Zainfekowany komputer - help!

Dla specjalistów Bezpieczeństwo
#1

Komputer zasyfiony reklamami… oto logi.

#2

Po co? Otwórz notatnik systemowy i wklej:

HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-75548932-2991014613-3722183773-1001\...\Run: [Yahoo! Search] = C:\Users\grazyna\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF SelectedSearchEngine: Yahoo! Search
2015-04-01 18:22 - 2014-03-27 18:20 - 00000000 ____ D () C:\AdwCleaner
2015-03-20 11:05 - 2014-04-14 11:44 - 00000470 ____ H () C:\WINDOWS\Tasks\Norton Security Scan for grazyna.job
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Odinstaluj Norton Security Scan.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-75548932-2991014613-3722183773-1001\...\Run: [Yahoo! Search] => C:\Users\grazyna\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.18.5\dsrlte.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Extension: Sup-SW - C:\Users\grazyna\AppData\Roaming\Mozilla\Firefox\Profiles\5s09r4qf.default\Extensions\{f2456568-e603-43db-8838-ffa7c4a685c7} [2014-11-08]
CHR Extension: (AppEnable) - C:\Users\grazyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcejkfffdheooipdonddmccfmldmjbgb [2014-11-09]
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-14] (Symantec Corporation)
2015-04-01 18:22 - 2014-03-27 18:20 - 00000000 ____ D () C:\AdwCleaner
C:\Program Files (x86)\Common Files\Symantec Shared
Task: {370D44A9-C2CE-4E71-9CFB-484777DF2295} - System32\Tasks\Norton Security Scan for grazyna => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: C:\WINDOWS\Tasks\Norton Security Scan for grazyna.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

#4

oto logi http://wklej.to/q9hG5