Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Złośliwe programy typu adware prośba o fixlist.

and.2003 22 Paź 2015 21:00 1011 8
  • #1 22 Paź 2015 21:00
    and.2003
    Poziom 10  

    Witam,
    Otóż mam taki problem, Mój syn wczoraj ściągnął jakiś program, a razem z nim dostał w prezencie przeróżne adware, próbowałem pozbyć się ich programami takimi jak: ComboFix, AdwCleaner, SpyHunter4 niestety, za każdym razem programy po jakimś czasie znowu się instalowały. Aż w końcu doczytałem, że muszę użyć do tego programów FRST i OTL, ale żeby cokolwiek zrobić, potrzebuje „fixlist” niestety nie wiem jak to zrobić i tutaj zwracam się z prośbą do forumowiczów o to, co mam wkleić do fixlist.txt?
    Pozdrawiam.

    0 8
  • CControls
  • Pomocny post
    #2 23 Paź 2015 00:19
    Kolobos
    Spec od komputerów

    Nie uzywaj wiecej combofix, spyhunter rowniez.

    W msconfig wlacz:
    gmsd_pl_005010122
    GoogleChromeAutoLaunch_2E29772E1258A3F4D10919EB781C07D1
    SmartWeb
    upgmsd_pl_005010122.exe

    Odinstaluj:
    CinemaPlus-3.2cV22.10 (HKLM-x32\...\CinemaPlus-3.2cV22.10) (Version: 1.36.01.22 - Cinema PlusV22.10) <==== UWAGA
    Compatible Web Directory (HKLM-x32\...\PopupProduct) (Version: 1.0.0.0 - Compatible Web Directory)
    GamesDesktop 008.005010122 (HKLM-x32\...\gmsd_pl_005010122_is1) (Version: - GAMESDESKTOP) <==== UWAGA
    GamesDesktop 008.005010123 (HKLM-x32\...\gmsd_pl_005010123_is1) (Version: - GAMESDESKTOP) <==== UWAGA
    jogotempo 3.4 (HKLM-x32\...\jogotempo) (Version: 3.4 - DN) <==== UWAGA
    MyBrowser (HKLM-x32\...\MyBrowser) (Version: 39.5.2171.95 - The MyBrowser Authors) <==== UWAGA
    Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== UWAGA
    SmartWeb (HKLM-x32\...\SmartWeb) (Version: 8.0.9 - SoftBrain Technologies Ltd.) <==== UWAGA
    Feed Notifier

    Fixlist.txt dla FRST:
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== UWAGA
    Task: {1C9D997A-D57B-4A26-B343-7C33924DB732} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Andrzejek\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== UWAGA
    Task: {1FEFCF1F-51EF-4A68-88F7-5D237EC6D5F8} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-7.exe [2015-10-22] (Cinema PlusV22.10) <==== UWAGA
    Task: {3713FF5B-F4FB-4D82-9433-4449386B8C85} - System32\Tasks\B8SXxlxzXj5Z6nMJ1WAN => C:\Users\Andrzejek\AppData\Roaming\B8SXxlxzXj5Z6nMJ1WAN.exe [2015-04-20] () <==== UWAGA
    Task: {54CA68F0-D0C4-487B-9B54-A76FFF7B0295} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-7 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-7.exe [2015-10-22] (Cinema PlusV22.10) <==== UWAGA
    Task: {583F237C-BD38-4290-BBFB-A51E9BD5F109} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-6 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-6.exe [2015-10-22] (Cinema PlusV22.10) <==== UWAGA
    Task: {6441E746-8B04-45B7-9AE4-514E282E6E94} - System32\Tasks\2SszgFwI94gEvDidrx4pcfO => C:\Users\Andrzejek\AppData\Roaming\2SszgFwI94gEvDidrx4pcfO.exe [2015-04-20] () <==== UWAGA
    Task: {6DB3DCBF-786A-45B2-9490-BDB8032C25CE} - System32\Tasks\temp_43921ecf-174f-4b7f-9ebf-ed9a6d7a5c90-10_user => C:\Program Files (x86)\SavePass 1.1\43921ecf-174f-4b7f-9ebf-ed9a6d7a5c90-10.exe <==== UWAGA
    Task: {72F68CAC-BAB3-49FD-B90E-B6D6497ADDB1} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5.exe [2015-10-22] (Cinema PlusV22.10) <==== UWAGA




    Task: {7FEF6D06-63A8-47AF-B19C-C7F9D8219BBB} - System32\Tasks\XYh2rcH => C:\Users\Andrzejek\AppData\Roaming\XYh2rcH.exe [2015-04-20] () <==== UWAGA
    Task: {B106EABB-963D-41FC-9597-3095EBD83F84} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-10-22] (globalUpdate) <==== UWAGA
    Task: {BB66F019-BAC8-42D5-A97A-A1177843CECC} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-3 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-3.exe [2015-10-22] (Cinema PlusV22.10) <==== UWAGA
    Task: {CAD35476-2879-43CD-A00D-B06978B72EF8} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5.exe [2015-10-22] (Cinema PlusV22.10) <==== UWAGA
    Task: {E5DBBE5D-66F1-44CD-9970-612D93DDD8A2} - System32\Tasks\MyBrowser => C:\Program Files (x86)\MyBrowser\MyBrowser\Application\utility.exe [2015-10-22] () <==== UWAGA
    Task: {E9AEB98A-28F6-4C90-8793-A274D464F781} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-10-22] (globalUpdate) <==== UWAGA
    Task: {EA161745-5A0A-49BA-A923-60B5BDA2821B} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-10.exe [2015-10-22] (Cinema PlusV22.10) <==== UWAGA
    Task: {FDC7A3E0-57EF-42EB-89A9-5A385E7FFA66} - System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-6.exe [2015-10-22] (Cinema PlusV22.10) <==== UWAGA
    Task: C:\Windows\Tasks\2SszgFwI94gEvDidrx4pcfO.job => C:\Users\Andrzejek\AppData\Roaming\2SszgFwI94gEvDidrx4pcfO.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-6.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-7.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-10.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-3.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-3.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-6.exe <==== UWAGA
    Task: C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-7.exe <==== UWAGA
    Task: C:\Windows\Tasks\B8SXxlxzXj5Z6nMJ1WAN.job => C:\Users\Andrzejek\AppData\Roaming\B8SXxlxzXj5Z6nMJ1WAN.exe <==== UWAGA
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAGA
    Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAGA
    Task: C:\Windows\Tasks\MyBrowser.job => C:\Program Files (x86)\MyBrowser\MyBrowser\Application\utility.exe <==== UWAGA
    Task: C:\Windows\Tasks\XYh2rcH.job => C:\Users\Andrzejek\AppData\Roaming\XYh2rcH.exe <==== UWAGA
    () C:\Program Files (x86)\4C4C4544-1445460332-3710-8047-C2C04F374E31\knsk1AE5.tmpfs
    () C:\Program Files (x86)\4C4C4544-1445460332-3710-8047-C2C04F374E31\hnsp49F8.tmp
    () C:\Users\Andrzejek\AppData\Local\4C4C4544-1445544192-3710-8047-C2C04F374E31\qnshB09B.tmp
    () C:\Users\Andrzejek\AppData\Local\4C4C4544-1445467572-3710-8047-C2C04F374E31\snsaAD7C.tmp
    (Cinema PlusV22.10) C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-6.exe
    (Cinema PlusV22.10) C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-10.exe
    (Cinema PlusV22.10) C:\Program Files (x86)\CinemaPlus-3.2cV22.10\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-6.exe
    () C:\Program Files (x86)\4C4C4544-1445460332-3710-8047-C2C04F374E31\jnsk334B.tmp
    () C:\Users\Andrzejek\AppData\Local\gmsd_pl_005010122\upgmsd_pl_005010122.exe
    (SoftBrain Technologies Ltd.) C:\Users\Andrzejek\AppData\Local\SmartWeb\SmartWebHelper.exe
    () C:\Program Files (x86)\gmsd_pl_005010122\gmsd_pl_005010122.exe
    (SoftBrain Technologies Ltd.) C:\Users\Andrzejek\AppData\Local\SmartWeb\SmartWebApp.exe
    () C:\Program Files (x86)\gmsd_pl_005010123\gmsd_pl_005010123.exe
    () C:\Users\Andrzejek\AppData\Local\Temp\nsrDBFB.tmp
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    (TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
    (DTools LIMITED) C:\ProgramData\6WdsManPro6\WdsManPro.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SmartWeb] => C:\Users\Andrzejek\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
    HKLM-x32\...\Run: [gmsd_pl_005010122] => C:\Program Files (x86)\gmsd_pl_005010122\gmsd_pl_005010122.exe [3975856 2015-10-21] ()
    HKLM-x32\...\Run: [gmsd_pl_005010123] => C:\Program Files (x86)\gmsd_pl_005010123\gmsd_pl_005010123.exe [3975856 2015-10-22] ()
    HKLM-x32\...\RunOnce: [upgmsd_pl_005010122.exe] => C:\Users\Andrzejek\AppData\Local\gmsd_pl_005010122\upgmsd_pl_005010122.exe [3333808 2015-10-21] ()
    HKLM-x32\...\RunOnce: [upgmsd_pl_005010123.exe] => C:\Users\Andrzejek\AppData\Local\gmsd_pl_005010123\upgmsd_pl_005010123.exe [3334832 2015-10-22] () Co.)
    Startup: C:\Users\Andrzejek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-10-22]
    ShortcutTarget: SmartWeb.lnk -> C:\Users\Andrzejek\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3562730658-1210205771-957903590-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    DPF: HKLM-x32 {CCA0B877-CB5E-4ADC-AD30-457C379512DD} hxxp://80.52.236.234:81/xplugLiteDL.cab
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=...p;uid=TOSHIBAXMQ01ACF032_842YCDWGTXX842YCDWGT
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-10-22] (globalUpdate)
    FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-10-22] (globalUpdate)
    CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=...p;uid=TOSHIBAXMQ01ACF032_842YCDWGTXX842YCDWGT
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1445536944&z=9c68dec69fc85972d49cf64gfz5z5w9w4cdq7qbt9t&from=cmi&uid=TOSHIBAXMQ01ACF032_842YCDWGTXX842YCDWGT"
    CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&...OSHIBAXMQ01ACF032_842YCDWGTXX842YCDWGT&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> mystartsearch
    CHR Extension: (CinemaPlus-3.2cV22.10) - C:\Users\Andrzejek\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-10-22]
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=...p;uid=TOSHIBAXMQ01ACF032_842YCDWGTXX842YCDWGT
    R2 dijojyvi; C:\Program Files (x86)\4C4C4544-1445460332-3710-8047-C2C04F374E31\hnsp49F8.tmp [845312 2015-10-21] () [Brak podpisu cyfrowego]
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-10-22] (globalUpdate) [Brak podpisu cyfrowego] <==== UWAGA
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-10-22] (globalUpdate) [Brak podpisu cyfrowego] <==== UWAGA
    R2 hidekoqe; C:\Users\Andrzejek\AppData\Local\4C4C4544-1445544192-3710-8047-C2C04F374E31\qnshB09B.tmp [142336 2015-10-13] () [Brak podpisu cyfrowego]
    S2 NetTcpHandler; C:\Users\Andrzejek\AppData\Roaming\NetService\netservice.exe [173088 2015-07-09] ()
    R2 ripydede; C:\Users\Andrzejek\AppData\Local\4C4C4544-1445467572-3710-8047-C2C04F374E31\snsaAD7C.tmp [180736 2015-10-21] () [Brak podpisu cyfrowego]
    R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [169632 2015-10-22] (TODO: <公司名>)
    R2 WdsManPro; C:\ProgramData\6WdsManPro6\WdsManPro.exe [442504 2015-10-22] (DTools LIMITED)
    R2 wytominy; C:\Program Files (x86)\4C4C4544-1445460332-3710-8047-C2C04F374E31\jnsk334B.tmp [218112 2015-10-21] () [Brak podpisu cyfrowego]
    R2 dedixewo; C:\Program Files (x86)\4C4C4544-1445460332-3710-8047-C2C04F374E31\knsk1AE5.tmpfs [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S1 tcfd_vt_1_10_0_24; system32\drivers\tcfd_vt_1_10_0_24.sys [X]
    S1 wwfd_vt_1_10_0_24; system32\drivers\wwfd_vt_1_10_0_24.sys [X]
    2015-10-22 20:42 - 2015-10-22 20:44 - 00000000 ____D C:\ProgramData\6WdsManPro6
    2015-10-22 20:42 - 2015-10-22 20:42 - 00001901 _____ C:\Users\Andrzejek\Desktop\jogotempo.lnk
    2015-10-22 20:42 - 2015-10-22 20:42 - 00000000 ____D C:\Users\Andrzejek\AppData\Roaming\RunDir
    2015-10-22 20:42 - 2015-10-22 20:42 - 00000000 ____D C:\Users\Andrzejek\AppData\Roaming\NetService
    2015-10-22 20:42 - 2015-10-22 20:42 - 00000000 ____D C:\Users\Andrzejek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jogotempo
    2015-10-22 20:42 - 2015-10-22 20:42 - 00000000 ____D C:\Users\Andrzejek\AppData\Local\gmsd_pl_005010123
    2015-10-22 20:42 - 2015-10-22 20:42 - 00000000 ____D C:\Program Files (x86)\jogotempo
    2015-10-22 20:42 - 2015-10-22 20:42 - 00000000 ____D C:\Program Files (x86)\gmsd_pl_005010123
    2015-10-22 20:03 - 2015-10-22 20:06 - 00000000 ____D C:\ProgramData\BWdsManProB
    2015-10-22 20:03 - 2015-10-22 20:03 - 00000000 ____D C:\Users\Andrzejek\AppData\Roaming\mystartsearch
    2015-10-22 20:03 - 2015-10-22 20:03 - 00000000 ____D C:\Users\Andrzejek\AppData\Local\4C4C4544-1445544192-3710-8047-C2C04F374E31
    2015-10-22 18:19 - 2015-10-22 18:29 - 00000000 ____D C:\Program Files (x86)\trend micro
    2015-10-22 18:19 - 2015-10-22 18:19 - 00000000 ____D C:\rsit
    2015-10-22 18:16 - 2015-10-22 18:16 - 01107968 _____ C:\Users\Andrzejek\Desktop\RSIT.exe
    2015-10-22 18:16 - 2015-10-22 18:16 - 00602112 _____ (OldTimer Tools) C:\Users\Andrzejek\Desktop\OTL.exe
    2015-10-22 18:14 - 2015-10-22 20:14 - 00005526 _____ C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-6.job
    2015-10-22 18:14 - 2015-10-22 20:14 - 00003146 _____ C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-6.job
    2015-10-22 18:14 - 2015-10-22 20:10 - 00005190 _____ C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-7.job
    2015-10-22 18:14 - 2015-10-22 20:10 - 00004166 _____ C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-3.job
    2015-10-22 18:14 - 2015-10-22 20:10 - 00003146 _____ C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-7.job
    2015-10-22 18:14 - 2015-10-22 20:10 - 00002454 _____ C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5_user.job
    2015-10-22 18:14 - 2015-10-22 20:10 - 00002454 _____ C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5.job
    2015-10-22 18:14 - 2015-10-22 20:10 - 00001034 _____ C:\Windows\Tasks\2SszgFwI94gEvDidrx4pcfO.job
    2015-10-22 18:14 - 2015-10-22 20:10 - 00000978 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
    2015-10-22 18:14 - 2015-10-22 18:19 - 00000982 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
    2015-10-22 18:14 - 2015-10-22 18:15 - 00004072 _____ C:\Windows\System32\Tasks\2SszgFwI94gEvDidrx4pcfO
    2015-10-22 18:14 - 2015-10-22 18:14 - 00008554 _____ C:\Windows\System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-6
    2015-10-22 18:14 - 2015-10-22 18:14 - 00008220 _____ C:\Windows\System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-7
    2015-10-22 18:14 - 2015-10-22 18:14 - 00007196 _____ C:\Windows\System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-3
    2015-10-22 18:14 - 2015-10-22 18:14 - 00006176 _____ C:\Windows\System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-7
    2015-10-22 18:14 - 2015-10-22 18:14 - 00006174 _____ C:\Windows\System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-1-6
    2015-10-22 18:14 - 2015-10-22 18:14 - 00005484 _____ C:\Windows\System32\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-5
    2015-10-22 18:14 - 2015-10-22 18:14 - 00003980 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
    2015-10-22 18:14 - 2015-10-22 18:14 - 00003726 _____ C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
    2015-10-22 18:14 - 2015-10-22 18:14 - 00000000 ____D C:\Users\Andrzejek\AppData\Local\globalUpdate
    2015-10-22 18:14 - 2015-10-22 18:14 - 00000000 ____D C:\Program Files (x86)\globalUpdate
    2015-10-22 18:14 - 2015-10-22 18:14 - 00000000 ____D C:\Program Files (x86)\1d4277cb-5f7f-4bf8-9966-3c98b6126ddf
    2015-10-22 18:13 - 2015-10-22 20:43 - 00000000 ____D C:\Program Files (x86)\SFK
    2015-10-22 18:13 - 2015-10-22 20:14 - 00000000 ____D C:\Users\Andrzejek\AppData\Local\gmsd_pl_005010122
    2015-10-22 18:13 - 2015-10-22 20:13 - 00002120 _____ C:\Windows\Tasks\5c3d40b5-cc96-498e-9470-59a8e7ed71b6-10_user.job
    2015-10-22 18:13 - 2015-10-22 20:03 - 00000000 ____D C:\Program Files (x86)\gmsd_pl_005010122
    2015-10-22 18:13 - 2015-10-22 18:14 - 00000000 ____D C:\ProgramData\UWdsManProU
    2015-10-22 18:13 - 2015-10-22 18:14 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV22.10
    2015-10-22 18:13 - 2015-10-22 18:13 - 00000000 ____D C:\Users\Andrzejek\AppData\Roaming\istartsurf
    2015-10-22 18:12 - 2015-10-22 20:11 - 00000000 ____D C:\Users\Andrzejek\AppData\LocalLow\SmartWeb
    2015-10-22 18:12 - 2015-10-22 20:10 - 00001056 _____ C:\Windows\Tasks\MyBrowser.job
    2015-10-22 18:12 - 2015-10-22 20:01 - 00004054 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
    2015-10-22 18:12 - 2015-10-22 18:13 - 00004094 _____ C:\Windows\System32\Tasks\MyBrowser
    2015-10-22 18:12 - 2015-10-22 18:12 - 00002346 _____ C:\Users\Public\Desktop\MyBrowser.lnk
    2015-10-22 18:12 - 2015-10-22 18:12 - 00000000 ____D C:\Users\Andrzejek\AppData\Local\SmartWeb
    2015-10-22 18:12 - 2015-10-22 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyBrowser
    2015-10-22 18:12 - 2015-10-22 18:12 - 00000000 ____D C:\Program Files (x86)\MyBrowser
    2015-10-22 17:30 - 2015-10-22 17:30 - 00024836 _____ C:\ComboFix.txt
    2015-10-22 17:07 - 2015-10-22 17:30 - 00000000 ____D C:\Qoobox
    2015-10-22 17:07 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-10-22 17:07 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-10-22 17:07 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-10-22 17:07 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-10-22 17:07 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-10-22 17:07 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
    2015-10-22 17:07 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
    2015-10-22 17:07 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
    2015-10-22 17:06 - 2015-10-22 17:07 - 05637184 ____R (Swearware) C:\Users\Andrzejek\Desktop\ComboFix.exe
    2015-10-22 17:01 - 2015-10-22 20:10 - 00001002 _____ C:\Windows\Tasks\XYh2rcH.job
    2015-10-22 17:01 - 2015-10-22 17:01 - 00004040 _____ C:\Windows\System32\Tasks\XYh2rcH
    2015-10-22 17:00 - 2015-10-22 17:01 - 00000000 ____D C:\ProgramData\lWdsManProl
    2015-10-22 16:59 - 2015-10-22 16:59 - 00000000 ____D C:\Users\Andrzejek\AppData\Local\MyBrowser
    2015-10-21 23:38 - 2015-10-22 00:02 - 00000000 ____D C:\ProgramData\pWdsManProp
    2015-10-21 23:38 - 2015-10-22 00:00 - 00000000 ____D C:\Users\Andrzejek\AppData\Local\4C4C4544-1445470704-3710-8047-C2C04F374E31
    2015-10-21 22:55 - 2015-10-22 00:00 - 00000000 ____D C:\Program Files (x86)\SwiftSearch_1.10.0.25
    2015-10-21 22:50 - 2015-10-22 20:42 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2015-10-21 22:50 - 2015-10-22 00:00 - 00000000 ____D C:\ProgramData\yWdsManProy
    2015-10-21 22:46 - 2015-10-22 20:20 - 00000000 ____D C:\Users\Andrzejek\AppData\Local\4C4C4544-1445467572-3710-8047-C2C04F374E31
    2015-10-21 22:46 - 2015-10-22 20:10 - 00001028 _____ C:\Windows\Tasks\B8SXxlxzXj5Z6nMJ1WAN.job
    2015-10-21 22:46 - 2015-10-21 22:46 - 00004066 _____ C:\Windows\System32\Tasks\B8SXxlxzXj5Z6nMJ1WAN
    2015-10-21 22:45 - 2015-10-22 20:10 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
    2015-10-21 22:45 - 2015-10-21 22:45 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1445460332-3710-8047-C2C04F374E31
    2015-09-22 19:57 - 2015-09-22 19:57 - 00000000 ____D C:\found.001
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Andrzejek\AppData\Roaming\2SszgFwI94gEvDidrx4pcfO
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Andrzejek\AppData\Roaming\2SszgFwI94gEvDidrx4pcfO.exe
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Andrzejek\AppData\Roaming\B8SXxlxzXj5Z6nMJ1WAN
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Andrzejek\AppData\Roaming\B8SXxlxzXj5Z6nMJ1WAN.exe
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Andrzejek\AppData\Roaming\XYh2rcH
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Andrzejek\AppData\Roaming\XYh2rcH.exe
    2015-09-29 22:36 - 2015-09-29 22:36 - 0003584 _____ () C:\Users\Andrzejek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-10-08 11:06 - 2015-10-08 11:06 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-10-21 22:50 - 2015-10-22 20:42 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • CControls
  • Pomocny post
    #4 23 Paź 2015 15:15
    Domino_2
    Pomocny dla użytkowników

    Cytat:

    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
    2015-10-23 14:37 - 2015-09-22 19:57 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    0
  • #5 24 Paź 2015 11:50
    and.2003
    Poziom 10  

    Witam,
    Mam jeszcze jeden problem. Przy uruchamianiu Google Chrome ładuje się niepożądana strona „www.aqovd.com” w ustawieniach Google strona startowa to „www.google.pl”. AdwCleaner nic nie wykrywa.
    Jak się tego pozbyć?

    0
  • Pomocny post
    #6 24 Paź 2015 12:34
    Kolobos
    Spec od komputerów

    Sprawdz czy we wlasciwosciach skrotu Chrome nie ma dopisanego adresu tej strony.

    0
  • #7 24 Paź 2015 12:51
    and.2003
    Poziom 10  

    Dzięki za pomoc wygląda na to, że wszystko wróciło do normy.

    0
  • Pomocny post
    #8 24 Paź 2015 15:48
    Domino_2
    Pomocny dla użytkowników

    Możesz skasować folder C:\FRST.

    0
  • #9 03 Kwi 2016 17:07
    and.2003
    Poziom 10  

    Problem rozwiązany, zamykam temat.
    Złośliwe programy typu adware prośba o fixlist.

    0