rysmen1
(Rysmen2)
23 Czerwiec 2015 21:21
#1
Cześć,
Proszę o pomoc w walce z programami typu youtube accelerator i istasurf.com , search protect. Pozmieniały mi strony startowe itd. Używałem już programu Malwarebytes, ale nie do końca wyczyścił wirusy. Poniżej przesyłam logi:
http://www.wklej.org/id/1745175/
http://www.wklej.org/id/1745177/
http://www.wklej.org/id/1745178/
Z góry dziękuję.
Atis
(Atis)
23 Czerwiec 2015 23:08
#2
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-4209209786-2917733824-1122995674-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
CHR DefaultSearchKeyword: Default -> istartsurf
CHR DefaultSearchURL: Default -> http://www.istartsurf.com/web/?type=ds&ts=1435091316&z=5328b55937a3f94c12a4dc4g9z1c4w1e2t7gccdg8z&from=smt&uid=HitachiXHTS547575A9E384_J2140059EETVYAEETVYAX&q={searchTerms}
S1 AntiLog32; \??\C:\windows\system32\drivers\AntiLog64.sys [X]
S3 DUMeterDrv; \??\C:\Program Files (x86)\DU Meter\DUMETR64.SYS [X]
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [X]
2015-06-23 23:11 - 2015-06-23 23:12 - 00000000 ____ D C:\AdwCleaner
2015-06-23 22:28 - 2015-06-23 22:28 - 00000000 _____ C:\windows\prleth.sys
2015-06-23 22:28 - 2015-06-23 22:28 - 00000000 _____ C:\windows\hgfs.sys
2015-06-23 22:40 - 2012-05-11 16:21 - 00000000 ____ D C:\ProgramData\Temp
2014-10-19 17:12 - 2014-10-19 17:12 - 0265835 _____ () C:\ProgramData\1413731430.bdinstall.bin
2012-05-11 16:33 - 2012-05-11 16:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-11 16:26 - 2012-05-11 16:27 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-05-11 16:30 - 2012-05-11 16:31 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-11 16:27 - 2012-05-11 16:30 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-05-11 16:31 - 2012-05-11 16:33 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Task: {01B00D39-9371-4902-B702-FFA9051C4821} - System32\Tasks\{95C50568-F151-4B5F-8609-C0F45E103D26} => E:\Setup.exe
Task: {07E62422-FA2A-4B20-A50C-777C5E8F417A} - System32\Tasks\{A2B2E0E5-E0C5-481F-AF00-F6EFC8CCFB58} => E:\Setup.exe
Task: {4F4EB160-2400-4346-B426-D635C9E149E8} - System32\Tasks\{BC6FB355-20D4-413B-9FB6-9B2CDB7D4710} => pcalua.exe -a E:\setup.exe -d E:\
Task: {58A1E7B2-AF59-4AA3-9A58-36186DDD1F3A} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\SymErr.exe
Task: {5EEE42F1-EBE8-43C0-A603-6A1ECA201FB9} - \temp_8deb633f-643e-4ba2-a4c0-82f8fbbba0a5-1-6 No Task File <==== ATTENTION
Task: {EB2467E5-7C42-4720-A851-9059893C4759} - System32\Tasks\{2413B491-2565-4728-9D84-F9140749565B} => E:\_AUTORUN\AUTORUN.EXE
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.
rysmen1
(Rysmen2)
24 Czerwiec 2015 07:49
#3
Dzięki
Poniżej przesyłamy logi z usuwania i nowy FRST:
http://wklej.org/id/1745303/
http://wklej.org/id/1745306/
Atis
(Atis)
24 Czerwiec 2015 09:47
#4
Resetowanie ustawień przeglądarki Chrome
Skasuj folder C:\FRST
Dysk przeskanuj ESET Online Scanner
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK
Odinstaluj:
Adobe Flash Player 17 ActiveX
Adobe Flash Player 18 NPAPI
Adobe Shockwave Player 12.0
Java 7 Update 67
Java 8 Update 25
Zainstaluj:
Flash Player 18.0.0.194 ActiveX
Flash Player 18.0.0.194 NPAPI
Java 8 Update 45