Witam, proszę o pomoc w usunięciu złośliwego oprogramowania.
Przesylam logi
FRST http://wklej.org/id/1634447/
Addition http://wklej.org/id/1634464/
Z góry dziękuję za pomoc.
Odinstaluj SuperPlusRadio v2.1,sweet-page uninstall,uTorrentBar Toolbar,WindowsMangerProtect20.0.0.1277.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
Pokaż nowe logi z FRST.
Odinstaluj McAfee Security Scan Plus.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Extension: SuperPlusRadio v2.1 - C:\Users\Lukasz\AppData\Roaming\Mozilla\Firefox\Profiles\9vit7cyw.default\Extensions\15e4983dcabc4fb695007d519f551@fc04b380cf4e4a16aeb63aa224928b.com [2015-02-03]
FF Extension: uTorrentBar Community Toolbar - C:\Users\Lukasz\AppData\Roaming\Mozilla\Firefox\Profiles\9vit7cyw.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2013-03-04]
FF Extension: PickNsaveIT - C:\Users\Lukasz\AppData\Roaming\Mozilla\Firefox\Profiles\9vit7cyw.default\Extensions\m12oe@sw-ayoe.com.xpi [2013-02-26]
FF HKU\S-1-5-21-1611679891-2385546746-1788658375-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR StartupUrls: Default -> "hxxp://rts.dsrlte.com?affID=pr_aea8de54-03db-4af7-b9ef-fdaf93e79e6a"
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\AdwCleaner
C:\Program Files (x86)\uTorrentBar
CustomCLSID: HKU\S-1-5-21-1611679891-2385546746-1788658375-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lukasz\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1611679891-2385546746-1788658375-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lukasz\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1611679891-2385546746-1788658375-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lukasz\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1611679891-2385546746-1788658375-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lukasz\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1611679891-2385546746-1788658375-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lukasz\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {04DD5B06-E9A7-4AEA-B365-74A46AE52E42} - System32\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-6 => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-6.exe [2015-02-03] (RadioCanyonv2) <==== ATTENTION
Task: {22249D21-7F04-42F8-A806-3E85B8132963} - System32\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-5 => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-5.exe [2015-02-03] (RadioCanyonv2) <==== ATTENTION
Task: {239FD930-D207-4FC8-927C-BABCBD3239EA} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-03] (globalUpdate) <==== ATTENTION
Task: {2A7924C5-16B2-4EF4-A9DB-DEAFF4D1AF37} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-03] (globalUpdate) <==== ATTENTION
Task: {42368204-F50C-4CFD-8627-7DCF1048515F} - System32\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-1-6 => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-1-6.exe [2015-02-03] (RadioCanyonv2) <==== ATTENTION
Task: {5949923F-82D0-4316-A50D-94B35384E9BD} - System32\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-5_user => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-5.exe [2015-02-03] (RadioCanyonv2) <==== ATTENTION
Task: {5FBEB2BD-42D1-4728-9BAC-6ADFCDADB9F5} - System32\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-1-7 => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-1-7.exe [2015-02-03] (RadioCanyonv2) <==== ATTENTION
Task: {67352092-9192-4789-9E5B-26BC7311C621} - System32\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-10_user => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-10.exe [2015-02-03] (RadioCanyonv2) <==== ATTENTION
Task: {980FE2FC-CFE1-48D7-8CD3-E1120B1980A6} - System32\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-4 => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-4.exe [2015-02-03] (RadioCanyonv2) <==== ATTENTION
Task: {985BA91B-9C2B-4251-86A8-F8DFBC13569D} - System32\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-7 => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-7.exe [2015-02-03] (RadioCanyonv2) <==== ATTENTION
Task: C:\Windows\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-1-6.job => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-1-7.job => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-10_user.job => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-4.job => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-5.job => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-5_user.job => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-6.job => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\fdd09102-e8f5-4aaa-8b03-8908d4c59602-7.job => C:\Program Files (x86)\SuperPlusRadio v2.1\fdd09102-e8f5-4aaa-8b03-8908d4c59602-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
Skasuj folder C:\FRST
Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
http://wstaw.org/m/2014/03/25/2014-03-25_123039.png
Język PL > Settings > General Settings > Language > Polish
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK
Odinstaluj Adobe Reader 9.5.1 i Java 7 Update 17.
Zainstaluj Adobe Reader XI 11.0.10 i Java 8 Update 31
naprawione! dziękuje bardzo 