I start surf i inne. Ciągła instalacja

tiamina · 5 Lipiec 2015 21:05

Witam,

od paru dni mam problem z ciągłą instalacją nowych aplikacji (I start Surf, Cinema, Anysearch i in.). Usuwam je na bieżąco AdwCleaner, ale niewiele to daje.

Czy mogę prosić o pomoc? W załączeniu FRST

FRST http://www.wklej.org/id/1752073/

Addition http://www.wklej.org/id/1752072/

Shortcut http://www.wklej.org/id/1752071/

Dziękuję za pomoc

Pozdrawiam,

Alan Jakman

Atis · 5 Lipiec 2015 21:44

W panelu sterowania odinstaluj AnyProtect

Pobierz i uruchom AdwCleaner Kliknij Skanuj i później Usuń.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM\...\Run: [gpuminer] => C:\Users\Alan Jakman\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
HKLM\...\Run: [cpuminer] => C:\WINDOWS\system32\cpuminer-gw64.exe
HKLM-x32\...\Run: [gmsd_pl_005010022] => [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3892317074-2441604220-1137845466-1001\...\Run: [AdobeBridge] => [X]
AppInit_DLLs: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL => C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC64~1.DLL File not found
AppInit_DLLs-x32: C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL => "C:\PROGRA~2\LENOVO~1\LENOVO~1\bin\SPVC32~1.DLL" File not found
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3892317074-2441604220-1137845466-1001 -> DefaultScope {CDAE9B4D-D211-479A-A301-1A21B22C1F54} URL = 
SearchScopes: HKU\S-1-5-21-3892317074-2441604220-1137845466-1001 -> {CDAE9B4D-D211-479A-A301-1A21B22C1F54} URL = 
SearchScopes: HKU\S-1-5-21-3892317074-2441604220-1137845466-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST1000LM024XHN-M101MBB_S30YJ9DFB26714&ts=1436128715&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3892317074-2441604220-1137845466-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST1000LM024XHN-M101MBB_S30YJ9DFB26714&ts=1436128715&type=default&q={searchTerms}
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-05] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-07-05] (globalUpdate) [File not signed] <==== ATTENTION
R2 vicoqudu; C:\Users\Alan Jakman\AppData\Roaming\800F2DFE-1435948377-E411-A26A-F0761C5AE520\hnsh5572.tmp [165376 2015-07-03] () [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-05] (DTools LIMITED) <==== ATTENTION
R2 zejytose; C:\Users\Alan Jakman\AppData\Roaming\800F2DFE-1435948377-E411-A26A-F0761C5AE520\jnso3E9D.tmp [199168 2015-07-03] () [File not signed]
S2 insvc_1.10.0.14; "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" [X]
R2 juhyrufe; C:\Users\Alan Jakman\AppData\Roaming\800F2DFE-1435948377-E411-A26A-F0761C5AE520\knsi24C5.tmpfs [X]
S2 wssvc_1.10.0.19; "C:\Program Files (x86)\WordShark_1.10.0.19\Service\wssvc.exe" [X]
2015-07-05 22:52 - 2015-07-05 22:52 - 00000000 ____ D C:\Users\Alan Jakman\SupTab
2015-07-05 22:48 - 2015-07-05 22:48 - 00000000 ____ D C:\Program Files (x86)\predm
2015-07-05 22:41 - 2015-07-05 22:41 - 00000000 ____ D C:\Users\Alan Jakman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-07-05 22:39 - 2015-07-05 22:45 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-05 22:39 - 2015-07-05 22:39 - 00000000 __SHD C:\Users\Alan Jakman\AppData\Roaming\AnyProtectEx
2015-07-05 22:39 - 2015-07-05 22:39 - 00000000 ____ D C:\Users\Alan Jakman\AppData\Local\globalUpdate
2015-07-05 22:39 - 2015-07-05 22:39 - 00000000 ____ D C:\ProgramData\IHProtectUpDate
2015-07-05 22:39 - 2015-07-05 22:39 - 00000000 ____ D C:\Program Files (x86)\globalUpdate
2015-07-05 22:38 - 2015-07-05 22:39 - 00000000 ____ D C:\Program Files (x86)\MiuiTab
2015-07-05 22:38 - 2015-07-05 22:38 - 00000000 ____ D C:\ProgramData\WindowsMangerProtect
2015-07-05 12:51 - 2015-07-05 12:51 - 00841232 _____ (Application Web ) C:\Users\Alan Jakman\Downloads\DAEMON-Tools-Lite(12708)-dp.exe
2015-07-03 21:06 - 2015-07-05 22:54 - 00000000 ____ D C:\AdwCleaner
2015-07-03 20:32 - 2015-07-05 22:37 - 00000000 ____ D C:\Users\Alan Jakman\AppData\Roaming\800F2DFE-1435948377-E411-A26A-F0761C5AE520
2015-07-03 20:30 - 2015-07-03 20:30 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-07-03 20:30 - 2015-07-03 20:30 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-07-03 21:20 - 2014-12-23 08:45 - 00000000 ____ D C:\ProgramData\McAfee
2015-07-03 21:20 - 2014-12-23 08:45 - 00000000 ____ D C:\Program Files\Common Files\McAfee
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Alan Jakman\AppData\Roaming\aNCn1Wod6Fs7pyJf33thU2IzfA
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Alan Jakman\AppData\Roaming\aNCn1Wod6Fs7pyJf33thU2IzfA.exe
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Alan Jakman\AppData\Roaming\XlEAqNps.exe
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Alan Jakman\AppData\Roaming\XlEAqNps
2015-07-03 20:43 - 2015-07-03 20:43 - 0000000 _____ () C:\Users\Alan Jakman\AppData\Local\Temp.dat
2015-07-05 22:39 - 2015-07-05 22:39 - 0613255 _____ (CMI Limited) C:\Users\Alan Jakman\AppData\Local\nsi330.tmp
Task: {00B1A5DA-4155-435A-852C-7C622A0BEB86} - System32\Tasks\aNCn1Wod6Fs7pyJf33thU2IzfA => C:\Users\Alan Jakman\AppData\Roaming\aNCn1Wod6Fs7pyJf33thU2IzfA.exe [2015-04-20] () <==== ATTENTION
Task: {0FDD233F-A7E6-4FBF-A176-44D10E7C794C} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {50CF81AE-3ADD-4787-A4E7-44F2A3BFC08D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-05] (globalUpdate) <==== ATTENTION
Task: {5759602B-EC8E-4EE9-8A35-57F192BB8D0D} - System32\Tasks\XlEAqNps => C:\Users\Alan Jakman\AppData\Roaming\XlEAqNps.exe [2015-04-20] () <==== ATTENTION
Task: {5B687391-1800-4F1C-8A5A-69702E40E315} - System32\Tasks\SleepDevice => c:\programdata\{73556e81-d40c-79ae-7355-56e81d40ba07}\download.exe <==== ATTENTION
Task: {8962623D-C92B-4382-8752-FF102651BE02} - System32\Tasks\WordShark Auto Updater 1.10.0.19 Core => C:\Program Files (x86)\WordShark_1.10.0.19\Update\WordSharkAutoUpdateClient.exe <==== ATTENTION
Task: {A7B9DFA0-2368-4CB8-95CF-39FCAD2DB50A} - System32\Tasks\WordShark Auto Updater 1.10.0.19 Pending Update => C:\Program Files (x86)\WordShark_1.10.0.19\Update\WordSharkAutoUpdateClient.exe <==== ATTENTION
Task: {CF95F1D8-FC6B-486B-9AE5-005F61C16994} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-07-05] (globalUpdate) <==== ATTENTION
Task: {DA92D5EB-ECA9-4EB7-8C6B-EE4EF67E963F} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {DF1A15CE-CBF1-419C-9FC0-0517661CF6A5} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\aNCn1Wod6Fs7pyJf33thU2IzfA.job => C:\Users\Alan Jakman\AppData\Roaming\aNCn1Wod6Fs7pyJf33thU2IzfA.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SleepDevice.job => c:\programdata\{73556e81-d40c-79ae-7355-56e81d40ba07}\download.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\XlEAqNps.job => C:\Users\Alan Jakman\AppData\Roaming\XlEAqNps.exe <==== ATTENTION
C:\Users\Alan Jakman\AppData\Roaming\800F2DFE-1435948377-E411-A26A-F0761C5AE520
C:\Users\Alan Jakman\AppData\Roaming\800F2DFE-1435948377-E411-A26A-F0761C5AE520
C:\Users\Alan Jakman\AppData\Roaming\cpuminer
C:\WINDOWS\system32\cpuminer-gw64.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

tiamina · 6 Lipiec 2015 07:19

Fixlog http://wklej.org/id/1752180/

FRST http://wklej.org/id/1752181/

Atis · 6 Lipiec 2015 11:33

Skasuj folder C:\FRST

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK