Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Price Foundation nawraca - logi z FRST.

kondziux 14 Lut 2016 13:46 528 1
  • Pomocny post
    #2 14 Lut 2016 15:35
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Lollipop
    Spybot - Search & Destroy

    Nie sciagaj programow za pomoca menadzerow pobierania ze stron takich jak dobreprogramy itp. Menadzery instaluje szkodliwe oprogramowanie!

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {23081170-23D6-4B58-94C0-69C35D73F5E4} - System32\Tasks\xSumacsRedbreastsV2 => Rundll32.exe HorsehideToasts.dll,main 7 1 <==== UWAGA
    Task: {296A109C-5521-45E0-9098-9DC31686144A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {3603B6E3-602F-4C92-85A6-E1F6C0290FFF} - System32\Tasks\{C5827611-9118-4260-A4E4-B2603CCAE063} => C:\Users\x\Desktop\iofficeworksA780\X64\Setupx64.exe
    Task: {93D63989-C4B8-4118-A32E-E1C2C73710F2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3395694431-565862671-2399064313-1000UA => C:\Users\x\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-01] (Facebook Inc.)
    Task: {9901716A-88E1-4B12-8125-A3817F567285} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {A94FB674-A8B5-4163-AE5C-48A2A6E54868} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3395694431-565862671-2399064313-1000Core => C:\Users\x\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-01] (Facebook Inc.)
    Task: {ACBCB65F-FA69-44D3-9D84-55973605CBA1} - System32\Tasks\{F23C26F7-E660-4E56-AEAD-C7AB1A85FB13} => pcalua.exe -a C:\Users\x\Downloads\multibit-0.5.16-windows-setup.exe -d C:\Users\x\Downloads
    Task: {C4AF27EB-EED8-413F-9A7D-490658A8DF60} - System32\Tasks\{0AA43C7E-C714-4093-9904-5138F67C9C77} => C:\Users\x\Desktop\iofficeworksA780\X64\Setupx64.exe
    Task: {DFA8BEFF-B5EF-43C1-B522-54BD44F4722F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3395694431-565862671-2399064313-1000Core.job => C:\Users\x\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3395694431-565862671-2399064313-1000UA.job => C:\Users\x\AppData\Local\Facebook\Update\FacebookUpdate.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (ChangedNotification..) C:\Users\x\AppData\Roaming\csrss-.exe
    C:\Users\x\AppData\Roaming\smss.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    HKLM\...\Run: [cgminer] => C:\Users\x\Desktop\cgminer372\cgminer\minezobaczymy.bat




    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3395694431-565862671-2399064313-1000\...\Run: [wsRestartOnCrash] => "C:\Users\x\AppData\Local\Temp\Rar$EXa0.650\RestartOnCrash.exe" /hide <===== UWAGA
    HKU\S-1-5-21-3395694431-565862671-2399064313-1000\...\Run: [Facebook Update] => C:\Users\x\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-01] (Facebook Inc.)
    HKU\S-1-5-21-3395694431-565862671-2399064313-1000\...\Run: [MicroUpdate] => C:\Users\x\Documents\MSDCSC\msdcsc.exe [774144 2015-11-09] (Microsoft Corp.)
    HKU\S-1-5-21-3395694431-565862671-2399064313-1000\...\Run: [Windows] => C:\Users\x\AppData\Roaming\csrss-.exe [1812480 2016-01-09] (ChangedNotification..)
    HKU\S-1-5-21-3395694431-565862671-2399064313-1000\...\Run: [csrss.exe] => C:\Users\x\AppData\Roaming\csrss-.exe [1812480 2016-01-09] (ChangedNotification..)
    HKU\S-1-5-21-3395694431-565862671-2399064313-1000\...\Run: [smss] => C:\Users\x\AppData\Roaming\smss.exe [1489408 2016-01-09] ()
    HKU\S-1-5-21-3395694431-565862671-2399064313-1000\...\Run: [zeeeewyvrj] => wscript.exe //B "C:\Users\x\AppData\Local\Temp\zeeeewyvrj..vbe" <===== UWAGA
    HKU\S-1-5-21-3395694431-565862671-2399064313-1000\...\Run: [gvpxxjppzf] => wscript.exe //B "C:\Users\x\AppData\Local\Temp\gvpxxjppzf.vbe" <===== UWAGA
    HKU\S-1-5-21-3395694431-565862671-2399064313-1000\...\Run: [23556fb1360f366337f97c924e76ead3] => "C:\Users\x\AppData\Roaming\svchost.exe" ..
    HKU\S-1-5-21-3395694431-565862671-2399064313-1000\...\MountPoints2: {5fc296f5-894e-11e4-9cd7-00a0c6000000} - F:\AutoRun.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-21] (Microsoft Corporation)
    C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gvpxxjppzf.vbe [2016-01-25] ()
    C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smss.exe [2016-01-09] ()
    C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zeeeewyvrj..vbe [2016-01-25] ()
    BootExecute: autocheck autochk * sdnclean64.exe
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 AsrSetupDrv; \??\C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-02-14 13:37 - 2016-02-14 13:38 - 00000000 ____D C:\AdwCleaner
    2016-01-24 13:23 - 2016-01-24 13:26 - 00000000 ____D C:\Users\x\AppData\Local\SumacsRedbreasts
    2016-01-24 13:23 - 2016-01-24 13:23 - 00003416 _____ C:\Windows\System32\Tasks\xSumacsRedbreastsV2
    2016-01-24 13:22 - 2016-01-24 13:22 - 00943731 _____ (Installer lite ) C:\Users\x\Downloads\TestDisk-PhotoRec-12758-dp(1).exe
    2016-01-24 13:22 - 2016-01-24 13:22 - 00000000 ____D C:\Users\x\AppData\Roaming\WarThunder
    2016-01-24 13:21 - 2016-01-24 13:22 - 00943731 _____ (Installer lite ) C:\Users\x\Downloads\TestDisk-PhotoRec-12758-dp.exe
    2016-02-14 13:43 - 2016-01-09 14:03 - 00020585 _____ C:\Users\x\AppData\Roaming\smss.exe.tmp
    2015-09-27 18:37 - 2015-09-27 18:37 - 6420480 _____ () C:\Program Files (x86)\GUT8B8D.tmp
    2016-01-09 13:37 - 2016-01-09 13:37 - 1812480 ____H (ChangedNotification..) C:\Users\x\AppData\Roaming\csrss-.exe
    2016-01-09 14:03 - 2016-01-09 14:03 - 1489408 _____ () C:\Users\x\AppData\Roaming\smss.exe
    2016-01-09 14:03 - 2016-02-14 13:43 - 0020585 _____ () C:\Users\x\AppData\Roaming\smss.exe.tmp
    2016-01-09 13:37 - 2016-01-09 13:37 - 1812480 ____H () C:\ProgramData\csrss.exe.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun to co wykryje.

    Po wszystkim usun katalog C:\FRST.

    0