Zawirusowany laptop, toolbary i błędy

Dla specjalistów Bezpieczeństwo
#1

Witam mam strasznie zawirusowanego laptopa, ma mnónstwo toolbarów których się nie mogę pozbyc nawet czcionke mi zmienia w notatniku na jakąś strasznie dużą. System zamulony strasznie.

 

skany otl

 

http://wklej.to/XJjXR

 

extras

 

http://wklej.to/fbA0J

#2

Odinstaluj NetCrawl,Music Toolbar for Chrome (Dist. by Musiclab, Inc.),Music Toolbar for Internet Explorer (Dist. by Musiclab, Inc.),qone8 Browser Protecter,Quiknowledge,

Unity Web Player,Yahoo! Search.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

#3

Dziękuje za szybką odpowiedź 

 

FRST

 

http://wklej.org/id/1407651/

 

Addtion

 

http://wklej.org/id/1407654/

#4

Otwórz Notatnik i wklej:

Task: {487C448D-D826-4227-B973-D34A73701047} - \DSite No Task File ==== ATTENTION
Task: {593BD502-5C92-47F3-8FDD-91B012454485} - \RegClean Pro_DEFAULT No Task File ==== ATTENTION
Task: {99B9BAA2-7CAE-4ED4-A363-2E574515BB0C} - \RegClean Pro No Task File ==== ATTENTION
Task: {B6A104CC-D578-412D-8985-69EB77E2B05C} - \RegClean Pro_UPDATES No Task File ==== ATTENTION
Task: {D410555D-7FAC-465A-B603-6B1C7CDFB42E} - \BonanzaDealsUpdate No Task File ==== ATTENTION
HKU\S-1-5-21-982543015-954895831-3117815311-1001\...\MountPoints2: {0f2c1b0d-2751-11e2-be70-806e6f6e6963} - "E:\cdstart.exe"
HKU\S-1-5-21-982543015-954895831-3117815311-1001\...\MountPoints2: {b131e3e3-c85b-11e2-be94-80ee7351aabd} - "F:\AutoRun.exe"
HKU\S-1-5-21-982543015-954895831-3117815311-1001\...\MountPoints2: {b131e40c-c85b-11e2-be94-80ee7351aabd} - "F:\AutoRun.exe"
HKU\S-1-5-21-982543015-954895831-3117815311-1001\...\MountPoints2: {b9d7d922-90b8-11e3-beb2-80ee7351aabd} - "F:\AutoRun.exe"
HKU\S-1-5-21-982543015-954895831-3117815311-1001\...\MountPoints2: {f89ca811-7485-11e3-beae-80ee7351aabd} - "F:\AutoRun.exe"
HKU\S-1-5-21-982543015-954895831-3117815311-1001\...\MountPoints2: {f89ca839-7485-11e3-beae-80ee7351aabd} - "F:\AutoRun.exe"
ShellIconOverlayIdentifiers: SkyDrive1 - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} = No File
ShellIconOverlayIdentifiers: SkyDrive2 - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} = No File
ShellIconOverlayIdentifiers: SkyDrive3 - {BBACC218-34EA-4666-9D7A-C78F2274A524} = No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} = No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} = No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 - {BBACC218-34EA-4666-9D7A-C78F2274A524} = No File
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4q={searchTerms}a=irmsd62cd=2XzuyEtN2Y1L1QzutBtDtCyC0DzztByCzz0DyBzyyD0B0FzytN0D0Tzu0SyDtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCtBcr=368982596ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0EF8E141-AC12-4E43-8109-8026A46A6CAA} URL = http://rts.dsrlte.com/?q={searchTerms}r=283
SearchScopes: HKCU - {6F9CE321-787B-647B-FA10-57A2524FF638} URL = http://www2.delta-search.com/?q={searchTerms}affID=119535tt=gc_babsrc=SP_ssmntrId=F8F62016D8267415
S4 CouponDownloaderService64; c:\Program Files\CouponDownloader\CouponDownloaderService64.exe [X]
S4 qksvc; "C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe" [X]
S4 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
S4 rqpbhevlkc64; C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=C78087A8-C960-4464-A618-3D351DF6C0D7 [X]
R1 {a459d632-5225-4bb9-9a0b-002544d16f6e}w64; C:\Windows\System32\drivers\{a459d632-5225-4bb9-9a0b-002544d16f6e}w64.sys [61112 2014-05-22] (StdLib)
S4 massfilter; system32\drivers\massfilter.sys [X]
S4 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X]
S4 ZTEusbnet; \SystemRoot\system32\DRIVERS\ZTEusbnet.sys [X]
S4 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X]
S4 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X]
2014-07-02 17:09 - 2014-07-02 17:12 - 00000000 ____ D () C:\AdwCleaner
2014-07-02 17:42 - 2013-07-10 09:59 - 00003120 _____ () C:\Windows\System32\Tasks\{78399B94-6078-473A-B9B5-3B08CF247658}
2014-07-02 17:10 - 2013-11-05 15:21 - 00000000 ____ D () C:\Program Files (x86)\BatBrowse
C:\Users\aaa\AppData\Local\Temp\*.exe
C:\Users\aaa\AppData\Local\Temp\*.dll

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.