Mam problem w laptopie kuzynki. Totalny śmietnik, że nawet AdwCleaner nie daje rady…
Addition http://wklej.to/bq2ea
Odinstaluj Norton Online Backup.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3404782510-975839727-3435802157-1000\...\Run: [SpeedItupFree] => "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKU\S-1-5-21-3404782510-975839727-3435802157-1000\...\Run: [FDPRO-516] => C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO
Startup: C:\Users\Klaudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SHelper.vbs ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1405942075&from=cor&uid=WDCXWD3200BPVT-22JJ5T0_WD-WX91CC1X3665X3665&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1405942075&from=cor&uid=WDCXWD3200BPVT-22JJ5T0_WD-WX91CC1X3665X3665&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1405942075&from=cor&uid=WDCXWD3200BPVT-22JJ5T0_WD-WX91CC1X3665X3665&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1405942075&from=cor&uid=WDCXWD3200BPVT-22JJ5T0_WD-WX91CC1X3665X3665&q={searchTerms}
HKU\S-1-5-21-3404782510-975839727-3435802157-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1405942075&from=cor&uid=WDCXWD3200BPVT-22JJ5T0_WD-WX91CC1X3665X3665&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1405942075&from=cor&uid=WDCXWD3200BPVT-22JJ5T0_WD-WX91CC1X3665X3665&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {4D594333-0076-A76A-76A7-7A786E7484D7} -> No File
Toolbar: HKU\S-1-5-21-3404782510-975839727-3435802157-1000 -> No Name - {4D594333-0076-A76A-76A7-7A786E7484D7} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
FF Extension: Widget context - C:\Users\Klaudia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-01-04]
FF Extension: rpnetdownloadhelpergmailcom - C:\Users\Klaudia\AppData\Roaming\Mozilla\Firefox\Profiles\8pdni91j.default-1419775506270\Extensions\rpnetdownloadhelper@gmail.com [2015-01-01]
FF Extension: ce7e73df6a44402880795927a588c948 - C:\Users\Klaudia\AppData\Roaming\Mozilla\Firefox\Profiles\8pdni91j.default-1419775506270\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948} [2014-12-28]
CHR Extension: (Sense) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\icnaplnkjfjncegmphmlfpggildllbho [2014-08-18]
CHR Extension: (innfmeekncjandlanpgdmmogkcimekgo) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\innfmeekncjandlanpgdmmogkcimekgo [2015-04-06]
CHR Extension: (No Name) - C:\Users\Klaudia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcgnnlmmkimincacnkjichcghfgjnbdb [2014-07-21]
OPR Extension: (help4u) - C:\Users\Klaudia\AppData\Roaming\Opera Software\Opera Stable\Extensions\jlinpflaifheoeohbdffhfnnpghdnlel [2015-04-03]
OPR Extension: (iWebar) - C:\Users\Klaudia\AppData\Roaming\Opera Software\Opera Stable\Extensions\kmleogbcafbghbdjnfllogganaoipmjh [2014-08-10]
S3 clwvd6; system32\DRIVERS\clwvd6.sys [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 webfgbxg; \??\C:\Windows\system32\drivers\webfgbxg.sys [X]
2015-04-06 19:35 - 2015-04-06 19:37 - 00000000 ____ D () C:\Program Files (x86)\Spyware Terminator
2015-04-06 19:14 - 2015-04-06 19:14 - 08402592 _____ (Crawler Group ) C:\Users\Klaudia\Downloads\SpywareTerminatorSetup.exe
2015-04-06 18:52 - 2015-04-06 19:23 - 00000000 ____ D () C:\AdwCleaner
2015-04-03 10:39 - 2015-04-06 19:46 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-03 10:18 - 2015-04-03 10:20 - 00000000 ____ D () C:\Program Files (x86)\help4u
2014-02-02 01:47 - 2014-02-02 01:47 - 1432576 _____ () C:\Users\Klaudia\AppData\Roaming\Helper.exe
2013-06-30 17:23 - 2013-06-30 17:23 - 0237671 _____ () C:\Users\Klaudia\AppData\Roaming\JavaUpdate.jar
2013-06-04 15:36 - 2013-06-04 15:38 - 0000413 _____ () C:\Users\Klaudia\AppData\Roaming\XqckH.vbs
C:\Users\Klaudia\AppData\Local\*.txt
2015-01-16 23:41 - 2015-04-05 21:56 - 0000112 _____ () C:\ProgramData\W3Fqm08Q8.dat
2015-04-06 20:17 - 2012-10-24 21:44 - 0656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1035993.exe
Task: {10E7F27E-9B90-497E-BB03-B801BB97579D} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {11BE82AE-BFB2-4E93-AEFC-889A311C50F2} - System32\Tasks\help4u_notification_service => C:\Program Files (x86)\help4u\help4u_notification_service.exe [2015-04-03] (FileProperties_CompanyName)
Task: {2F48AD2D-89CC-40A5-B4D1-01AFB75F8D84} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{99D0AFFC-5D18-4C68-AFC3-08C7A64EA112}.exe
Task: {45D24C29-A9E1-44F5-BB4F-5436DFEA7F9B} - System32\Tasks\{0DC9814E-6D7D-4340-8FEB-597FC279CC5B} => pcalua.exe -a C:\Users\Klaudia\AppData\Local\Temp\Shortcut_SweetIMSetup.exe -d C:\Users\Klaudia\Desktop -c -Shortcut
Task: {53CB522D-5F38-4F1A-84A6-EF9796D06309} - System32\Tasks\SPBIW_UpdateTask_Time_333339393639373731372d5723322a78455a4137574532 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {8A3060DF-AEBF-4FED-8199-F4E1A4DC7FCA} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {CD92B317-3730-42BA-9D68-026E0AA7AE6D} - System32\Tasks\{0EB79EB1-F8A1-4DDA-9081-6BC9794646F2} => pcalua.exe -a "C:\Program Files (x86)\DMS DJ Promixer 1.5\uninstall.exe"
Task: {CE5DF6B4-9703-46F0-9839-B90E4E170900} - System32\Tasks\UNELEVATE_23809 => C:\Program Files (x86)\ShopperPro\JSDriver\1452.0.0.0\jsdrv.exe <==== ATTENTION
Task: {F5F0BE64-267A-41D0-865C-21D7CB565C7B} - System32\Tasks\help4u_updating_service => C:\Program Files (x86)\help4u\help4u_updating_service.exe [2015-04-03] ()
Task: {FB7E0835-198F-4FB3-AF8D-6F06DF26EA6D} - System32\Tasks\BlockAndSurf Update => C:\Program Files (x86)\di9BlockAndSurf\l5BlockAndSurff50.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{99D0AFFC-5D18-4C68-AFC3-08C7A64EA112}.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files (x86)\di9BlockAndSurf\l5BlockAndSurff50.exe <==== ATTENTION
Task: C:\Windows\Tasks\help4u_notification_service.job => C:\Program Files (x86)\help4u\help4u_notification_service.exeâ/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='help4u' /appid='73143' /srcid='2913' /bic='264f1b1ef7557f9ab051f483b2f38b9c' /verifier='4ef08ab15536db2aa20196fb64569e64' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif
Task: C:\Windows\Tasks\help4u_updating_service.job => C:\Program Files (x86)\help4u\help4u_updating_service.exe§ /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=help4u_updating_service /funurl=http:/stats.buildomserv.com
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
OPR Extension: (Sense) - C:\Users\Klaudia\AppData\Roaming\Opera Software\Opera Stable\Extensions\jhapbopfchfogphiimjbhodmgnppoigk [2014-08-10]
DeleteQuarantine:
Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST
Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK
Odinstaluj:
Adobe Flash Player 14 ActiveX
Adobe Reader X
Java 7 Update 7
Zainstaluj: