Logi OTL i Extras

[m4rk1]

Cześć. Mógłbym prosić o pomoc przy analizie skanu Extras i OTL? Komputer mi ostatnio mega zamula a i moją przeglądarkę męczą pop-upy ostatnio.



Extras: Dostępne tylko dla zarejestrowanych użytkowników
OTL: Dostępne tylko dla zarejestrowanych użytkowników

[robiwielki]

Oj to nie tutaj, to do działu "Bezpieczeństwo" .
Ktoś przeniesie cię do tego działu, i udzieli odpowiedzi.

Daj jeszcze z programy FRST

FRST - http://forum.hotfix.pl/bezpieczenstwo/korzystanie-z-frst-t28530.html

[m4rk1]

1. Dostępne tylko dla zarejestrowanych użytkowników - FRST
2. Dostępne tylko dla zarejestrowanych użytkowników - Addition

[djarta]

1. Otwórz notatnik i wklej:

CloseProcesses:
S3 cpuz136; \??\C:\Users\Maciej\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20130919.003\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20130919.003\EX64.SYS [X]
S3 SPBIUpdd; \??\C:\Program Files\Common Files\ShopperPro\spbiw.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe /service [X]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-04] (Fuyu LIMITED) [File not signed]
C:\ProgramData\WindowsMangerProtect
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
C:\Program Files (x86)\XTab
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-30] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-30] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-30] (BlueStack Systems, Inc.)
C:\Program Files (x86)\BlueStacks
C:\Program Files (x86)\TrustMediaViewerV1
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [dpbdakcbplnphpplcffckchlaafognbe] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha3042\ch\TrustMediaViewerV1alpha3042.crx [2014-06-25]
C:\Users\Maciej\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpbdakcbplnphpplcffckchlaafognbe
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&t ... 1510415104
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1420403668&from=amt&uid=WDCXWD5000AAKX-001CA0_WD-WCAYUAW1510415104"
CHR DefaultSearchKeyword: Default -> mystartsearch
FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha3042.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha3042\ff
FF Extension: No Name - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha3042\ff [2014-06-29]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\vv478g13.default-1406974877268\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\vv478g13.default-1406974877268\extensions\faststartff@gmail.com
FF HKU\S-1-5-21-4084394776-641297562-429805807-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe Dostępne tylko dla zarejestrowanych użytkowników
FF Extension: Fast Start - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\vv478g13.default-1406974877268\Extensions\faststartff@gmail.com [2015-01-04]
FF Extension: FF Toolbar - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\vv478g13.default-1406974877268\Extensions\fftoolbar2014@etech.com [2015-01-04]
C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\vv478g13.default-1406974877268\user.js
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF Homepage: hxxp://www.mystartsearch.com/?type=hp&t ... 1510415104
Toolbar: HKU\S-1-5-21-4084394776-641297562-429805807-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
ProxyServer: [S-1-5-21-4084394776-641297562-429805807-1000] => http=127.0.0.1:8555;https=127.0.0.1:8555
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
HKU\S-1-5-21-4084394776-641297562-429805807-1000\Software\Microsoft\Internet Explorer\Main,Search Page = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
HKU\S-1-5-21-4084394776-641297562-429805807-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
HKU\S-1-5-21-4084394776-641297562-429805807-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dostępne tylko dla zarejestrowanych użytkowników
HKU\S-1-5-21-4084394776-641297562-429805807-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe Dostępne tylko dla zarejestrowanych użytkowników
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
SearchScopes: HKU\S-1-5-21-4084394776-641297562-429805807-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
SearchScopes: HKU\S-1-5-21-4084394776-641297562-429805807-1000 -> {274179C4-9A3B-470D-94D1-70FD18C53A5C} URL = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}&src=tbsp&id=58a20b24000000000000f46d049b71e7&affilt=3&r=618
SearchScopes: HKU\S-1-5-21-4084394776-641297562-429805807-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
SearchScopes: HKU\S-1-5-21-4084394776-641297562-429805807-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2498} URL = Dostępne tylko dla zarejestrowanych użytkowników{searchTerms}
BHO: Cinemax -> {11111111-1111-1111-1111-110611111195} -> C:\Program Files (x86)\Cinemax\Cinemax-bho64.dll No File
HKU\S-1-5-21-4084394776-641297562-429805807-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1460.0.0.0\jsdrv.exe [3224576 2015-01-03] ()
HKU\S-1-5-21-4084394776-641297562-429805807-1000\...\Run: [CloudSystemBooster] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2014-08-20] (Anvisoft)
HKU\S-1-5-21-4084394776-641297562-429805807-1000\...\MountPoints2: {eafa1a79-7d6d-11e4-92e1-f46d049b71e7} - G:\LG_PC_Programs.exe
HKU\S-1-5-21-4084394776-641297562-429805807-1000\...\MountPoints2: {efd3bb06-866b-11e3-85a8-f46d049b71e7} - F:\Setup.exe
AppInit_DLLs-x32: 婢�Ȍ䵆汳禠ѿ婢�¨ => "婢�Ȍ䵆汳禠ѿ婢�¨" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Maciej\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mljbifw.lnk
ShortcutTarget: mljbifw.lnk -> C:\Users\Maciej\AppData\Local\mljbifw.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1460.0.0.0\jsdrv.exe [3224576 2015-01-03] ()
C:\Program Files (x86)\ShopperPro
2015-01-05 16:17 - 2015-01-05 16:18 - 00291904 _____ () C:\Windows\Minidump\010515-27268-01.dmp
2015-01-04 21:38 - 2015-01-15 18:38 - 00006178 _____ () C:\Windows\Tasks\4576fce1-f0af-4389-8895-304131c301f1-6.job
2015-01-04 21:38 - 2015-01-15 15:38 - 00005834 _____ () C:\Windows\Tasks\4576fce1-f0af-4389-8895-304131c301f1-7.job
2015-01-04 21:38 - 2015-01-15 15:38 - 00005492 _____ () C:\Windows\Tasks\4576fce1-f0af-4389-8895-304131c301f1-11.job
2015-01-04 21:38 - 2015-01-05 16:59 - 00000000 ____D () C:\Program Files\Common Files\ShopperPro
2015-01-04 21:38 - 2015-01-05 16:56 - 00000000 ____D () C:\Program Files (x86)\iWebar
2015-01-04 21:38 - 2015-01-05 16:23 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-04 21:38 - 2015-01-05 16:17 - 00005394 _____ () C:\Windows\Tasks\temp_4576fce1-f0af-4389-8895-304131c301f1-6.job
2015-01-04 21:38 - 2015-01-04 21:38 - 00009206 _____ () C:\Windows\System32\Tasks\4576fce1-f0af-4389-8895-304131c301f1-6
2015-01-04 21:38 - 2015-01-04 21:38 - 00008864 _____ () C:\Windows\System32\Tasks\4576fce1-f0af-4389-8895-304131c301f1-7
2015-01-04 21:38 - 2015-01-04 21:38 - 00008522 _____ () C:\Windows\System32\Tasks\4576fce1-f0af-4389-8895-304131c301f1-11
2015-01-04 21:38 - 2015-01-04 21:38 - 00007526 _____ () C:\Windows\System32\Tasks\temp_4576fce1-f0af-4389-8895-304131c301f1-6
2015-01-04 21:38 - 2015-01-04 21:38 - 00004520 _____ () C:\Windows\System32\Tasks\ShopperPro
2015-01-04 21:38 - 2015-01-04 21:38 - 00004244 _____ () C:\Windows\System32\Tasks\SPBIW_UpdateTask_Time_333236383930363235362d3437415a556c2a3223346c41
2015-01-04 21:38 - 2015-01-04 21:38 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-04 21:38 - 2015-01-04 21:38 - 00000000 ____D () C:\Program Files (x86)\05092f73-b70a-4884-94d1-9f505d268496
2015-01-04 21:37 - 2015-01-15 15:37 - 00004468 _____ () C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-4.job
2015-01-04 21:37 - 2015-01-15 15:37 - 00003076 _____ () C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-1.job
2015-01-04 21:37 - 2015-01-15 15:37 - 00002420 _____ () C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-5_user.job
2015-01-04 21:37 - 2015-01-15 15:37 - 00002420 _____ () C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-5.job
2015-01-04 21:37 - 2015-01-15 15:37 - 00002084 _____ () C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-2.job
2015-01-04 21:37 - 2015-01-05 18:23 - 00005492 _____ () C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-6.job
2015-01-04 21:37 - 2015-01-05 16:23 - 00000000 ____D () C:\Program Files (x86)\ShopperPro
2015-01-04 21:37 - 2015-01-04 21:38 - 00000000 ____D () C:\ProgramData\ShopperPro
2015-01-04 21:37 - 2015-01-04 21:37 - 00007498 _____ () C:\Windows\System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-4
2015-01-04 21:37 - 2015-01-04 21:37 - 00006106 _____ () C:\Windows\System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-1
2015-01-04 21:37 - 2015-01-04 21:37 - 00005450 _____ () C:\Windows\System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-5
2015-01-04 21:37 - 2015-01-04 21:37 - 00005114 _____ () C:\Windows\System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-2
2015-01-04 21:37 - 2015-01-04 21:37 - 00003576 _____ () C:\Windows\System32\Tasks\ShopperProJSUpd
2015-01-04 21:37 - 2015-01-04 21:37 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-01-04 21:36 - 2015-01-15 15:43 - 00000910 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-01-04 21:36 - 2015-01-15 15:36 - 00005492 _____ () C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-7.job
2015-01-04 21:36 - 2015-01-15 15:36 - 00004814 _____ () C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-11.job
2015-01-04 21:36 - 2015-01-15 14:25 - 00000906 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-04 21:36 - 2015-01-05 16:55 - 00000000 ____D () C:\Program Files (x86)\Cinemax
2015-01-04 21:36 - 2015-01-04 21:38 - 00003908 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-01-04 21:36 - 2015-01-04 21:38 - 00003654 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-01-04 21:36 - 2015-01-04 21:38 - 00000000 ____D () C:\Program Files (x86)\a836efc9-a8f6-4510-be79-5b2253e39d04
2015-01-04 21:36 - 2015-01-04 21:37 - 00008522 _____ () C:\Windows\System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-7
2015-01-04 21:36 - 2015-01-04 21:36 - 00007844 _____ () C:\Windows\System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-11
2015-01-04 21:36 - 2015-01-04 21:36 - 00000000 ____D () C:\Users\Maciej\AppData\Roaming\tricomfi
2015-01-04 21:36 - 2015-01-04 21:36 - 00000000 ____D () C:\Users\Maciej\AppData\Local\globalUpdate
2015-01-04 21:36 - 2015-01-04 21:36 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-04 21:36 - 2015-01-04 21:36 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-04 21:35 - 2015-01-04 21:35 - 00000000 ____D () C:\Users\Maciej\AppData\Roaming\mystartsearch
CustomCLSID: HKU\S-1-5-21-4084394776-641297562-429805807-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Maciej\AppData\Roaming\tricomfi\tivesen.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-4084394776-641297562-429805807-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Maciej\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll No File
C:\Users\Maciej\AppData\Roaming\tricomfi
Task: {081FED6A-0140-479A-BF81-8E05EB16D735} - \Easy Deals-updater No Task File <==== ATTENTION
Task: {1D2EA3F9-802C-4E8E-A7D6-1CD2AFB26A5D} - System32\Tasks\temp_4576fce1-f0af-4389-8895-304131c301f1-6 => C:\Program Files (x86)\iWebar\4576fce1-f0af-4389-8895-304131c301f1-6.exe <==== ATTENTION
Task: {1E3DCFE9-5434-4536-A26B-59A81C2993EE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {27846767-09D0-4A72-8E42-4385AE128639} - \Easy Deals-enabler No Task File <==== ATTENTION
Task: {2AFCDE06-48F8-49CD-BC0F-D497AD647BFD} - System32\Tasks\4576fce1-f0af-4389-8895-304131c301f1-6 => C:\Program Files (x86)\iWebar\4576fce1-f0af-4389-8895-304131c301f1-6.exe <==== ATTENTION
Task: {340F51F2-E321-4BE9-95C5-D6524ABFA072} - System32\Tasks\4576fce1-f0af-4389-8895-304131c301f1-11 => C:\Program Files (x86)\iWebar\4576fce1-f0af-4389-8895-304131c301f1-11.exe <==== ATTENTION
Task: {3B2315CE-2489-4CA2-AD93-4C6C61E13651} - System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-2 => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-2.exe <==== ATTENTION
Task: {3B8FC921-5CD0-488E-81BB-8D7FA9FE0526} - System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-5 => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-5.exe <==== ATTENTION
Task: {4AF7FA19-BCAF-4D9C-8D9B-CCE707353B4D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4084394776-641297562-429805807-1000Core => C:\Users\Maciej\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-03] (Facebook Inc.)
Task: {4DDF2FEA-86EC-47DB-B70E-4E202045923B} - \SPDriver No Task File <==== ATTENTION
Task: {5AAC394B-1E3C-46FA-8BC5-127C9B47988B} - \Easy Deals-firefoxinstaller No Task File <==== ATTENTION
Task: {600FFD2D-41E1-4099-ACB9-B8A9E2DAED8D} - \Easy Deals-codedownloader No Task File <==== ATTENTION
Task: {63E7721A-A3A9-4AB9-8A1D-D6154489DF6F} - System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-11 => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-11.exe <==== ATTENTION
Task: {651A99AD-CB75-4015-822E-49F2AC8AE867} - \Easy Deals-chromeinstaller No Task File <==== ATTENTION
Task: {67BD9158-765E-4AB1-8C58-914B770857A1} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {7370B444-2985-42D8-AB9B-712284C84F3D} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION
Task: {7C4FA12C-D9AF-4B97-9BA2-A1105C2048B3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-14] (Adobe Systems Incorporated)
Task: {814A5515-F8C2-496B-BB58-A197F94D98B7} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {880343F2-2FF7-4FCE-98E5-EA1440C641E7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {88C47724-635B-4285-A0F4-A9B2C443524A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-02] (Google Inc.)
Task: {98429FA7-03CA-48EA-B7E8-6BBCD369F08B} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-01-15] (Enigma Software Group USA, LLC.)
Task: {A0B75610-1422-40DC-8C6C-11649E340C36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {A30F2712-3874-4DE0-BF9A-3E334179AA3E} - System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-7 => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-7.exe <==== ATTENTION
Task: {B112C413-B1A6-4647-A197-2C0C978A8407} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe [2015-01-03] (Goobzo) <==== ATTENTION
Task: {B3762539-0ECB-40CF-9AAA-5FE0FDDB44A0} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe [2014-04-30] (Megaify Software Co., Ltd.)
Task: {BB199C7B-6093-4396-A5BB-F99FDDAF53A0} - System32\Tasks\{5F634867-AAEE-4F0F-ABBA-57672951AD3F} => pcalua.exe -a C:\Users\Maciej\Downloads\vcredist_x64(1).exe -d C:\Users\Maciej\Downloads
Task: {C4CFEC04-FA55-4EDF-9E29-468EC654425A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-02] (Google Inc.)
Task: {C992AB23-5D82-44DF-951A-608E4A8DD74F} - System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-1 => C:\Program Files (x86)\Cinemax\Cinemax-codedownloader.exe <==== ATTENTION
Task: {D39CD798-6FCC-4730-BC2B-13AE638636F6} - System32\Tasks\4576fce1-f0af-4389-8895-304131c301f1-7 => C:\Program Files (x86)\iWebar\4576fce1-f0af-4389-8895-304131c301f1-7.exe <==== ATTENTION
Task: {D4C9BDFD-2696-4522-ADB9-FD1887C167AA} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: {DF416C10-E47C-4A2D-9D71-AC395CEA869E} - \13384a85-d498-46f3-81c6-236e044cc652-6 No Task File <==== ATTENTION
Task: {E46974EB-593A-469B-8053-3B1B9CE36B86} - System32\Tasks\SPBIW_UpdateTask_Time_333236383930363235362d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {E9840775-D50A-4CC6-903D-706EADFE4E37} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4084394776-641297562-429805807-1000UA => C:\Users\Maciej\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-03] (Facebook Inc.)
Task: {E992E57B-919F-442C-AC92-9E06D7FC0478} - System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-4 => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-4.exe <==== ATTENTION
Task: {FF96F189-0D41-4DBF-8CFC-3B3E863B3278} - System32\Tasks\13384a85-d498-46f3-81c6-236e044cc652-5_user => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-1.job => C:\Program Files (x86)\Cinemax\Cinemax-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-11.job => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-2.job => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-4.job => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-5.job => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-5_user.job => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-6.job => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\13384a85-d498-46f3-81c6-236e044cc652-7.job => C:\Program Files (x86)\Cinemax\13384a85-d498-46f3-81c6-236e044cc652-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\4576fce1-f0af-4389-8895-304131c301f1-11.job => C:\Program Files (x86)\iWebar\4576fce1-f0af-4389-8895-304131c301f1-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\4576fce1-f0af-4389-8895-304131c301f1-6.job => C:\Program Files (x86)\iWebar\4576fce1-f0af-4389-8895-304131c301f1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\4576fce1-f0af-4389-8895-304131c301f1-7.job => C:\Program Files (x86)\iWebar\4576fce1-f0af-4389-8895-304131c301f1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4084394776-641297562-429805807-1000Core.job => C:\Users\Maciej\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4084394776-641297562-429805807-1000UA.job => C:\Users\Maciej\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\temp_4576fce1-f0af-4389-8895-304131c301f1-6.job => C:\Program Files (x86)\iWebar\4576fce1-f0af-4389-8895-304131c301f1-6.exe <==== ATTENTION
AlternateDataStreams: C:\Users\Maciej\Downloads\Infestation Survivor Stories H Downloader__3687_i1439382574_il1997649.exe:typelib
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
Emptytemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.

2. Odinstaluj: 337 GAMES / Cinemax / iWebar / Kepard / mystartsearch uninstall / Remote Desktop Access (VuuPC) / tricomfi / Trust Media Viewer / Unitech LLC toolbar / McAfee Security Scan Plus

3. Użyj >Dostępne tylko dla zarejestrowanych użytkowników
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt

4. Uruchom Dostępne tylko dla zarejestrowanych użytkowników. Wciśnij dowolny klawisz i czekaj, aż skończy się operacja. (UWAGA: podczas pobierania, programy mogą wskazywać, że to jest zagrożenie, proszę to zignorować). Pokaż raport.

5. Wykonaj i wklej nowe logi z FRST.