MyStartSearch jak się tego pozbyć?


(Vzzuu Ib) #1

Czytałem że trzeba podać logi z FRST tak więc proszę:

 

FRST.txt - http://wklej.org/id/1799615/

 

Addition.txt - http://wklej.org/id/1799619/

 

Shortcut.txt - http://wklej.org/id/1799622/

 

 

Proszę o szybką pomoc bo z tym dziadostwem nie da się normalnie funkcjonować .

 

Dodam też że próbowałem już programów takich jak ADWCleaner i problem ustąpił ale co z tego jak za godzinę znowu to samo ?

 


(Atis) #2

W panelu sterowania odinstaluj:

GamesDesktop 008.005010090

GamesDesktop 008.005010091

shopperz

SmartWeb

WordWizard 1.10.0.24

Pobierz i uruchom AdwCleaner 5.008 Kliknij Skanuj (Scan) i później Usuń (Cleaning).

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM\...\Run: [gmsd_pl_005010089] => [X]
HKLM\...\Run: [SmartWeb] => C:\Users\Rafał\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM\...\Run: [gmsd_pl_005010090] => C:\Program Files\gmsd_pl_005010090\gmsd_pl_005010090.exe [3979920 2015-09-17] ()
HKLM\...\Run: [gmsd_pl_005010091] => C:\Program Files\gmsd_pl_005010091\gmsd_pl_005010091.exe [3978384 2015-09-18] ()
HKLM\...\Run: [shopperz170920151519] => C:\Program Files\shopperz170920151519\Pafyf.exe [428744 2015-09-17] ()
HKLM\...\RunOnce: [upgmsd_pl_005010090.exe] => C:\Users\Rafał\AppData\Local\gmsd_pl_005010090\upgmsd_pl_005010090.exe [3310736 2015-09-17] ()
HKLM\...\RunOnce: [upgmsd_pl_005010091.exe] => C:\Users\Rafał\AppData\Local\gmsd_pl_005010091\upgmsd_pl_005010091.exe [3299984 2015-09-18] ()
AppInit_DLLs: C:\ProgramData\Saophase\GrooveEco.dll => C:\ProgramData\Saophase\GrooveEco.dll [757248 2015-09-14] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
Startup: C:\Users\Rafał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-09-18]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Rafał\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2574348303-2230780164-3353192859-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdpmwEO-VPoGgh375BnOu7U5LehESk9mJSCIjxAe2huS6hd_EyHmI2DGPA-j0_VVTwcdGMtra5yS9kCRwkjOcf9TbBgchX7SfbdyWGGUPWu69iQUYoZcyqblCGoFECxt7T70WttB0ntpOeTN&q={searchTerms}
HKU\S-1-5-21-2574348303-2230780164-3353192859-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdpmwEO-VPoGgh375BnOu7U5LehESk9mJSCIjxAe2huS6hd_EyHmI2DGPA-j0_VVTwcdGMtra5yS9kCRwkjOcf9TbBgchX7SfbdyWGGUPWu69iQUYoZcyqblCGoFECxt7T70WttB0ntpOeTN&q={searchTerms}
HKU\S-1-5-21-2574348303-2230780164-3353192859-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdpmwEO-VPoGgh375BnOu7U5LehESk9mJSCIjxAe2huS6hd_EyHmI2DGPA-j0_VVTwcdGMtra5yS9kCRwkjOcf9TbBgchX7SfbdyWGGUPWu69iQUYoZcyqblCGoFECxt7T70WttB0ntpOeTN&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdpmwEO-VPoGgh375BnOu7U5LehESk9mJSCIjxAe2huS6hd_EyHmI2DGPA-j0_VVTwcdGMtra5yS9kCRwkjOcf9TbBgchX7SfbdyWGGUPWu69iQUYoZcyqblCGoFECxt7T70WttB0ntpOeTN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2574348303-2230780164-3353192859-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdpmwEO-VPoGgh375BnOu7U5LehESk9mJSCIjxAe2huS6hd_EyHmI2DGPA-j0_VVTwcdGMtra5yS9kCRwkjOcf9TbBgchX7SfbdyWGGUPWu69iQUYoZcyqblCGoFECxt7T70WttB0ntpOeTN&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2574348303-2230780164-3353192859-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdpmwEO-VPoGgh375BnOu7U5LehESk9mJSCIjxAe2huS6hd_EyHmI2DGPA-j0_VVTwcdGMtra5yS9kCRwkjOcf9TbBgchX7SfbdyWGGUPWu69iQUYoZcyqblCGoFECxt7T70WttB0ntpOeTN&q={searchTerms}
BHO: shopperz170920151519 -> {0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2} -> C:\Program Files\shopperz170920151519\Culacif.dll [2015-09-17] ()
BHO: Brak nazwy -> {11111111-1111-1111-1111-110611191111} -> Brak pliku
BHO: Brak nazwy -> {11111111-1111-1111-1111-110611191115} -> Brak pliku
BHO: Brak nazwy -> {11111111-1111-1111-1111-110611341129} -> Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1442657229&z=0c182c0227688c57f521f49g3zdzeocq7wam5e8z7t&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX
FF Extension: shopperz170920151519 - C:\Program Files\shopperz170920151519\Firefox [2015-09-19]
FF HKLM\...\Firefox\Extensions: [{0AEDF00D-4C89-468A-82F1-4ABF8E85A3B2}] - C:\Program Files\shopperz170920151519\Firefox
FF HKLM\...\Firefox\Extensions: [{35C4637C-4CF8-4C5D-864C-5239EEFEB0ED}] - C:\Program Files\shopperz100920151159\Firefox
CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdpmwEO-VPoGgh375BnOu7U5LehESk9mJSCIjxAe2huS6hd_EyHmI2DGPA-j0_VVTwcGJTv8igMDO7JSqpYkJxvC1IqBzCkSMiYXvNg9eS4hIV3o9MAkeaZgjXmGeb7saPpHK2tNTUd422hV
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1441580403&z=ab30920c61fcd7006ae603agbzcz8g3w4bce8o1wat&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.istartsurf.com/?type=hp&ts=1441659149&z=b6de031f663e5f03cd20164g7z8zbg3q9w5tee7e5o&from=face&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1441722609&z=0fee5838f13eeab1c2b90a3gdzaz6g6m3o0oczcw0b&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.istartsurf.com/?type=hp&ts=1441805200&z=4c673e89b45a2889471c05ag4z6z6g7b3eew4e5zaz&from=face&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1441807288&z=a7a74079f205acdaa988318g6z2z2gdb8e4m7g5cbc&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1441894083&z=08c6def69ac3f667eec2cecgfz5z5g7b3t7c0t2o4c&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.istartsurf.com/?type=hp&ts=1441911795&z=df493cb2bc163e0c4b15fdcgaz5zegct9g8g6qac0w&from=face&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442083769&z=9681972e60ebf3badafd9f2g3zcz1o1e8b5cdqbefg&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442226713&z=548b2ad8b151becec4976a5gezfzco5o8odqbw6wfw&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442229543&z=83864240bcedc5a35be3949g1z9z1oao4o6tccebdw&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.istartsurf.com/?type=hp&ts=1442319483&z=00696d0d14c8fe83bd6a1d6g5zbz9o9c6g6t3c1obe&from=face&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442437097&z=84e7ec86f57276e42cf38e1gez8z6oez2c5q9t0o5b&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442565785&z=3ec98b5be1c073779a7ea91g9zdz2oawbq0w0qeg5g&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442657229&z=0c182c0227688c57f521f49g3zdzeocq7wam5e8z7t&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX"
CHR Extension: (iLivid) - C:\Users\Rafał\AppData\Local\Google\Chrome\User Data\Default\Extensions\nafaimnnclfjfedmmabolbppcngeolgf [2015-09-19]
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1442657229&z=0c182c0227688c57f521f49g3zdzeocq7wam5e8z7t&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX
R3 14B0C7EE-1958-4206-8F30-4F58C3C06807; C:\Program Files\shopperz170920151519\Jasaur.exe [280776 2015-09-17] ()
R2 Saophase; C:\ProgramData\Saophase\Saophase.exe [33792 2015-09-01] () [Brak podpisu cyfrowego]
R2 WdsManPro; C:\ProgramData\FWdsManProF\WdsManPro.exe [451720 2015-09-18] (DTools LIMITED)
R2 wwsvc_1.10.0.24; C:\Program Files\WordWizard_1.10.0.24\Service\wwsvc.exe [301656 2015-09-02] (WordWizard)
R2 xylyleju; C:\Program Files\1E0034C0-1441481290-3800-BF29-20CF309B4ACB\knsn641E.tmp [1608704 2015-09-18] () [Brak podpisu cyfrowego]
S2 SSFK; C:\Program Files\SFK\SSFK.exe -s [X]
R1 wwfd_vt_1_10_0_24; C:\Windows\System32\drivers\wwfd_vt_1_10_0_24.sys [56448 2015-09-02] (WordWizard)
sS1 ppfd_vt_1_10_0_24; system32\drivers\ppfd_vt_1_10_0_24.sys [X]
S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X]
2015-09-19 12:17 - 2015-09-19 12:17 - 00000000 ____ D C:\Program Files\shopperz170920151519
2015-09-19 12:17 - 2015-08-19 12:40 - 00056480 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-09-19 12:08 - 2015-09-19 12:08 - 00000000 ____ D C:\Program Files\AnyProtectEx
2015-09-19 12:07 - 2015-09-19 12:07 - 00000000 ____ D C:\Users\Rafał\AppData\Local\gmsd_pl_005010091
2015-09-19 12:07 - 2015-09-19 12:07 - 00000000 ____ D C:\Program Files\gmsd_pl_005010091
2015-09-18 10:43 - 2015-09-19 12:08 - 00000000 ____ D C:\ProgramData\FWdsManProF
2015-09-18 10:43 - 2015-09-19 11:40 - 00000000 ____ D C:\Users\Rafał\AppData\Local\gmsd_pl_005010090
2015-09-18 10:43 - 2015-09-18 10:43 - 00000000 ____ D C:\Program Files\gmsd_pl_005010090
2015-09-18 10:42 - 2015-09-18 10:42 - 00000000 ____ D C:\Program Files\WordWizard_1.10.0.24
2015-09-17 21:11 - 2015-09-17 21:11 - 00000000 __SHD C:\Users\Rafał\AppData\Roaming\AnyProtectEx
2015-09-17 21:10 - 2015-09-17 21:14 - 00000000 ____ D C:\Users\Rafał\AppData\Roaming\systweak
2015-09-17 21:10 - 2015-07-02 14:14 - 00018200 _____ () C:\Windows\system32\roboot.exe
2015-09-17 21:07 - 2015-09-17 21:07 - 00000000 ____ D C:\Users\Rafał\Downloads\FRST-OlderVersion
2015-09-17 21:06 - 2015-09-17 21:06 - 00000000 ____ D C:\Program Files\predm
2015-09-05 21:55 - 2015-09-19 12:07 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\Rafał\AppData\Roaming\*.exe
C:\Program Files\Common Files\*.exe
C:\Users\Rafał\AppData\Local\*.tmp
CustomCLSID: HKU\S-1-5-21-2574348303-2230780164-3353192859-1001_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll Brak pliku
Task: {1B299749-67B4-4738-92B6-5A00966725D4} - System32\Tasks\{12FD90F2-4670-48F4-9F57-A344B2A99B03} => pcalua.exe -a H:\Crack&amp;Adds\gtasa_pl_0.9.exe -d H:\Crack&amp;Adds
Task: {210B9C50-E2FF-4068-94C9-890C3EA54E01} - System32\Tasks\{957F4894-D519-48ED-8FA6-82FAB0CCF19A} => pcalua.exe -a H:\Setup.exe -d H:\
Task: {21BA1AAE-DC7B-4960-BD0D-DF4611A86A0F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {26D1D391-60D4-4FF8-AFBA-3FB930CB8277} - System32\Tasks\{2EE1CC34-9F96-40CC-BB14-930694F8EF92} => pcalua.exe -a "C:\Program Files\YouTube Accelerator\YTAUninstall.exe"
Task: {299AC060-D10B-4586-979F-077F0FFF7EC2} - System32\Tasks\{D7A53561-8112-4D8E-8B14-A5565422920B} => pcalua.exe -a "D:\Gry\Gothic\Gothic Mroczne Tajemnice\Materiały Dodatkowe\gothic1_playerkit-1.08k.exe" -d "D:\Gry\Gothic\Gothic Mroczne Tajemnice\Materiały Dodatkowe"
Task: {2B54552C-E4E8-4AEF-8679-829F163F5970} - System32\Tasks\{377A7F68-BD77-4766-B2F8-1AA94A4C1234} => pcalua.exe -a "C:\Users\Rafał\Desktop\Honda CRX Del Sol Spyder (KSF2 Kit)\Honda CRX.exe" -d "C:\Users\Rafał\Desktop\Honda CRX Del Sol Spyder (KSF2 Kit)"
Task: {33C8C0CD-D1EC-4BA0-80E0-F3E93587CEC0} - System32\Tasks\{0427CCFA-0408-4468-8E60-5219709D8810} => pcalua.exe -a "C:\Users\Rafał\Downloads\Assassins.Creed.Revelations.v1.01.Update-SKIDROW [ALEX]\sr-acr101\ac_revelations_1.01_eu.exe" -d "C:\Users\Rafał\Downloads\Assassins.Creed.Revelations.v1.01.Update-SKIDROW [ALEX]\sr-acr101"
Task: {456803F3-924C-46CF-B578-84F21F1CF29E} - System32\Tasks\{C9C04494-BB4E-49A0-8567-79221B5EE190} => pcalua.exe -a C:\Users\Rafał\Desktop\ignition\Ignition\Setup.exe -d C:\Users\Rafał\Desktop\ignition\Ignition
Task: {5096D5A7-8DE3-4644-B025-25B0D9CA7D0E} - System32\Tasks\{C06BFA69-C137-4E52-9AC7-AF5F21163374} => pcalua.exe -a C:\Users\Rafał\Desktop\ac_revelations_101_eu\ac_revelations_1.01_eu.exe -d C:\Users\Rafał\Desktop\ac_revelations_101_eu
Task: {55DFCB97-80A0-4717-B45D-36696700B08E} - System32\Tasks\{3E745BC4-27F7-407F-A346-6E5A6B6B7696} => pcalua.exe -a H:\DirectX\DXSetup.exe -d H:\DirectX
Task: {5B920E4E-A659-4CA9-AF65-578C6E8F6A96} - System32\Tasks\{949BF399-CB65-44E4-968D-9CF0E334F18C} => pcalua.exe -a "C:\Users\Rafał\Desktop\spolszczenie do star wars jedi academy\Star Wars Jedi Knight Jedi Academy - spolszczenie v0.9\Star Wars Jedi Knight Jedi Academy pl. v0.9.exe" -d "C:\Users\Rafał\Desktop\spolszczenie do star wars jedi academy\Star Wars Jedi Knight Jedi Academy - spolszczenie v0.9"
Task: {697E4138-4131-4A8E-89F0-628DF7F70871} - System32\Tasks\{6011B14A-E787-413C-9404-171AA9446877} => pcalua.exe -a C:\Windows\IsUn0415.exe -c -fd:\gry\Uninst.isu
Task: {6D0F10C0-4491-4CB7-A2C4-480146BD64B4} - System32\Tasks\{9BD9585A-D2C9-41D8-81EA-3A6C03395389} => pcalua.exe -a H:\Setup.exe -d H:\
Task: {71E92789-D1CF-4603-9F5C-A94BF3A35599} - System32\Tasks\{92C32A0E-128B-4B56-915B-9943E4CF8A0C} => pcalua.exe -a "C:\Users\Rafał\Desktop\Need for Speed Most Wanted Spolszczenie\NFS MW\NFS Most Wanted - Spolszczenie.exe" -d "C:\Users\Rafał\Desktop\Need for Speed Most Wanted Spolszczenie\NFS MW"
Task: {7C0E23E5-9C99-41CD-977F-BE3BF759E0B9} - System32\Tasks\{3E5BF767-48C6-4F1B-BB4C-18E91B8AA454} => pcalua.exe -a C:\Users\Rafał\Downloads\cenega_poland_oblivion_pl.exe -d C:\Users\Rafał\Downloads
Task: {838B613F-6BF3-419F-B469-0157D56C940A} - System32\Tasks\{2BAA4432-A2B5-48ED-8878-52755315AE8E} => pcalua.exe -a "C:\Users\Rafał\Desktop\star_wars_jedi_knight_jedi_academy_pl\Star Wars Jedi Knight Jedi Academy - spolszczenie v0.9\Star Wars Jedi Knight Jedi Academy pl. v0.9.exe" -d "C:\Users\Rafał\Desktop\star_wars_jedi_knight_jedi_academy_pl\Star Wars Jedi Knight Jedi Academy - spolszczenie v0.9"
Task: {896AFE38-B9EC-481A-A8B4-A06735DEB1B0} - System32\Tasks\{5FA6FAA6-0E56-456E-919D-13620B885FBC} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Task: {91F01FD2-31AB-4630-9B8C-46E0A542E809} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {931CC659-CCB8-4CF8-BAF5-3959FAD5CFCF} - System32\Tasks\{38520DD1-2850-4F75-B664-10FFC9BF3256} => pcalua.exe -a "C:\Users\Rafał\Downloads\Oblivion 4\PATCH\cenega_poland_oblivion_pl.exe" -d "C:\Users\Rafał\Downloads\Oblivion 4\PATCH"
Task: {938A7DA3-ABAD-431F-BBE5-E3E0BA60BED5} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Rafał\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== UWAGA
Task: {9415A184-58A8-4F56-8183-219F9C0D5A9D} - System32\Tasks\Waaru => C:\Program Files\shopperz170920151519\Weqcaof.bat [2015-09-17] () <==== UWAGA
Task: {9425CE5D-0B86-4A8D-AC03-60EA138999BC} - System32\Tasks\{5963FE57-B2F3-4AFE-8546-7C74D2D25EEB} => pcalua.exe -a H:\Crack.exe -d H:\
Task: {9F48F970-EC18-4CAB-AC91-3202F14CCDB6} - System32\Tasks\{4B302CB8-9EE3-4F78-A46C-D952FA50CA25} => pcalua.exe -a C:\Users\Rafał\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {A47A9231-4F46-4210-86EE-D3114D6C7972} - System32\Tasks\{2E132D24-CBFF-4FA3-A274-C741E7F1220A} => pcalua.exe -a H:\autorun.exe -d H:\
Task: {B08E82C4-C90F-4C0C-B198-D124F32D7AEF} - System32\Tasks\{BA193447-835C-4B54-9F72-2DF1A7BBB22F} => pcalua.exe -a H:\DirectX\DXSETUP.EXE -d H:\DirectX
Task: {C09B1D5A-8A23-4E00-9A65-15F0EB98B9CB} - System32\Tasks\{5D402A53-30BE-46EB-B4B5-526E1432CDB0} => pcalua.exe -a H:\Setup.exe -d H:\
Task: {C5597FD2-114D-43F8-964A-C24E89331275} - System32\Tasks\{E2A7A2C5-13D4-4431-BFDD-91236BF178D1} => pcalua.exe -a C:\Users\Rafał\Downloads\Shockwave_Installer_Slim.exe -d C:\Users\Rafał\Downloads
Task: {CAC637ED-4FFA-4142-8CE7-BD1E26C8307A} - System32\Tasks\WordWizard Auto Updater 1.10.0.24 Pending Update => C:\Program Files\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe [2015-09-02] (WordWizard)
Task: {E3F7F9B0-A0D4-4BCE-B5CE-6504D074AD42} - System32\Tasks\{2A296489-4FCE-4B0D-A118-BC5377FA67AE} => pcalua.exe -a "D:\Gry\Papers, Please\assets\DATA\Grand Theft Auto\San Andreas\GTA San Andreas\gtasa_pl_0.9.exe" -d "D:\Gry\Papers, Please\assets\DATA\Grand Theft Auto\San Andreas\GTA San Andreas"
Task: {E7088B1C-6465-4604-874B-E384703E0C8A} - System32\Tasks\{F1ADBFBA-7585-4974-B9B0-FEFD83734E1A} => pcalua.exe -a H:\SETUP.EXE -d H:\
Task: {E7AC3F7E-A22C-4185-B43D-D295A11017DE} - System32\Tasks\{BE59C362-5F5E-4508-A204-03CAB069CED1} => pcalua.exe -a C:\Users\Rafał\Downloads\oblivion_pl[www.edownload.pl].exe -d C:\Users\Rafał\Downloads
Task: {E90A3FF5-4017-450D-A6C7-9205B6FC6291} - System32\Tasks\WordWizard Auto Updater 1.10.0.24 Core => C:\Program Files\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe [2015-09-02] (WordWizard)
Task: {EC3D5948-FA6A-4D27-AED4-DA8553FDEE20} - System32\Tasks\{CBA06C18-7B7F-4AF1-A82D-F990FF675068} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Task: {ECEE06AA-1B3F-40A8-87E3-6AE559AE43D9} - System32\Tasks\{7BAB322D-BDB1-4CD0-B872-94D6404D4F1B} => pcalua.exe -a "C:\Program Files\TeamSpeak 3 Client\package_inst.exe" -d "C:\Program Files\TeamSpeak 3 Client"
Task: {FFA85F54-9D89-4EC0-8D98-D7ED68EC7BEB} - System32\Tasks\{98C34FE9-96FA-4724-9E4C-A4A76EF6DA2C} => pcalua.exe -a "C:\Users\Rafał\Desktop\Ignition Pc Working 3dfx win7 32&amp;64 Portable\Ignition\SETUP.EXE" -d "C:\Users\Rafał\Desktop\Ignition Pc Working 3dfx win7 32&amp;64 Portable\Ignition"
Task: C:\Windows\Tasks\406cb6bd-85c9-4b62-a7ac-b0c95dd2a961.job => C:\Program Files\SavePass 1.1\406cb6bd-85c9-4b62-a7ac-b0c95dd2a961.exe <==== UWAGA
Task: C:\Windows\Tasks\4oOKPEQYrfzNwJbNibsR.job => C:\Users\Rafał\AppData\Roaming\4oOKPEQYrfzNwJbNibsR.exe <==== UWAGA
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\d9ZGUUROvEaGuHi1guWY8.job => C:\Users\Rafał\AppData\Roaming\d9ZGUUROvEaGuHi1guWY8.exe <==== UWAGA
Task: C:\Windows\Tasks\dsUEQcWYhvS4IETphj4Widu.job => C:\Users\Rafał\AppData\Roaming\dsUEQcWYhvS4IETphj4Widu.exe <==== UWAGA
Task: C:\Windows\Tasks\ed2e4e1f-5bd2-49c6-96a0-b8d9e5912227.job => C:\Program Files\SavePass 1.1\ed2e4e1f-5bd2-49c6-96a0-b8d9e5912227.exeȘ/agentregpath='SavePass 1.1' /appid=63429 /srcid='001504' /subid='0' /zdata='0' /bic=6E6B7531D34F4CD1864BA6F69C46EBD8IE /verifier=1e051869f55eab673c2b0faf7f27a887 /installerversion=1_35_09_03 /installationtime=1410359221 /statsdomain=http:/stats.newclientgenservice.com /errorsdomain=http:/errors.newclientgenservice.com /extensionname='Information' /torpedoiesleeps=1000 /torpedoieplugins=93-0,102-0,104-0,178-288,179-288,180-288,223-288,263-24 /monetizationdomain=http:/logs.newclientgenservice.com <==== UWAGA
Task: C:\Windows\Tasks\i3Dnm4idH.job => C:\Users\Rafał\AppData\Roaming\i3Dnm4idH.exe <==== UWAGA
Task: C:\Windows\Tasks\Jy4rLKD6.job => C:\Users\Rafał\AppData\Roaming\Jy4rLKD6.exe <==== UWAGA
Task: C:\Windows\Tasks\PBJ.job => C:\Users\Rafał\AppData\Roaming\PBJ.exe <==== UWAGA
Task: C:\Windows\Tasks\PTEES.job => C:\Users\Rafał\AppData\Roaming\PTEES.exe <==== UWAGA
Task: C:\Windows\Tasks\tmptsk15871.job => C:\Windows\TEMP\61915_updater.exeĺ/appname=Sense1 /appid=61915 /pubid=20891 /srcid=000803 /sdifjobif=tt1231 /minutes=30 /downloadurl=http:/update.newstatsdemosrv.com/slp_updt/update-help.exe /close=true /zipfileurl=http:/update.newstatsdemosrv.com <==== UWAGA
Task: C:\Windows\Tasks\YD46hj4N.job => C:\Users\Rafał\AppData\Roaming\YD46hj4N.exe <==== UWAGA
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

Kliknij Skanuj (Scan) i pokaż nowy raport FRST i Addition.


(pionner) #3

Ostatnio też ten syf złapałem, skan trialem Kasperskiego pomógł.


(Vzzuu Ib) #4

 

 

 

Raport z usuwania Fixlog - http://wklej.org/id/1799668/

Nowy raport FRST - http://wklej.org/id/1799671/

Nowy raport Addition - http://wklej.org/id/1799672/


(Atis) #5

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdpmwEO-VPoGgh375BnOu7U5LehESk9mJSCIjxAe2huS6hd_EyHmI2DGPA-j0_VVTwcGJTv8igMDO7JSqpYkJxvC1IqBzCkSMiYXvNg9eS4hIV3o9MAkeaZgjXmGeb7saPpHK2tNTUd422hV
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1441580403&z=ab30920c61fcd7006ae603agbzcz8g3w4bce8o1wat&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.istartsurf.com/?type=hp&ts=1441659149&z=b6de031f663e5f03cd20164g7z8zbg3q9w5tee7e5o&from=face&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1441722609&z=0fee5838f13eeab1c2b90a3gdzaz6g6m3o0oczcw0b&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.istartsurf.com/?type=hp&ts=1441805200&z=4c673e89b45a2889471c05ag4z6z6g7b3eew4e5zaz&from=face&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1441807288&z=a7a74079f205acdaa988318g6z2z2gdb8e4m7g5cbc&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1441894083&z=08c6def69ac3f667eec2cecgfz5z5g7b3t7c0t2o4c&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.istartsurf.com/?type=hp&ts=1441911795&z=df493cb2bc163e0c4b15fdcgaz5zegct9g8g6qac0w&from=face&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442083769&z=9681972e60ebf3badafd9f2g3zcz1o1e8b5cdqbefg&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442226713&z=548b2ad8b151becec4976a5gezfzco5o8odqbw6wfw&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442229543&z=83864240bcedc5a35be3949g1z9z1oao4o6tccebdw&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.istartsurf.com/?type=hp&ts=1442319483&z=00696d0d14c8fe83bd6a1d6g5zbz9o9c6g6t3c1obe&from=face&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442437097&z=84e7ec86f57276e42cf38e1gez8z6oez2c5q9t0o5b&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442565785&z=3ec98b5be1c073779a7ea91g9zdz2oawbq0w0qeg5g&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX","hxxp://www.mystartsearch.com/?type=hp&ts=1442657229&z=0c182c0227688c57f521f49g3zdzeocq7wam5e8z7t&from=cmi&uid=HitachiXHDS721050CLA362_JP8560HK3UNS1V3UNS1VX"
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
2015-09-14 20:07 - 2015-09-17 15:59 - 00002377 _____ C:\Windows\system32\findit.xml
2015-09-13 12:35 - 2015-09-19 12:17 - 00000045 _____ C:\user.js
2015-09-07 00:03 - 2015-09-19 13:51 - 00000000 ____ D C:\AdwCleaner
2015-09-07 00:13 - 2015-09-07 00:13 - 01654784 _____ C:\Users\Rafał\Downloads\adwcleaner_5.006.exe
2015-09-05 21:28 - 2009-06-10 23:39 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Rafał\AppData\Roaming\4oOKPEQYrfzNwJbNibsR
2015-04-19 14:20 - 2015-09-06 00:00 - 0000626 _____ () C:\Users\Rafał\AppData\Roaming\d9ZGUUROvEaGuHi1guWY8
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Rafał\AppData\Roaming\dsUEQcWYhvS4IETphj4Widu
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Rafał\AppData\Roaming\i3Dnm4idH
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Rafał\AppData\Roaming\Jy4rLKD6
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Rafał\AppData\Roaming\PBJ
2015-07-13 13:40 - 2015-07-13 13:40 - 0022328 _____ () C:\Users\Rafał\AppData\Roaming\PnkBstrK.sys
2014-09-01 10:18 - 2015-05-08 11:37 - 0000365 _____ () C:\Users\Rafał\AppData\Roaming\PTEES
2014-10-21 11:02 - 2014-10-21 11:02 - 0013868 _____ () C:\Users\Rafał\AppData\Roaming\UserTile.png
2015-04-19 14:20 - 2015-09-06 00:01 - 0000626 _____ () C:\Users\Rafał\AppData\Roaming\YD46hj4N
C:\Users\Rafał\AppData\Local\*.exe
2015-09-14 12:36 - 2015-09-14 12:36 - 0000187 _____ () C:\Users\Rafał\AppData\Local\U-cane.exe.config
2015-09-14 20:07 - 2015-09-14 20:07 - 00000000 ____ D C:\Program Files\Common Files\m0wbdo4v
Task: {096DA552-D3BB-429B-8E05-75E5C35ECFB7} - System32\Tasks\{6FF98A2A-FDB9-45A4-93FD-DFCD889351B3} => C:\Program Files\Battle.net\Battle.net Launcher.exe
Task: {818474FA-5C3F-45E2-8C1C-A30B62989B3A} - System32\Tasks\{06B58BAD-5E1B-44D4-96DF-7F95124009AD} => C:\Program Files\Battle.net\Battle.net Launcher.exe
Task: {A5C6AB88-C039-42F6-927B-510A5C8BEB71} - System32\Tasks\{483D2E73-38D3-4D5E-A669-C8194E84C75B} => D:\Gry\Battle.net\Battle.net Launcher.exe
Task: {E45C4A5C-FA84-4767-AC6A-54472F76F4A8} - System32\Tasks\{C3ABB4DF-CF71-405E-869E-C4E4BC0D59F9} => D:\Gry\Battle.net\Battle.net Launcher.exe
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK

Odinstaluj:

Adobe Flash Player 16 PPAPI

Java 8 Update 45

Zainstaluj:

Flash Player 18.0.0.232 PPAPI

Java 8 Update 60


(Vzzuu Ib) #6

Kliknąłem odpowiedz i samo się zrobiło nie znam się więc nie miej problemu o takie pierdoły …

 

.

.

.

.

Naprawiłem . Już lepiej ??