Win64:PUP-gen [PUP] w pliku dwm.exe


(askirkov) #1

Witam. Avast mi dzisiaj szalał i nie potrafił sam usunąć tego czegoś. Alarm wyskakiwał z powodu pliku dwm.exe w folderze Users/Nazwa_użytkownika/AppData/Local/Temp, który po długiej walce udało mi się usunąć na dłużej (wcześniej odnawiał się i cały czas się uruchamiał, co wywoływało kolejne alarmy). Czym powinienem teraz przeskanować system, żeby upewnić się, czy wszystko w porządku? Mój system to Windows 7.


(Acorus) #2

http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowiązkowy-t478727/


(askirkov) #3

Załączam logi.

FRST.txt

Addition.txt

Shortcut.txt


(Acorus) #4

Włącz przywracanie systemu.Odinstaluj GPU Monitor,Qtrax Player,Update for Video Converter,Video Converter Packages.Otwórz notatnik systemowy i wklej:

HKLM-x32\...\RunOnce: [Del1361171] = cmd.exe /Q /D /c del "C:\Users\Cesar\AppData\Local\Temp\0.del" ===== ATTENTION
HKU\S-1-5-21-579369913-1748674154-187786004-1001\...\RunOnce: [Qtrax] = C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [387224 2015-04-15] (Microsoft Corporation)
HKU\S-1-5-21-579369913-1748674154-187786004-1001\...\RunOnce: [Del1361155] = cmd.exe /Q /D /c del "C:\Users\Cesar\AppData\Local\Temp\0.del" ===== ATTENTION
HKU\S-1-5-21-579369913-1748674154-187786004-1002\...\Run: [QtraxNotification] = C:\Users\Belfer\Qtrax\Player\Notification.exe
HKU\S-1-5-21-579369913-1748674154-187786004-1002\...\Run: [ABBYY Screenshot Reader Bonus] = [X]
HKU\S-1-5-21-579369913-1748674154-187786004-1012\...\Run: [QtraxNotification] = C:\Users\UpdatusUser\Qtrax\Player\Notification.exe
HKU\S-1-5-21-579369913-1748674154-187786004-1012\...\RunOnce: [Qtrax] = C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [387224 2015-04-15] (Microsoft Corporation)
HKU\S-1-5-21-579369913-1748674154-187786004-1012\...\RunOnce: [Del1361155] = cmd.exe /Q /D /c del "C:\Users\Cesar\AppData\Local\Temp\0.del" ===== ATTENTION
IFEO\notepad.exe: [Debugger] C:\Program Files (x86)\Notepad2\Notepad2.exe /z
ShortcutTarget: Dropbox.lnk - C:\Users\Cesar\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
ShortcutTarget: OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXq={searchTerms}
HKU\S-1-5-21-579369913-1748674154-187786004-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EX
HKU\S-1-5-21-579369913-1748674154-187786004-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1436351803z=9b560de205b63af783b06b7gezfcbqac1w8g9baeazfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXq={searchTerms}
SearchScopes: HKU\S-1-5-21-579369913-1748674154-187786004-1001 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXts=1436351830type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-579369913-1748674154-187786004-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXts=1436351830type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-579369913-1748674154-187786004-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXts=1436351830type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-579369913-1748674154-187786004-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXts=1436351830type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-579369913-1748674154-187786004-1001 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXts=1436351830type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-579369913-1748674154-187786004-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=HitachiXHTS545050B9A300_100815PBN40317EJB60EXts=1436351830type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-579369913-1748674154-187786004-1002 - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-579369913-1748674154-187786004-1002 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-579369913-1748674154-187786004-1002 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-579369913-1748674154-187786004-1012 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
BHO-x32: LuckyTab Class - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-579369913-1748674154-187786004-1002 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 VBoxAswDrv; \\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
2014-01-11 13:59 - 2014-01-10 14:37 - 0824400 _____ (AnyProtect.com) C:\Users\Cesar\AppData\Local\AnyProtectScannerSetup.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(askirkov) #5

Qtrax Player, Update for Video Converter i Video Converter Packages nie mam na liście programów, które mógłbym odinstalować. Nie przypominam sobie też, żebym kiedykolwiek instalował któreś z nich.


(Acorus) #6

Pomiń to i wykonaj resztę.


(askirkov) #7

Zrobiłem. I to wszystko?


(Acorus) #8

Pokaż nowe logi z FRST.