Wirusy i szkodliwe programy

Nowaczek312 · 19 Sierpień 2016 18:55

Niedawno chciałem pobrać pewną grę lecz zainstalował się jakiś program który zainstalował pełno innych programów które od razu się włączyły i zaczęły spowalniać prace komputera proszę o pomoc.

FRST - http://www.wklej.org/id/2785948/

Addition - http://www.wklej.org/id/2785949/

Shortcut - http://www.wklej.org/id/2785950/

Atis · 19 Sierpień 2016 19:16

W panelu sterowania odinstaluj:

AnySend
Caster
DPower version 1.0
RelevantKnowledge
Setup

SrpnFiles

SunnyDay

sunnyday version 1.1
youndoo - Uninstall

Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Usuń (Cleaning).

Kliknij Skanuj (Scan) i pokaż nowy raport FRST i Addition.

Nowaczek312 · 19 Sierpień 2016 19:53

http://wklej.org/id/2785985/ -FRST

http://wklej.org/id/2785986/ addition

Atis · 19 Sierpień 2016 20:46

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32…\Run: [Tv-Plug-In] => “C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe” nogui HKLM-x32…\Run: [win_en_77] => [X] HKLM-x32…\Run: [sun21] => [X] HKU\S-1-5-21-738053908-318465022-1425786974-1000…\Run: [EmotiplusHelper] => C:\Users\dom\AppData\Local\EmotiplusHelper\EmotiplusHelper.exe [136088 2016-07-29] (Emotiplus) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\dom\AppData\Local\MEGAsync\ShellExtX64.dll Brak pliku ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\dom\AppData\Local\MEGAsync\ShellExtX64.dll Brak pliku ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\dom\AppData\Local\MEGAsync\ShellExtX64.dll Brak pliku ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\dom\AppData\Local\MEGAsync\ShellExtX32.dll Brak pliku ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\dom\AppData\Local\MEGAsync\ShellExtX32.dll Brak pliku ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\dom\AppData\Local\MEGAsync\ShellExtX32.dll Brak pliku ShortcutTarget: Emotiplus.lnk -> C:\Users\dom\AppData\Local\Emotiplus\Emotiplus.exe (Emotiplus) BootExecute: autocheck autochk * aswBoot.exe /M:14205a44b3 /wow /dir:“C:\Program Files\AVAST Software\Avast” Tcpip…\Interfaces{9C354887-08AC-402A-9484-82920E56AAB3}: [DhcpNameServer] 7.254.254.254 Tcpip…\Interfaces{B0493C00-E4A2-4490-A177-6CDD9A4FED53}: [NameServer] 188.120.239.115,8.8.8.8 Tcpip…\Interfaces{D93DD950-E197-4453-9C52-D53CC998A980}: [NameServer] 188.120.239.115,8.8.8.8 Tcpip…\Interfaces{F59D2F4F-BD81-45C7-9D53-05ECED46608A}: [NameServer] 188.120.239.115,8.8.8.8 S2 VlrroSNk; C:\Program Files (x86)\WebShield\WebShield.exe [X] U0 aswVmm; Brak ImagePath S3 xhunter1; ??\C:\Windows\xhunter1.sys [X] 2016-08-19 21:21 - 2016-08-19 21:43 - 00000000 ____D C:\AdwCleaner 2016-08-19 20:32 - 2016-08-19 20:30 - 00000763 _____ C:\Windows\system32\Drivers\etc\hp.bak 2016-08-19 20:25 - 2016-08-19 20:29 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2016-08-19 20:24 - 2016-08-19 20:48 - 00000000 ____D C:\Program Files (x86)\sbqh 2016-08-19 20:23 - 2016-08-19 21:36 - 00000000 ____D C:\Program Files (x86)\Mutain 2016-08-19 20:23 - 2016-08-19 21:24 - 00000000 ____D C:\Users\dom\AppData\Local\Droddomanucush 2016-08-05 17:08 - 2016-08-05 17:08 - 00000000 ____D C:\ProgramData\COMODO 2016-08-03 21:49 - 2016-08-06 11:34 - 00000000 ____D C:\Users\dom\AppData\Roaming\DBKO 2016-07-29 21:06 - 2016-07-29 21:07 - 00000000 ____D C:\Users\dom\AppData\Local\Emotiplus 2016-07-29 20:25 - 2016-07-29 20:25 - 00000000 ____D C:\Users\dom\AppData\Local\EmotiplusHelper 2016-07-29 19:09 - 2016-07-29 19:09 - 00000000 ____D C:\Users\dom\AppData\Roaming\java 2015-10-05 16:09 - 2015-10-02 21:43 - 0010014 _____ () C:\Program Files\images.jpg 2016-02-28 22:38 - 2016-02-28 22:38 - 3293520 _____ () C:\Program Files\Common Files\n3s4r3dt.exe 2016-02-28 17:57 - 2016-05-19 20:52 - 0003072 ___SH () C:\Users\dom\AppData\Roaming\Thumbs.db 2016-07-03 17:10 - 2016-08-09 20:22 - 0000105 _____ () C:\Users\dom\AppData\Local\Autosofted License.txt 2015-06-01 18:16 - 2016-08-19 21:46 - 2551485 _____ () C:\Users\dom\AppData\Local\BTServer.log 2015-06-04 13:57 - 2015-06-04 13:57 - 0000000 _____ () C:\Users\dom\AppData\Local\Temp.dat 2015-08-19 17:58 - 2015-08-19 17:58 - 0000003 _____ () C:\Users\dom\AppData\Local\updater.log 2015-08-19 17:59 - 2015-10-02 13:36 - 0000424 _____ () C:\Users\dom\AppData\Local\UserProducts.xml Task: {10B8CB04-91E7-4CFA-B1EC-630CBEA620D3} - System32\Tasks{2380BFED-FFCB-008F-E729-562137224860} => C:\Users\dom\AppData\Roaming\PRICEF~1\PRICEF~1.EXE <==== UWAGA Task: {43764319-2F11-4ABA-A29B-2C7D84487718} - System32\Tasks\e-pity2015a_styczen => C:\Program Files (x86)\e-file\e-pity2015\Assets\signxml.exe Task: {5911473D-9A37-4D3D-B012-2C9F11F11BF6} - System32\Tasks\domDislocatePreadaptingV2 => Rundll32.exe DavitSubalterns.dll,main 7 1 <==== UWAGA Task: {6AD96DDD-4EAF-40F1-A745-E33C0E6B4197} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe Task: {8C8EB35D-AF0A-4FB5-BC6D-F047B9475E07} - System32\Tasks\domBrevitiesRheniumsV2 => Rundll32.exe PtomainicExactitude.dll,main 7 1 <==== UWAGA Task: {B72E6737-2915-4529-A7B7-B3B02C118177} - System32\Tasks{A2FE0C00-FC3A-435D-A59D-3BA131A04517} => pcalua.exe -a C:\Users\dom\Downloads\Ball3D_Install.exe -d C:\Users\dom\Downloads Task: {C1639B06-4DAD-4612-A7F0-72113370CEC4} - System32\Tasks\Anerwerghckeqi Log => C:\Program Files (x86)\Mutain\anoward.exe [2016-08-19] (Kunshan Aunbox software co.,Ltd) Task: {C1A7A479-A24A-4B4B-93CC-265C54395F56} - \Techsmart Computer Worker -> Brak pliku <==== UWAGA Task: {C79E226D-B3BB-443B-A674-23C11A18B031} - System32\Tasks{0621E258-DC45-FF36-0CB9-35E82E5E58CA} => C:\Users\dom\AppData\Roaming\PRICEF~1\Updater.exe <==== UWAGA Task: {DB38CFC5-E597-4384-919B-263FD9D457FF} - System32\Tasks\e-pity2015a_kwiecien => C:\Program Files (x86)\e-file\e-pity2015\Assets\signxml.exe Task: C:\Windows\Tasks{0621E258-DC45-FF36-0CB9-35E82E5E58CA}.job => C:\Users\dom\AppData\Roaming\PRICEF~1\Updater.exe <==== UWAGA Task: C:\Windows\Tasks{2380BFED-FFCB-008F-E729-562137224860}.job => C:\Users\dom\AppData\Roaming\PRICEF~1\PRICEF~1.EXE <==== UWAGA ShortcutWithArgument: C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> “hxxp://safesurfs.net/?ssid=1471630753&a=1003081&src=sh&uuid=2262285c-f422-413e-8683-63f5bd34d6ee” ShortcutWithArgument: C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> “hxxp://safesurfs.net/?ssid=1471630753&a=1003081&src=sh&uuid=2262285c-f422-413e-8683-63f5bd34d6ee” ShortcutWithArgument: C:\Users\dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> “hxxp://safesurfs.net/?ssid=1471630753&a=1003081&src=sh&uuid=2262285c-f422-413e-8683-63f5bd34d6ee” ShortcutWithArgument: C:\Users\dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> “hxxp://safesurfs.net/?ssid=1471630753&a=1003081&src=sh&uuid=2262285c-f422-413e-8683-63f5bd34d6ee” ShortcutWithArgument: C:\Users\dom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2acc51a47c847ae1\Chromium.lnk -> C:\Users\dom\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) -> “hxxp://safesurfs.net/?ssid=1471630753&a=1003081&src=sh&uuid=2262285c-f422-413e-8683-63f5bd34d6ee” RemoveProxy: Hosts: EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

Nowaczek312 · 19 Sierpień 2016 21:13

http://wklej.org/id/2786008/ - Fixlog

http://wklej.org/id/2786010/ - FRST

Atis · 19 Sierpień 2016 21:29

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

Startup: C:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Emotiplus.lnk [2016-07-29] FirewallRules: [{075705D7-F057-4FF0-9EE0-32E96970DD50}] => (Allow) C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe FirewallRules: [{38CF09EC-DFAE-4AF3-8245-3A58A54A807E}] => (Allow) C:\Program Files (x86)\LuckyBrowse\app\LuckyBrowse.exe FirewallRules: [{F0E3B746-D2D8-4C91-835A-4A99E32E27E5}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe FirewallRules: [{FBA284A9-22E6-46C0-8172-181D3BC3325A}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe FirewallRules: [{EBAA3909-FEB2-4A41-A530-1BF5C34C7611}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe FirewallRules: [{35F84F3A-7FAB-4B1A-8340-B1648C4D55CC}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe FirewallRules: [{DC913268-1235-471A-A96B-F0BFDC008F28}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{F163D734-57F0-461A-A18B-A9058FA1B841}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe FirewallRules: [{36630612-4BC2-41DF-9698-0F28FD7B2DB7}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe FirewallRules: [{ACCB0872-B58C-421A-B609-F6B7B0E9D564}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Skasuj folder C:\FRST
Czyszczenie folderów Przywracania systemu
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium: KLIK
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK

Odinstaluj Microsoft Silverlight i zainstaluj Silverlight 5.1.50428.0