Problem od wczoraj, mój synek gra często na pc i co się z tym wiąże ściąga często z grami różne pliki, “oursufring uinstall” pod tą nazwą mam program zainstalowany, jest w wszystkich przeglądarkach otwiera strony startowe. Adwcleaner też nie usunął. Proszę o jakąś wskazówkę jak można się tego pozbyć z PC?

http://www.wklej.org/id/1700225/

http://www.wklej.org/id/1700228/

http://www.wklej.org/id/1700229/

Odinstaluj McAfee SiteAdvisor.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll No File
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll No File
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll No File
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hppp&ts=1430319584&z=783255d2141ab023e578f59gezdcae3c7g4taw0b3w&from=amt&uid=HitachiXHTS543232L9A300_090721FB8400CEGUD75AX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1430319548&z=ad2eb25c2fec7164505b0aeg2z5ccefcag8tew2z1t&from=amt&uid=HitachiXHTS543232L9A300_090721FB8400CEGUD75AX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1430319584&z=783255d2141ab023e578f59gezdcae3c7g4taw0b3w&from=amt&uid=HitachiXHTS543232L9A300_090721FB8400CEGUD75AX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1430319548&z=ad2eb25c2fec7164505b0aeg2z5ccefcag8tew2z1t&from=amt&uid=HitachiXHTS543232L9A300_090721FB8400CEGUD75AX&q={searchTerms}
HKU\S-1-5-21-2940293867-578583823-1431221202-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hppp&ts=1430319584&z=783255d2141ab023e578f59gezdcae3c7g4taw0b3w&from=amt&uid=HitachiXHTS543232L9A300_090721FB8400CEGUD75AX
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?type=ds&ts=1430319548&z=ad2eb25c2fec7164505b0aeg2z5ccefcag8tew2z1t&from=amt&uid=HitachiXHTS543232L9A300_090721FB8400CEGUD75AX&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2940293867-578583823-1431221202-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
Toolbar: HKU\S-1-5-21-2940293867-578583823-1431221202-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1430319548&z=ad2eb25c2fec7164505b0aeg2z5ccefcag8tew2z1t&from=amt&uid=HitachiXHTS543232L9A300_090721FB8400CEGUD75AX
FF Homepage: hxxp://www.oursurfing.com/?type=hppp&ts=1430319584&z=783255d2141ab023e578f59gezdcae3c7g4taw0b3w&from=amt&uid=HitachiXHTS543232L9A300_090721FB8400CEGUD75AX
CHR Extension: (Bookmark Manager) - C:\Users\Elżbieta\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-30]
StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.oursurfing.com/?type=sc&ts=1430319548&z=ad2eb25c2fec7164505b0aeg2z5ccefcag8tew2z1t&from=amt&uid=HitachiXHTS543232L9A300_090721FB8400CEGUD75AX
R2 rurifuqe; C:\Users\Elżbieta\AppData\Local\360A3140-1430327757-11B2-8000-F9720973A506\snsxF59D.tmp [122368 2015-04-29] () [File not signed]
S2 rorikewu; C:\Users\Elżbieta\AppData\Roaming\360A3140-1430319898-11B2-8000-F9720973A506\jnsyF9AF.tmp [X]
S2 vikitoky; C:\Users\Elżbieta\AppData\Roaming\360A3140-1430319898-11B2-8000-F9720973A506\nst470D.tmpfs [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
2015-04-29 19:24 - 2015-04-30 10:17 - 00000000 ____ D () C:\AdwCleaner
2015-04-29 17:16 - 2015-04-30 10:24 - 00000000 ____ D () C:\Users\Elżbieta\AppData\Local\360A3140-1430327757-11B2-8000-F9720973A506
2015-04-29 17:12 - 2015-04-29 17:13 - 00000000 ____ D () C:\Users\Elżbieta\AppData\Local\360A3140-1430327552-11B2-8000-F9720973A506
2015-04-29 16:59 - 2015-04-29 16:59 - 00000000 ____ D () C:\Users\Elżbieta\AppData\Roaming\oursurfing
2015-04-28 20:35 - 2015-04-28 20:35 - 00000000 _____ () C:\Users\Elżbieta\AppData\Local\{B8DD6266-BB31-4588-8F29-AACDF0254BA3}
2015-04-05 20:16 - 2015-04-05 20:16 - 00000000 _____ () C:\Users\Elżbieta\AppData\Local\{C7F4AAA1-074C-46CE-84FD-9BAE0A0A0375}
2015-04-05 20:07 - 2015-04-05 20:07 - 00000000 _____ () C:\Users\Elżbieta\AppData\Local\{CEAD4ACD-C293-4C6B-BF2F-F2C98E50C2F9}
2015-04-30 10:20 - 2014-11-08 19:06 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2013-10-11 21:03 - 2013-10-11 21:03 - 0030920 _____ () C:\Users\Elżbieta\AppData\Roaming\UserTile.png
2014-10-21 21:18 - 2014-10-21 21:18 - 0627784 _____ (CMI Limited) C:\Users\Elżbieta\AppData\Local\nsr7F75.tmp
2015-01-16 15:00 - 2015-01-16 15:00 - 0000000 _____ () C:\Users\Elżbieta\AppData\Local\{0455BFE3-1786-464A-A520-C9AB724D56AC}
2015-04-28 20:35 - 2015-04-28 20:35 - 0000000 _____ () C:\Users\Elżbieta\AppData\Local\{B8DD6266-BB31-4588-8F29-AACDF0254BA3}
2015-04-05 20:16 - 2015-04-05 20:16 - 0000000 _____ () C:\Users\Elżbieta\AppData\Local\{C7F4AAA1-074C-46CE-84FD-9BAE0A0A0375}
2015-04-05 20:07 - 2015-04-05 20:07 - 0000000 _____ () C:\Users\Elżbieta\AppData\Local\{CEAD4ACD-C293-4C6B-BF2F-F2C98E50C2F9}
C:\Users\Public\DrvMgt.dll
C:\Users\Public\Returning_PL_Beta_2012-11-11_SFX.exe
C:\Users\Public\setup.exe
C:\Users\Public\ShelExec.exe
Task: {03BDC1AE-3353-4FC5-B42F-3CA7D54E3C31} - System32\Tasks\{0E032993-3DAA-4398-A8D7-1D1437E0E5C2} => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {190A679A-C37E-4F58-AC83-E4AB61DB7629} - System32\Tasks\At1 => C:\Users\ELBIET~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {1F3D5594-A825-4852-88BC-E66AF6594898} - System32\Tasks\{4074C4D9-F3E3-4D32-B0F1-EA92940CF18E} => pcalua.exe -a C:\Users\Elżbieta\.thumbnails\Downloads\apokalipsa_demo_1.01.exe -d C:\Users\Elżbieta\.thumbnails\Downloads
Task: {2DB20153-2F50-465B-ABE8-FB2EADECD677} - System32\Tasks\{C044CCE6-1B35-4209-8A3B-095B248BB0A5} => pcalua.exe -a C:\Users\Elżbieta\AppData\Roaming\.minecraft\mods\Web-Displays-Mod-Installer-1.7.10\Web-Displays-Mod-Installer-1.7.10.exe -d C:\Users\Elżbieta\AppData\Roaming\.minecraft\mods\Web-Displays-Mod-Installer-1.7.10
Task: {31AB81C7-F78A-4359-BC1D-04A9AC7BE2FC} - System32\Tasks\{E38EB675-6819-4301-B8FF-FBA11FBF5C25} => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {32BA7554-CEB5-4B43-947F-93867781AC7A} - System32\Tasks\{AF7C5D7B-DEC8-4AA4-8FB2-4DFA32DF3E85} => pcalua.exe -a C:\Users\Elżbieta\.thumbnails\Downloads\gmod_9_0_4.exe -d C:\Users\Elżbieta\.thumbnails\Downloads
Task: {39AAC125-30B6-49B3-ABFF-7E085BF940CB} - System32\Tasks\At2 => C:\Users\ELBIET~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3B0D1697-2C29-4376-B47E-4FB9EFCA3F30} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {574DA5A6-813B-4A0D-B8BB-DF5D8C26F1DD} - System32\Tasks\{1CA864A5-0F20-4203-81D9-762FE51E0DEF} => Chrome.exe http://ui.skype.com/ui/0/6.1.0.129.259/pl/abandoninstall?page=tsMain
Task: {58F98CE0-989D-4A23-93CC-36B4483EBEB8} - System32\Tasks\_UPDATES => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: {64513043-CA60-4DA3-8BBF-56C29A9CA530} - System32\Tasks\{977EA076-4934-4063-B13A-654DF14E96D4} => pcalua.exe -a C:\Users\Elżbieta\Desktop\gmod_9_0_4.exe -d C:\Users\Elżbieta\Desktop\
Task: {670BBD28-59ED-45E6-B1A4-543138EC04E9} - System32\Tasks\{D6484BF5-A9A3-4125-A09D-56F03B8E6AC0} => pcalua.exe -a C:\Users\Elżbieta\.thumbnails\Downloads\Velaya_PL-1.1.exe -d C:\Users\Elżbieta\.thumbnails\Downloads
Task: {79B20592-890C-4FC5-8EE1-872E1F868498} - System32\Tasks\{8092579D-A79E-4B79-985B-FCDA0C44877D} => pcalua.exe -a C:\Users\Elżbieta\Desktop\MorePlayerModels_1.7.2\Five_Nights_at_Freddys_3.exe -d C:\Users\Elżbieta\Desktop\MorePlayerModels_1.7.2
Task: {7E58DAA9-9438-4CA0-811C-2B5B633697FD} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {7E58DAA9-9438-4CA0-811C-2B5B633697FD} - System32\Tasks\COMODO\COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69} => C:\Program Files\COMODO\COMODO Internet Security\cis.exe
Task: {7F4C8C9F-9AFE-46F9-97D6-4DBB72238EAB} - System32\Tasks\{5804C8A7-45DA-4079-9E53-E936981AE1E7} => pcalua.exe -a E:\startuj.exe -d E:\
Task: {8F58A9AE-08F6-4E9E-BA57-F5F70B923984} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {9214EBCD-B683-42B9-820C-0E4A9570D199} - System32\Tasks\{88947FAB-8A8B-46F6-9F8A-59D2D9D76240} => pcalua.exe -a E:\setup.exe -d E:\
Task: {92E2490A-BA09-4333-9D85-3D6EFB7D4E6D} - System32\Tasks\{12265EFD-5028-4B69-909D-C026FCCA5A63} => pcalua.exe -a "C:\Users\Elżbieta\Desktop\MorePlayerModels_1.7.2\gmod_9_0_4 (2).exe" -d C:\Users\Elżbieta\Desktop\MorePlayerModels_1.7.2
Task: {9A40412C-7CC3-479F-A9E6-E83B3E50B4FF} - System32\Tasks\{79FDF7BC-4AD6-49AC-819F-83BB81454632} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {A975DBD9-F983-4E53-A926-0E9F53D2F8CB} - System32\Tasks\{F2C911F8-F15D-4B43-B058-2398D1235871} => pcalua.exe -a C:\PROGRA~1\Valve\Steam\UNWISE.EXE -c C:\PROGRA~1\Valve\Steam\INSTALL.LOG
Task: {D3EA2D7A-F236-427B-AAF6-8998F6B6859F} - System32\Tasks\{60937A56-E54C-4C86-B866-CE3B898718B6} => pcalua.exe -a "C:\Users\Elżbieta\Desktop\MorePlayerModels_1.7.2\gmod_9_0_4 (3).exe" -d C:\Users\Elżbieta\Desktop\MorePlayerModels_1.7.2
Task: {E811B9C5-D3E5-4C08-A072-BF5070A47401} - System32\Tasks\{77622993-CD4C-4DA0-8B83-FC827B1E1A25} => pcalua.exe -a C:\Users\Elżbieta\.thumbnails\Downloads\Web-Displays-Mod-Installer-1.7.10.exe -d C:\Users\Elżbieta\.thumbnails\Downloads
Task: {F59580E3-E0D5-4F08-B142-74A2189A88C0} - System32\Tasks\{9D535D2F-8CC8-40D1-A407-4B9A7AB9A090} => pcalua.exe -a E:\cda_menu.exe -d E:\
Task: {F5B4B4CC-6CD6-48CF-9303-93CED20DBDB2} - System32\Tasks\_DEFAULT => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Users\ELBIET~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\At2.job => C:\Users\ELBIET~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\_DEFAULT.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
Task: C:\Windows\Tasks\_UPDATES.job => C:\Program Files\PC Performer\PCPerformer.exe <==== ATTENTION
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

Odinstalowałam McAfee SiteAdvisor.

Wkliłamj do systemowego notatnika i zapisałam fixlist. txt dałam to na pulpit i nic? Uruchomiłam FRST kliknęłam fix…i No fixlist.txt found ???

Fixlog.txt http://wklej.org/id/1700410/ myślę że problem chyba usunięty weszłam w panel sterowania i odinstalowałam program jeszcze raz i nie ma!

Przczeczytaj całą poprzednią odpowiedź.

Nowy raport z FRST bez Addition i Shortcut 

http://wklej.org/id/1700827/

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

SearchScopes: HKU\S-1-5-21-2940293867-578583823-1431221202-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR Extension: (Wooden Seal) - C:\Users\Elżbieta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhaainhenplcdfcllgnlfkaggoicmlaj [2015-04-29]
S3 andnetndis; system32\DRIVERS\lgandnetndis.sys [X]
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [239488 2011-10-24] (Huawei Technologies Co., Ltd.)
2015-04-30 15:14 - 2009-06-12 09:28 - 00000000 ____ D () C:\ProgramData\McAfee
2015-04-30 15:14 - 2013-02-28 20:18 - 00000000 ____ D () C:\Program Files\McAfee
2013-10-01 10:04 - 2014-08-18 18:24 - 0000680 _____ () C:\Users\Elżbieta\AppData\Local\d3d9caps.dat
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Adobe Reader X

Java 7 Update 76

Zainstaluj:

Adobe Reader XI 11.0.10

Java 8 Update 45