Spowolniony system, problem z wersją Java, prawdopodobna infekcja

Dla specjalistów Bezpieczeństwo
#1

Witam wszystkich.

Oprócz spowolnionego systemu, wyskakującego okienka informującego o nieaktualnej wersji Java w Operze pojawiła się strona startowa : mail.ru

 

Proszę o pomoc w rozwiązaniu problemu.

 

 

FRST http://www.wklej.org/id/1606716/

Addition http://www.wklej.org/id/1606717/

 

 

 

#2

Odinstaluj Ask Shopping Toolbar,Browsers Protector,Contextual Tool Extrafind,GadgetBox,McAfee Security Scan Plus,MyAshampoo Toolbar,VshareComplete,YOTubeorAidsREmov.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.

#3

FRST http://www.wklej.org/id/1606767/

Addition http://www.wklej.org/id/1606768/

#4

Otwórz notatnik systemowy i wklej:

Task: C:\WINDOWS\Tasks\At1.job = C:\DOCUME~1\PAWE~1\DANEAP~1\Dealply\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job = C:\WINDOWS\TEMP\{128A0E2B-6603-43BE-9543-96160652DB44}.exe
Task: C:\WINDOWS\Tasks\JOYPP.job = C:\Documents and Settings\Krysia\Dane aplikacji\JOYPP.exe
Task: C:\WINDOWS\Tasks\schedule!567381930.job = C:\Documents and Settings\All Users\Dane aplikacji\BetterSoft\OptimizerPro\OptimizerPro.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\SN.Booster-S-1204711564.job = c:\documents and settings\all users\dane aplikacji\rightapp software\sn.booster\SN.Booster.exe ==== ATTENTION
HKLM\...\Run: [RTHDCPL] = C:\WINDOWS\RTHDCPL.EXE [16126464 2007-03-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] = C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [UnlockerAssistant] = "C:\Program Files\Unlocker\UnlockerAssistant.exe"
HKLM\...\Run: [Adobe ARM] = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [gmsd_pl_30] = [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll [X]
HKU\S-1-5-21-1220945662-1343024091-839522115-1003\...\Run: [MSMSGS] = C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
URLSearchHook: [S-1-5-21-1220945662-1343024091-839522115-1003] ATTENTION == Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.google.com" ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1220945662-1343024091-839522115-1003 - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?utf8in=1fr=ietbq={SearchTerms}
BHO: Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
BHO: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
FF Extension: Site Advisor - C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\ta1wdomb.default\Extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} [2014-08-23]
FF Extension: Search App by Ask - C:\Documents and Settings\Paweł\Dane aplikacji\Mozilla\Firefox\Profiles\ta1wdomb.default\Extensions\toolbar_ORJ-SPE@apn.ask.com.xpi [2014-06-26]
FF Extension: QuickStores-Toolbar - C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2015-01-20]
FF Extension: BasicScan - C:\Program Files\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} [2015-01-20]
CHR Extension: (YOTubeorAidsREmov) - C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\amdfkacdlfgeoeiihccfjmnmakcjgdcn [2014-09-16]
CHR HKLM\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files\StartSearch plugin\startsplg.crx [Not Found]
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
2015-01-20 16:08 - 2015-01-20 16:08 - 00613057 _____ (CMI Limited) C:\Documents and Settings\Paweł\Ustawienia lokalne\Dane aplikacji\nsn4F7.tmp
2015-01-20 13:26 - 2015-01-20 13:26 - 00628496 _____ (CMI Limited) C:\Documents and Settings\Krysia\Ustawienia lokalne\Dane aplikacji\nsd200.tmp
2015-01-20 12:16 - 2015-01-24 11:16 - 00001366 _____ () C:\WINDOWS\Tasks\HE.job
2015-01-20 12:16 - 2015-01-20 12:16 - 01554920 _____ (HQ CinemaV20.01) C:\Documents and Settings\Krysia\Dane aplikacji\HE.exe
2015-01-20 12:15 - 2015-01-24 11:16 - 00001372 _____ () C:\WINDOWS\Tasks\JOYPP.job
2015-01-20 12:15 - 2015-01-20 12:15 - 01870824 _____ (HQ CinemaV20.01) C:\Documents and Settings\Krysia\Dane aplikacji\JOYPP.exe
2015-01-20 17:29 - 2013-10-22 16:08 - 00000000 ____ D () C:\WINDOWS\AC54E5443E42443CA91DA00A6974C592.TMP
C:\Windows\Tasks\At1.job
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#5

log po usunięciu : http://www.wklej.org/id/1606811/

#6

Jak wszystko gra to skasuj folder C:\FRST

#7

Dzięki za pomoc, pozdrawiam.