Strong Ads, Glass Bottle, itd

Dla specjalistów Bezpieczeństwo
#1

Dosłownie błagam o pomoc w usunięciu tego okropieństwa z mojego komputera. Nie wiem z czym się tu dostało, wiem tylko, że dawno nie byłam tak wściekła przy używaniu komputera jak z tym. 

 

Linki do logów:

 

http://wklej.org/id/1793590/ - Addition.txt

http://wklej.org/id/1793595/ - FRST.txt

 

Z góry ogromne dziękuję. :o

#2

Odinstaluj SpyHunter 4 .

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Zasady grupy Chrome wykryto <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1230545430-3577183492-2310049611-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1230545430-3577183492-2310049611-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
OPR Extension: (Glass Bottle) - C:\Users\Umca\AppData\Roaming\Opera Software\Opera Stable\Extensions\apdhdnojdbhafnfogidcjgknlgjaackh [2015-05-14]
OPR Extension: (Strong Signal) - C:\Users\Umca\AppData\Roaming\Opera Software\Opera Stable\Extensions\ecdmekppnalhnpenpglkipoppjmiidke [2015-05-05]
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-09-09] (Enigma Software Group USA, LLC.)
R3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-09-09] ()
2015-09-09 21:58 - 2015-09-09 21:58 - 00000000 ____ D C:\rsit
2015-09-09 21:58 - 2015-09-09 21:58 - 00000000 ____ D C:\Program Files (x86)\trend micro
2015-09-09 03:07 - 2015-09-09 03:07 - 00866744 _____ (Web Installer generic ) C:\Users\Umca\Downloads\CCleaner-13061-dp.exe
2015-09-09 00:14 - 2015-09-09 00:14 - 00000000 _____ C:\autoexec.bat
2015-09-09 00:13 - 2015-09-09 00:13 - 00003328 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-09-09 00:13 - 2015-09-09 00:13 - 00001087 _____ C:\Users\Umca\Desktop\SpyHunter.lnk
2015-09-09 00:13 - 2015-09-09 00:13 - 00000000 ____ D C:\Users\Umca\AppData\Roaming\Enigma Software Group
2015-09-09 00:13 - 2015-09-09 00:13 - 00000000 ____ D C:\sh4ldr
2015-09-09 00:12 - 2015-09-09 00:12 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-09-09 00:12 - 2015-09-09 00:12 - 00000000 ____ D C:\Program Files\Enigma Software Group
2015-09-09 00:11 - 2015-09-09 00:11 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Umca\Downloads\SpyHunter-Installer.exe
2015-08-25 01:36 - 2015-08-25 01:36 - 00000124 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-08-25 01:36 - 2015-08-25 01:36 - 00000000 ____ D C:\ProgramData\update
2015-08-25 01:33 - 2015-08-25 01:33 - 00868472 _____ (Installer ) C:\Users\Umca\Downloads\Free-Download-Manager-12555-dp.exe
2015-08-25 01:24 - 2015-08-25 01:24 - 00868472 _____ (Installer ) C:\Users\Umca\Downloads\FlashGet-12325-dp.exe
2015-08-25 01:07 - 2015-08-25 01:07 - 00868472 _____ (Installer ) C:\Users\Umca\Downloads\WinDVD-Pro-12214-dp.exe
2015-09-09 21:55 - 2015-05-15 02:38 - 00000000 ____ D C:\AdwCleaner
2015-06-07 19:43 - 2015-06-07 19:43 - 0001181 _____ () C:\Users\Umca\AppData\Roaming\trace_FilterInstaller.txt
2015-06-07 19:43 - 2015-06-07 19:43 - 0000000 _____ () C:\Users\Umca\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

#3

Ok, przepraszam i już poprawiłam. :slight_smile: