Od dłuższego czasu mam problem z wyskakującymi oknami oraz reklamami, używam google chrome i nie mam żadnej wtyczki zainstalowanej oprócz adblocka. Oraz nie zauważyłem żadnego zainstalowanego programu.
Usuń to co znalazł AdwCleaner.http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowiązkowy-t478727/
Otwórz notatnik systemowy i wklej:
Task: {08720B3A-A2EF-4A16-8C5C-916ECECA2085} - System32\Tasks\IMPXQ = C:\Users\Maciekk\AppData\Roaming\IMPXQ.exe ==== ATTENTION
Task: {2C938B2B-886F-4A52-8CC0-A0F2BAD392EC} - System32\Tasks\THFK = C:\Users\Maciekk\AppData\Roaming\THFK.exe ==== ATTENTION
Task: {5820F1C1-4A7C-4998-ACCE-4F3D829A9F8B} - System32\Tasks\{E1CABE99-706B-4B34-AF2D-C1074EB4A950} = pcalua.exe -a C:\Users\Maciekk\AppData\Roaming\omniboxes\UninstallManager.exe -c -ptid=obw
Task: {BF0187D4-0C58-4EA0-8C64-9FC0EDE0C171} - System32\Tasks\ETRVXOE = C:\Users\Maciekk\AppData\Roaming\ETRVXOE.exe ==== ATTENTION
Task: {C829A4D8-45F2-45E9-8D1E-E74FD548D472} - \Optimize Start Menu Cache Files-S-1-5-21-3919334612-2580916501-2586863526-500 No Task File ==== ATTENTION
Task: {CAB1A0EE-3AD8-40AB-AFBA-1F9455F8D621} - System32\Tasks\a4Q5klTkG1n0CJyFum = C:\Users\Maciekk\AppData\Roaming\a4Q5klTkG1n0CJyFum.exe ==== ATTENTION
Task: {E5B13A38-3EEF-4C32-AC07-58E626751441} - System32\Tasks\GGMOK = C:\Users\Maciekk\AppData\Roaming\GGMOK.exe ==== ATTENTION
Task: C:\Windows\Tasks\a4Q5klTkG1n0CJyFum.job = C:\Users\Maciekk\AppData\Roaming\a4Q5klTkG1n0CJyFum.exe ==== ATTENTION
Task: C:\Windows\Tasks\ETRVXOE.job = C:\Users\Maciekk\AppData\Roaming\ETRVXOE.exe ==== ATTENTION
Task: C:\Windows\Tasks\GGMOK.job = C:\Users\Maciekk\AppData\Roaming\GGMOK.exe ==== ATTENTION
Task: C:\Windows\Tasks\IMPXQ.job = C:\Users\Maciekk\AppData\Roaming\IMPXQ.exe ==== ATTENTION
Task: C:\Windows\Tasks\THFK.job = C:\Users\Maciekk\AppData\Roaming\THFK.exe ==== ATTENTION
HKU\S-1-5-21-2383064507-221051407-2536449367-1001\...\Run: [Akamai NetSession Interface] = "C:\Users\Maciekk\AppData\Local\Akamai\netsession_win.exe"
Startup: C:\Users\Maciekk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk [2015-04-03]
ShortcutTarget: Download.lnk - C:\ProgramData\{d8bbe434-5ce9-7ab0-d8bb-be4345ce90d1}\Download.exe (No File)
GroupPolicyScripts-x32: Group Policy detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2383064507-221051407-2536449367-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dsts=1436483629z=4c770abf079117b3484784bgfzbcbq1zab1c6qdo5wfrom=obwuid=ST500DM002-1BD142_W2AVP28HXXXXW2AVP28Hq={searchTerms}
HKU\S-1-5-21-2383064507-221051407-2536449367-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-2383064507-221051407-2536449367-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dsts=1436483629z=4c770abf079117b3484784bgfzbcbq1zab1c6qdo5wfrom=obwuid=ST500DM002-1BD142_W2AVP28HXXXXW2AVP28Hq={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2383064507-221051407-2536449367-1001 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2383064507-221051407-2536449367-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=obwutm_campaign=install_ieutm_content=dsfrom=obwuid=ST500DM002-1BD142_W2AVP28HXXXXW2AVP28Hts=1436483693type=defaultq={searchTerms}
BHO-x32: No Name - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF Extension: CinemaP-1.9cV16.03 - C:\Users\Maciekk\AppData\Roaming\Mozilla\Firefox\Profiles\9quzr71n.default-1428005854022\Extensions\ccf7276c-d388-480f-8835-5b680025e1ca@gmail.com [2015-05-02]
FF Extension: shopshop - C:\Users\Maciekk\AppData\Roaming\Mozilla\Firefox\Profiles\9quzr71n.default-1428005854022\Extensions\ps_igfzfdlppccqztw@xgujcwq_fjjfxdw.net [2015-05-20]
FF Extension: QuickSearch - C:\Users\Maciekk\AppData\Roaming\Mozilla\Firefox\Profiles\9quzr71n.default-1428005854022\Extensions\searchffv2@gmail.com [2015-07-10]
FF Extension: buyoaanndabroWse - C:\Users\Maciekk\AppData\Roaming\Mozilla\Firefox\Profiles\9quzr71n.default-1428005854022\Extensions\yby@r.edu [2015-05-20]
R2 xyhigysy; C:\Users\Maciekk\AppData\Roaming\00000000-1428054593-0000-0000-D43D7ED915B0\jnsr26.tmp [151552 2015-04-03] () [File not signed]
R2 ginosime; C:\Users\Maciekk\AppData\Roaming\00000000-1428054593-0000-0000-D43D7ED915B0\nsjD2E6.tmpfs [X]
S2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [X]
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 NTIOLib_1_0_4; \\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S3 X6va029; \\C:\Windows\SysWOW64\Drivers\X6va029 [X]
S3 xhunter1; \\C:\Windows\xhunter1.sys [X]
2015-03-31 10:14 - 2015-03-31 10:14 - 0004387 _____ () C:\Users\Maciekk\AppData\Roaming\a4Q5klTkG1n0CJyFum
2015-03-09 23:30 - 2015-03-09 23:30 - 0005487 ____ N () C:\Users\Maciekk\AppData\Roaming\BYAIAMUF
2015-03-26 21:14 - 2015-03-26 21:14 - 0005542 _____ () C:\Users\Maciekk\AppData\Roaming\ETRVXOE
2015-03-26 21:14 - 2015-03-26 21:14 - 0004185 _____ () C:\Users\Maciekk\AppData\Roaming\GGMOK
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Maciekk\AppData\Roaming\GNOK
2015-03-26 21:14 - 2015-03-26 21:14 - 0005542 _____ () C:\Users\Maciekk\AppData\Roaming\IMPXQ
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Maciekk\AppData\Roaming\QVGVHP
2015-03-26 21:14 - 2015-03-26 21:14 - 0004185 _____ () C:\Users\Maciekk\AppData\Roaming\THFK
2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Maciekk\AppData\Roaming\UEWKD
2015-01-30 17:12 - 2015-01-30 17:12 - 0613057 _____ (CMI Limited) C:\Users\Maciekk\AppData\Local\nso40E6.tmp
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.