Stan po epidemii,spowolnienie i co dalej

Dla specjalistów Bezpieczeństwo
#1

Witam, jak w temacie: Zmulenie a wcześniej epidemia którą przeoczył mcAfee.

Proszę o diagnozę

#2

Odinstaluj Softonic for Windows,Trojan Remover 6.9.1.2932.Otwórz Notatnik i wklej:

Task: {3C5C7CD3-0F99-41F8-B4A7-C6B51D6A7405} - System32\Tasks\globalUpdateUpdateTaskMachineUA = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: {61AB8138-76B8-47ED-B365-47DE060572AA} - System32\Tasks\globalUpdateUpdateTaskMachineCore = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
HKLM\...\Run: [] = [X]
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [TrojanScanner] = C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-11-01] (Simply Super Software)
HKU\S-1-5-21-3486308018-3987842668-610572500-1001\...\Run: [Softonic for Windows] = C:\Users\Waldemar\AppData\Local\Softonic\Softonic.exe [4170224 2014-05-26] (Softonic)
HKU\S-1-5-21-3486308018-3987842668-610572500-1001\...\MountPoints2: {d8ad454b-face-11e3-827e-a4db30365b8c} - "E:\AutoRun.exe"
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKCU - DefaultScope {4A1A4754-28BC-4283-8F29-4D4DC647CEE5} URL =
SearchScopes: HKCU - {4A1A4754-28BC-4283-8F29-4D4DC647CEE5} URL =
FF Extension: Internet Speed Checker - C:\Users\Waldemar\AppData\Roaming\Mozilla\Firefox\Profiles\5segrwao.default\Extensions\sepherdwilbur@aol.com [2014-10-31]
CHR HomePage: Default - hxxp://rts.dsrlte.com?affID=na
CHR StartupUrls: Default - "hxxp://rts.dsrlte.com?affID=na"
CHR Extension: (WiseEnhance) - C:\Users\Waldemar\AppData\Local\Google\Chrome\User Data\Default\Extensions\loepaecnehfgonejbbblmobcfmcafbfe [2014-10-30]
S2 0149331414779187mcinstcleanup; C:\Users\Waldemar\AppData\Local\Temp\014933~1.EXE [851136 2014-08-08] (McAfee, Inc.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
S2 MaintainerSvc5.00.026944; "C:\ProgramData\25e9dd31-9f4d-45f2-8dac-1413f8cec2c0\maintainer.exe" [X]
R1 {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64; C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}w64.sys [61120 2014-06-18] (StdLib)
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [X]
2014-10-31 20:34 - 2014-11-01 16:50 - 00000966 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-31 20:34 - 2014-11-01 08:39 - 00000970 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-31 20:34 - 2014-10-31 20:34 - 00003942 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-10-31 20:34 - 2014-10-31 20:34 - 00003706 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-10-31 20:34 - 2014-10-31 20:34 - 00000000 ____ D () C:\Users\Waldemar\AppData\Local\globalUpdate
2014-10-30 21:46 - 2014-10-30 21:46 - 00003138 _____ () C:\Windows\System32\Tasks\Trojan Remover
2014-10-30 21:46 - 2014-10-30 21:46 - 00000965 _____ () C:\Users\Public\Desktop\Loaris Trojan Remover.lnk
2014-10-30 21:46 - 2014-10-30 21:46 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loaris Trojan Remover
2014-10-30 21:45 - 2014-10-30 21:45 - 00000000 ____ D () C:\ProgramData\Loaris
2014-10-30 21:45 - 2014-10-30 21:45 - 00000000 ____ D () C:\Program Files\Loaris
2014-10-30 21:36 - 2014-10-30 21:36 - 00001120 _____ () C:\Users\Waldemar\Desktop\Softonic.lnk
2014-10-30 21:36 - 2014-10-30 21:36 - 00000000 ____ D () C:\Users\Waldemar\AppData\Local\CrashRpt
2014-10-30 21:35 - 2014-10-30 21:36 - 00000000 ____ D () C:\Users\Waldemar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softonic
2014-10-30 21:35 - 2014-10-30 21:36 - 00000000 ____ D () C:\Users\Waldemar\AppData\Local\Softonic
2014-10-30 21:19 - 2014-10-30 21:19 - 00000000 ____ D () C:\Users\Waldemar\AppData\Roaming\QuickScan
2014-10-30 21:14 - 2014-11-01 16:26 - 00000000 ____ D () C:\Users\Waldemar\AppData\Roaming\Systweak
2014-10-30 21:14 - 2014-08-29 17:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-10-30 20:48 - 2014-11-01 16:30 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Dzięki. Zrobione, wklejam kolejny  prosbą o sprawdzenie

#4

Nowe logi zbędne.Skasuj folder C:\FRST

#5

Dzięki. zrobione,czy teraz jest czysto?

#6

Tak .To wszystko.