WindowsMangerProtect.exe i inne malware


(B L A D Y 12p) #1

Cześć, od wczoraj na moim komputerze pojawiło się dość sporo malware, walczę z nim od rana, możecie sprawdzić, czy nie ma tego więcej? 

OTL - http://wklej.to/WtN64

Extras - http://wklej.to/YQRUi


(Acorus) #2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Michal Glaba) #3

Logi…

http://forum.dobreprogramy.pl/nowy-log-obowi%C4%85zkowy-farbar-recovery-scan-tool-t478727/


(B L A D Y 12p) #4

First - http://wklej.to/Tor10

Addition - http://wklej.to/0CqAL


(Acorus) #5

Odinstaluj Desura.Otwórz notatnik systemowy i wklej:

Task: {D71E0516-2712-4959-84EF-0017EC447C84} - System32\Tasks\{D3F749E0-5BB3-442C-B9FE-665F57121B32} = Firefox.exe http://ui.skype.com/ui/0/6.18.0.106/pl/abandoninstall?page=tsPlugin
AlternateDataStreams: C:\Users\Blady\Cookies:KySxMaWu7HU6joKJLFoFaYPz1
AlternateDataStreams: C:\Users\Blady\AppData\Local\Temp:gWwcbHrTL21jTiucyIue7gWBIs
AlternateDataStreams: C:\Users\Blady\AppData\Local\YSE25W1hS8HTxi:C4FOZmXBGOx1MtlPdFTjCnDzN2ytX
AppInit_DLLs-x32: Ȏ噎䵒 = "Ȏ噎䵒" File Not Found
BootExecute: autocheck autochk *
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO-x32: No Name - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - No File
FF Plugin HKU\S-1-5-21-2778178510-2386622618-2010334751-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 - C:\Users\Blady\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2778178510-2386622618-2010334751-1001: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 - C:\Users\Blady\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
CHR StartupUrls: Default - "https://www.google.pl/", "hxxp://www.sweet-page.com/?type=hpts=1420645508from=coruid=ST1000DL002-9TT153_W1V0PYT1XXXXW1V0PYT1"
CHR Extension: (MEGA) - C:\Users\Blady\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
R2 postgresql-x64-9.2; C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]
S1 adgnetworktdi; system32\drivers\adgnetworktdi.sys [X]
S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]
S4 NVHDA; \SystemRoot\system32\drivers\nvhda64v.sys [X]
2015-01-07 16:48 - 2015-01-07 16:48 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-01-07 16:46 - 2015-01-10 16:25 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
C:\ProgramData\fontcacheev1.dat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(B L A D Y 12p) #6

Rozwiązane, dziękuję.


(Acorus) #7

Skasuj folder C:\FRST