Reklamy same wyskakują i programy się same instalują

Dla specjalistów Bezpieczeństwo
#1

Mam problem z kompem okna z reklamami mi wyskakują nagminnie tak że nie da się korzystać z przeglądarki a ponad to instalują mi się same jakieś programy. Zrobiłem skan OTL 

 

OTL.txt- http://www.wklej.org/id/1757452/

Extras.txt- http://www.wklej.org/id/1757454/

#2

W panelu sterowania odinstaluj:

AnyProtect

CPU Miner

GamesDesktop 008.005010030

GamesDesktop 008.005010031

oursurfing uninstall

SG Miner

SmartWeb

WordShark 1.10.0.20

Pobierz i uruchom AdwCleaner Kliknij Skanuj i później Usuń.

Farbar Recovery Scan Tool - Raport obowiązkowy

#3

oursurfing uninstall- nie chce się usunąć.

#4

Wykonaj pozostałe zalecenia.

#5

otl-http://wklej.org/id/1757473/

#6

Przestań zaśmiecać forum i naucz się czytać.

Nikt na tym forum nie sprawdza logów z OTL.

#7

frst.txt- http://wklej.org/id/1757477/

#8

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM\...\Run: [gpuminer] => C:\Users\TEMP\AppData\Roaming\cpuminer\sgminer\sgminer.cmd <===== ATTENTION
HKLM\...\Run: [cpuminer] => C:\Windows\system32\cpuminer-gw64.exe
HKLM-x32\...\Run: [gmsd_pl_122] => [X]
HKLM-x32\...\RunOnce: [upgmsd_pl_005010032.exe] => C:\Users\TEMP\AppData\Local\gmsd_pl_005010030\upgmsd_pl_005010032.exe -runonce <===== ATTENTION
HKU\S-1-5-21-3977560668-552799030-236998860-1000\...\Run: [GoogleChromeAutoLaunch_3506378FBCEBDF20F1E0108D7099CEC0] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-3977560668-552799030-236998860-1000\...\Run: [GoogleChromeAutoLaunch_9BC56F75BA4FFEF536BC5347F2EC0A0A] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
HKU\S-1-5-21-3977560668-552799030-236998860-1000\...\Run: [GoogleChromeAutoLaunch_DEA04ECE15B4BAE72B016927A30039F9] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
R2 qufumyby; C:\Users\Default\AppData\Roaming\03D40274-1425070794-0503-3706-1E0700080009\jnslFA3C.tmp [195072 2015-02-27] () [File not signed]
S2 insvc_1.10.0.14; "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" [X]
R2 jocovere; C:\Users\Default\AppData\Roaming\03D40274-1425070794-0503-3706-1E0700080009\nslC928.tmpfs [X]
S2 scsvc_1.10.0.16; "C:\Program Files (x86)\SuperClick_1.10.0.16\Service\scsvc.exe" [X]
S2 wssvc_1.10.0.20; "C:\Program Files (x86)\WordShark_1.10.0.20\Service\wssvc.exe" [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-07-14 11:42 - 2015-07-14 11:42 - 00000000 ____ D C:\Users\TEMP\AppData\Local\21853
2015-07-14 10:38 - 2015-07-14 10:38 - 00000000 ____ D C:\Program Files (x86)\gmsd_pl_002030030
2015-06-24 17:19 - 2015-06-24 17:19 - 00000687 _____ C:\awhE8E7.tmp
2015-07-05 11:44 - 2015-07-13 12:57 - 00000020 _____ C:\Users\TEMP\AppData\Roaming\appdataFr2.bin
2015-07-14 10:36 - 2015-05-20 09:33 - 00000000 ____ D C:\Program Files (x86)\31f15664-178d-4964-9aae-b17c3b2ee8f8
2015-07-14 10:34 - 2015-05-20 09:33 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-07-14 10:25 - 2015-06-01 08:26 - 00000000 ____ D C:\Program Files (x86)\76e2f31d-7ade-4498-b158-6ae6f9bb67d2
2015-07-14 10:25 - 2015-05-31 14:57 - 00000000 ____ D C:\Program Files (x86)\768657fa-58b5-44e2-b128-08a6899980b8
2015-07-14 10:25 - 2015-05-27 16:37 - 00000000 ____ D C:\Program Files (x86)\Best of Sonic Games 2013
2015-07-14 10:25 - 2015-06-02 07:43 - 00000000 ____ D C:\Program Files (x86)\Sport Jam
2015-07-14 10:25 - 2015-01-06 02:17 - 00000000 ____ D C:\ProgramData\17868956636354985705
2015-03-04 21:36 - 2015-03-04 21:36 - 0000016 _____ () C:\ProgramData\mntemp
Task: {0B1ACCF3-3011-4C17-A957-8D19140503A0} - System32\Tasks\{30D9FA57-CB42-4C7F-85B0-7A9E6F04382F} => pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe"
Task: {19F5AED1-4303-414E-9A8E-BCBA42C372FD} - System32\Tasks\Installer_sense => C:\Windows\system32\config\systemprofile\AppData\Local\Installer\Installsense_24101\ins_postInst.exe <==== ATTENTION
Task: {38212C5A-214E-4BFF-90D9-8B1C5E86F3C3} - System32\Tasks\GNOK => C:\GNOK.exe
Task: {49913825-73EB-4632-AA6A-FDC50CCD5B1A} - System32\Tasks\{2B1810D8-3678-4661-9BE7-ED7EDE763837} => C:\Program Files (x86)\Goat Simulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
Task: {4AB7B053-6A7D-4C43-AA03-61580EC97E83} - System32\Tasks\{25BF2867-89FD-48AB-A614-E1F6A638BFD0} => pcalua.exe -a C:\Users\TEMP\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=cmi
Task: {5F98C795-6228-440B-9508-B785F8443BDE} - System32\Tasks\{261B54BB-8B34-44DF-A1A6-F7C61C23DF83} => C:\Windows\system32\config\systemprofile\Desktop\FreEsKiLLz VIP\hack.exe
Task: {8415D27F-7105-4669-AF12-74B8B9AD51DC} - System32\Tasks\sport_jam_helper_service => C:\Program Files (x86)\Sport Jam\sport_jam_helper_service.exe [2015-06-02] ()
Task: {8CFBEF9D-0432-4DA5-A8EE-436E6FFD7FE5} - System32\Tasks\{76690742-B92A-4036-9E38-86BB04ED0046} => C:\Windows\system32\config\systemprofile\Desktop\FreEsKiLLz VIP\hack.exe
Task: {AAAC9DB5-08D6-4ACD-AA78-BB08418CAB99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {CDB2B4AC-42C5-47FA-A69A-056C826E8F4A} - System32\Tasks\{100E1231-21AC-4D91-935C-84C8289EEF11} => C:\Windows\system32\config\systemprofile\Desktop\FreEsKiLLz VIP\hack.exe
Task: {D6E33EB4-E26B-4D36-A310-92B776820AC9} - System32\Tasks\{1F181ABB-8D9E-4126-B981-D5AD09473D0E} => pcalua.exe -a C:\Users\TEMP\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=face
Task: {FED492C6-244E-4C7B-897D-34D4894EFF6C} - System32\Tasks\Installer_iwebar => C:\Windows\system32\config\systemprofile\AppData\Local\Installer\Installiwebar_24101\ins_postInst.exe <==== ATTENTION
Task: C:\Windows\Tasks\GNOK.job => C:\GNOK.exe <==== ATTENTION
Task: C:\Windows\Tasks\sport_jam_helper_service.job => C:\Program Files (x86)\Sport Jam\sport_jam_helper_service.exe <==== ATTENTION
C:\Users\Default\AppData\Roaming\03D40274-1425070794-0503-3706-1E0700080009
AlternateDataStreams: C:\Windows\system32\Drivers\fovpigzk.sys:changelist
C:\Windows\system32\Drivers\fovpigzk.sys
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

#9

fixlog- http://wklej.org/id/1758390/

 

frst.txt- http://wklej.org/id/1758391/

#10

Masz uszkodzony profil użytkownika i loguje na tymczasowy TEMP.

Sprawdź czy uda się połączyć konto z właściwym folderem.

Pobierz i uruchom Reprofiler.

http://ufpr.dl.sourceforge.net/project/reprofiler/Production%20Release/reprofiler.zip

http://www.iwrconsultancy.co.uk/reprofiler

Zaznacz konto ZALMAN i kliknij Detach.

Później w górnym oknie zaznacz ZALMAN a w dolnym folder: C:\Users\ZALMAN

Połącz klikając Assign.

#11

coś takiego wyszło- http://wklej.org/id/1758411/

#12

Utwórz nowe logi FRST.txt i Addition.txt