Zainfekowany komputer, wolno chodzi i ciągle zmieniają się przeglądarki

tomek235 · 20 Luty 2015 09:42

Jak w temacie. Poniżej logi. Dziękuję za pomoc.

Addition: http://www.wklej.org/id/1640589/

Acorus · 20 Luty 2015 10:55

Otwórz notatnik systemowy i wklej:

Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1592454029-682003330-1004Core.job = C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1592454029-682003330-1004UA.job = C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1592454029-682003330-1005Core.job = C:\Documents and Settings\Mama\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1482476501-1592454029-682003330-1005UA.job = C:\Documents and Settings\Mama\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe
HKLM\...\Run: [RTHDCPL] = C:\WINDOWS\RTHDCPL.EXE [16208384 2006-06-01] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] = C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [GrooveMonitor] = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [33648 2007-08-24] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\S-1-5-21-1482476501-1592454029-682003330-1003\...\Run: [updateMgr] = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-1482476501-1592454029-682003330-1003\...\Run: [MSMSGS] = C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation)
HKU\S-1-5-21-1482476501-1592454029-682003330-1003\...\MountPoints2: {6eb90fee-d0c9-11db-a316-0060b3471d11} - ekugb3.bat
HKU\S-1-5-21-1482476501-1592454029-682003330-1003\...\MountPoints2: {79031e20-1092-11dd-ac55-0060b3471d11} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wupdmgr.exe
HKU\S-1-5-21-1482476501-1592454029-682003330-1003\...\MountPoints2: {ed63be70-2fc6-11dd-ad35-0060b3471d11} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
HKU\S-1-5-21-1482476501-1592454029-682003330-1004\...\Run: [Facebook Update] = C:\Documents and Settings\Tomek\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [138096 2012-09-14] (Facebook Inc.)
HKU\S-1-5-21-1482476501-1592454029-682003330-1005\...\Run: [MSMSGS] = C:\Program Files\Messenger\msmsgs.exe [1694208 2004-10-13] (Microsoft Corporation)
HKU\S-1-5-21-1482476501-1592454029-682003330-1005\...\Run: [Facebook Update] = C:\Documents and Settings\Mama\Ustawienia lokalne\Dane aplikacji\Facebook\Update\FacebookUpdate.exe [138096 2012-08-22] (Facebook Inc.)
IFEO\dotnet3.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnet3[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnet3[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx30SP1setup.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx30SP1setup[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx30SP1setup[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx35.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx35setup.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx35setup[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx35setup[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx35[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx35[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3setup.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3setup[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3setup[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3_ia64.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3_ia64[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3_ia64[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3_x64.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3_x64[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx3_x64[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\dotnetfx[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP1_ia64.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP1_ia64[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP1_ia64[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP1_x64.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP1_x64[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP1_x64[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP1_x86.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP1_x86[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP1_x86[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP2_ia64.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP2_ia64[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP2_ia64[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP2_x64.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP2_x64[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP2_x64[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP2_x86.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP2_x86[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx20SP2_x86[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx30SP1_x64.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx30SP1_x64[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx30SP1_x64[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx30SP1_x86.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx30SP1_x86[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx30SP1_x86[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx35_ia64.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx35_ia64[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx35_ia64[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx35_x64.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx35_x64[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx35_x64[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx35_x86.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx35_x86[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx35_x86[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx64.exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx64[1].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
IFEO\NetFx64[2].exe: [Debugger] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe
HKU\S-1-5-21-1482476501-1592454029-682003330-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-1482476501-1592454029-682003330-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" ======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1482476501-1592454029-682003330-1003 - {0CBCBF84-1BB9-4AE4-ABF6-37DD86A29E35} URL =
SearchScopes: HKU\S-1-5-21-1482476501-1592454029-682003330-1003 - {AE66E257-2140-41D8-88B5-A6F273B369FF} URL =
SearchScopes: HKU\S-1-5-21-1482476501-1592454029-682003330-1003 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685query={searchTerms}invocationType=tb50winampie7
SearchScopes: HKU\S-1-5-21-1482476501-1592454029-682003330-1004 - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={5B31B80A-8279-42BA-96EE-C641BAC4EE99}mid=c57d0ce2f94d47d2a56b1973733e91ea-ad1491be2ce6c122f6b66faa90e70c2decf7d34clang=ends=AVGcoid=avgtbavgcmpid=pr=frd=2014-11-18 13:18:32v=4.0.0.19pid=wtusg=sap=dspq={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-1592454029-682003330-1004 - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={5B31B80A-8279-42BA-96EE-C641BAC4EE99}mid=c57d0ce2f94d47d2a56b1973733e91ea-ad1491be2ce6c122f6b66faa90e70c2decf7d34clang=ends=AVGcoid=avgtbavgcmpid=pr=frd=2014-11-18 13:18:32v=4.0.0.19pid=wtusg=sap=dspq={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-1592454029-682003330-1005 - DefaultScope {FD336287-C3EA-4BDB-A927-1026F5CC4BA5} URL = http://www3.yoog.com/search.php?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-1592454029-682003330-1005 - {1D56716A-F877-4BA4-A69B-F8DA50B32DF8} URL =
SearchScopes: HKU\S-1-5-21-1482476501-1592454029-682003330-1005 - {FD336287-C3EA-4BDB-A927-1026F5CC4BA5} URL = http://www3.yoog.com/search.php?q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll No File
BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL No File
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll No File
Toolbar: HKLM - AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL No File
Toolbar: HKU\S-1-5-21-1482476501-1592454029-682003330-1003 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1482476501-1592454029-682003330-1003 - AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL No File
Toolbar: HKU\S-1-5-21-1482476501-1592454029-682003330-1004 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: https://mysearch.avg.com?cid={5B31B80A-8279-42BA-96EE-C641BAC4EE99}mid=c57d0ce2f94d47d2a56b1973733e91ea-ad1491be2ce6c122f6b66faa90e70c2decf7d34clang=ends=AVGcoid=avgtbavgcmpid=pr=frd=2014-11-18 13:18:32v=4.0.0.19pid=wtusg=sap=hp
FF SearchPlugin: C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\q8c7jhge.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: AVG Web TuneUp - C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\q8c7jhge.default\Extensions\avg@toolbar [2014-11-18]
R2 vToolbarUpdater18.1.10; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-18] (AVG Secure Search)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-11-18] (AVG Technologies)
S3 GMSIPCI; \\F:\INSTALL\GMSIPCI.SYS [X]
S4 IntelIde; No ImagePath
S3 MSICPL; \\C:\Documents and Settings\Sturlis\Pulpit\install4\MSICPL.sys [X]
S3 NTACCESS; \\F:\NTACCESS.sys [X]
S3 PCANDIS5; \\C:\WINDOWS\system32\PCANDIS5.SYS [X]
S3 SetupNTGLM7X; \\F:\NTGLM7X.sys [X]
S3 ZDCndis5; \\C:\WINDOWS\system32\ZDCndis5.SYS [X]
S3 ZDPSp50; System32\Drivers\ZDPSp50.sys [X]
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

tomek235 · 20 Luty 2015 11:27

Nie jest to moj komputer, a wlasciciel nie pamieta hasla aby zalogowac sie jako administrator. Czy moge je (hasło) jakos obejsc czy po prostu wykonac Twoje polecenie na koncie na ktorym jestem zalogowany ? Chyba że wtedy to nic nie da ?

Acorus · 20 Luty 2015 11:29

Możesz spróbować.

tomek235 · 20 Luty 2015 11:36

Fixlog: http://wklej.org/id/1641302/

AdwCleaner: http://wklej.org/id/1640894/

Acorus · 20 Luty 2015 11:42

Skasuj folder C:\FRST

tomek235 · 20 Luty 2015 11:45

Zrobione. Czy coś dalej powinienem zrobić ?

Acorus · 20 Luty 2015 11:56

To wszystko.

tomek235 · 20 Luty 2015 11:58

Dziękuję , pozdrawiam !

A jeszcze mam pytanie. Podczas usuwania nortona zawsze wyskakuje mi blad i odistalowywanie nie jest zakonczone. Jak moge go usunac w takim razie?

Acorus · 20 Luty 2015 13:44

Użyj Norton Removal Tool.