Wirus/Malware - AppData/Local/Temp

Range_Rover · 9 Luty 2015 13:49

Witam, prosze o pomoc z pozbyciem się wirusa(?) Poniżej wklejam logi. Z góry dzięki.

FRST.txt: http://www.wklej.org/id/1629898/

Addition.txt: http://www.wklej.org/id/1629901/

Acorus · 9 Luty 2015 14:03

Otwórz notatnik systemowy i wklej:

GroupPolicyUsers\S-1-5-21-126242172-760813239-4159533518-1004\User: Group Policy restriction detected ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1423407121from=smtuid=395049983_1052498_2C77D353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1423407121from=smtuid=395049983_1052498_2C77D353
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1423407121from=smtuid=395049983_1052498_2C77D353q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1423407121from=smtuid=395049983_1052498_2C77D353q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1423407121from=smtuid=395049983_1052498_2C77D353
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1423407121from=smtuid=395049983_1052498_2C77D353
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1423407121from=smtuid=395049983_1052498_2C77D353q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1423407121from=smtuid=395049983_1052498_2C77D353q={searchTerms}
HKU\S-1-5-21-126242172-760813239-4159533518-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1423407121from=smtuid=395049983_1052498_2C77D353
HKU\S-1-5-21-126242172-760813239-4159533518-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1423407121from=smtuid=395049983_1052498_2C77D353
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1423407121from=smtuid=395049983_1052498_2C77D353q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1423407121from=smtuid=395049983_1052498_2C77D353q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1423407121from=smtuid=395049983_1052498_2C77D353q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1423407121from=smtuid=395049983_1052498_2C77D353q={searchTerms}
SearchScopes: HKU\S-1-5-21-126242172-760813239-4159533518-1001 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=395049983_1052498_2C77D353ts=1423407152type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-126242172-760813239-4159533518-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=395049983_1052498_2C77D353ts=1423407152type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-126242172-760813239-4159533518-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=395049983_1052498_2C77D353ts=1423407152type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-126242172-760813239-4159533518-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=395049983_1052498_2C77D353ts=1423407152type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-126242172-760813239-4159533518-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=395049983_1052498_2C77D353ts=1423407152type=defaultq={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1423407121from=smtuid=395049983_1052498_2C77D353
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=ntts=1423407121from=smtuid=395049983_1052498_2C77D353
FF SelectedSearchEngine: mystartsearch
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=scts=1423407121from=smtuid=395049983_1052498_2C77D353
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Range_Rover · 9 Luty 2015 14:30

Wykonane, log z Adw. http://www.wklej.org/id/1629943/

Acorus · 9 Luty 2015 14:33

Skasuj folder C:\FRST