Wyskakujące reklamy

Dla specjalistów Bezpieczeństwo
#1

Proszę o pomoc związaną z wyskakującymi reklamami. Podaję logi:

Addition:   http://wklej.to/PbEZx

FRST:   http://wklej.to/UqgVw

 

 

#2

Odinstaluj Search App by Ask.Otwórz notatnik systemowy i wklej:

Task: {E29BC01A-00AA-4A8D-BE42-921496BB16BB} - System32\Tasks\i2ORHe35ByFVY8ROE = C:\Users\Kris\AppData\Roaming\i2ORHe35ByFVY8ROE.exe [2015-04-20] () ==== ATTENTION
Task: {F3411392-F45C-49B5-8218-6DAB3E383918} - System32\Tasks\OtfJ89MNpuZ = C:\Users\Kris\AppData\Roaming\OtfJ89MNpuZ.exe [2015-04-20] () ==== ATTENTION
Task: C:\Windows\Tasks\i2ORHe35ByFVY8ROE.job = C:\Users\Kris\AppData\Roaming\i2ORHe35ByFVY8ROE.exe ==== ATTENTION
Task: C:\Windows\Tasks\OtfJ89MNpuZ.job = C:\Users\Kris\AppData\Roaming\OtfJ89MNpuZ.exe ==== ATTENTION
HKLM\...\Run: [] = [X]
HKLM\...\Run: [gmsd_pl_104] = [X]
HKU\S-1-5-21-1915113463-255415401-1280453246-1001\...\Run: [SwvUpdtr] = C:\Users\Kris\AppData\Local\23148\Updater.exe [1249792 2015-04-27] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-04-22]
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-04-27]
ShortcutTarget: hqghumeaylnlf.lnk - C:\ProgramData\{955994a5-3d20-02c9-9559-994a53d25294}\hqghumeaylnlf.exe (No File)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09]
FF SelectedSearchEngine: luckysearches
FF Extension: Zoom It - C:\Users\Kris\AppData\Roaming\Mozilla\Firefox\Profiles\y6ipqew3.default\Extensions\{173f22a3-2993-d155-3c33-0bb45419a55b} [2015-05-04]
FF HKU\S-1-5-21-1915113463-255415401-1280453246-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 nulofyvu; C:\Users\Kris\AppData\Local\01807DAE-1430149624-CB11-A5CB-90C4F9A57A06\cnsv283D.tmp [74240 2015-04-27] () [File not signed]
R2 rubefysi; C:\Users\Kris\AppData\Local\01807DAE-1430149638-CB11-A5CB-90C4F9A57A06\snsg5EB6.tmp [146944 2015-04-27] () [File not signed]
S2 bodocifu; C:\Users\Kris\AppData\Roaming\01807DAE-1430142227-CB11-A5CB-90C4F9A57A06\jnsp67B8.tmp [X]
S2 qofemujy; C:\Users\Kris\AppData\Roaming\01807DAE-1430142227-CB11-A5CB-90C4F9A57A06\nsz3A0E.tmp [X]
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 btmaux; system32\DRIVERS\btmaux.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-05-04 23:27 - 2015-05-04 23:27 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-05-04 23:27 - 2015-05-04 23:27 - 00000000 ____ D () C:\Program Files\McAfee Security Scan
2015-04-27 18:21 - 2015-04-29 20:57 - 00000000 ____ D () C:\AdwCleaner
2015-04-27 18:04 - 2015-04-27 22:37 - 00000000 ____ D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2015-04-27 18:04 - 2015-04-27 18:04 - 00000000 ____ D () C:\sh4ldr
2015-04-27 18:04 - 2015-04-27 18:04 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2015-04-27 18:04 - 2015-04-27 18:04 - 00000000 ____ D () C:\Program Files\Common Files\Wise Installation Wizard
2015-04-27 18:03 - 2015-04-27 18:03 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Kris\Downloads\SpyHunter-installer.exe
2015-04-27 15:44 - 2015-05-06 11:41 - 00001002 _____ () C:\Windows\Tasks\i2ORHe35ByFVY8ROE.job
2015-04-27 15:44 - 2015-05-06 11:41 - 00000990 _____ () C:\Windows\Tasks\OtfJ89MNpuZ.job
2015-04-27 15:44 - 2015-04-27 15:44 - 00000000 ____ D () C:\Users\Kris\AppData\Local\01807DAE-1430149486-CB11-A5CB-90C4F9A57A06
2015-04-27 15:44 - 2015-04-27 15:44 - 00000000 ____ D () C:\Program Files\2fa83434-cb65-4e4c-9dd6-0bbf76b2a8ef
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Kris\AppData\Roaming\i2ORHe35ByFVY8ROE
2015-04-20 15:45 - 2015-04-20 15:45 - 1246720 _____ () C:\Users\Kris\AppData\Roaming\i2ORHe35ByFVY8ROE.exe
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Kris\AppData\Roaming\OtfJ89MNpuZ
2015-04-20 15:45 - 2015-04-20 15:45 - 1579520 _____ () C:\Users\Kris\AppData\Roaming\OtfJ89MNpuZ.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Wykonane - podaję fixlog: http://wklej.to/ztV9h - czy coś jeszcze

#4

Jak wszystko gra to skasuj folder C:\FRST.