Laptop sie zawiesza, strony wyskakują

[kerli]

Logi:
http://wklej.to/vhGaY

http://wklej.to/t7lPB

Za pomoc z góry dzieki

[ordynat]

1) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt

2) Zrób logi z FRST > http://forum.programosy.pl/frst-otl-zoek-vt139692.html
Przed skanem zaznacz "Additional" oraz "Shortcut"

3)

Error - 2015-05-12 14:14:16 | Computer Name = Ewelinka-PC | Source = WinMgmt | ID = 10
Description =

Do Notatnika wklej:

Kod: Zaznacz wszystko

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\subscription")

Set obj1 = objWMIService.Get("__EventFilter.Name='BVTFilter'")

set obj2set = obj1.Associators_("__FilterToConsumerBinding")

set obj3set = obj1.References_("__FilterToConsumerBinding")



For each obj2 in obj2set
                WScript.echo "Deleting the object"
                WScript.echo obj2.GetObjectText_
                obj2.Delete_
next

For each obj3 in obj3set
                WScript.echo "Deleting the object"
                WScript.echo obj3.GetObjectText_
                obj3.Delete_
next

WScript.echo "Deleting the object"
WScript.echo obj1.GetObjectText_
obj1.Delete_


Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> Test.vbs>>
plik uruchom (dwuklik i OK).
.

[kerli]

Scan Adw cl:
http://wklej.to/c6pPv

FRST:
http://wklej.to/RvhhS
Additional
http://wklej.to/a4BQH
Shortcut
http://wklej.to/wI33T
Main
http://wklej.to/Wto8i

3 tez wykonana

[ordynat]

Otwórz Notatnik i wklej w nim:

C:\Users\Ewelinka\AppData\Roaming\DE813858-1430924518-BD9E-A900-0026182CA4C0
Task: C:\Windows\Tasks\d8pJzFmkgAoBpp.job => C:\Users\Ewelinka\AppData\Roaming\d8pJzFmkgAoBpp.exe <==== ATTENTION
Task: C:\Windows\Tasks\E90xmWJuCMwDPQ6kE14.job => C:\Users\Ewelinka\AppData\Roaming\E90xmWJuCMwDPQ6kE14.exe <==== ATTENTION
Task: {B3FDCA4E-E091-40FA-A514-963EA29FCADE} - System32\Tasks\d8pJzFmkgAoBpp => C:\Users\Ewelinka\AppData\Roaming\d8pJzFmkgAoBpp.exe <==== ATTENTION
C:\Users\Ewelinka\AppData\Roaming\d8pJzFmkgAoBpp.exe
C:\Users\Ewelinka\AppData\Roaming\E90xmWJuCMwDPQ6kE14.exe
Task: {97919A1F-EBAC-4174-B6F9-A099AFAAF761} - \Detect new device No Task File <==== ATTENTION
Task: {47C2E749-8A8F-434A-AF53-F8D7B591F971} - System32\Tasks\E90xmWJuCMwDPQ6kE14 => C:\Users\Ewelinka\AppData\Roaming\E90xmWJuCMwDPQ6kE14.exe <==== ATTENTION
Task: {43CED769-CE81-44A9-881E-FC1C50E956A1} - System32\Tasks\{9F92963C-D051-42D8-8E5B-C074860CD7E1} => C:\Windows\system32 [2015-05-13] ()
globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
C:\Users\Ewelinka\AppData\Local\nse8112.tmp
C:\Windows\Minidump\Mini*.dmp
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
C:\Users\Public\Documents\ShopperPro
C:\Users\Ewelinka\AppData\Local\18824
C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
C:\Program Files\Edu App
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Edu App" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\globalupdate Helper" /f
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 insvc_1.10.0.14; "C:\Program Files\Infonaut_1.10.0.14\Service\insvc.exe" [X]
S2 Util Edu App; "C:\Program Files\Edu App\bin\utilEduApp.exe" [X]
S2 xoxufewe; C:\Users\Ewelinka\AppData\Roaming\DE813858-1430924518-BD9E-A900-0026182CA4C0\jnsf3EC4.tmp [X]
R2 Update Edu App; C:\Program Files\Edu App\updateEduApp.exe [645352 2015-05-13] ()
R2 kylixure; C:\Users\Ewelinka\AppData\Roaming\DE813858-1430924518-BD9E-A900-0026182CA4C0\nseAA21.tmp [337920 2015-05-12] () [File not signed]
OPR Extension: (Edu App) - C:\Users\Ewelinka\AppData\Roaming\Opera Software\Opera Stable\Extensions\ohmbecafcaibfjhnijfoibgdpljmoghh [2015-05-06]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe http://www.oursurfing.com/?type=sc&ts=1431417899&z=cf3e622ace8842bc82f7a62gdzdc5gczegfmdb4bbo&from=cmi&uid=ST9250315AS_5VC1TK83XXXX5VC1TK83
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Ewelinka\AppData\Roaming\BabSolution\CR\Delta.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx [Not Found]
FF Extension: No Name - C:\Users\Ewelinka\AppData\Roaming\Mozilla\Firefox\Profiles\ao14qypp.default\extensions\{15ffe680-f508-4e34-9186-1c1e8f02c252}.xpi [Not Found]
FF Extension: No Name - C:\Users\Ewelinka\AppData\Roaming\Mozilla\Firefox\Profiles\ao14qypp.default\extensions\searchffv2@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Ewelinka\AppData\Roaming\Mozilla\Firefox\Profiles\ao14qypp.default\extensions\quick_searchff@gmail.com [Not Found]
FF Extension: No Name - C:\Users\Ewelinka\AppData\Roaming\Mozilla\Firefox\Profiles\ao14qypp.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [Not Found]
FF Extension: webget 1.0.1 - C:\Users\Ewelinka\AppData\Roaming\Mozilla\Firefox\Profiles\ao14qypp.default\Extensions\{cd6916b7-8b8b-4a25-b167-fbd7ae1c0294}.xpi [2014-11-27]
BHO: Edu App 1.0.0.7 -> {ebfbdd44-c0e0-4f63-a8e6-ee5f34765238} -> C:\Program Files\Edu App\EduAppbho.dll [2015-05-07] (Edu App)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Startup: C:\Users\Ewelinka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk [2015-05-04]
ShortcutTarget: Torpedo.lnk -> C:\Users\Ewelinka\AppData\Local\Torpedo\Torpedo.exe (No File)
HKU\S-1-5-21-1973622382-4191421311-1682344705-1000\...\Run: [GoogleChromeAutoLaunch_5F3D1C8464CB4567E43FE41AD86674AF] => "C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKLM\...\Run: [mbot_pl_194] => [X]
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0AMQA3AD (the data entry has 333 more characters).
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

Zrób nowe logi FRST - już bez Shortcut.
.

[kerli]

Zrobione Fix:
http://wklej.to/wDNiu

nowe logi :
http://wklej.to/5RVTM
http://wklej.to/lIdxS

[ordynat]

Otwórz Notatnik i wklej w nim:

C:\Users\Ewelinka\AppData\Roaming\d8pJzFmkgAoBpp
C:\Users\Ewelinka\AppData\Roaming\E90xmWJuCMwDPQ6kE14
C:\ProgramData\AppMgr6.49.325397
C:\Users\Ewelinka\kufkeajyveno.exe
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\kufkeajyveno" /f
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

Zrób nowy log FRST - już bez Additional.
.

[kerli]

logi:
http://wklej.to/DopIL

http://wklej.to/d29m4
http://wklej.to/MVfA1

[ordynat]

Możemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
.

Autor postu otrzymał pochwałę