Mój komputer został zarażony dużą liczbą wirusów

tomek123tomo · 8 Styczeń 2015 16:49

proszę o sprawdzenie logów i ewetualnie pomoc w usunięciu wirusów

logi z otl:

normalny http://www.wklejto.pl/219539

extras http://wklejto.pl/219540

logi z malwarebytes’a dostarcze później

Acorus · 8 Styczeń 2015 17:05

Odinstaluj WebStorage,WinZipper.Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

tomek123tomo · 8 Styczeń 2015 19:21

dodam jeszcze że web storage to program asusa

Potrzebne ci logi z malwarebytes?

ps:

zmieniłem antywirusa z avasta na arcabit

frst

http://www.wklejto.pl/219546

additonal

http://www.wklejto.pl/219547

malwarebytes

http://www.wklejto.pl/219551

z góry dziękuje

prosze szybciej

Acorus · 8 Styczeń 2015 19:26

Webstorage jest zbędny i stwarza kłopoty z explorerem.Otwórz notatnik systemowy i wklej:

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\dom\Dane aplikacji:NT
AlternateDataStreams: C:\Users\dom\Dane aplikacji:NT2
AlternateDataStreams: C:\Users\dom\AppData\Roaming:NT
AlternateDataStreams: C:\Users\dom\AppData\Roaming:NT2
HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s RtHDVCpl C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s kernel32.dll
HKLM\...\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hpts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hpts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=dsts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=dsts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hpts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hpts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=dsts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=dsts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239q={searchTerms}
HKU\S-1-5-21-3222062804-488586800-3217439595-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=dsts=1419324413from=wpm12233uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239q={searchTerms}
HKU\S-1-5-21-3222062804-488586800-3217439595-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hpts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239
HKU\S-1-5-21-3222062804-488586800-3217439595-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hpts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239
HKU\S-1-5-21-3222062804-488586800-3217439595-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=dsts=1419324413from=wpm12233uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=scts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1408975844from=ilduid=ST750LM022XHN-M750MBB_S2Y7J9GF200239q={searchTerms}
SearchScopes: HKU\S-1-5-21-3222062804-488586800-3217439595-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1419324413from=wpm12233uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239q={searchTerms}
CHR HomePage: Default - hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=48cc=
CHR StartupUrls: Default - "hxxp://www.delta-homes.com/?type=hpts=1419324413from=wpm12233uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239"
CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-23]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?type=scts=1419324413from=wpm12233uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239
S3 DAUpdaterSvc; D:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [X]
S3 ABWFP; \\C:\Program Files\Arcabit\ArcaVir\ABWFP8.sys [X]
S3 FairplayKD; \\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

tomek123tomo · 8 Styczeń 2015 20:21

Acorus:

Webstorage jest zbędny i stwarza kłopoty z explorerem.Otwórz notatnik systemowy i wklej: AlternateDataStreams: C:\ProgramData:NT AlternateDataStreams: C:\ProgramData:NT2 AlternateDataStreams: C:\Users\All Users:NT AlternateDataStreams: C:\Users\All Users:NT2 AlternateDataStreams: C:\ProgramData\Application Data:NT AlternateDataStreams: C:\ProgramData\Application Data:NT2 AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivqqsp26hfm AlternateDataStreams: C:\Users\dom\Dane aplikacji:NT AlternateDataStreams: C:\Users\dom\Dane aplikacji:NT2 AlternateDataStreams: C:\Users\dom\AppData\Roaming:NT AlternateDataStreams: C:\Users\dom\AppData\Roaming:NT2 HKLM…\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s RtHDVCpl C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s kernel32.dll HKLM…\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239&q={searchTerms} HKU\S-1-5-21-3222062804-488586800-3217439595-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1419324413&from=wpm12233&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239&q={searchTerms} HKU\S-1-5-21-3222062804-488586800-3217439595-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239 HKU\S-1-5-21-3222062804-488586800-3217439595-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239 HKU\S-1-5-21-3222062804-488586800-3217439595-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1419324413&from=wpm12233&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239 SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1408975844&from=ild&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239&q={searchTerms} SearchScopes: HKU\S-1-5-21-3222062804-488586800-3217439595-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1419324413&from=wpm12233&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239&q={searchTerms} CHR HomePage: Default -> hxxp://search.softonic.com/MON00085/tb_v1?SearchSource=48&cc= CHR StartupUrls: Default -> “hxxp://www.delta-homes.com/?type=hp&ts=1419324413&from=wpm12233&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239” CHR HKLM…\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-23] CHR HKLM-x32…\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32…\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-23] CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?type=sc&ts=1419324413&from=wpm12233&uid=ST750LM022XHN-M750MBB_S2Y7J9GF200239 S3 DAUpdaterSvc; D:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [X] S3 ABWFP; \C:\Program Files\Arcabit\ArcaVir\ABWFP8.sys [X] S3 FairplayKD; \C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X] C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom FRST i kliknij w Fix.

co potem

co teraz

Acorus · 8 Styczeń 2015 20:22

Zrobiłeś prawidłowo? Jaka sytuacja?Jak wszystko gra to skasuj folder C:\FRST

tomek123tomo · 8 Styczeń 2015 20:23

wszystko dobrze