Wyskakujace okna blad systemu

Dla specjalistów Bezpieczeństwo
#1

Witam. U dzieci na komputerze jest kompletny sajgon. Pełno plików, oraz zapewne pełno wirusów. 

Pierwsze co to mnóstwo reklam się otwiera. Co chwilę wyskakuje kompunikat ze java jest przestarzała i przekierowywuje mnie na strone javy.

Przy każdym uruchomieniu programu wyskakują mi takie okienka jak podane niżej na screenie:

 

http://www.iv.pl/images/60514966235486502559.jpg

 

Myślałem że brakuje jakiś plików z systemu więc zrobiłem tak jak na screeenie:

 

http://www.iv.pl/images/39311178926550001550.jpg

 

Tutaj daje logi z programów:

 

OTL: http://wklej.org/id/1515562/

Extras: http://wklej.org/id/1515565/

 

FRST: http://wklej.org/id/1515569/

Addition: http://wklej.org/id/1515570/

 

 

Proszę o pomoc. Przedewszystkim o usunięcie tych reklam, oraz tych wyskakujących okienek. 

Z góry dziękuję za pomoc.

#2

Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.

#3

FRST: http://wklej.org/id/1515626/

 

Addition: http://wklej.org/id/1515628/

#4

Odinstaluj LowPricesApp,MixiDJ chrome Toolbar,Mobogenie3,OfferBoulevard.Otwórz Notatnik i wklej:

Task: {093F17F4-DEC8-475A-8413-9BAE5524DB97} - System32\Tasks\GS_Booster-S-1942536000 = c:\programdata\showappit\gs_booster\GS_Booster.exe [2014-10-09] () ==== ATTENTION
Task: {096A5718-5577-48AA-BEC7-FE3BF6A70B22} - System32\Tasks\YTDownloaderUpd = C:\Program Files (x86)\YTDownloader\updater.exe ==== ATTENTION
Task: {1091FB72-84E4-4C2A-B908-55A304421293} - System32\Tasks\RDReminder = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {156B3395-3209-4E8A-AC59-79046760AF38} - System32\Tasks\DLL-Files.Com Fixer_Updates = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {212E273F-58A0-4BA7-9CA6-FBF3A2349756} - System32\Tasks\Browser Updater\Zapp Browser Updater = C:\Program Files (x86)\Zapp\WPackageUpgrade.exe [2014-11-06] ()
Task: {22F050E9-C8BE-48E8-A03A-B4DA84D335D5} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 = Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 ==== ATTENTION
Task: {52D89C5A-05D7-4C3E-AD2C-72B30DFD906C} - System32\Tasks\SPBIW_UpdateTask_Time_313435323232363635392d2d55506c2a5a55576c412334 = Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 ==== ATTENTION
Task: {59085D98-F3BD-4DB6-9AA9-03CE1A6E6EAE} - System32\Tasks\ZBDNPZH = C:\Users\User\AppData\Roaming\ZBDNPZH.exe [2014-10-18] (Object Browser) ==== ATTENTION
Task: {760A4A55-81BE-41E3-BF65-6D1E80482B5D} - System32\Tasks\SystemSockets\SystemSockets = C:\Program Files (x86)\Zapp\WBrokerDirect.exe [2014-11-06] () ==== ATTENTION
Task: {86C30558-EA2F-4160-9A2B-5324C7313A0B} - System32\Tasks\DLL-Files.Com Fixer_MONTHLY = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: {A008BA41-B830-4450-93D9-6B66A51A0AB5} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 = Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 ==== ATTENTION
Task: {B895C8AC-DE97-4C6E-B060-4E88C7D6C60D} - System32\Tasks\UNELEVATE_32626 = C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1374\jsdrv.exe ==== ATTENTION
Task: {D0306D40-2421-4086-AD73-0291F663334E} - System32\Tasks\DLL-Files FixerASKUSER = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2014-06-10] (Dll-FIles.Com)
Task: C:\Windows\Tasks\DLL-Files FixerASKUSER.job = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job = C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
Task: C:\Windows\Tasks\GS_Booster-S-1942536000.job = c:\programdata\showappit\gs_booster\GS_Booster.exe ==== ATTENTION
Task: C:\Windows\Tasks\ZBDNPZH.job = C:\Users\User\AppData\Roaming\ZBDNPZH.exe ==== ATTENTION
HKLM-x32\...\Run: [] = [X]
HKU\S-1-5-21-1749117163-1273117737-2756481890-1000\...\Run: [SPDriver] = C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1374\jsdrv.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk - C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Zapp - {e6eeb20c-cf4a-4789-becf-64f78340708f} - C:\Program Files\Zapp\IE\Zapp.dll (Simply Tech LTD.)
BHO-x32: YooutubeADBlocke - {39d6e588-27c4-45ab-bb86-f359391e925a} - C:\Program Files (x86)\YooutubeADBlocke\wfNcrLQCkH8Uog.dll ()
BHO-x32: Zapp - {e6eeb20c-cf4a-4789-becf-64f78340708f} - C:\Program Files (x86)\Zapp\IE\Zapp.dll (Simply Tech LTD.)
Toolbar: HKLM-x32 - Zapp - {e6eeb20c-cf4a-4789-becf-64f78340708f} - C:\Program Files (x86)\Zapp\IE\Zapp.dll (Simply Tech LTD.)
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkkeoeinpbomhnpkmmkpggkaefincbn [2014-10-26]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lohbonfeioofpgpcmebnncnmiobojbgk [2014-10-24]
CHR Extension: (Plus-HD-9.1) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaipilfmheplbcghignccoiiebekkdhe [2014-10-16]
CHR Extension: (Object Browser) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cechdibmaolglcdioefoikpknppdekpc [2014-10-22]
CHR Extension: (CinemaPro 1.5V28.10) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gieanldgaaaifgdkimlkfakbpofihpdf [2014-10-28]
CHR Extension: (Sense) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ihkkeoeinpbomhnpkmmkpggkaefincbn [2014-10-22]
CHR Extension: (Benchwarmer Dribbble for Chrome Tabs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhdjhhpjicomphhjpehdhjenbaamdpnn [2014-11-08]
CHR Extension: (lohbonfeioofpgpcmebnncnmiobojbgk) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lohbonfeioofpgpcmebnncnmiobojbgk [2014-10-22]
CHR HKLM-x32\...\Chrome\Extension: [jlkealnllhajodlnhmfjfmnhelpbaaem] - C:\Program Files (x86)\Zapp\chrome\Zapp.crx [2014-06-01]
CHR HKLM-x32\...\Chrome\Extension: [kidmhllhjmmmnpbiaihafgchacpmokof] - C:\Program Files (x86)\Lyrmix\133.crx [2014-06-01]
R2 MaintainerSvc3.63.6844702; C:\ProgramData\9770d137-0554-4a98-9776-1cfcef3857da\maintainer.exe [123688 2014-11-10] ()
R2 MobogenieService; C:\Program Files (x86)\Mobogenie3\MobogenieService.exe [113344 2014-10-25] (Mobogenie.com)
S2 0c632643; "C:\Windows\system32\rundll32.exe" "c:\progra~3\intere~1\InterenetOptimizerSvc.dll",service
S2 4d349a54; "C:\Windows\system32\rundll32.exe" "c:\progra~2\gs_boo~1\AssistantSvc.dll",service
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S1 dswwalkm; \\C:\Windows\system32\drivers\dswwalkm.sys [X]
S3 gdrv; \\C:\Windows\gdrv.sys [X]
S3 SNP2STD; system32\DRIVERS\snp2sxp.sys [X]
S2 SPDRIVER_1.37.0.1374; \\C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.1374\jsdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-11-10 15:01 - 2014-11-10 15:04 - 00000000 ____ D () C:\AdwCleaner
2014-10-30 07:09 - 2014-11-10 14:47 - 00000000 ____ D () C:\ProgramData\9770d137-0554-4a98-9776-1cfcef3857da
2014-10-29 15:45 - 2014-10-29 15:45 - 00003170 _____ () C:\Windows\System32\Tasks\UNELEVATE_32626
2014-10-28 15:10 - 2014-10-28 15:10 - 00000000 ____ D () C:\ProgramData\LowPricesApp
2014-10-28 14:38 - 2014-10-28 14:38 - 01495472 _____ (Cinema ProV28.10) C:\Users\User\AppData\Roaming\MBVEQPW.exe
2014-10-28 14:37 - 2014-10-28 14:37 - 01979312 _____ (Cinema ProV28.10) C:\Users\User\AppData\Roaming\CCTPFHP.exe
2014-10-25 20:43 - 2014-10-25 20:43 - 00003148 _____ () C:\Windows\System32\Tasks\{C1AE96C6-8224-4AFE-8075-4727EF4825F6}
2014-11-10 15:11 - 2014-06-01 18:01 - 00000000 ____ D () C:\Windows\System32\Tasks\SystemSockets
2014-11-10 15:11 - 2014-06-01 18:01 - 00000000 ____ D () C:\Windows\System32\Tasks\Browser Updater
2014-11-10 15:05 - 2014-10-09 14:27 - 00000446 ____ H () C:\Windows\Tasks\GS_Booster-S-1942536000.job
2014-11-10 15:05 - 2013-09-04 13:57 - 00000000 ____ D () C:\Program Files (x86)\WebConnect
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#5

Ok, dziękuję bardzo za pomoc Acorus.

Programy pousuwane, Fix zrobiony. Program FRST usunięty wraz z logami, OTL też. 

Reklam nie ma, okienka nie wyskakują. 

Przeskanuje jeszcze Malwarebytes.

Dziękuję jeszcze raz i pozdrawiam.