Odinstaluj: Hit Malware 1.0
Obok frst.exe utworz plik fixlist.txt z zawartoscia:
Task: {82AF7378-BF99-42A3-9449-B8C9DB5E00EF} - System32\Tasks\{8F93B579-A369-46A5-8480-AD7C6BA3524B} => pcalua.exe -a G:\OriginInstaller.exe -d G:\
Task: {9886BF43-A271-472E-95EA-6C2C1385488C} - System32\Tasks\Vuzajei => C:\PROGRA~1\SHOPPE~1\Fyollu.bat
Task: {A1D06D07-24C3-480E-B2C9-15334174FA30} - System32\Tasks\{6A08CB25-2D0F-4387-BB73-CD082A8C6F67} => pcalua.exe -a "C:\Users\Przemek\Desktop\Minecraft Zyczu.exe" -d C:\Users\Przemek\Desktop
Task: {BC5752BA-F693-498F-AEA2-77DABDCF4D00} - System32\Tasks\Uraczoi => C:\PROGRA~1\GROOVE~1\Ricurus.bat
Task: {F9B417CF-3697-48C3-8597-0B7C574AB103} - System32\Tasks\{B5D53706-FA85-40D1-AFE6-A27766A4B053} => pcalua.exe -a F:\setup.exe -d F:\
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Brak pliku
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Brak pliku
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Brak pliku
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Brak pliku
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-1072920993-292196597-2406834522-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
FF Extension: Brak nazwy - C:\Users\Przemek\AppData\Roaming\Mozilla\Firefox\Profiles\kgnp1i31.default-1442599423333\extensions\deskCutv2@gmail.com [nie znaleziono]
FF HKU\S-1-5-21-1072920993-292196597-2406834522-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [Brak podpisu cyfrowego]
CHR DefaultSearchURL: Default ->
hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
CHR DefaultSearchKeyword: Default -> MPC Safe Search
S3 catchme; Brak ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-02-08 11:40 - 2016-02-08 11:40 - 00000000 ___SD C:\ComboFix
2016-02-06 15:20 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-02-06 15:20 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-02-06 15:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-02-06 15:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-02-06 15:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-02-06 15:20 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-02-06 15:20 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-02-06 15:20 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-02-06 15:15 - 2016-02-06 15:13 - 05657667 ____R (Swearware) C:\Users\Przemek\Desktop\ComboFix.exe
2016-02-06 12:26 - 2016-02-06 12:26 - 00003344 _____ C:\Windows\System32\Tasks\Uraczoi
2016-02-06 12:24 - 2016-02-06 12:56 - 00000000 ____D C:\Users\Przemek\AppData\Roaming\OexhcJang
2016-02-06 12:24 - 2016-02-06 12:25 - 00000000 ____D C:\Users\Przemek\AppData\Local\Tempfolder
2016-02-06 12:24 - 2016-02-06 12:24 - 00000000 ____D C:\Windows\system32\soyd
2016-02-06 12:23 - 2016-02-06 12:56 - 00000000 ____D C:\Users\Przemek\AppData\LocalLow\Company
2016-02-06 12:23 - 2016-02-06 12:23 - 00003342 _____ C:\Windows\System32\Tasks\Vuzajei
2016-02-06 15:15 - 2015-09-27 07:51 - 00000000 ____D C:\AdwCleaner
EmptyTemp:
W FRST wybierz Napraw.
Uzyj RepairDNS i zamiesc log, ktory sie utworzy:
http://nicolascoolman.com/download/repairdns/?wpdmdl=729
Oraz nowe logi z FRST, ze skanowania, utworzone PO uzyciu RepairDNS.