Zmulony komputer + wirus przeglądarkowy

Dla specjalistów Bezpieczeństwo
#1

Jak w temacie, dodam tylko, że bardzo muli w Moim Komputerze i nie czyta pendriva

 

 

FRST http://www.wklej.org/id/1791460/

Addition http://www.wklej.org/id/1791462/

Shortcut http://www.wklej.org/id/1791464/

#2

Odinstaluj mystartsearch uninstall.Otwórz notatnik systemowy i wklej:

AppInit_DLLs: c:\docume~1\alluse~1\daneap~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll = Brak pliku
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=hpinstallDate=18/07/2013
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=hpinstallDate=18/07/2013
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
HKU\S-1-5-21-1343024091-630328440-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ssmntrId=50F20080C6E868A6affID=119357tsp=4986
HKU\S-1-5-21-1343024091-630328440-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://gazeta.pl/0,0.html?sc=1
HKU\S-1-5-21-1343024091-630328440-839522115-1003\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ssmntrId=50F20080C6E868A6affID=119357tsp=4986
HKU\S-1-5-21-1343024091-630328440-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=hpinstallDate=18/07/2013
HKU\S-1-5-21-1343024091-630328440-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
HKU\S-1-5-21-1343024091-630328440-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
URLSearchHook: [S-1-5-21-1343024091-630328440-839522115-1004] UWAGA = Brak domyślnego URLSearchHook
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
SearchScopes: HKU\S-1-5-19 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
SearchScopes: HKU\S-1-5-19 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
SearchScopes: HKU\S-1-5-20 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
SearchScopes: HKU\S-1-5-20 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1343024091-630328440-839522115-1003 - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-1343024091-630328440-839522115-1003 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1343024091-630328440-839522115-1003 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}babsrc=SP_ssmntrId=50F20080C6E868A6affID=119357tsp=4986
SearchScopes: HKU\S-1-5-21-1343024091-630328440-839522115-1004 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
SearchScopes: HKU\S-1-5-21-1343024091-630328440-839522115-1004 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYBdpid=VertiTechnologyYBco=PLuserid=db828d89-4673-4f64-93b7-74dff329c251searchtype=dsq={searchTerms}installDate=18/07/2013
Toolbar: HKLM - Brak nazwy - {ae07101b-46d4-4a98-af68-0333ea26e113} - Brak pliku
FF NewTab: hxxp://www.mystartsearch.com/newtab/?type=ntts=1441543322z=c4b959d6658734db4d93e78gbz3z9g6w0z8c2g6b7gfrom=coruid=ST340014A_5JX16BD1
FF Homepage: hxxp://www.mystartsearch.com/?type=hpts=1441543322z=c4b959d6658734db4d93e78gbz3z9g6w0z8c2g6b7gfrom=coruid=ST340014A_5JX16BD1
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll [Brak pliku]
FF SearchPlugin: C:\Documents and Settings\KOMPUTER21\Dane aplikacji\Mozilla\Firefox\Profiles\j1vbf2f2.default\searchplugins\avg-secure-search.xml [2014-09-02]
FF SearchPlugin: C:\Documents and Settings\KOMPUTER21\Dane aplikacji\Mozilla\Firefox\Profiles\j1vbf2f2.default\searchplugins\nation-secure-search.xml [2013-10-02]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2013-07-18]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-10-06]
FF Extension: AVG Web TuneUp - C:\Documents and Settings\KOMPUTER21\Dane aplikacji\Mozilla\Firefox\Profiles\j1vbf2f2.default\Extensions\avg@toolbar [2014-09-02]
FF Extension: Default SearchProtected - C:\Documents and Settings\KOMPUTER21\Dane aplikacji\Mozilla\Firefox\Profiles\j1vbf2f2.default\Extensions\defsearchp@gmail.com [2015-09-06]
FF Extension: deskCut - C:\Documents and Settings\KOMPUTER21\Dane aplikacji\Mozilla\Firefox\Profiles\j1vbf2f2.default\Extensions\deskCutv2@gmail.com [2015-09-06]
FF Extension: unIssaales - C:\Documents and Settings\KOMPUTER21\Dane aplikacji\Mozilla\Firefox\Profiles\j1vbf2f2.default\Extensions\iXZ4C@F.org [2015-01-18]
FF Extension: uniisales - C:\Documents and Settings\KOMPUTER21\Dane aplikacji\Mozilla\Firefox\Profiles\j1vbf2f2.default\Extensions\yJv@OAz1N.com [2015-01-18]
FF Extension: uTorrentControl_v6 - C:\Documents and Settings\KOMPUTER21\Dane aplikacji\Mozilla\Firefox\Profiles\j1vbf2f2.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2013-12-15]
FF HKLM\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Documents and Settings\KOMPUTER21\Dane aplikacji\Mozilla\Firefox\Profiles\j1vbf2f2.default\extensions\defsearchp@gmail.com
FF HKLM\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Documents and Settings\KOMPUTER21\Dane aplikacji\Mozilla\Firefox\Profiles\j1vbf2f2.default\extensions\deskCutv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.mystartsearch.com/?type=scts=1441543322z=c4b959d6658734db4d93e78gbz3z9g6w0z8c2g6b7gfrom=coruid=ST340014A_5JX16BD1
StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=scts=1441543322z=c4b959d6658734db4d93e78gbz3z9g6w0z8c2g6b7gfrom=coruid=ST340014A_5JX16BD1
R2 vToolbarUpdater3.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-09-02] (AVG Secure Search)
R2 WdsManPro; C:\Documents and Settings\All Users\Dane aplikacji\iWdsManProi\WdsManPro.exe [709288 2015-09-06] (DTools LIMITED)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-09-02] (AVG Technologies)
S4 IntelIde; Brak ImagePath
2015-09-06 14:43 - 2015-09-06 14:44 - 00000000 ____ D C:\Documents and Settings\All Users\Dane aplikacji\iWdsManProi
2015-09-06 14:43 - 2015-09-06 14:43 - 00000174 _____ C:\Documents and Settings\All Users\Dane aplikacji\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-06 14:43 - 2015-09-06 14:43 - 00000000 ____ D C:\Documents and Settings\KOMPUTER21\Dane aplikacji\mystartsearch
2013-07-18 21:27 - 2013-07-18 21:28 - 0003726 ____ C () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Dziękuję, komputer lekko przyśpieszył oraz pozbyłem się robali z przeglądarki :slight_smile:

#4

Skasuj folder C:\FRST.