xMario11
22 Grudzień 2014 11:08
#1
Witam mam wirusa który włącza mi sam przeglądarkę (co jakieś 3 minuty) , w menadżerze mi piszę iexplorer i zabiera mi ok. 50% zużycia procesora. Chciałbym dodać że przeglądarka jest tylko w menadżerze zadań a nie włącza się żebym ją widział. Dzieje mi się tak od 2 dni jak coś próbowałem ściągnąć, próbowałem przeskanować avastem znalazło jakieś zarażone pliki, to je usunąłem.
Co mogę zrobić proszę o pomoc.
http://zapodaj.net/8…f10e5f.png.html
Link do OTL: http://host1gb.net.pl/download.php?file=c4af878097d30b6b6adc3d9811ae305b
Ps. Od razu przepraszam jak temat założyłem w złej zakładce, nie wiedziałem gdzie to przepisać.
Acorus
22 Grudzień 2014 11:10
#2
Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
xMario11
22 Grudzień 2014 11:21
#3
Acorus
22 Grudzień 2014 11:57
#4
Odinstaluj mystartsearch uninstall,PC Tools Spyware Doctor 9.1.Otwórz notatnik systemowy i wklej:
Task: {3052A56D-5C0A-4350-B81A-2B1534FD4475} - System32\Tasks\SMupdate1 = Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 ==== ATTENTION
Task: {3AF43D89-9861-47FB-B7C3-74DDA8E50395} - System32\Tasks\globalUpdateUpdateTaskMachineCore = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-20] (globalUpdate) ==== ATTENTION
Task: {6A24AFC6-6EEF-40D1-A090-991F68438909} - System32\Tasks\e03c6d59-6a70-424d-a931-bcb78ea8bfde-6 = C:\Program Files (x86)\HQ-Video-Pro-2.1cV20.12\e03c6d59-6a70-424d-a931-bcb78ea8bfde-6.exe [2014-12-20] (HQ-VideoV20.12) ==== ATTENTION
Task: {7E188E60-4DA8-4F21-B435-9584DA06FFC3} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 = Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 ==== ATTENTION
Task: {91751E33-8E39-4275-9C5D-17AF4737AEC7} - System32\Tasks\f9fe7621-275d-47a1-b799-a8ca41df3561-6 = C:\Program Files (x86)\Object Browser\f9fe7621-275d-47a1-b799-a8ca41df3561-6.exe [2014-12-20] (Object Browser) ==== ATTENTION
Task: {B6A8BCDF-AA3C-45B5-8C50-AF010A454487} - System32\Tasks\{52DB7F47-DCAC-4D27-A049-E1429B733DEF} = pcalua.exe -a C:\Users\Mariusz\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
Task: {D88FEC94-BE2B-4C49-B727-D91B743DEF57} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 = Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 ==== ATTENTION
Task: {FF2AC0E3-2F5C-4EDE-8EC4-C4D77D772F7B} - System32\Tasks\globalUpdateUpdateTaskMachineUA = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-20] (globalUpdate) ==== ATTENTION
Task: C:\Windows\Tasks\e03c6d59-6a70-424d-a931-bcb78ea8bfde-6.job = C:\Program Files (x86)\HQ-Video-Pro-2.1cV20.12\e03c6d59-6a70-424d-a931-bcb78ea8bfde-6.exe ==== ATTENTION
Task: C:\Windows\Tasks\f9fe7621-275d-47a1-b799-a8ca41df3561-6.job = C:\Program Files (x86)\Object Browser\f9fe7621-275d-47a1-b799-a8ca41df3561-6.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
HKLM-x32\...\Run: [gmsd_pl_8] = [X]
HKLM-x32\...\Run: [rec_pl_1] = C:\Program Files (x86)\rec_pl_1\rec_pl_1.exe [3977384 2014-12-16] ()
HKLM-x32\...\RunOnce: [upgmsd_pl_8.exe] = C:\Users\Mario\AppData\Local\gmsd_pl_8\upgmsd_pl_8.exe [3308200 2014-12-15] ()
ShellIconOverlayIdentifiers: [DropboxExt1] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: [DropboxExt2] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: [DropboxExt3] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: [DropboxExt4] - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YV
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YV
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YVq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YVq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YV
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YV
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YVq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YVq={searchTerms}
URLSearchHook: HKU\S-1-5-21-4084232651-115364974-3167572630-1004 - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YVq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YVq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YVq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1414865826from=amtuid=ST320LT012-9WS14C_S0V071YVXXXXS0V071YVq={searchTerms}
SearchScopes: HKU\S-1-5-21-4084232651-115364974-3167572630-1004 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Object Browser - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll (Object Browser)
BHO: iWebar - {11111111-1111-1111-1111-110611511123} - C:\Program Files (x86)\iWebar\iWebar-bho64.dll (iWebar)
BHO: HQ-Video-Pro-2.1cV20.12 - {11111111-1111-1111-1111-110611901163} - C:\Program Files (x86)\HQ-Video-Pro-2.1cV20.12\HQ-Video-Pro-2.1cV20.12-bho64.dll (HQ-VideoV20.12)
BHO-x32: Object Browser - {11111111-1111-1111-1111-110311281150} - C:\Program Files (x86)\Object Browser\Object Browser-bho.dll (Object Browser)
BHO-x32: iWebar - {11111111-1111-1111-1111-110611511123} - C:\Program Files (x86)\iWebar\iWebar-bho.dll (iWebar)
BHO-x32: HQ-Video-Pro-2.1cV20.12 - {11111111-1111-1111-1111-110611901163} - C:\Program Files (x86)\HQ-Video-Pro-2.1cV20.12\HQ-Video-Pro-2.1cV20.12-bho.dll (HQ-VideoV20.12)
BHO-x32: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM-x32 - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKU\S-1-5-21-4084232651-115364974-3167572630-1004 - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF Extension: HQ-Video-Pro-2.1cV20.12 - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\o20elnsq.default\Extensions\6c03cee0ab9442c4a67a507@58d658df5a30468fabf5c7a.com [2014-12-20]
FF Extension: Better-Fox - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\o20elnsq.default\Extensions\{9ee1c043-893a-4b68-a804-54db7cc4de3b} [2014-12-20]
FF Extension: hdplugin - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\o20elnsq.default\Extensions\jid0-aSChrRyNMdJxBmorrZFa2r4Vv4w@jetpack.xpi [2014-12-11]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\pgbj1ex3.default\extensions\faststartff@gmail.com
FF Extension: Fast Start - C:\Users\Mariusz\AppData\Roaming\Mozilla\Firefox\Profiles\pgbj1ex3.default\extensions\faststartff@gmail.com [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{d9a96531-b093-4d07-9e4c-9704a365c441}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{d9a96531-b093-4d07-9e4c-9704a365c441}
FF HKLM-x32\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox
FF Extension: Browser Guard Toolbar - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox [2014-12-22]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-20] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-20] (globalUpdate) [File not signed]
R2 YTDUpdt; C:\Program Files (x86)\YTDownloader\YTDUpdater.exe [178688 2014-12-17] (Goobzo) [File not signed]
S1 ccnfd_1_10_0_4; system32\drivers\ccnfd_1_10_0_4.sys [X]
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WinRing0_1_2_0; \\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
S1 wpnfd_1_10_0_2; system32\drivers\wpnfd_1_10_0_2.sys [X]
2014-12-22 04:16 - 2014-12-22 04:16 - 00000000 ____ D () C:\Users\Mario\AppData\Local\rec_pl_1
2014-12-20 23:57 - 2014-12-22 04:16 - 00000000 ____ D () C:\Program Files (x86)\rec_pl_1
2014-12-20 17:51 - 2014-12-20 17:51 - 00000000 ____ D () C:\Users\Mario\AppData\Local\WorldofTanks
2014-12-20 17:51 - 2014-12-20 17:51 - 00000000 ____ D () C:\Program Files (x86)\ver6BlockAndSurf
2014-12-20 17:45 - 2014-12-20 17:55 - 00000000 ____ D () C:\Users\Mario\AppData\Roaming\systweak
2014-12-20 17:45 - 2014-12-20 17:45 - 00000000 __SHD () C:\Users\Mario\AppData\Roaming\AnyProtectEx
2014-12-20 17:45 - 2014-12-20 17:45 - 00000000 ____ D () C:\Program Files (x86)\AnyProtectEx
2014-12-20 17:45 - 2014-12-08 17:01 - 00020216 _____ () C:\Windows\system32\roboot64.exe
2014-12-20 17:43 - 2014-12-20 17:43 - 00000000 ____ D () C:\Users\Mario\AppData\Roaming\ustpubof
2014-12-20 17:42 - 2014-12-22 11:47 - 00005522 _____ () C:\Windows\Tasks\e03c6d59-6a70-424d-a931-bcb78ea8bfde-6.job
2014-12-20 17:42 - 2014-12-21 22:20 - 00000000 ____ D () C:\Program Files (x86)\HQ-Video-Pro-2.1cV20.12
2014-12-20 17:42 - 2014-12-20 17:43 - 00000000 ____ D () C:\Program Files (x86)\9480d5a8-de1a-4d47-8609-0cbfb72cb85d
2014-12-20 17:42 - 2014-12-20 17:42 - 00008550 _____ () C:\Windows\System32\Tasks\e03c6d59-6a70-424d-a931-bcb78ea8bfde-6
2014-12-20 17:27 - 2014-12-20 17:42 - 00003954 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-12-20 17:27 - 2014-12-20 17:28 - 00008532 _____ () C:\Windows\System32\Tasks\f9fe7621-275d-47a1-b799-a8ca41df3561-6
2014-12-20 17:26 - 2014-12-22 11:47 - 00000956 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-12-20 17:26 - 2014-12-22 11:32 - 00005504 _____ () C:\Windows\Tasks\f9fe7621-275d-47a1-b799-a8ca41df3561-6.job
2014-12-20 17:26 - 2014-12-22 11:11 - 00000952 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-12-20 17:26 - 2014-12-21 22:20 - 00000000 ____ D () C:\Program Files (x86)\Object Browser
2014-12-20 17:26 - 2014-12-21 22:20 - 00000000 ____ D () C:\Program Files (x86)\iWebar
2014-12-20 17:26 - 2014-12-20 17:42 - 00003700 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-12-20 17:26 - 2014-12-20 17:27 - 00000000 ____ D () C:\Program Files (x86)\fa1286ff-47a9-45ed-9a53-cc52037e0f1b
2014-12-20 17:26 - 2014-12-20 17:27 - 00000000 ____ D () C:\Program Files (x86)\d87c628e-ef2f-46ce-8363-221fe7bd3e2a
2014-12-20 17:26 - 2014-12-20 17:26 - 00003720 _____ () C:\Windows\System32\Tasks\SMupdate1
2014-12-20 17:26 - 2014-12-20 17:26 - 00000000 ____ D () C:\Users\Public\Documents\ShopperPro
2014-12-20 17:26 - 2014-12-20 17:26 - 00000000 ____ D () C:\Users\Mario\AppData\Local\globalUpdate
2014-12-20 17:26 - 2014-12-20 17:26 - 00000000 ____ D () C:\Program Files (x86)\globalUpdate
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
xMario11
22 Grudzień 2014 12:24
#5
Jeśli o to chodzi to proszę .
AdwCleanerS0.txt
Acorus
22 Grudzień 2014 12:47
#6
Coś z czytaniem masz problem.Miały być z FRST.
Agaton
22 Grudzień 2014 15:35
#7
xMario11
Proszę zapoznać się z tematem
Zignorowanie zalecenia będzie skutkowało przeniesieniem tematu do Kosza.
