Wirus instalujący programy

VeSteQ · 11 Lipiec 2015 11:39

Witam, ostatnio pobrałem jakiś plik z internetu, chyba mod do gierki i w tym momencie zaczęły instalować mi się jakies programy, przeglądarki itp.

Co chwile reklamy mi wyskakują, usuwałem programy a już po 30 sekundach instalują się na nowo wraz z nowymi programami, możecie jakoś pomóż? Czy tylko format?

Atronics · 11 Lipiec 2015 11:58

postaraj się wykonać te raporty i zaczekaj na odczyt.

http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowiązkowy-t478727/

VeSteQ · 11 Lipiec 2015 18:42

masz tutaj wszyskto: http://www.wklej.org/id/1755446/

Atis · 11 Lipiec 2015 19:16

W panelu sterowania odinstaluj:

GamesDesktop 008.005010013

GamesDesktop 008.005010014

GamesDesktop 008.005010015

GamesDesktop 008.005010016

GamesDesktop 008.005010017

GamesDesktop 008.005010018

GamesDesktop 008.005010019

GamesDesktop 008.005010020

GamesDesktop 008.005010021

GamesDesktop 008.005010022

GamesDesktop 008.005010023

GamesDesktop 008.005010024

GamesDesktop 008.005010025

GamesDesktop 008.005010026

GamesDesktop 008.005010027

istartsurf uninstall

mystartsearch uninstall

Pobierz i uruchom AdwCleaner Kliknij Skanuj i później Usuń.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

VeSteQ · 12 Lipiec 2015 09:42

już to robiłem, wystarczy niecała minuta i się instaluje od nowa.

Atis · 12 Lipiec 2015 10:46

Nie cytuj moich odpowiedzi.

Wykonaj pozostałe zalecenia.

VeSteQ · 12 Lipiec 2015 19:19

wykonane: http://www.wklej.org/id/1755944/

Atis · 12 Lipiec 2015 19:34

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_pl_005010008] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010010] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010011] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010012] => [X]
HKLM-x32\...\Run: [gmsd_pl_002030012] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010023] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010024] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010025] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010026] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010027] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010013] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010028] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010014] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010015] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010016] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010019] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010020] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010022] => [X]
HKU\S-1-5-21-3628876647-2402749363-1109811215-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-07] (Google Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {535b69cf-44f6-4c9f-96b1-b5adb65c582d} -> No File
BHO: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
BHO-x32: No Name -> {535b69cf-44f6-4c9f-96b1-b5adb65c582d} -> No File
BHO-x32: No Name -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> No File
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
R2 wijoduny; C:\Users\xxx\AppData\Roaming\44313030-1430482462-3243-3033-3946FFFFFFFF\knstD3A0.tmp [289792 2015-07-12] () [File not signed]
R2 xybologo; C:\Users\xxx\AppData\Roaming\44313030-1430482462-3243-3033-3946FFFFFFFF\jnsy9725.tmp [202240 2015-05-01] () [File not signed]
S2 Util Wooden Seal; "C:\Program Files (x86)\Wooden Seal\bin\utilWoodenSeal.exe" [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
2015-07-12 21:07 - 2015-07-12 21:07 - 00000000 ____ D C:\Users\xxx\Downloads\FRST-OlderVersion
2015-07-12 21:00 - 2015-07-12 21:02 - 00000000 ____ D C:\AdwCleaner
2015-07-12 17:04 - 2015-07-12 20:04 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-27 19:54 - 2015-06-27 19:54 - 00000000 __SHD C:\found.000
2015-06-13 08:56 - 2015-06-13 08:56 - 00000000 _____ C:\Windows\prleth.sys
2015-06-13 08:56 - 2015-06-13 08:56 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-12 20:27 - 2015-05-01 14:14 - 00000000 ____ D C:\Users\xxx\AppData\Roaming\44313030-1430482462-3243-3033-3946FFFFFFFF
2015-07-11 13:43 - 2015-05-24 09:41 - 00000000 ____ D C:\Program Files (x86)\3b092aa2-f685-4cec-96c2-20e7d11711c7
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\xxx\AppData\Roaming\pBR0EImsi2IN1mk68
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\xxx\AppData\Roaming\PZz8pNn7vXUFsUCJpcl
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\xxx\AppData\Roaming\tIj4Zs1VzmY913E
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\xxx\AppData\Roaming\wb2t8tRSo8U345x
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\xxx\AppData\Roaming\ZA88Xzz8v7qhZYgJvzQ4610mQ7
C:\Users\xxx\AppData\Roaming\*.exe
C:\Users\xxx\AppData\Local\*.tmp
2015-05-01 09:18 - 2015-05-01 09:18 - 0000000 _____ () C:\Users\xxx\AppData\Local\{35402E22-8935-4AFE-A6FB-D997B73FD3B0}
Task: {341297E8-C63C-411E-A022-0D4B5085B8B8} - System32\Tasks\{4CBB1F71-D3F5-4A07-81DA-1788D19AE095} => pcalua.exe -a C:\Users\xxx\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=cmi
Task: C:\Windows\Tasks\3D6E6874-4805-4F30-9AC-4D1BABEF61.job => C:\Users\xxx\AppData\Local\3D6E6874-4805-4F30-9AC-4D1BABEF61\3D6E6874-4805-4F30-9AC-4D1BABEF61.exe
Task: C:\Windows\Tasks\4FD86AD1-CEE3-4FA3-BE8D-FEBF2880381A.job => C:\Users\xxx\AppData\Local\4FD86AD1-CEE3-4FA3-BE8D-FEBF2880381A\4FD86AD1-CEE3-4FA3-BE8D-FEBF2880381A.exe <==== ATTENTION
Task: C:\Windows\Tasks\58CFDB0B-290B-4789-9CE4-E4E1C1CF4755.job => C:\Users\xxx\AppData\Local\58CFDB0B-290B-4789-9CE4-E4E1C1CF4755\58CFDB0B-290B-4789-9CE4-E4E1C1CF4755.exe <==== ATTENTION
Task: C:\Windows\Tasks\A1072048-7BC1-4AF0-AE52-CB2AAF7D97A4.job => C:\Users\xxx\AppData\Local\A1072048-7BC1-4AF0-AE52-CB2AAF7D97A4\A1072048-7BC1-4AF0-AE52-CB2AAF7D97A4.exe <==== ATTENTION
Task: C:\Windows\Tasks\B741CDF1-EF3-4537-8DFA-BE3B5DD32159.job => C:\Users\xxx\AppData\Local\B741CDF1-EF3-4537-8DFA-BE3B5DD32159\B741CDF1-EF3-4537-8DFA-BE3B5DD32159.exe
Task: C:\Windows\Tasks\B7E6B03-197F-4306-AF1E-F363F4C6D254.job => C:\Users\xxx\AppData\Local\B7E6B03-197F-4306-AF1E-F363F4C6D254\B7E6B03-197F-4306-AF1E-F363F4C6D254.exe
Task: C:\Windows\Tasks\BA457445-7A1D-4A77-8544-A410B266A0C6.job => C:\Users\xxx\AppData\Local\BA457445-7A1D-4A77-8544-A410B266A0C6\BA457445-7A1D-4A77-8544-A410B266A0C6.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{ec0b19f1-ab57-808c-ec0b-b19f1ab567c6}\download.exe <==== ATTENTION
Task: C:\Windows\Tasks\CVCODENR1.job => C:\ProgramData\TomorrowGames\TomorrowGames.exe <==== ATTENTION
Task: C:\Windows\Tasks\HQGCPRGCCKPMYFXQ.job => C:\ProgramData\18922c8c7457484cbf27a23143f6bca2\18922c8c7457484cbf27a23143f6bca2.exe <==== ATTENTION
Task: C:\Windows\Tasks\pBR0EImsi2IN1mk68.job => C:\Users\xxx\AppData\Roaming\pBR0EImsi2IN1mk68.exe <==== ATTENTION
Task: C:\Windows\Tasks\PZz8pNn7vXUFsUCJpcl.job => C:\Users\xxx\AppData\Roaming\PZz8pNn7vXUFsUCJpcl.exe <==== ATTENTION
Task: C:\Windows\Tasks\Software Removal Tool logs upload retry.job => C:\Users\xxx\AppData\Local\Temp\1429.exe <==== ATTENTION
Task: C:\Windows\Tasks\Software Removal Tool post reboot run.job => C:\Users\xxx\AppData\Local\Temp\C320.exe <==== ATTENTION
Task: C:\Windows\Tasks\tIj4Zs1VzmY913E.job => C:\Users\xxx\AppData\Roaming\tIj4Zs1VzmY913E.exe <==== ATTENTION
Task: C:\Windows\Tasks\wb2t8tRSo8U345x.job => C:\Users\xxx\AppData\Roaming\wb2t8tRSo8U345x.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZA88Xzz8v7qhZYgJvzQ4610mQ7.job => C:\Users\xxx\AppData\Roaming\ZA88Xzz8v7qhZYgJvzQ4610mQ7.exe <==== ATTENTION
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport FRST i Addition.

VeSteQ · 13 Lipiec 2015 11:46

Tu jest wszystko http://wklej.org/id/1756212/

Atis · 13 Lipiec 2015 15:56

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-3628876647-2402749363-1109811215-1000\...\Run: [GoogleChromeAutoLaunch_301616F0A6831F2B456716015D23ECCD] => "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" --no-startup-window
FirewallRules: [{8ABA6AE8-A36F-4EE4-85C3-3B5659D8C316}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
C:\Program Files (x86)\Crossbrows
C:\Users\xxx\Desktop\Continue Live Installation.lnk
C:\ProgramData\19a87fa1ec024bbcbb41931263354405
C:\Users\Public\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
C:\Users\xxx\AppData\Local\B7E6B03-197F-4306-AF1E-F363F4C6D254
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK

Odinstaluj Java 8 Update 40 i zainstaluj Java 8 Update 45