Kilka dni temu walczyliśmy z wirusem Help_decript. Widocznie przy ściąganiu jakichś programów do odzyskiwania dancyh znów komputer został zainfekowany. Tym razem w pasku koło zegara pojawiła się ikonka Search Protect. Proszę o pomoc w pozbyciu się dziadostwa, a przy okazji z innych śmieci. Używam wyłącznie programu Internet Security do ochrony, ale to już drugi atak, z którym program sobie nie poradził. Jest jakiś lepszy i darmowy?
Logi z FRST:
Odinstaluj PC Tools Internet Security 2009.Otwórz notatnik systemowy i wklej:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hpppts=1438366966z=4ca683703ee7938925da0dagazac5b3ceqcqab5cbmfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dsppts=1438366966z=4ca683703ee7938925da0dagazac5b3ceqcqab5cbmfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hpppts=1438366966z=4ca683703ee7938925da0dagazac5b3ceqcqab5cbmfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dsppts=1438366966z=4ca683703ee7938925da0dagazac5b3ceqcqab5cbmfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009q={searchTerms}
HKU\S-1-5-21-532866624-3427821644-2924235846-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hpppts=1438366966z=4ca683703ee7938925da0dagazac5b3ceqcqab5cbmfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009
HKU\S-1-5-21-532866624-3427821644-2924235846-1005\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=iear=iesearch
HKU\S-1-5-21-532866624-3427821644-2924235846-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hpppts=1438366966z=4ca683703ee7938925da0dagazac5b3ceqcqab5cbmfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009
HKU\S-1-5-21-532866624-3427821644-2924235846-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.msn.com/pl-pl/?ocid=UP97DHPpc=UP97
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dsppts=1438366966z=4ca683703ee7938925da0dagazac5b3ceqcqab5cbmfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dsppts=1438366966z=4ca683703ee7938925da0dagazac5b3ceqcqab5cbmfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009q={searchTerms}
SearchScopes: HKU\S-1-5-21-532866624-3427821644-2924235846-1005 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dsppts=1438366966z=4ca683703ee7938925da0dagazac5b3ceqcqab5cbmfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009q={searchTerms}
SearchScopes: HKU\S-1-5-21-532866624-3427821644-2924235846-1005 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009ts=1438367003type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-532866624-3427821644-2924235846-1005 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009ts=1438367003type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-532866624-3427821644-2924235846-1005 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dsppts=1438366966z=4ca683703ee7938925da0dagazac5b3ceqcqab5cbmfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009q={searchTerms}
SearchScopes: HKU\S-1-5-21-532866624-3427821644-2924235846-1005 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009ts=1438367003type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-532866624-3427821644-2924235846-1005 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009ts=1438367003type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-532866624-3427821644-2924235846-1005 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=SAMSUNGXHM160HI_S1WWJ9BZ503009ts=1438367003type=defaultq={searchTerms}
BHO: GoodTab Class - {1F91A9A1-01BA-4c81-863D-3BA0751E1419} - C:\Program Files\MiuiTab\SupTab.dll [2015-07-30] (Thinkgood Co. Limited)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF SearchPlugin: C:\Documents and Settings\Jarecki\Dane aplikacji\Mozilla\Firefox\Profiles\jrn2r0tr.default\searchplugins\istartsurf.xml [2015-08-03]
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-07-30] (XTab system)
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Dane aplikacji\5WinManPro5\ProtectWindowsManager.exe [708264 2015-07-31] (DTools LIMITED) ==== ATTENTION
2015-07-31 20:24 - 2015-07-31 20:24 - 00000000 ____ D C:\Documents and Settings\Jarecki\Dane aplikacji\0U1E1Q1T2Z1P0S2Z1T1C
2015-07-31 20:23 - 2015-07-31 20:23 - 00000000 ____ D C:\Program Files\MiuiTab
2015-07-31 20:23 - 2015-07-31 20:23 - 00000000 ____ D C:\Documents and Settings\All Users\Dane aplikacji\IHProtectUpDate
2015-07-31 20:22 - 2015-07-31 20:23 - 00000000 ____ D C:\Documents and Settings\All Users\Dane aplikacji\5WinManPro5
2015-07-31 20:39 - 2014-11-29 15:28 - 00000000 ____ D C:\AdwCleaner
2015-07-14 11:11 - 2015-04-01 11:58 - 00000000 ____ D C:\Documents and Settings\Gość\Dane aplikacji\Elex-tech
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Komputer zdaje się być znów sprawny.
Bardzo dziękuję za pomoc 