System wolno chodzi, wyskakują reklamy w przeglądarce

shanq · 26 Grudzień 2014 16:37

Witam. Od jakiegoś czasu system wolno chodzi i wyskakują reklamy w przeglądarce. Proszę o pomoc

Log OTL: http://wklej.co/paste/762

gmer.txt

Acorus · 26 Grudzień 2014 16:59

Odinstaluj AdvanceElite,iWebar,Object Browser,QueenCoUipon,Remote Desktop Access (VuuPC),RoyalCoupon,Search Protect,Sense,Shopper-Pro,SiteFinder,sweet-page uninstall,topBuoyeR,WildWestCoupon,WindowsMangerProtect20.0.0.722,WinZipper,WorldofTanks,YTDownloader.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.

shanq · 26 Grudzień 2014 18:24

Logi w załącznikach. Jeszcze pojawiają mi się strony m.in. offers.bycontext.com

FRST.txt

Shortcut.txt

Addition.txt

Acorus · 26 Grudzień 2014 18:45

Otwórz notatnik systemowy i wklej:

Task: {25E61C1D-93DB-4C8B-B245-3A888C1D3168} - System32\Tasks\UNELEVATE_16672 = C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1390\jsdrv.exe ==== ATTENTION
Task: {32BC7763-6392-47CA-9B8B-A6DCCCAE15D5} - System32\Tasks\UNELEVATE_9690 = C:\Program Files (x86)\ShopperPro\JSDriver\1.38.0.1425\jsdrv.exe ==== ATTENTION
Task: {37FC7B4A-02C9-4B54-B983-0449E6FF79A7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1067321925-3578864132-775108078-1000UA = C:\Users\x\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-16] (Facebook Inc.)
Task: {3E5F1319-F12B-41A3-8951-853B8CAF962F} - System32\Tasks\{8E6CA618-026E-4A28-851A-8CD0D7F196CC} = pcalua.exe -a C:\Users\x\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {470609DB-31BF-4DAF-A7B9-6ED4164F9B5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1067321925-3578864132-775108078-1000Core = C:\Users\x\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-16] (Facebook Inc.)
Task: {5D345B26-7D12-43C6-8941-30CF9056A525} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 = Rundll32.exe C:\Program Files\Common Files\System\SysMenu.dll ,Command701 update2 ==== ATTENTION
Task: {7785297A-8A21-43FC-8969-557715044ED1} - System32\Tasks\YTDownloaderUpd = C:\Program Files (x86)\YTDownloader\updater.exe ==== ATTENTION
Task: {B05DFB33-5230-4CAB-BBEC-1F62F69E850D} - System32\Tasks\UNELEVATE_12860 = C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1390\jsdrv.exe ==== ATTENTION
Task: {B7616895-4964-4435-B471-5CD1CD87DA9E} - System32\Tasks\UNELEVATE_24836 = C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1390\jsdrv.exe ==== ATTENTION
Task: {DDC0DC86-681D-412B-B5DD-C30A0EF032E1} - System32\Tasks\UNELEVATE_5175 = C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1390\jsdrv.exe ==== ATTENTION
Task: {EC94C577-092E-4D67-827B-B5744B3451B1} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 = Rundll32.exe C:\Program Files\Common Files\System\SysMenu.dll ,Command701 update3 ==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1067321925-3578864132-775108078-1000Core.job = C:\Users\x\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1067321925-3578864132-775108078-1000UA.job = C:\Users\x\AppData\Local\Facebook\Update\FacebookUpdate.exe
AppInit_DLLs: C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files = C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files C:\Program Files File Not Found
AppInit_DLLs-x32: c:\program files c:\program files c:\program files c:\program files c:\program files c:\program files c:\program files = "c:\program files c:\program files c:\program files c:\program files c:\program files c:\program files c:\program files" File Not Found
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: QueenCoUipon - {bf6f7f4a-65d9-4033-9a7f-d2872772a62b} - C:\ProgramData\QueenCoUipon\gq69RZttkoUmNJ.x64.dll No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml
FF Extension: Object Browser - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\abnkhfcq.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2014-11-01]
FF Extension: openbookmarkintabpirosakuranejp - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\abnkhfcq.default\Extensions\openbookmarkintab@piro.sakura.ne.jp [2014-11-05]
FF Extension: iWebar - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\abnkhfcq.default\Extensions\ROUAILDE73397174@UXGZI17268980.com [2014-11-01]
FF Extension: Site Matcher - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\abnkhfcq.default\Extensions\sitematcher@sitematcher.com [2014-07-11]
FF Extension: tinyjsdebuggerenigmailnet - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\abnkhfcq.default\Extensions\tinyjsdebugger@enigmail.net [2014-11-05]
FF Extension: Settings Manager - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\abnkhfcq.default\Extensions\{E729C6EC-E9FF-E59F-355C-EC59F2795E4E} [2014-05-17]
FF Extension: webget - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\abnkhfcq.default\Extensions\{9edd0ea8-2819-47c2-8320-b007d5996f8a}.xpi [2014-05-24]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\abnkhfcq.default\extensions\detgdp@gmail.com
CHR Extension: (Sense) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2014-12-01]
CHR Extension: (Wheretoget) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcbagiiepbjgkfjhakhilgeikkoapem [2014-12-03]
CHR Extension: (Object Browser) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\keoppklbljbnecjcpehjlmdcdibpdclf [2014-11-24]
S3 X6va025; \\C:\Windows\SysWOW64\Drivers\X6va025 [X]
2014-12-26 18:48 - 2014-12-26 18:48 - 00003134 _____ () C:\Windows\System32\Tasks\{8E6CA618-026E-4A28-851A-8CD0D7F196CC}
2014-12-26 19:01 - 2014-07-21 12:03 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

shanq · 26 Grudzień 2014 19:33

Dzięki. Jest lepiej, nie ma już tych reklam. Dać jeszcze jakies logi?

Acorus · 27 Grudzień 2014 08:32

Skasuj folder C:\FRST