Zużycie pamięci, laptop się grzeje, chrome wariuje, samowłączające reklamy

Dla specjalistów Bezpieczeństwo
#1

Witam,

#2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-2474849277-562927440-4082517077-1003\...\Run: [Akamai NetSession Interface] => C:\Users\krzysiek\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2474849277-562927440-4082517077-1003\...\Policies\Explorer: [] 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {82C4AB18-8FDC-46AF-BAD3-181E0CF9F2C5} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {82C4AB18-8FDC-46AF-BAD3-181E0CF9F2C5} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2474849277-562927440-4082517077-1003 -> {82C4AB18-8FDC-46AF-BAD3-181E0CF9F2C5} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2474849277-562927440-4082517077-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: No Name -> {8314A733-7214-40B8-A75B-D5A7322CD0F2} -> No File
BHO-x32: No Name -> {8314A733-7214-40B8-A75B-D5A7322CD0F2} -> No File
FF Extension: DeAlSSpAce - C:\Users\krzysiek\AppData\Roaming\Mozilla\Firefox\Profiles\08orfpcb.default\Extensions\lcxm@l.com [2015-06-16]
CHR HKU\S-1-5-21-2474849277-562927440-4082517077-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
S0 BMLoad; system32\drivers\BMLoad.sys [X]
S1 tcpipBM; \??\C:\WINDOWS\system32\drivers\tcpipBM.sys [X]
2015-06-17 11:33 - 2015-06-17 11:34 - 00000000 ____ D C:\AdwCleaner
2015-06-16 20:51 - 2015-06-17 11:53 - 00000024 _____ C:\Users\krzysiek\AppData\Roaming\appdataFr25.bin
2015-06-16 20:51 - 2015-06-16 20:53 - 00000000 ____ D C:\ProgramData\10883129467324663421
Task: {2B8B3F13-B76E-423C-ABEB-1FC48E568F45} - System32\Tasks\QtraxPlayer1 => false
Task: {38B5C01A-971D-40B7-99CE-18AC61C13548} - System32\Tasks\{20C2C130-48A0-4603-89C5-AD3EB4A7A632} => pcalua.exe -a C:\Users\krzysiek\Downloads\eduroamcfg-1.0-uci-1.exe -d C:\Users\krzysiek\Downloads
Task: {55827758-72EA-4FBB-9324-FBDDAFC2CCF0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6C2D2486-5140-4A6F-BCD2-3C8B62B36D77} - System32\Tasks\{949049AD-84BF-4439-B52D-22BF172AEBEE} => pcalua.exe -a C:\Users\krzysiek\Downloads\cwk252_setup(1).exe -d C:\Users\krzysiek\Downloads
Task: {92698A3A-0407-42A4-BD2B-7C33B6E930AD} - System32\Tasks\{6BF9538C-F807-4F86-9C66-160CAC3304D9} => pcalua.exe -a C:\Users\krzysiek\Desktop\install.exe -d C:\Users\krzysiek\Desktop
Task: {94CAF424-120E-401B-A0E2-82F8F73FB715} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {AAD11C07-1AE3-4259-B1FB-EB8786FFA547} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {BF2C5B60-5E04-4EC6-A6E4-C635FD4626BC} - System32\Tasks\SpaceLord => c:\programdata\{14f168c8-ef05-bc17-14f1-168c8ef0a323}\7616241515056350855b.exe <==== ATTENTION
Task: {C1DA07F2-E814-4C5F-844E-0B232D627574} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CA1FA69C-AB53-418F-BE84-866EC8961933} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{56d2487c-a11b-b02c-56d2-2487ca1121f2}\do podziau.rar.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{56d2487c-a11b-b02c-56d2-2487ca1121f2}\do podziau.rar.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpaceLord.job => c:\programdata\{14f168c8-ef05-bc17-14f1-168c8ef0a323}\7616241515056350855b.exe <==== ATTENTION
c:\programdata\{14f168c8-ef05-bc17-14f1-168c8ef0a323}
c:\programdata\{56d2487c-a11b-b02c-56d2-2487ca1121f2}
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

#3

Fixlog:

#4

Skasuj folder C:\FRST