-de3c-774d-d150ef584b3c&c=p1&s=hp&inst=1436172281 CHR Extension: (Block site) - C:\Users\Konrad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-02] S2 gupdate; “C:\Program Files (x86)\Google\Update\GoogleUpdate.exe” /svc [X] S3 gupdatem; “C:\Program Files (x86)\Google\Update\GoogleUpdate.exe” /medsvc [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] U0 sr; No ImagePath S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] 2015-07-19 16:27 - 2015-07-19 16:47 - 00000000 ____D C:\AdwCleaner 2015-07-19 12:45 - 2015-07-19 12:45 - 00000000 ____D C:\Users\Konrad\Desktop\FRST-OlderVersion 2015-07-16 14:00 - 2015-07-16 14:00 - 00003084 _____ C:\Windows\System32\Tasks{730CFDBB-D3A1-4764-B9EA-ED54F8FC9322} 2015-07-01 17:21 - 2015-07-01 17:21 - 00002992 _____ C:\Windows\System32\Tasks{C2B756E9-D58F-45D0-9E0E-66FFC8617775} 2015-07-01 10:40 - 2015-07-01 10:41 - 00803840 _____ C:\Users\Konrad\AppData\Roaming\F97B.tmp.exe 2015-07-01 10:40 - 2015-07-01 10:41 - 00000000 ____D C:\Program Files (x86)\Alfasistem Memory 2015-07-01 10:40 - 2015-07-01 10:40 - 00000000 _____ C:\Users\Konrad\AppData\Roaming\F97B.tmp EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix. Przeskanuj programem Malwarebytes Anti-Malware http://www.malwarebytes.org/8/ Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

Coś jeszcze?

Acorus · 19 Lipiec 2015 18:10

To wszystko.

kienio · 19 Lipiec 2015 18:13

Dzięki, jest dobrze śmiga jak należy, jesteś the best.