Zawirusowany komputer


(Rmal) #1

Witam

 

Mam zawirusowany komputer. Użyłem Trojan Remover ale nie wszystko jest ok.

Proszę o sprawdzenie loga zrobionego przez FRST.

Iexplorer też przestał działać :frowning:

 

Addition     http://wklej.org/id/1656421/

 

FRST        http://wklej.org/id/1656422/

 

Z góry dzięki za pomoc

Rafał


(Acorus) #2

Odinstaluj Trojan Remover 6.9.1.Otwórz notatnik systemowy i wklej:

Task: {01FF737A-DB20-49E0-AD03-261151A13012} - System32\Tasks\{B6DFF9AC-DDC8-414B-97D1-16F73DE7B4AC} = pcalua.exe -a C:\Users\Rafał\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=mp3
Task: {48F4E2C6-5761-454D-AD63-C8D64FBFC1AF} - System32\Tasks\Microsoft\529e89887b95934411771060a45bec89 = C:\Users\Rafał\AppData\Roaming\DownloadManager\Loader.exe ==== ATTENTION
HKLM\...\Run: [RtsFT] = C:\WINDOWS\RTFTrack.exe [6340312 2014-03-25] (Realtek semiconductor)
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [TrojanScanner] = C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1425663388from=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1425663388from=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpppts=1425663398from=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpppts=1425663398from=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1425663388from=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1425663388from=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3q={searchTerms}
HKU\S-1-5-21-4196877148-2835945083-788769453-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsppts=1425663398from=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3q={searchTerms}
HKU\S-1-5-21-4196877148-2835945083-788769453-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpppts=1425663398from=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3
HKU\S-1-5-21-4196877148-2835945083-788769453-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.lenovo.com
HKU\S-1-5-21-4196877148-2835945083-788769453-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsppts=1425663398from=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4196877148-2835945083-788769453-1001 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=mp3utm_campaign=install_ieutm_content=dsfrom=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3ts=1425663424type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4196877148-2835945083-788769453-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=mp3utm_campaign=install_ieutm_content=dsfrom=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3ts=1425663424type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4196877148-2835945083-788769453-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=mp3utm_campaign=install_ieutm_content=dsfrom=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3ts=1425663424type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4196877148-2835945083-788769453-1001 - {36310233-2154-4D4B-83BA-59D687981281} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=mp3utm_campaign=install_ieutm_content=dsfrom=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3ts=1425663424type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4196877148-2835945083-788769453-1001 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=mp3utm_campaign=install_ieutm_content=dsfrom=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3ts=1425663424type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-4196877148-2835945083-788769453-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=mp3utm_campaign=install_ieutm_content=dsfrom=mp3uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX61A84FZVN3FZVN3ts=1425663424type=defaultq={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll No File
FF Extension: Firefox Certificate Store Hotfix - C:\Users\Rafał\AppData\Roaming\Mozilla\Firefox\Profiles\p6y9jva4.default\Extensions\firefox-hotfix@mozilla.org.xpi [2015-03-07]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-06] (SysTool PasSame LIMITED)
R2 xuworexe; C:\Users\Rafał\AppData\Roaming\FF38A63E-1425663541-E411-B2A0-F0761C1CE128\nsa8F6F.tmpfs [X]
2015-03-06 18:41 - 2015-03-06 18:41 - 00003152 _____ () C:\WINDOWS\System32\Tasks\{B6DFF9AC-DDC8-414B-97D1-16F73DE7B4AC}
2015-03-06 18:36 - 2015-03-06 19:36 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-03-06 18:35 - 2015-03-06 18:35 - 00000000 ____ D () C:\Users\Rafał\AppData\Roaming\DownloadManager
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.