Problem z niechcianymi programami


(Rysmen2) #1

Cześć,

 

Proszę o pomoc w walce z programami typu youtube accelerator i istasurf.com, search protect. Pozmieniały mi strony startowe itd. Używałem już programu Malwarebytes, ale nie do końca wyczyścił wirusy. Poniżej przesyłam logi:

 

http://www.wklej.org/id/1745175/

http://www.wklej.org/id/1745177/

http://www.wklej.org/id/1745178/

 

Z góry dziękuję.

 


(Atis) #2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
CHR DefaultSearchKeyword: Default -> istartsurf
CHR DefaultSearchURL: Default -> http://www.istartsurf.com/web/?type=ds&ts=1435091316&z=5328b55937a3f94c12a4dc4g9z1c4w1e2t7gccdg8z&from=smt&uid=HitachiXHTS547575A9E384_J2140059EETVYAEETVYAX&q={searchTerms}
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [X]
2015-06-23 23:11 - 2015-06-23 23:12 - 00000000 ____ D C:\AdwCleaner
2015-06-23 22:28 - 2015-06-23 22:28 - 00000000 _____ C:\windows\prleth.sys
2015-06-23 22:28 - 2015-06-23 22:28 - 00000000 _____ C:\windows\hgfs.sys
2015-06-23 22:40 - 2012-05-11 16:21 - 00000000 ____ D C:\ProgramData\Temp
2014-10-19 17:12 - 2014-10-19 17:12 - 0265835 _____ () C:\ProgramData\1413731430.bdinstall.bin
2012-05-11 16:33 - 2012-05-11 16:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-11 16:26 - 2012-05-11 16:27 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-05-11 16:30 - 2012-05-11 16:31 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-11 16:27 - 2012-05-11 16:30 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-11 16:31 - 2012-05-11 16:33 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Task: {01B00D39-9371-4902-B702-FFA9051C4821} - System32\Tasks\{95C50568-F151-4B5F-8609-C0F45E103D26} => E:\Setup.exe
Task: {07E62422-FA2A-4B20-A50C-777C5E8F417A} - System32\Tasks\{A2B2E0E5-E0C5-481F-AF00-F6EFC8CCFB58} => E:\Setup.exe
Task: {4F4EB160-2400-4346-B426-D635C9E149E8} - System32\Tasks\{BC6FB355-20D4-413B-9FB6-9B2CDB7D4710} => pcalua.exe -a E:\setup.exe -d E:\
Task: {58A1E7B2-AF59-4AA3-9A58-36186DDD1F3A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\SymErr.exe
Task: {5EEE42F1-EBE8-43C0-A603-6A1ECA201FB9} - \temp_8deb633f-643e-4ba2-a4c0-82f8fbbba0a5-1-6 No Task File <==== ATTENTION
Task: {EB2467E5-7C42-4720-A851-9059893C4759} - System32\Tasks\{2413B491-2565-4728-9D84-F9140749565B} => E:\_AUTORUN\AUTORUN.EXE
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Rysmen2) #3

Dzięki :slight_smile:

 

Poniżej przesyłamy logi z usuwania i nowy FRST:

 

http://wklej.org/id/1745303/

 

http://wklej.org/id/1745306/

 

 


(Atis) #4

Resetowanie ustawień przeglądarki Chrome

Skasuj folder C:\FRST

Dysk przeskanuj ESET Online Scanner

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Adobe Flash Player 17 ActiveX

Adobe Flash Player 18 NPAPI

Adobe Shockwave Player 12.0

Java 7 Update 67

Java 8 Update 25

Zainstaluj:

Flash Player 18.0.0.194 ActiveX

Flash Player 18.0.0.194 NPAPI

Java 8 Update 45