Spowolniony system, wyskakujące reklamy w przeglądarkach, pomocy!


(Mfrankowski11) #1

shortcut:

http://wklej.to/BZOJ8

 

FRST:

http://wklej.to/fZt9A

 

additional:

http://wklej.to/lGE2S

 

W każdej przeglądarce wyskakują okienka z reklamami, nawet tapeta została zmieniona. Próbowałem wyrzucić to Avastem, Malwarebytes Anti - Malware i ADW Cleanerem i nic to nie daje. Z tego ostatniego tez wrzucam raport:

http://wklej.to/ZcSTr

 

Prosze o jakąś pomoc. Zbliża się oddanie dyplomu a bez komputera ani rusz :confused:

pozdrawiam i dziekuje!


(Atis) #2

W panelu sterowania odinstaluj:

Maxiget Software Manager

McAfee Security Scan Plus

SpyHunter 4

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1342732622-1108865191-2858710301-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Aga\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-1342732622-1108865191-2858710301-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1342732622-1108865191-2858710301-1000\...\Run: [MaxigetMasterUpdate] => "C:\Users\Aga\AppData\Roaming\Maxiget\Master\Updater\MasterUpdater.exe" -autorun
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1342732622-1108865191-2858710301-1000 -> {40841657-17C0-4CF7-8C2E-744B8D5BAFC2} URL = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-1342732622-1108865191-2858710301-1000 -> {7518EB2A-7368-45AF-9C48-EF0D953EA1FA} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
FF Extension: CinemaPlus-3.2cV11.05 - C:\Users\Aga\AppData\Roaming\Mozilla\Firefox\Profiles\5tq5rtws.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-05-11]
FF Extension: ab4b571839984a2c91ae18a7c2db513e - C:\Users\Aga\AppData\Roaming\Mozilla\Firefox\Profiles\5tq5rtws.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e} [2015-05-16]
FF HKU\S-1-5-21-1342732622-1108865191-2858710301-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
CHR Extension: (Edu App) - C:\Users\Aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\eneidefcjcnddpddbeipjeddjbmaonmi [2015-05-13]
CHR Extension: (Bookmark Manager) - C:\Users\Aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - https://clients2.google.com/service/update2/crx
CHR Extension: (efinmbicabejjhjafeidhfbojhnfiepj) - C:\Users\Aga\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj [2015-05-16]
OPR Extension: (efinmbicabejjhjafeidhfbojhnfiepj) - C:\Users\Aga\AppData\Roaming\Opera Software\Opera Stable\Extensions\efinmbicabejjhjafeidhfbojhnfiepj [2015-05-16]
R2 lupucylu; C:\Users\Aga\AppData\Roaming\7FEE169E-1431355709-DE11-9722-002622F970C8\nseC223.tmp [492544 2015-05-16] () [File not signed]
R2 nugilevu; C:\Users\Aga\AppData\Roaming\7FEE169E-1431355709-DE11-9722-002622F970C8\jnss743B.tmp [462336 2015-05-11] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-05-16] (Enigma Software Group USA, LLC.)
S2 feditemy; C:\Users\Aga\AppData\Local\7FEE169E-1431363231-DE11-9722-002622F970C8\snsj4477.tmp [X]
S2 insvc_1.10.0.14; "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" [X]
S2 Update Water Plant; "C:\Program Files (x86)\Water Plant\updateWaterPlant.exe" [X]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-16] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
C:\Users\Aga\AppData\Roaming\7FEE169E-1431355709-DE11-9722-002622F970C8
C:\Users\Aga\AppData\Local\7FEE169E-1431363231-DE11-9722-002622F970C8
2015-05-18 20:10 - 2015-05-18 20:53 - 00000000 ____ D () C:\AdwCleaner
2015-05-16 11:43 - 2015-05-16 11:43 - 00003310 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-05-16 11:43 - 2015-05-16 11:43 - 00000000 ____ D () C:\Users\Aga\AppData\Roaming\Enigma Software Group
2015-05-16 11:43 - 2015-05-16 11:43 - 00000000 ____ D () C:\sh4ldr
2015-05-16 11:41 - 2015-05-16 11:41 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-05-16 11:41 - 2015-05-16 11:41 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2015-05-16 11:02 - 2015-05-16 11:02 - 00000000 ____ D () C:\Program Files (x86)\62effed5-99c7-4532-a487-b8e794e441d4
C:\Users\Aga\AppData\Local\*.tmp
2015-05-11 16:47 - 2015-05-12 11:30 - 00000000 ____ D () C:\Program Files (x86)\Water Plant
2015-05-11 17:10 - 2015-05-17 18:36 - 00000000 ____ D () C:\Program Files (x86)\2f870547-ded8-4f00-b897-8f9019c25c44
2015-05-11 17:09 - 2015-05-16 23:26 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-11 16:45 - 2015-05-11 16:47 - 00000000 ____ D () C:\Program Files (x86)\Maxiget Software Manager
2015-04-19 14:20 - 2015-04-19 14:20 - 00005872 _____ () C:\Users\Aga\AppData\Roaming\rPu44gtELxEyUSq4Jk
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Aga\AppData\Roaming\lg9rrW0eEH0YMEz
C:\Users\Aga\AppData\Local\Temp*.html
Task: {04E17FB7-8E82-4C05-A8E4-B8349C60026E} - System32\Tasks\lg9rrW0eEH0YMEz => C:\Users\Aga\AppData\Roaming\lg9rrW0eEH0YMEz.exe <==== ATTENTION
Task: {068BDE60-1730-432E-A86F-53F095B2AB7E} - System32\Tasks\{49125E44-14DD-497F-8045-02A816D7A33D} => Firefox.exe http://ui.skype.com/ui/0/6.3.0.105/pl/abandoninstall?page=tsProgressBar
Task: {14E8CD99-BEC6-4084-9FE9-14CCC570B505} - System32\Tasks\{118EFBDC-4314-4CD7-84CC-A1C75649F538} => Firefox.exe http://www.skype.com/go/downloading?source=installer&amp;ver=6.1.0.129.272&amp;LastError=-9
Task: {1FDDF76E-581A-4F82-91CB-590853A16FC1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {23BD9474-5260-4F05-8552-B07DFBF507EB} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe <==== ATTENTION
Task: {2F5F48C8-37E3-4A9D-AA30-61099E848CC5} - System32\Tasks\{7C0C16E7-3AD6-42DD-9C58-40706B0F848A} => pcalua.exe -a C:\Users\Aga\AK\Downloads\installer.exe -d C:\Users\Aga\AK\Downloads
Task: {4BEB9807-96DA-463E-8964-228D5BB81C07} - System32\Tasks\{A85E06DC-87A1-4D73-BEA5-722BFB3E51D3} => pcalua.exe -a "C:\Users\Aga\AppData\Local\Maxiget Download Manager\uninsmdm.bat"
Task: {55F69602-5E86-4963-BB9C-21C40FF645F5} - System32\Tasks\{FBA43707-8304-4F60-8C44-137D20BAAAF8} => pcalua.exe -a "C:\Users\Aga\Desktop\Adobe CS3\Illustrator\Adobe CS3\Setup.exe" -d "C:\Users\Aga\Desktop\Adobe CS3\Illustrator\Adobe CS3"
Task: {84A023AD-1D50-4D67-BBD3-7DAA62E29C2F} - System32\Tasks\{A603D6AF-FD3B-4FA3-B3FC-91CA4F12A55E} => Firefox.exe http://www.skype.com/go/downloading?source=installer&amp;ver=6.1.0.129.272&amp;LastError=-9
Task: {AEF2C320-BF9C-4422-BE26-65BB55A617FE} - System32\Tasks\rPu44gtELxEyUSq4Jk => C:\Users\Aga\AppData\Roaming\rPu44gtELxEyUSq4Jk.exe <==== ATTENTION
Task: {C6C881EC-1C07-463F-BE19-3093532C381D} - System32\Tasks\{510D70D6-D6DF-4A0F-B303-49AC757F82DF} => Firefox.exe http://ui.skype.com/ui/0/6.3.0.105/pl/abandoninstall?page=tsProgressBar
Task: {CF41CE65-0E37-4DAF-906A-3531C2475F07} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-05-16] (Enigma Software Group USA, LLC.)
Task: {D87A033E-B4BF-4792-AD57-6A958303C06B} - System32\Tasks\{251A8940-A652-4C9A-9A9C-2D06D17C0506} => pcalua.exe -a "C:\Users\Aga\Desktop\Adobe CS3\Photoshop\Adobe CS3\Setup.exe" -d "C:\Users\Aga\Desktop\Adobe CS3\Photoshop\Adobe CS3"
Task: {E3D4E52D-AB33-4C2F-9BAB-4C0CB4187BF1} - System32\Tasks\{93D822AF-C8DE-42E8-A2FB-D17D201FA821} => pcalua.exe -a C:\Users\Aga\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima
Task: C:\Windows\Tasks\lg9rrW0eEH0YMEz.job => C:\Users\Aga\AppData\Roaming\lg9rrW0eEH0YMEz.exe <==== ATTENTION
Task: C:\Windows\Tasks\rPu44gtELxEyUSq4Jk.job => C:\Users\Aga\AppData\Roaming\rPu44gtELxEyUSq4Jk.exe <==== ATTENTION
C:\Users\Aga\AppData\Roaming\*.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Mfrankowski11) #3

raport Fixlog

http://wklej.to/Vdukg

 

nowy raport FRST

http://wklej.to/FG4kQ


(Atis) #4

Skasuj folder C:\FRST

Dysk przeskanuj ESET Online Scanner

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.2

Java 7 Update 21

Zainstaluj:

Flash Player 17.0.0.188 ActiveX

Flash Player 17.0.0.188 NPAPI

Adobe Reader XI 11.0.11

Java 8 Update 45