Utils.cdneurope.com- problem

Dla specjalistów Bezpieczeństwo
#1

Witam. Proszę o pomoc.

FRST

 

Addition

http://www.wklej.org/id/1432338/

 

#2

Odinstaluj Microsoft Zune 4.8 Packages,Remote Desktop Access (VuuPC).Otwórz Notatnik i wklej:

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1403558314from=coruid=FUJITSUXMHZ2080BHXG2_K60ZT83259LVT83259LVXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1403558314from=coruid=FUJITSUXMHZ2080BHXG2_K60ZT83259LVT83259LVXq={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: Site Matcher - C:\Documents and Settings\Vicek\Dane aplikacji\Mozilla\Firefox\Profiles\5gi1u54g.default\Extensions\sitematcher_srcs@sitematcher_srcs.com [2014-07-30]
S2 AxAutoMntSrv; F:\alco120\Alcohol 120\AxAutoMntSrv.exe [X]
S2 StarWindServiceAE; F:\alco120\Alcohol 120\StarWind\StarWindServiceAE.exe [X]
S3 catchme; \\C:\DOCUME~1\Vicek\USTAWI~1\Temp\catchme.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
2014-07-30 10:49 - 2014-07-30 10:49 - 00000000 ____ D () C:\Program Files\SiteLookup
2014-07-30 10:49 - 2014-07-30 10:49 - 00000000 ____ D () C:\Documents and Settings\Vicek\Menu Start\Programy\VOPackage
2014-07-30 10:49 - 2014-07-30 10:49 - 00000000 ____ D () C:\Documents and Settings\Vicek\Dane aplikacji\VOPackage
2014-07-30 10:49 - 2014-07-30 10:49 - 00000000 ____ D () C:\Documents and Settings\Vicek\Dane aplikacji\SimilarAddon
C:\Documents and Settings\Vicek\Ustawienia lokalne\temp\SimBundD.exe

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Dziękuję za szybką odpowiedź. Proszę o pomoc przy drugim kompie.

#4

Odinstaluj Browsers Protector,Contextual Tool Extrafind ,FLV Player Packages,LiveVDO plugin 1.3,PDF Reader Packages,StartSearch Toolbar 1.3,SweetIM for Messenger 3.6,Update for PDF Reader.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pokaż nowe logi z FRST.

#5

programy usunięte i wyczyszczone cleanerem.

#6

Otwórz Notatnik i wklej:

Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job = C:\WINDOWS\TEMP\{84989E4F-3F57-449D-B625-7EEB78979D32}.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job = C:\WINDOWS\TEMP\{E56C17D1-C627-4D48-AE6B-447D749A0BB7}.exe
HKLM\...\Policies\Explorer\Run: [62706] = C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\cckaaqq.com No File
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {0855bb3e-a822-11e3-9bd0-002170badd10} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {0a2a11b7-c1dc-11e2-a93a-002170badd10} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {15c8bd86-6cdd-11e1-8d9a-001c2344ce38} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {19d1505c-3528-11e1-8d3f-001c2344ce38} - F:\MicroLauncher.exe
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {3547787e-78ef-11e1-8dad-001c2344ce38} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {40c8d2b5-702b-11e2-8eea-001c2344ce38} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {5a97fce7-1111-11e2-8e7e-001c2344ce38} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {68c73532-45cf-11e2-8ebe-001c2344ce38} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {6b3d211f-cf3f-11e2-a94a-002170badd10} - F:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {7ee3fe07-9c3e-11e2-a915-002170badd10} - E:\AutoRun.exe
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {83875c58-f00f-11e1-8e51-001c2344ce38} - F:\AutoRun.exe
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {83ffbd4b-d6e9-11e1-8e3b-001c2344ce38} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {84cfc654-f33a-11e1-8e57-001c2344ce38} - E:\MicroLauncher.exe
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {894faf9f-800f-11e3-b103-002170badd10} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {a835747f-ddd1-11e0-8cbe-001c2344ce38} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {ab3d026a-54cc-11e2-8ecf-001c2344ce38} - E:\laucher.exe
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {beb5a9c0-2bf0-11e3-9c49-002170badd10} - E:\MicroLauncher.exe
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {c328ddf3-fe36-11e1-8e63-001c2344ce38} - E:\ZFPOrange.exe
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {dba7d663-1da0-11e2-8e8e-001c2344ce38} - E:\LaunchU3.exe -a
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {e1af7c9d-b61c-11e2-a92e-002170badd10} - E:\AutoRun.exe
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {e3c72d5c-1c2c-11e2-8e8c-001c2344ce38} - E:\MicroLauncher.exe
HKU\S-1-5-21-842925246-1993962763-839522115-1003\...\MountPoints2: {e663a24a-9035-11e1-8dd6-001c2344ce38} - E:\LaunchU3.exe -a
SearchScopes: HKLM - {3D841B7A-0B2E-4C9B-9D37-43912399DAD6} URL = http://startsear.ch/?aff=1q={searchTerms}
SearchScopes: HKCU - {28FF4C61-F4B8-4232-B766-9073EDDA587E} URL = http://startsear.ch/?aff=1src=spcf=dc70d3a6-cf31-11e0-80a7-001c2344ce38q={searchTerms}
SearchScopes: HKCU - {3D841B7A-0B2E-4C9B-9D37-43912399DAD6} URL = http://startsear.ch/?aff=1q={searchTerms}
FF Extension: Site Matcher - C:\Documents and Settings\Wojtek\Dane aplikacji\Mozilla\Firefox\Profiles\2iqj3jt9.default\Extensions\sitematcher_srcs@sitematcher_srcs.com [2014-07-31]
S3 cpuz136; \\C:\DOCUME~1\Wojtek\USTAWI~1\Temp\cpuz136\cpuz136_x32.sys [X]
S2 SSPORT; \\C:\WINDOWS\system32\Drivers\SSPORT.sys [X]
2014-08-05 15:21 - 2014-08-05 15:23 - 00000000 ____ D () C:\AdwCleaner
2014-07-31 10:34 - 2014-07-31 10:34 - 00000000 ____ D () C:\Program Files\SiteLookup
2014-07-31 10:34 - 2014-07-31 10:34 - 00000000 ____ D () C:\Documents and Settings\Wojtek\Dane aplikacji\SimilarAddon
2014-07-28 07:55 - 2013-06-10 08:06 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-07-28 07:55 - 2013-06-03 08:04 - 00000350 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
CMD: del /f /s /q %TEMP%\*.*

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#7

Dziękuje serdecznie za pomoc. Wszystko działa.

#8

Skasuj folder C:\FRST