Problem z Winlogon.exe-Wirus

kondek121 · 14 Czerwiec 2014 14:05

Witam, od dwóch dni mam problem z zamulonym kompem i prawdopodobnie znam tego przyczynę. Jest to chyba spowodowane wirusem w aplikacji WinLogon.exe

OGL

http://www.wklej.org/id/1392042/

EXTRAS

http://www.wklej.org/id/1392047/

Acorus · 14 Czerwiec 2014 14:11

Odinstaluj Unity Web Player.

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

kondek121 · 14 Czerwiec 2014 14:33

FRST

http://www.wklej.org/id/1392080/

Addition

http://www.wklej.org/id/1392081/

Acorus · 14 Czerwiec 2014 15:46

Odinstaluj LogMeIn Hamachi Packages.Otwórz Notatnik i wklej:

Task: {9C2173ED-639D-4CC1-8548-D6912501D9E6} - \ProtectedSearch\Protected Search No Task File ==== ATTENTION
HKLM-x32\...\Run: [fst_pl_49] = [X]
HKU\S-1-5-21-2002111077-1405720746-2513671621-1001\...\MountPoints2: F - F:\tpm.exe
HKU\S-1-5-21-2002111077-1405720746-2513671621-1001\...\MountPoints2: M - M:\tpm.exe
HKU\S-1-5-21-2002111077-1405720746-2513671621-1001\...\MountPoints2: {8404d289-7e9a-11e2-898d-00241d9e29ed} - J:\SETUP.EXE
HKU\S-1-5-21-2002111077-1405720746-2513671621-1001\...\MountPoints2: {e313f25a-d1d1-11e3-833c-00241d9e29ed} - F:\tpm.exe
HKU\S-1-5-21-2002111077-1405720746-2513671621-1001\...\MountPoints2: {e313f26c-d1d1-11e3-833c-00241d9e29ed} - M:\tpm.exe
URLSearchHook: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Users\Stachu\AppData\LocalLow\uTorrentControl_v6\prxtbuTor.dll (ClientConnect Ltd.)
URLSearchHook: HKCU - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Users\Stachu\AppData\LocalLow\uTorrentControl_v6\prxtbuTor.dll (ClientConnect Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO-x32: uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Users\Stachu\AppData\LocalLow\uTorrentControl_v6\prxtbuTor.dll (ClientConnect Ltd.)
Toolbar: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Users\Stachu\AppData\LocalLow\uTorrentControl_v6\prxtbuTor.dll (ClientConnect Ltd.)
Toolbar: HKCU - No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} - No File
S3 BRDriver64; \\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S3 xhunter1; \\C:\Windows\xhunter1.sys [X]
2014-06-13 20:01 - 2014-06-13 20:04 - 00000000 ____ D () C:\AdwCleaner
2014-06-05 19:13 - 2014-06-05 19:13 - 00003188 _____ () C:\Windows\System32\Tasks\{D7B466A2-102D-45F1-8FF7-68A00DF81CA9}
2014-06-03 15:08 - 2014-06-03 15:08 - 01070624 _____ (Unity Technologies ApS) C:\Users\Stachu\Downloads\UnityWebPlayer.exe
2014-05-21 14:32 - 2014-05-21 14:32 - 00003048 _____ () C:\Windows\System32\Tasks\{E343627D-E83E-4FD1-8FE9-403D6C03C7BB}

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Skasuj folder C:\FRST

Użyj http://www.bleepingcomputer.com/download/tfc/ (uruchom TFC i kliknij Start).

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.1.1004.exe

kondek121 · 14 Czerwiec 2014 16:27

niestety, nie udało się pozbyć problemu

Acorus · 14 Czerwiec 2014 18:18

Przeskanuj programem Dr.WEB CureIt http://www.freedrweb.com/cureit/?lng=pl