Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Niechciane programy same się instalują.

Syurkowsky 20 Maj 2016 16:23 1524 11
  • #1 20 Maj 2016 16:23
    Syurkowsky
    Poziom 4  

    Witam,
    Instalują mi się jakieś niechciane programy i wyskakują reklamy. Komputer bardzo wolno chodzi. Proszę o sprawdzenie frst. Mam nadzieję, że dobrze zeskanowałem i proszę o pomoc.
    Pozdrawiam

    0 11
  • #2 20 Maj 2016 18:01
    kudlaty1125
    Poziom 15  

    Strasznie duże te pliki, wykrywa mi że to wirusy.

    0
  • Pomocny post
    #4 20 Maj 2016 18:38
    Kolobos
    Spec od komputerów

    Przejdz do katalogu C:\Program Files (x86)\MPC Cleaner\ i uruchom uninstall.exe z prawami administratora.

    Uruchom systrm w trybie awaryjnym.
    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-3519243448-2730272208-4285156818-1002_Classes\CLSID\{034DF736-A378-4292-ACAE-A561088999F5}\InprocServer32 -> C:\Users\Syurkowsky\AppData\Local\PPTAssist\pptassist64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3519243448-2730272208-4285156818-1002_Classes\CLSID\{1077138E-896C-445E-BD31-CFCFFA4636C4}\InprocServer32 -> C:\Users\Syurkowsky\AppData\Local\PPTAssist\pptassist64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3519243448-2730272208-4285156818-1002_Classes\CLSID\{C4917602-2AC8-4ECE-8E5D-390C3871ABB3}\InprocServer32 -> C:\Users\Syurkowsky\AppData\Local\PPTAssist\tabassist64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3519243448-2730272208-4285156818-1002_Classes\CLSID\{E00310B2-F036-4771-9347-C131257D990F}\InprocServer32 -> C:\Users\Syurkowsky\AppData\Local\PPTAssist\tabassist64.dll => Brak pliku
    Task: {14AC577C-7B70-4C34-9F6C-B010D177B901} - System32\Tasks\PPTAssistantUpdateTask_Syurkowsky => C:\Users\Syurkowsky\AppData\Local\PPTAssist\assistupdate.exe
    Task: {36FF800C-AEB6-45A1-B79E-39F39602123A} - System32\Tasks\Shefale Cloud => C:\Program Files (x86)\Shefale\shefaleCloudtask.exe [2016-05-19] () <==== UWAGA
    Task: {5CB786A6-56DD-408D-8BDD-52896AE6B371} - System32\Tasks\Opera scheduled Autoupdate 1463697413 => C:\Program Files (x86)\Opera\launcher.exe [2016-05-06] (Opera Software)
    Task: {6709ABE9-F78D-4F62-965F-AD989F62B8EF} - System32\Tasks\{AB23B6EC-F010-4717-95A6-41A67E09156B} => pcalua.exe -a C:\Users\Syurkowsky\AppData\Local\tucao\1.1.1.1\uninst.exe -c /uninst
    Task: {9B486036-3CC9-4683-9DF0-C79C4A447DEE} - System32\Tasks\PPI Update => "hxxp://insightlk.com/download/index.php?mn=9995"
    Task: {EDEB1F35-5C26-42C2-8A03-2A33636095D3} - System32\Tasks\PPTAssistantNotifyTask_Syurkowsky => C:\Users\Syurkowsky\AppData\Local\PPTAssist\notify.exe
    Task: C:\Windows\Tasks\PPTAssistantNotifyTask_Syurkowsky.job => C:\Users\Syurkowsky\AppData\Local\PPTAssist\notify.exe
    Task: C:\Windows\Tasks\PPTAssistantUpdateTask_Syurkowsky.job => C:\Users\Syurkowsky\AppData\Local\PPTAssist\assistupdate.exe
    2016-05-20 12:22 - 2016-05-20 12:22 - 00170496 _____ () C:\Users\Syurkowsky\AppData\Roaming\Cehti\Cehti.exe
    2016-05-20 12:23 - 2016-05-20 12:23 - 00668672 _____ () C:\Users\Syurkowsky\AppData\Roaming\Cehti\Govqua.dll
    2016-05-20 12:22 - 2016-05-20 12:22 - 00112128 _____ () C:\Users\Syurkowsky\AppData\Roaming\Cehti\Ranqobchma.exe
    2016-05-20 12:23 - 2016-05-20 12:23 - 00143872 _____ () C:\Users\Syurkowsky\AppData\Roaming\Cehti\Govqua.exe
    2016-05-20 12:23 - 2016-05-20 12:23 - 00258560 _____ () C:\Users\Syurkowsky\AppData\Roaming\Cehti\Ranqobchma.dll
    Hosts:
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe




    () C:\Users\Syurkowsky\AppData\Roaming\Cehti\Cehti.exe
    () C:\Users\Syurkowsky\AppData\Roaming\Cehti\Ranqobchma.exe
    () C:\Users\Syurkowsky\AppData\Roaming\Cehti\Govqua.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
    HKLM\...\Run: [IDSCCOMRTH] => "C:\Program Files (x86)\EasyHotspot\idsccom_RTH.exe"
    HKLM\...\Run: [WINCOMSHK] => "C:\Program Files (x86)\sunnyday\wincom_SHK.exe"
    HKLM\...\Run: [IDSCCOMEA8] => "C:\Program Files (x86)\Hostify\idsccom_EA8.exe"
    HKLM\...\Run: [WINCOM2CI] => "C:\Program Files (x86)\sunnyday\wincom_2CI.exe"
    HKLM\...\Run: [IDSCCOM0BP] => "C:\Program Files (x86)\Hostify\idsccom_0BP.exe"
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [tasklist] => C:\Users\Syurkowsky\AppData\Roaming\UPUpdata\tasklist
    HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTRAY.EXE" /regrun /qqrepair
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKU\S-1-5-21-3519243448-2730272208-4285156818-1002\...\Run: [YbnzPack] => regsvr32.exe C:\Users\Syurkowsky\AppData\Local\YbnzPack\AwlagenImage.dll <===== UWAGA
    HKU\S-1-5-21-3519243448-2730272208-4285156818-1002\...\Run: [Iddjsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Syurkowsky\AppData\Local\Abgfworks\VctrlVideo16.dll
    HKU\S-1-5-21-3519243448-2730272208-4285156818-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Syurkowsky\AppData\Local\Akamai\netsession_win.exe"
    HKU\S-1-5-21-3519243448-2730272208-4285156818-1002\...\Policies\Explorer: []
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll Brak pliku
    GroupPolicyScripts: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{646ed580-fa34-11e5-98e9-806e6f6e6963}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{9c263920-ad36-4c79-bbdf-1c80e77a2690}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{a0a429d1-f721-4cbf-85d5-ccfe153182f2}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{a2235c20-ee8b-41b4-828e-a28fc8b9898a}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{a4f25d2a-4729-4a27-b001-76f53f0be12d}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{c03d7b91-f176-40ab-9751-4f19c651b156}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{e068e8e2-cc07-4eac-af5f-4dceb7423b68}: [NameServer] 104.197.191.4
    BHO: TSearch -> {6E727987-C8EA-44DA-8749-310C0FBE3C3E} -> C:\Program Files (x86)\Torrent Search\IEEF\MyH7XTKJdCn7.dll => Brak pliku
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat => Brak pliku
    OPR Extension: (口水党) - C:\Users\Syurkowsky\AppData\Roaming\Opera Software\Opera Stable\Extensions\djghkggdampkogmkmnmpfhfpbgedpmfm [2016-05-20]
    OPR Extension: (Torrent Search) - C:\Users\Syurkowsky\AppData\Roaming\Opera Software\Opera Stable\Extensions\fghlbjjfaimocdbincabjnngocjeiaij [2016-05-20]
    R2 Dodtue; C:\Users\Syurkowsky\AppData\Roaming\Cehti\Cehti.exe [170496 2016-05-20] () [Brak podpisu cyfrowego]
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-05-20] (DotC United Inc)
    S2 shefaleCloudservice; C:\Program Files (x86)\Shefale\shefaleCloudservice.exe [985752 2016-05-19] ()
    S2 Modeogo; "C:\Users\Syurkowsky\AppData\Roaming\QatvinLicp\Dumzimb.exe" -cms [X]
    S2 ThnAdpsrv; "C:\Program Files (x86)\Thunshprerusp\ThnAdpsrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-05-20] (DotC United Inc)
    R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [80768 2016-04-25] (Huorong Borui (Beijing) Technology Co., Ltd.)
    S1 ccfuqzcr; \??\C:\Windows\system32\drivers\ccfuqzcr.sys [X]
    2016-05-20 17:40 - 2016-05-20 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-05-20 17:38 - 2016-05-20 17:38 - 00000000 ____D C:\Windows\system32\gees
    2016-05-20 17:26 - 2016-05-20 17:26 - 00250912 _____ C:\Windows\SysWOW64\kz.exe
    2016-05-20 17:25 - 2016-05-20 17:26 - 00000000 ____D C:\Windows\system32\appmgmt
    2016-05-20 17:25 - 2016-05-20 17:25 - 00003308 _____ C:\Windows\System32\Tasks\{AB23B6EC-F010-4717-95A6-41A67E09156B}
    2016-05-20 16:00 - 2016-05-20 16:00 - 00000000 ____D C:\Users\Syurkowsky\AppData\Roaming\MCorp
    2016-05-20 15:59 - 2016-05-20 17:37 - 00000000 ____D C:\AdwCleaner
    2016-05-20 15:56 - 2016-05-20 15:58 - 00000000 ____D C:\Users\Syurkowsky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-05-20 15:56 - 2016-05-20 15:56 - 00001623 _____ C:\Users\Syurkowsky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2016-05-20 15:53 - 2016-04-25 20:55 - 00080768 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\Windows\system32\Drivers\ucguard.sys
    2016-05-20 15:52 - 2016-05-20 15:52 - 00001599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2016-05-20 15:52 - 2015-10-20 10:54 - 27712808 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\XMPSetupLite-SIjhaqws55.exe
    2016-05-20 15:51 - 2016-05-20 15:51 - 00000000 ____D C:\Program Files (x86)\Drecuied
    2016-05-20 15:50 - 2016-04-29 09:45 - 03449576 _____ (上海旻嘟网络科技有限公司) C:\ProgramData\TXQX_Setup_2.1.4.1_tian_3040.exe
    2016-05-20 15:50 - 2016-04-23 09:11 - 04516224 _____ C:\ProgramData\qudao18.exe
    2016-05-20 15:49 - 2016-05-20 15:49 - 00092872 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2016-05-20 15:49 - 2016-05-20 15:49 - 00000000 ____D C:\Users\Syurkowsky\AppData\Roaming\Softlink
    2016-05-20 15:49 - 2016-05-20 15:49 - 00000000 ____D C:\Program Files (x86)\Platoward
    2016-05-20 15:48 - 2016-05-20 17:42 - 00000382 _____ C:\Windows\Tasks\PPTAssistantNotifyTask_Syurkowsky.job
    2016-05-20 15:48 - 2016-05-20 17:32 - 00000652 _____ C:\Windows\Tasks\PPTAssistantUpdateTask_Syurkowsky.job
    2016-05-20 15:48 - 2016-05-20 17:26 - 00000000 ____D C:\Program Files\żěŃą
    2016-05-20 15:48 - 2016-05-20 16:16 - 00000000 ____D C:\Users\Syurkowsky\AppData\Roaming\Kuaizip
    2016-05-20 15:48 - 2016-05-20 16:02 - 00003712 _____ C:\Windows\System32\Tasks\PPTAssistantUpdateTask_Syurkowsky
    2016-05-20 15:48 - 2016-05-20 15:48 - 00003442 _____ C:\Windows\System32\Tasks\PPTAssistantNotifyTask_Syurkowsky
    2016-05-20 15:48 - 2016-02-18 10:10 - 05267952 _____ () C:\ProgramData\ziptool_wc-9015_setup.exe
    2016-05-20 15:47 - 2016-05-20 16:02 - 00000000 ____D C:\ProgramData\kingsoft
    2016-05-20 15:47 - 2016-05-20 15:47 - 00127488 _____ C:\Users\Syurkowsky\AppData\Roaming\Installer.dat
    2016-05-20 15:47 - 2016-05-20 15:47 - 00011568 _____ C:\Users\Syurkowsky\AppData\Roaming\InstallationConfiguration.xml
    2016-05-20 15:47 - 2016-02-18 03:56 - 07318464 _____ C:\ProgramData\KuaiZip_Setup_1875570831_jiuzhuan_001.exe
    2016-05-20 15:46 - 2016-05-04 10:44 - 04232400 _____ (Kingsoft Corp. Ltd.) C:\ProgramData\OfficeAssist.0172.80.1384.exe
    2016-05-20 15:45 - 2016-05-20 15:46 - 00008950 _____ C:\Windows\System32\Tasks\Shefale Cloud
    2016-05-20 15:44 - 2015-11-20 04:42 - 02511936 _____ (hxxp://moshoushurufa.com/) C:\ProgramData\moshou_gl_010.exe
    2016-05-20 15:43 - 2016-05-20 17:29 - 00000000 ____D C:\Program Files (x86)\Razoghchak
    2016-05-20 15:43 - 2016-05-20 15:54 - 00000000 ____D C:\Program Files (x86)\Platoward_bc9c2
    2016-05-20 15:43 - 2016-05-20 15:45 - 00000000 ____D C:\Program Files (x86)\Shefale
    2016-05-20 15:37 - 2016-05-20 16:06 - 00000000 ____D C:\Users\Syurkowsky\AppData\Local\app
    2016-05-20 15:36 - 2016-05-20 15:36 - 00000000 ____D C:\Users\Syurkowsky\AppData\LocalLow00940048
    2016-05-20 15:36 - 2016-05-20 15:36 - 00000000 ____D C:\Users\Syurkowsky\AppData\LocalLow0000012F3820CE38
    2016-05-20 15:36 - 2016-05-20 15:36 - 00000000 ____D C:\Users\Syurkowsky\AppData\LocalLow\Company
    2016-05-20 15:36 - 2016-05-20 15:36 - 00000000 ____D C:\uninst
    2016-05-20 15:35 - 2016-05-20 15:55 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-05-20 15:35 - 2016-05-20 15:36 - 00000000 ____D C:\Users\Syurkowsky\AppData\Local\Tempfolder
    2016-05-20 15:35 - 2016-05-20 15:35 - 00000000 ____D C:\Users\Syurkowsky\AppData\Roaming\Cehti
    2016-05-20 15:35 - 2016-05-20 15:35 - 00000000 ____D C:\Users\Syurkowsky\AppData\Local\Razer
    2016-05-20 15:35 - 2016-05-20 15:35 - 00000000 ____D C:\Users\Syurkowsky\AppData\Local\PeerDistRepub
    2016-05-20 15:35 - 2016-05-20 15:35 - 00000000 ____D C:\Program Files (x86)\badu
    2016-05-20 15:35 - 2016-05-20 15:34 - 00060136 ____N (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-05-20 15:34 - 2016-05-20 15:35 - 00000000 ____D C:\Users\Syurkowsky\AppData\Roaming\gplyra
    2016-05-20 15:34 - 2016-05-20 15:34 - 00000000 ____D C:\Users\Public\Thunder Network
    2016-05-20 15:34 - 2016-05-20 15:34 - 00000000 ____D C:\ProgramData\Thunder Network
    2016-05-20 15:34 - 2016-05-16 17:09 - 05714944 _____ (Skype Technologies) C:\ProgramData\conhost.exe
    2016-05-20 15:33 - 2016-05-20 15:33 - 00000000 ____D C:\Program Files (x86)\Platoward_2ddb4
    2016-05-20 15:33 - 2016-05-20 15:33 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    2016-05-20 08:46 - 2016-05-20 08:46 - 00000000 ____D C:\Program Files (x86)\Mucatheruricult
    2016-05-20 08:36 - 2016-05-20 16:09 - 00000000 ____D C:\Users\Syurkowsky\AppData\Local\YbnzPack
    2016-05-20 08:36 - 2016-05-20 16:09 - 00000000 ____D C:\Users\Syurkowsky\AppData\Local\Abgfworks
    2016-05-20 08:34 - 2016-05-20 17:34 - 00001346 __RSH C:\ProgramData\ntuser.pol
    2016-05-20 08:32 - 2016-05-20 17:28 - 00000000 ____D C:\Program Files (x86)\Ghokaphlbeward
    2016-05-20 08:32 - 2016-05-20 15:51 - 00000000 ____D C:\extensions
    2016-05-20 08:31 - 2016-05-20 08:45 - 00003640 _____ C:\Windows\System32\Tasks\PPI Update
    2016-05-20 15:47 - 2016-05-20 15:47 - 0011568 _____ () C:\Users\Syurkowsky\AppData\Roaming\InstallationConfiguration.xml
    2016-05-20 15:47 - 2016-05-20 15:47 - 0127488 _____ () C:\Users\Syurkowsky\AppData\Roaming\Installer.dat
    2016-05-18 04:46 - 2016-05-18 04:46 - 0028160 _____ () C:\Users\Syurkowsky\AppData\Roaming\NsResize.dll
    1988-10-21 01:00 - 1988-10-21 01:00 - 0001402 _____ () C:\Users\Syurkowsky\AppData\Roaming\PatrialDotterel.J
    2016-05-15 00:44 - 2016-05-15 00:44 - 0078336 _____ () C:\Users\Syurkowsky\AppData\Roaming\Services.dll
    1989-10-23 01:00 - 1989-10-23 01:00 - 0049764 _____ () C:\Users\Syurkowsky\AppData\Roaming\Stick.e
    2013-01-04 02:00 - 2013-01-04 02:00 - 0241757 _____ () C:\Users\Syurkowsky\AppData\Roaming\Velodrome.g
    2016-05-20 15:34 - 2016-05-16 17:09 - 5714944 _____ (Skype Technologies) C:\ProgramData\conhost.exe
    2016-05-20 15:47 - 2016-02-18 03:56 - 7318464 _____ () C:\ProgramData\KuaiZip_Setup_1875570831_jiuzhuan_001.exe
    2016-05-20 15:44 - 2015-11-20 04:42 - 2511936 _____ (http://moshoushurufa.com/) C:\ProgramData\moshou_gl_010.exe
    2016-05-20 15:46 - 2016-05-04 10:44 - 4232400 _____ (Kingsoft Corp. Ltd.) C:\ProgramData\OfficeAssist.0172.80.1384.exe
    2016-05-20 15:50 - 2016-04-23 09:11 - 4516224 _____ () C:\ProgramData\qudao18.exe
    2016-05-20 15:50 - 2016-04-29 09:45 - 3449576 _____ (上海旻嘟网络科技有限公司) C:\ProgramData\TXQX_Setup_2.1.4.1_tian_3040.exe
    2016-05-20 15:52 - 2015-10-20 10:54 - 27712808 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\XMPSetupLite-SIjhaqws55.exe
    2016-05-20 15:48 - 2016-02-18 10:10 - 5267952 _____ () C:\ProgramData\ziptool_wc-9015_setup.exe
    EmptyTemp:

    W FRST wybierz Napraw. Pozniej to samo wykonaj w trybie normalnym.

    Uzyj RepairDNS i zamiesc log, ktory sie utworzy:
    http://nicolascoolman.com/download/repairdns/?wpdmdl=729
    Oraz nowe logi z FRST, ze skanowania, utworzone PO uzyciu RepairDNS.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    1
  • Pomocny post
    #8 20 Maj 2016 20:21
    Kolobos
    Spec od komputerów

    Wykonaj nowy Fixlist.txt dla FRST:
    Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
    Replace: C:\Windows\winsxs\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_2c65f66b01dd8f12\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll

    Po wykonaniu zamiesc nowy log z RepairDns.

    0
  • #10 20 Maj 2016 20:28
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #11 20 Maj 2016 20:31
    Syurkowsky
    Poziom 4  

    Wielkie dzięki już czuję poprawę wydajności. Niestety z C:\FRST nie mogę usunąć jednego pliku: dnsapi.dll.xBAD

    0
  • #12 20 Maj 2016 20:36
    Kolobos
    Spec od komputerów

    Wykonaj taki Fixlist.txt:
    DeleteQuarantine:

    To usunie katalog C:\FRST.

    0