Zamulony komp wyskakujące reklamy i strony


(Lukasz Grzelak22) #1

jak w tytule prosze o pomoc dziekuje

http://www.wklej.org/id/1735248/

http://www.wklej.org/id/1735250/ 

http://www.wklej.org/id/1735251/

 

 


(Acorus) #2

Odinstaluj Plus-HD-9.1,Quiknowledge,SUPERAntiSpyware,SupTab.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Pokaż nowe logi z FRST.


(Lukasz Grzelak22) #3

http://wklej.org/id/1736227/

http://wklej.org/id/1736228/

http://wklej.org/id/1736229/


(Acorus) #4

Otwórz notatnik systemowy i wklej:

Task: {6E5AC3D4-3B62-46F5-9314-D72DD53F75CB} - System32\Tasks\ROC_REG_JAN_DELETE = C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {33641EE9-35A7-4851-A3AE-D2B7A5C77B90} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-4 No Task File ==== ATTENTION
Task: {AFA35641-77B9-44F9-B1DF-3E1658D45232} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-2 No Task File ==== ATTENTION
Task: {B8EE1EF0-6C01-4E9A-BE5E-8A86DC9551C8} - System32\Tasks\fun4u_updating_service = C:\Program Files\fun4u\fun4u_updating_service.exe ==== ATTENTION
Task: {CFD0F971-7877-43C0-92DD-3301370DB52B} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-1 No Task File ==== ATTENTION
Task: {D297F0CA-9D5B-4729-B2E3-EAB8433BF0D6} - System32\Tasks\fun4u_notification_service = C:\Program Files\fun4u\fun4u_notification_service.exe ==== ATTENTION
Task: {DD105DD9-BDBD-4058-8E58-0340A005EFE0} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-6 No Task File ==== ATTENTION
Task: {DD1AA79E-BE53-4A49-B40C-1F6BF9AC04B1} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-5 No Task File ==== ATTENTION
Task: {ECE3A1DA-0D37-4C35-BB6E-D58F16B62296} - \5aa3d933-32c7-4b03-9bcf-13d56020c4b9-7 No Task File ==== ATTENTION
Task: C:\Windows\Tasks\fun4u_notification_service.job = C:\Program Files\fun4u\fun4u_notification_service.exeá/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='fun4u' /appid='73143' /srcid='2913' /bic='56223016bcf831264e7c1b2080fa2684' /verifier='746b4cb160409c2bcab872620fc4a258' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif ==== ATTENTION
Task: C:\Windows\Tasks\fun4u_updating_service.job = C:\Program Files\fun4u\fun4u_updating_service.exe¦ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=fun4u_updating_service /funurl=http:/stats.buildomserv.com ==== ATTENTION
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job = C:\ProgramData\AVG January 2013 Campaign\ROC.exe
HKLM\...\Run: [fst_pl_123] = [X]
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File []
OPR Extension: (Plus-HD-9.1) - C:\Users\trudzia\AppData\Roaming\Opera Software\Opera Stable\Extensions\aaipilfmheplbcghignccoiiebekkdhe [2014-06-02]
OPR Extension: (No Name) - C:\Users\trudzia\AppData\Roaming\Opera Software\Opera Stable\Extensions\clbhjjdhmgeibgdccjfoliooccomjcab [2015-04-09]
OPR Extension: (fdocegmnehjgfhfjelhmaobjccoiklle) - C:\Users\trudzia\AppData\Roaming\Opera Software\Opera Stable\Extensions\fdocegmnehjgfhfjelhmaobjccoiklle [2015-04-06]
OPR Extension: (gkcckpoladnboalokmkldjabamjpkafo) - C:\Users\trudzia\AppData\Roaming\Opera Software\Opera Stable\Extensions\gkcckpoladnboalokmkldjabamjpkafo [2015-04-02]
OPR Extension: (gomekmidlodglbbmalcneegieacbdmki) - C:\Users\trudzia\AppData\Roaming\Opera Software\Opera Stable\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-05]
OPR Extension: (No Name) - C:\Users\trudzia\AppData\Roaming\Opera Software\Opera Stable\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2015-04-09]
OPR Extension: (jbnkffmindojffecdhbbmekbmkkfpmjd) - C:\Users\trudzia\AppData\Roaming\Opera Software\Opera Stable\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2015-04-01]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-06-11 22:37 - 2015-06-11 22:43 - 00000000 ____ D C:\AdwCleaner
2014-05-31 12:03 - 2014-05-31 12:03 - 0301496 _____ (VuuPC Limited) C:\Users\trudzia\AppData\Local\nslEC53.tmp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://www.malwarebytes.org/8/