Strony, zakładki, powolna przegladarka

Dla specjalistów Bezpieczeństwo
#1

Witam. Od pewnego czasu bombarduja mnie reklamy. Otwierają mi się nowe zakładki, dużo reklam ogólnie i gdy otworzeokoło 5 zakładek przegladarka “Chrome” zaczyna działać wolniej, mulić sie.

 

 

 

FRST: http://wklej.org/id/1636869/

Addition:http://wklej.org/id/1636871/

#2

Odinstaluj AppsHat Mobile Apps,mystartsearch uninstall,Word Proser 1.10.0.6.Otwórz notatnik systemowy i wklej:

Task: C:\WINDOWS\Tasks\05285cd5-a384-4c57-b6c2-67d169a044a6-1.job = C:\Program Files\Super Radio\Super Radio-codedownloader.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\05285cd5-a384-4c57-b6c2-67d169a044a6-10_user.job = C:\Program Files\Super Radio\05285cd5-a384-4c57-b6c2-67d169a044a6-10.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\05285cd5-a384-4c57-b6c2-67d169a044a6-2.job = C:\Program Files\Super Radio\05285cd5-a384-4c57-b6c2-67d169a044a6-2.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\05285cd5-a384-4c57-b6c2-67d169a044a6-4.job = C:\Program Files\Super Radio\05285cd5-a384-4c57-b6c2-67d169a044a6-4.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\05285cd5-a384-4c57-b6c2-67d169a044a6-5.job = C:\Program Files\Super Radio\05285cd5-a384-4c57-b6c2-67d169a044a6-5.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job = C:\WINDOWS\system32\cscript.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\b4e67738-ce88-48a3-854a-2b8906315a2e-1-6.job = C:\Program Files\App Lid\b4e67738-ce88-48a3-854a-2b8906315a2e-1-6.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\b4e67738-ce88-48a3-854a-2b8906315a2e-1-7.job = C:\Program Files\App Lid\b4e67738-ce88-48a3-854a-2b8906315a2e-1-7.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\b4e67738-ce88-48a3-854a-2b8906315a2e-10_user.job = C:\Program Files\App Lid\b4e67738-ce88-48a3-854a-2b8906315a2e-10.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\b4e67738-ce88-48a3-854a-2b8906315a2e-11.job = C:\Program Files\App Lid\b4e67738-ce88-48a3-854a-2b8906315a2e-11.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\b4e67738-ce88-48a3-854a-2b8906315a2e-4.job = C:\Program Files\App Lid\b4e67738-ce88-48a3-854a-2b8906315a2e-4.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\b4e67738-ce88-48a3-854a-2b8906315a2e-5.job = C:\Program Files\App Lid\b4e67738-ce88-48a3-854a-2b8906315a2e-5.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\b4e67738-ce88-48a3-854a-2b8906315a2e-6.job = C:\Program Files\App Lid\b4e67738-ce88-48a3-854a-2b8906315a2e-6.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\b4e67738-ce88-48a3-854a-2b8906315a2e-7.job = C:\Program Files\App Lid\b4e67738-ce88-48a3-854a-2b8906315a2e-7.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job = C:\Program Files\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job = C:\Program Files\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job = C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job = C:\WINDOWS\system32\xp_eos.exe
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-19\...\RunOnce: [nltide_3] = rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [nltide_3] = rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [nltide_3] = rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsppts=1421328781from=smtuid=SAMSUNGXSP1654N_S0GEJ1JL608729q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpppts=1421328781from=smtuid=SAMSUNGXSP1654N_S0GEJ1JL608729
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsppts=1421328781from=smtuid=SAMSUNGXSP1654N_S0GEJ1JL608729q={searchTerms}
HKU\S-1-5-21-1177238915-839522115-1417001333-500\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalkiutm_medium=installerutm_campaign=instalki
HKU\S-1-5-21-1177238915-839522115-1417001333-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpppts=1421328781from=smtuid=SAMSUNGXSP1654N_S0GEJ1JL608729
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.interia.pl/#utm_source=instalkiutm_medium=installerutm_campaign=instalki" ======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsppts=1421328781from=smtuid=SAMSUNGXSP1654N_S0GEJ1JL608729q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsppts=1421328781from=smtuid=SAMSUNGXSP1654N_S0GEJ1JL608729q={searchTerms}
SearchScopes: HKU\S-1-5-21-1177238915-839522115-1417001333-500 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsppts=1421328781from=smtuid=SAMSUNGXSP1654N_S0GEJ1JL608729q={searchTerms}
SearchScopes: HKU\S-1-5-21-1177238915-839522115-1417001333-500 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsppts=1421328781from=smtuid=SAMSUNGXSP1654N_S0GEJ1JL608729q={searchTerms}
BHO: No Name - {68182220-3c75-49d9-a9c4-4093d3986279} - No File
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=ntts=1421328375from=smtuid=SAMSUNGXSP1654N_S0GEJ1JL608729
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mystartsearch.xml
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\7emqscns.default\extensions\faststartff@gmail.com
CHR StartupUrls: Default - "hxxp://www.mystartsearch.com/?type=hpts=1421328375from=smtuid=SAMSUNGXSP1654N_S0GEJ1JL608729"
CHR DefaultSearchKeyword: Default - mystartsearch
CHR Extension: (ace race) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cpfihdlcfknoblcpolinncjcgjkgllan [2015-01-31]
CHR Extension: (SourceApp) - C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nnomhdcllmceelhbpclhblipjkjilnli [2015-01-15]
OPR Extension: (App Lid) - C:\Documents and Settings\Administrator\Dane aplikacji\Opera Software\Opera Stable\Extensions\aemgobnhmjkokaanfjcikbeddfpfbcce [2015-01-30]
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-30] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-30] (globalUpdate) [File not signed]
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-15] (SysTool PasSame LIMITED) [File not signed]
R2 wpsvc_1.10.0.6; C:\Program Files\WordProser_1.10.0.6\Service\wpsvc.exe [277584 2015-01-07] (Word Proser)
R1 wpnfd_1_10_0_6; C:\WINDOWS\System32\drivers\wpnfd_1_10_0_6.sys [52736 2015-01-07] (Word Proser)
R1 {4291b504-d331-41fb-90ff-daaf14dd7f49}Gt; C:\WINDOWS\System32\drivers\{4291b504-d331-41fb-90ff-daaf14dd7f49}Gt.sys [55824 2015-01-21] (StdLib)
R1 {44219168-7340-43df-bbc2-89f0b26c112f}Gt; C:\WINDOWS\System32\drivers\{44219168-7340-43df-bbc2-89f0b26c112f}Gt.sys [55824 2015-01-18] (StdLib)
R1 {549b1cd8-769f-468a-ad93-f57bfc8402c2}Gt; C:\WINDOWS\System32\drivers\{549b1cd8-769f-468a-ad93-f57bfc8402c2}Gt.sys [55824 2015-01-14] (StdLib)
R1 {641e52b1-3179-43ed-8bcb-f688871e52b0}Gt; C:\WINDOWS\System32\drivers\{641e52b1-3179-43ed-8bcb-f688871e52b0}Gt.sys [55832 2015-01-19] (StdLib)
R1 {7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}Gt; C:\WINDOWS\System32\drivers\{7a11bc7a-fa65-4d5a-ade4-5a0d20eea01d}Gt.sys [55824 2015-02-03] (StdLib)
R1 {915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gt; C:\WINDOWS\System32\drivers\{915cb94b-b4d8-4c0e-83b4-61409471b1c3}Gt.sys [55832 2015-01-23] (StdLib)
R1 {9a6c78f1-af36-4e4d-ba83-e044b750db48}Gt; C:\WINDOWS\System32\drivers\{9a6c78f1-af36-4e4d-ba83-e044b750db48}Gt.sys [55824 2015-01-24] (StdLib)
R1 {cad8ac99-1831-4a75-b758-e4235c95af75}Gt; C:\WINDOWS\System32\drivers\{cad8ac99-1831-4a75-b758-e4235c95af75}Gt.sys [55824 2015-01-16] (StdLib)
R1 {ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gt; C:\WINDOWS\System32\drivers\{ebd8d0c0-e022-4b76-a1f2-bc2963e3a147}Gt.sys [55832 2015-01-14] (StdLib)
R1 {ebf755a7-a244-4bc6-ac93-a366f9eccf49}Gt; C:\WINDOWS\System32\drivers\{ebf755a7-a244-4bc6-ac93-a366f9eccf49}Gt.sys [55824 2015-01-31] (StdLib)
R1 {ecd6aae4-019c-44b2-a0e5-570904275d66}Gt; C:\WINDOWS\System32\drivers\{ecd6aae4-019c-44b2-a0e5-570904275d66}Gt.sys [55832 2015-01-16] (StdLib)
R1 {f2944598-b89f-4e10-b544-5173761572df}Gt; C:\WINDOWS\System32\drivers\{f2944598-b89f-4e10-b544-5173761572df}Gt.sys [55824 2015-01-29] (StdLib)
U4 ClipSrv; No ImagePath
S4 IntelIde; No ImagePath
S3 MBAMSwissArmy; \\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U4 NetDDE; No ImagePath
U4 NetDDEdsdm; No ImagePath
S1 vcdrom; \\C:\Program Files\System\CPL Bonus\Vcdrom.sys [X]
U1 WS2IFSL; No ImagePath
2015-01-30 16:10 - 2015-02-16 08:26 - 00002422 _____ () C:\WINDOWS\Tasks\b4e67738-ce88-48a3-854a-2b8906315a2e-5.job
2015-01-30 16:10 - 2015-01-30 19:43 - 00000000 ____ D () C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\FilesFrog Update Checker
C:\Documents and Settings\Administrator\TempWmicBatchFile.bat
C:\Documents and Settings\Administrator\xmlUpdater.exe
C:\Documents and Settings\Default User\xmlUpdater.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Wielkie dzieki

#4

Skasuj folder C:\FRST

W AdwCleaner użyj opcji Odinstaluj.