Walka z Pup.Optional

Dla specjalistów Bezpieczeństwo
#1

Witam , ostatnio mam problemy z zainfekowanymi plikami "PUP, Optional . Włączają się jakieś dziwne aplikacje , jak i dziwne procesy ;x Mimo skanowania Malwar Bytes i “usuwania” zainfekowanych plików nie pomaga .Proszę o pomoc .! Dodaję loga od Malware Bytes http://www.wklejto.pl/224588

MBAM-log-2015-03-28 (21-11-27).txt

#2

http://forum.dobreprogramy.pl/nowy-log-obowi%C4%85zkowy-farbar-recovery-scan-tool-t478727/

#3

 http://wklej.to/b4l0J FRST

#4

Otwórz notatnik systemowy i wklej:

Task: {1DCD6B3A-E7EC-4C81-AADA-C1E33AED6611} - System32\Tasks\QGYN = C:\Users\Admin\AppData\Roaming\QGYN.exe ==== ATTENTION
Task: {45373BF2-2AA4-4306-A518-8CE000D2FFE3} - \SmartWeb Upgrade Trigger Task No Task File ==== ATTENTION
Task: {981F2D46-2DE3-4E44-BD72-E1F73142D2CE} - System32\Tasks\TDJAM = C:\Users\Admin\AppData\Roaming\TDJAM.exe ==== ATTENTION
Task: C:\Windows\Tasks\QGYN.job = C:\Users\Admin\AppData\Roaming\QGYN.exe ==== ATTENTION
Task: C:\Windows\Tasks\TDJAM.job = C:\Users\Admin\AppData\Roaming\TDJAM.exe ==== ATTENTION
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk
ShortcutTarget: Download.lnk - C:\ProgramData\{5cebfb77-e989-6fb0-5ceb-bfb77e98eddf}\Download.exe (No File)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-3916664493-963513432-1492697171-1000 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3916664493-963513432-1492697171-1000 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
R2 fisobicy; C:\Users\Admin\AppData\Local\00000000-1427565168-0000-0000-448A5BB9278E\insw1EC9.tmp [78336 2015-03-28] () [File not signed]
R2 fywobony; C:\Users\Admin\AppData\Roaming\00000000-1427549802-0000-0000-448A5BB9278E\jnsaD00D.tmp [205824 2015-03-28] () [File not signed]
R2 hepixoke; C:\Users\Admin\AppData\Roaming\00000000-1427549802-0000-0000-448A5BB9278E\nsuBC57.tmp [111104 2015-03-28] () [File not signed]
S3 MSICDSetup; \\F:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \\F:\NTIOLib_X64.sys [X]
S3 X6va028; \\C:\Windows\SysWOW64\Drivers\X6va028 [X]
2015-03-28 21:18 - 2015-03-28 21:21 - 00000000 ____ D () C:\AdwCleaner
2015-03-28 15:30 - 2015-03-28 22:40 - 00001336 _____ () C:\Windows\Tasks\TDJAM.job
2015-03-28 15:30 - 2015-03-28 15:30 - 00004362 _____ () C:\Windows\System32\Tasks\TDJAM
2015-03-28 15:29 - 2015-03-28 22:40 - 00001334 _____ () C:\Windows\Tasks\QGYN.job
2015-03-28 15:29 - 2015-03-28 15:29 - 00004360 _____ () C:\Windows\System32\Tasks\QGYN
2015-03-28 14:52 - 2015-03-28 14:52 - 00613255 _____ (CMI Limited) C:\Users\Admin\AppData\Local\nsg1475.tmp
2015-03-26 20:14 - 2015-03-26 20:14 - 00005542 _____ () C:\Users\Admin\AppData\Roaming\QGYN
2015-03-26 20:14 - 2015-03-26 20:14 - 00004185 _____ () C:\Users\Admin\AppData\Roaming\TDJAM
2015-03-20 22:10 - 2015-03-20 22:10 - 00003032 _____ () C:\Windows\System32\Tasks\{19A77C47-CB76-4156-9B3D-48E9703783EE}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.