Win32/elex.cp, toolbar crossrider.b, adwar.convertad.eb

matrix81 · 16 Kwiecień 2015 22:54

przegladarki, programy typu anyprotect, reimage repair zaczely sie instalowac na laptopie probowalem usuwac i nic

FRST

http://www.wklej.org/id/1689984/

addition

http://www.wklej.org/id/1689985/

Atis · 16 Kwiecień 2015 23:15

W panelu sterowania odinstaluj:

AnyProtect

istartsurf uninstall

luckysearches uninstall

Reimage Repair

SmartWeb

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

matrix81 · 16 Kwiecień 2015 23:44

FRST

http://www.wklej.org/id/1689996/

Atis · 16 Kwiecień 2015 23:55

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM-x32\...\Run: [mbot_pl_190] => [X]
Startup: C:\Users\Danusia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RemoveWAT 2.2.5 Windows Permanent Activator Full Version.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 poxuwyvy; C:\Users\Danusia\AppData\Roaming\E3E87E15-1429211153-E111-A771-DC0EA194D725\jnsn83DE.tmp [X]
R2 solomero; C:\Users\Danusia\AppData\Roaming\E3E87E15-1429211153-E111-A771-DC0EA194D725\nsc5633.tmpfs [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-04-17 01:36 - 2015-04-17 01:37 - 00000000 ____ D () C:\AdwCleaner
2015-04-17 01:31 - 2015-04-17 01:31 - 00000000 ____ D () C:\ProgramData\magdbaopbhklfmhpjbkodmnoiphmhlaa
2015-04-17 01:29 - 2015-04-17 01:39 - 00000000 ____ D () C:\ProgramData\{27a86101-956f-21bf-27a8-861019568406}
2015-04-17 01:27 - 2015-04-17 01:27 - 00000000 ____ D () C:\ProgramData\15030716142103221081
2015-04-17 01:26 - 2015-04-17 01:26 - 00000000 ____ D () C:\ProgramData\hopbllbhfdhdgjdajmnggjnohkkhamec
2015-04-17 01:26 - 2015-04-17 01:26 - 00000000 ____ D () C:\ProgramData\{739211cf-0429-3ed6-7392-211cf042473c}
2015-04-17 00:36 - 2015-04-17 00:36 - 00613255 _____ (CMI Limited) C:\Users\Danusia\AppData\Local\nsd33DE.tmp
2015-04-16 22:56 - 2015-04-16 22:56 - 00000000 ____ D () C:\Users\Danusia\AppData\Local\F-Secure
2015-04-16 22:56 - 2015-04-16 22:56 - 00000000 ____ D () C:\ProgramData\F-Secure
2015-04-16 21:27 - 2015-04-16 21:42 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-16 21:11 - 2015-04-16 21:11 - 00000000 ____ D () C:\Users\Danusia\AppData\Roaming\E3E87E15-1429211470-E111-A771-DC0EA194D725
2015-04-16 21:09 - 2015-04-16 21:14 - 00000000 ____ D () C:\Users\Danusia\AppData\Local\E3E87E15-1429218565-E111-A771-DC0EA194D725
2015-04-16 21:05 - 2015-04-17 01:05 - 00000000 ____ D () C:\Users\Danusia\AppData\Roaming\E3E87E15-1429211153-E111-A771-DC0EA194D725
Task: {12A2C9C6-C5FA-47F0-9014-6ABC0DB367A2} - System32\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-3 => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-3.exe <==== ATTENTION
Task: {1C6F3EE4-AA95-4DFE-B8A0-BFE1BB06DFC1} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-04-17] (AnyProtect.com) <==== ATTENTION
Task: {2A971B63-E43F-4BA5-83A3-34A070FF036A} - System32\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-11 => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-11.exe <==== ATTENTION
Task: {2AB05BD1-FBE8-4B89-8D24-84D69AAE00C0} - System32\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-5.exe <==== ATTENTION
Task: {3A812D49-6C9A-49C8-B3E6-2AAB8C126F87} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\version90BlockAndSurf\J4BlockAndSurfJ52.exe <==== ATTENTION
Task: {48C0EA33-AE5F-4882-AA84-808BE236F869} - System32\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-1-7.exe <==== ATTENTION
Task: {4D556EE4-BE19-4727-8E38-56919DA13649} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-04-17] (AnyProtect.com) <==== ATTENTION
Task: {6B8154D5-AA0A-40D8-A034-3A2861F0E127} - System32\Tasks\TMMU => C:\Users\Danusia\AppData\Roaming\TMMU.exe <==== ATTENTION
Task: {8524E609-B006-4477-9C5C-54626A95F98D} - System32\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-5 => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-5.exe <==== ATTENTION
Task: {881FA059-D58A-4D5F-A398-D5798399E7D4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-04-17] (AnyProtect.com) <==== ATTENTION
Task: {8E4D34F2-7D96-48B4-99A0-BF517DC3DC78} - System32\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-10.exe <==== ATTENTION
Task: {9097E8DF-4BC7-4654-A7D5-514DF445BEA2} - System32\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-1-6.exe <==== ATTENTION
Task: {90A1D73A-18F2-4074-9FA9-62F4896D8E3F} - System32\Tasks\{DC5DBE4B-DA11-49B3-9BF2-A73447757CFA} => pcalua.exe -a C:\Users\Danusia\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=obw
Task: {9EA51AC8-9CA0-4B0E-8435-32B54F25B46D} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
Task: {9F447BE6-5F8F-4066-947A-CAFA53D75E65} - System32\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-6 => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-6.exe <==== ATTENTION
Task: {A53EF3F2-5950-4749-BDD1-1B1999885D15} - System32\Tasks\TJAOMV => C:\Users\Danusia\AppData\Roaming\TJAOMV.exe <==== ATTENTION
Task: {B6D4DF89-4BC7-4823-8F45-111EDD453D13} - System32\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-7 => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-7.exe <==== ATTENTION
Task: {FC3E734A-4AFF-4C32-BBAC-AF471C0CC09C} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Danusia\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-11.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV16.04\e4fc5ba0-cb30-4e9c-a4ab-32638ee13f5f-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\TJAOMV.job => C:\Users\Danusia\AppData\Roaming\TJAOMV.exe <==== ATTENTION
Task: C:\Windows\Tasks\TMMU.job => C:\Users\Danusia\AppData\Roaming\TMMU.exe <==== ATTENTION
C:\Users\Danusia\AppData\Roaming\*.exe
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

matrix81 · 17 Kwiecień 2015 17:25

Fixlog

http://www.wklej.org/id/1690385/

FRST

http://www.wklej.org/id/1690388/

Atis · 17 Kwiecień 2015 17:40

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CHR Extension: (Bookmark Manager) - C:\Users\Danusia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj Java 8 Update 40 i zainstaluj Java 8 Update 45

matrix81 · 17 Kwiecień 2015 19:01

dziękuję za pomoc Atis