Komputer zacina, same się instalują programy


(Posiadaczaxe) #1

Czołem od pewnego czasu gdy pobrałem pewną rzecz, a pewnie pobrałem to z wirusem dzieją się dziwne rzeczy, a mianowicie wyskakują okienka z instalacją jakichś programów czasami dziwne reklamy, a tez zmieniła mi się wszędzie przeglądarka w sensie strona startowa, mógłby ktoś pomóc? Z góry dzięki!

 

LOGI:

 

FRST:http://wklej.org/id/1763566/

Addition:http://wklej.org/id/1763567/

Shortcut:http://wklej.org/id/1763568/


(Atis) #2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM\...\Run: [gmsd_pl_006010041] => [X]
HKLM\...\Run: [gmsd_pl_005010041] => [X]
HKLM\...\Run: [SmartWeb] => C:\Users\usher\AppData\Local\SmartWeb\SmartWebHelper.exe
Startup: C:\Users\usher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-26]
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => No File
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => No File
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => No File
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1437895335&z=fd3eb64eb19562d342987abg6z8cfmcb9t4wao2t6c&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1437895335&z=fd3eb64eb19562d342987abg6z8cfmcb9t4wao2t6c&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1437895335&z=fd3eb64eb19562d342987abg6z8cfmcb9t4wao2t6c&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1437895335&z=fd3eb64eb19562d342987abg6z8cfmcb9t4wao2t6c&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX&q={searchTerms}
HKU\S-1-5-21-3316807963-4152905846-1932260773-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1437895335&z=fd3eb64eb19562d342987abg6z8cfmcb9t4wao2t6c&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX
HKU\S-1-5-21-3316807963-4152905846-1932260773-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1437895335&z=fd3eb64eb19562d342987abg6z8cfmcb9t4wao2t6c&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3316807963-4152905846-1932260773-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX&ts=1437895424&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3316807963-4152905846-1932260773-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX&ts=1437895424&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3316807963-4152905846-1932260773-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX&ts=1437895424&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3316807963-4152905846-1932260773-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX&ts=1437895424&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3316807963-4152905846-1932260773-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX&ts=1437895424&type=default&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1437895335&z=fd3eb64eb19562d342987abg6z8cfmcb9t4wao2t6c&from=face&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF SearchPlugin: C:\Users\usher\AppData\Roaming\Mozilla\Firefox\Profiles\jx5jm26u.default-1418407717438\searchplugins\istartsurf.xml [2015-07-26]
FF Extension: MyBrowser 1.0.2V25.07 - C:\Users\usher\AppData\Roaming\Mozilla\Firefox\Profiles\jx5jm26u.default-1418407717438\Extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [2015-07-25]
FF Extension: Default SearchProtected - C:\Users\usher\AppData\Roaming\Mozilla\Firefox\Profiles\jx5jm26u.default-1418407717438\Extensions\defsearchp@gmail.com [2015-07-25]
FF Extension: deskCut - C:\Users\usher\AppData\Roaming\Mozilla\Firefox\Profiles\jx5jm26u.default-1418407717438\Extensions\deskCutv2@gmail.com [2015-07-25]
FF Extension: MyBrowser 1.0.2V25.07 - C:\Users\usher\AppData\Roaming\Mozilla\Firefox\Profiles\ceasrzko.default-1430371075732\Extensions\6a1a03975fde4c8690f6b883c36bc1@7d88519bfe704d8cae3851239.com [2015-07-25]
FF Extension: Assist Point - C:\Users\usher\AppData\Roaming\Mozilla\Firefox\Profiles\ceasrzko.default-1430371075732\Extensions\{4c6ec706-6723-4722-8857-d27ac093a4cc}.xpi [2015-04-30]
FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\usher\AppData\Roaming\Mozilla\Firefox\Profiles\jx5jm26u.default-1418407717438\extensions\defsearchp@gmail.com
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\usher\AppData\Roaming\Mozilla\Firefox\Profiles\jx5jm26u.default-1418407717438\extensions\deskCutv2@gmail.com
R2 Checker; C:\Program Files\Checker\check.exe [376832 2015-07-20] () [File not signed]
R2 comyninu; C:\Program Files\65BAF53B-1437848057-11E0-7888-6D990E435929\hnsm8D23.tmp [161792 2015-07-25] () [File not signed]
R2 hyverumu; C:\Program Files\65BAF53B-1437848057-11E0-7888-6D990E435929\jnsc74D1.tmp [209920 2015-07-25] () [File not signed]
R2 PESX58; C:\Users\usher\AppData\Local\Usugainterfejsu\usługa.exe [33280 2015-07-25] () [File not signed]
R2 rymosoge; C:\Program Files\65BAF53B-1437848057-11E0-7888-6D990E435929\knseC121.tmp [754176 2015-07-26] () [File not signed]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 tapSF0901; system32\DRIVERS\tapSF0901.sys [X]
S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X]
S1 wsfd_vt_1_10_0_20; system32\drivers\wsfd_vt_1_10_0_20.sys [X]
2015-07-25 20:17 - 2015-07-25 20:17 - 00000000 _____ C:\Windows\prleth.sys
2015-07-25 20:17 - 2015-07-25 20:17 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-25 20:16 - 2015-07-25 20:23 - 00000000 ____ D C:\Users\usher\AppData\Local\65BAF53B-1437855368-11E0-7888-6D990E435929
2015-07-25 20:16 - 2015-07-25 20:16 - 00000000 ____ D C:\Program Files\22e02f83-9986-4b7b-9ee2-23d7d5e7bdf5
2015-07-25 20:15 - 2015-07-25 23:24 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-07-25 20:14 - 2015-07-26 18:53 - 00000000 ____ D C:\Program Files\65BAF53B-1437848057-11E0-7888-6D990E435929
2015-07-25 20:14 - 2015-07-25 22:15 - 00000000 ____ D C:\Program Files\Checker
2015-07-25 20:14 - 2015-07-25 20:14 - 00000000 ____ D C:\Users\usher\AppData\Local\Usugainterfejsu
2015-06-30 18:27 - 2015-07-03 06:28 - 00000000 ____ D C:\ProgramData\{8d02036e-42ad-dc2a-8d02-2036e42a0db9}
2015-07-26 01:00 - 2014-08-12 15:11 - 00000000 ____ D C:\AdwCleaner
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\usher\AppData\Roaming\1LCnpH4ThsYX9WdX9nCRNrA0YDG
2014-03-03 17:33 - 2012-01-19 02:06 - 0127488 _____ () C:\Program Files\Otal.dll
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\usher\AppData\Roaming\ovhsswGoT15hO3uzV6
2014-08-08 09:09 - 2014-08-08 15:18 - 0000003 _____ () C:\Users\usher\AppData\Local\proxy.log
C:\Users\usher\AppData\Local\*.tmp
C:\Users\usher\AppData\Roaming\*.exe
CustomCLSID: HKU\S-1-5-21-3316807963-4152905846-1932260773-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\usher\Downloads\la-pirula-project (1).rar.exe No File
Task: {0B93D0B8-752B-42B5-B6EB-5A43A4E96F2F} - System32\Tasks\1LCnpH4ThsYX9WdX9nCRNrA0YDG => C:\Users\usher\AppData\Roaming\1LCnpH4ThsYX9WdX9nCRNrA0YDG.exe [2015-04-20] () <==== ATTENTION
Task: {22C493BB-319E-40FC-9648-49D401F529CD} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\usher\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {5E9B5F57-BC60-48C8-B231-0189CC14FEB3} - System32\Tasks\{DA58B66A-D39C-4D0C-85A4-9E6EDEAD5ACD} => pcalua.exe -a C:\Users\usher\Downloads\FreeHideIP-4.0.3.6.Setup.exe -d C:\Users\usher\Downloads
Task: {6298B0C5-0322-4316-A163-1477F2A6EEA5} - \DogBytes No Task File <==== ATTENTION
Task: {B721BD79-5F2C-4B17-8CDF-E19FFED2CCD4} - System32\Tasks\ovhsswGoT15hO3uzV6 => C:\Users\usher\AppData\Roaming\ovhsswGoT15hO3uzV6.exe [2015-04-20] () <==== ATTENTION
Task: {E869A64C-6FA1-4955-A4D3-45B6E50FB02C} - System32\Tasks\{60F22D66-B03C-4135-9E40-A19071902019} => pcalua.exe -a C:\Users\usher\Downloads\sp52376.exe -d C:\Users\usher\Downloads
Task: C:\Windows\Tasks\1LCnpH4ThsYX9WdX9nCRNrA0YDG.job => C:\Users\usher\AppData\Roaming\1LCnpH4ThsYX9WdX9nCRNrA0YDG.exe <==== ATTENTION
Task: C:\Windows\Tasks\ovhsswGoT15hO3uzV6.job => C:\Users\usher\AppData\Roaming\ovhsswGoT15hO3uzV6.exe <==== ATTENTION
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Posiadaczaxe) #3

Raport z usuwania(Fixlog):http://wklej.org/id/1763680/

Nowy raport FRST:http://wklej.org/id/1763685/


(Atis) #4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM\...\RunOnce: [upgmsd_pl_005010041.exe] => C:\Users\usher\AppData\Local\gmsd_pl_005010041\upgmsd_pl_005010041.exe [3291280 2015-07-25] ()
HKLM\...\RunOnce: [upgmsd_pl_005010041.exe] => C:\Users\usher\AppData\Local\gmsd_pl_005010041\upgmsd_pl_005010041.exe [3291280 2015-07-25] ()
HKU\S-1-5-21-3316807963-4152905846-1932260773-1000\...\Run: [GoogleChromeAutoLaunch_71E67A27E30654BB253248170F14DF13] => C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
Startup: C:\Users\usher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-07-27]
ShortcutTarget: crossbrowse.lnk -> C:\Program Files\Crossbrowse\Crossbrowse\Application\crossbrowse.exe (Crossbrowse)
SearchScopes: HKU\S-1-5-21-3316807963-4152905846-1932260773-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX&ts=1437973859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3316807963-4152905846-1932260773-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX&ts=1437973859&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3316807963-4152905846-1932260773-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX&ts=1437973859&type=default&q={searchTerms}
BHO: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files\MiuiTab\SupTab.dll [2015-07-23] (Thinkgood Co. Limited)
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe http://www.mystartsearch.com/?type=sc&ts=1437973776&z=3ad753046dbb00fdb74998ag7z2ccm7t9m6camdcez&from=cmi&uid=HitachiXHCC545016B9A300_100103PBHB00QCHWWR5VX
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-07-23] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-27] (DTools LIMITED) <==== ATTENTION
S2 guriwiwe; C:\Program Files\65BAF53B-1437848057-11E0-7888-6D990E435929\knsq444B.tmp [X]
2015-07-27 07:14 - 2015-07-27 08:32 - 00001044 _____ C:\Windows\Tasks\Crossbrowse.job
2015-07-27 07:14 - 2015-07-27 07:14 - 00002038 _____ C:\Users\Public\Desktop\Search.lnk
2015-07-27 07:14 - 2015-07-27 07:14 - 00000000 ____ D C:\Users\usher\AppData\Local\Crossbrowse
2015-07-27 07:14 - 2015-07-27 07:14 - 00000000 ____ D C:\Users\Kamil\AppData\Local\Crossbrowse
2015-07-27 07:14 - 2015-07-27 07:14 - 00000000 ____ D C:\Users\Gość\AppData\Local\Crossbrowse
2015-07-27 07:14 - 2015-07-27 07:14 - 00000000 ____ D C:\Users\Administrator\AppData\Local\Crossbrowse
2015-07-27 07:13 - 2015-07-27 07:13 - 00002108 _____ C:\Users\Public\Desktop\Crossbrowse.lnk
2015-07-27 07:13 - 2015-07-27 07:13 - 00000000 ____ D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-07-27 07:12 - 2015-07-27 08:36 - 00000000 ____ D C:\Users\usher\AppData\Local\gmsd_pl_005010041
2015-07-27 07:12 - 2015-07-27 07:12 - 00000000 ____ D C:\Program Files\gmsd_pl_005010041
2015-07-27 07:12 - 2015-07-27 07:12 - 00000000 ____ D C:\Program Files\Crossbrowse
2015-07-27 07:11 - 2015-07-27 07:11 - 00000000 ____ D C:\ProgramData\IHProtectUpDate
2015-07-27 07:11 - 2015-07-27 07:11 - 00000000 ____ D C:\Program Files\FriendlyError
2015-07-27 07:10 - 2015-07-27 07:11 - 00000000 ____ D C:\Program Files\MiuiTab
2015-07-27 07:10 - 2015-07-27 07:10 - 00000000 ____ D C:\Users\usher\AppData\Local\8836C1CB-B910-43AA-8AD5-37C59E4F798
2015-07-27 07:10 - 2015-07-27 07:10 - 00000000 ____ D C:\ProgramData\WindowsMangerProtect
2015-07-27 07:09 - 2015-07-27 07:09 - 00000000 ____ D C:\Users\usher\AppData\Roaming\mystartsearch
2015-07-27 07:09 - 2015-07-27 07:09 - 00000000 ____ D C:\Users\usher\AppData\Local\SmartWeb
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport FRST i Addition.


(Posiadaczaxe) #5

Raport usuwania Fixlog:http://wklej.org/id/1763711/

 

Raport FRST:http://wklej.org/id/1763717/

Raport Addition:http://wklej.org/id/1763718/


(Atis) #6

Odinstaluj:

Crossbrowse

GamesDesktop 008.005010041

globalupdate Helper

Java 7 Update 60

Java 8 Update 40

Java Packages

mystartsearch uninstall

SmartWeb

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

SearchScopes: HKU\S-1-5-21-3316807963-4152905846-1932260773-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = 
2015-07-25 20:19 - 2015-07-25 20:19 - 00000909 _____ C:\Users\Kamil\Desktop\HD CODEC.lnk
2015-07-03 14:46 - 2015-07-25 22:58 - 00000000 __SHD C:\AI_RecycleBin
Task: {2A20D6BF-87F8-4988-B849-BBDCBBB4DB46} - System32\Tasks\Crossbrowse => C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: {A91DADFB-DBBC-4651-976B-577A9E6FB13F} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
DeleteQuarantine:
CreateRestorePoint:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: KLIK

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK

Zainstaluj Java 8 Update 51


(Posiadaczaxe) #7

Dzięki kolego pomogłeś! Można zamknąć: )