Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Nie można znaleźć pliku skryptu C:\WINDOWS\run.vbs

Kamil 198711 15 Mar 2016 11:25 744 2
  • Pomocny post
    #2 15 Mar 2016 11:53
    Kolobos
    Spec od komputerów

    Zgaduje, ze do infekcji doszlo po uruchomieniu:
    2016-03-14 22:31 - 2016-03-14 22:31 - 00687413 _____ C:\Users\Kamil\Desktop\Rise Of The Tomb Raider CD Key Downloader.rar
    2016-03-14 22:27 - 2016-03-14 22:27 - 00000000 ____D C:\Users\Kamil\Desktop\Tomb Raider 2013 Keygen
    2016-03-14 22:25 - 2016-03-14 22:25 - 00153772 _____ C:\Users\Kamil\Desktop\Tomb Raider 2013 Keygen.rar
    Jezeli tak to usun te pliki.

    Fixlist.txt dla FRST:
    Task: {10A82B2B-C481-400A-8FCF-49020A8CF68A} - System32\Tasks\{8AA21949-B922-4BF2-94B2-7339A2C90D66} => pcalua.exe -a C:\Users\Kamil\Desktop\3600_plk_win2k_xp.exe -d C:\Users\Kamil\Desktop
    Task: {1EDD33CA-5C6A-4626-A8BF-20BDF67C5888} - System32\Tasks\{F242CE46-7B93-40A0-8B26-083F11D452A1} => pcalua.exe -a C:\Users\Kamil\Desktop\lide25vst6411011apl\SetupSG.exe -d C:\Users\Kamil\Desktop\lide25vst6411011apl
    Task: {227AA916-8272-4E73-AE35-ACC86E1A05AB} - System32\Tasks\{CAAF0D0F-5BA4-4229-BD26-2E45EBF7D437} => pcalua.exe -a C:\Users\Kamil\Desktop\IT8211_ATARAID_V1328\ITE8211\Driver\AsusSetup.exe -d C:\Users\Kamil\Desktop\IT8211_ATARAID_V1328\ITE8211\Driver
    Task: {44746912-BD3F-45F3-BFCE-5B8F7A98CF3D} - System32\Tasks\{9AA4B1C6-FAE1-4E43-97B5-29ACB550115E} => pcalua.exe -a L:\Użytki\programy\winamp5\winamp5pl.exe -d L:\Użytki\programy\winamp5
    Task: {5AA43AD3-DE80-4398-8935-921FB4038517} - System32\Tasks\{57D69A8B-36D6-4F3E-B0E5-E87C23DE92DB} => pcalua.exe -a C:\Users\Kamil\Desktop\canon_ndedb21efffd0.exe -d C:\Users\Kamil\Desktop
    Task: {6880D1DA-1CE0-43F7-A18B-433F3350A2E1} - System32\Tasks\{4E352C42-B20F-44C2-BED7-58F06CB5C3F8} => pcalua.exe -a "K:\xp pliki\XP\WINDOWS\Installer\{B35DC076-CEF2-4631-9EF7-45380E27C841}\AvidStudio.EX_51EFF7DE84DF4CEDA9047F37C01FB11D.exe"
    Task: {73C674BD-E40A-4B7F-95C3-8850A7A2F96F} - System32\Tasks\{4131660F-EC24-42AB-8B08-B1A55541FEE3} => pcalua.exe -a "L:\Użytki\Photoshop7CE\Adobe Photo Shop 7\Adobe Photo Shop 7.0\Setup.exe" -d "L:\Użytki\Photoshop7CE\Adobe Photo Shop 7\Adobe Photo Shop 7.0"
    Task: {876EA83F-9114-4FF4-8D82-249EE1BD9A98} - System32\Tasks\{CD6E19C2-A80E-4F12-A583-A7CF3865F53C} => pcalua.exe -a C:\Users\Kamil\Desktop\Avid.Studio.1.0.0.2804\ssmASPS15plug\SmartSound_SonicfirePro_560_Studio_70673.exe -d C:\Users\Kamil\Desktop\Avid.Studio.1.0.0.2804\ssmASPS15plug
    Task: {8997E41A-716B-4CD3-8033-675572099D4F} - System32\Tasks\{6608554B-65C3-4D5D-ABD8-E1257F2301B8} => pcalua.exe -a C:\Users\Kamil\Desktop\win2k_xp\setup.exe -d C:\Users\Kamil\Desktop\win2k_xp
    Task: {8BBF7ED6-704D-4D15-A06E-2934AAF63433} - System32\Tasks\{6ADF5A3F-E0C7-4E92-968F-D1407B97C669} => pcalua.exe -a C:\Users\Kamil\Desktop\WAVESTD_PCAPP_LB_7_14_01.exe -d C:\Users\Kamil\Desktop
    Task: {A5A98282-9784-4F91-BCBD-DB57F7EA6CB0} - System32\Tasks\{8BC1C8B1-6BC5-4021-A9AA-B2E3E2904FD6} => pcalua.exe -a C:\Users\Kamil\Desktop\IT8211_ATARAID_V1328\ITE8211\MakeDisk\AsusSetup.exe -d C:\Users\Kamil\Desktop\IT8211_ATARAID_V1328\ITE8211\MakeDisk




    Task: {A79D4DE6-752A-425B-A211-669BA010F30F} - System32\Tasks\{06E2ACA5-FBD8-43F5-B4CD-03F06B5E5B7B} => pcalua.exe -a C:\Users\Kamil\Desktop\lide25vst6411011aen\SetupSG.exe -d C:\Users\Kamil\Desktop\lide25vst6411011aen
    Task: {CC57AAB7-9D83-42F7-A6E8-A07134F4A49C} - System32\Tasks\{772D6FED-AD08-4695-88A8-1E543B8D83AD} => pcalua.exe -a "K:\Moje dokumenty\Pobieranie\dBpowerAMP Music Converter 13.1.FULL Codeki\dBpowerAMP Music Converter 13.1.FULL+Codeki\Highest Quality Codecs\Apple Lossless\dBpoweramp-Codec-m4a.exe" -d "K:\Moje dokumenty\Pobieranie\dBpowerAMP Music Converter 13.1.FULL Codeki\dBpowerAMP Music Converter 13.1.FULL+C (dane wartości zawierają 44 znaków więcej).
    Task: {CCAB8211-6F24-4FA6-A832-731624AEADE4} - System32\Tasks\{A89A22A7-45A2-4D03-8A3B-40128A76636C} => pcalua.exe -a "J:\Programy\Program do chłodziarek\webinstall_pl.exe" -d "J:\Programy\Program do chłodziarek"
    Task: {DA146EBF-A13F-4663-B1BE-39CF6A30A6EF} - System32\Tasks\{64F37693-8A08-4401-B763-AB9370679FEB} => pcalua.exe -a C:\Users\Kamil\Desktop\W7\CPSetup.exe -d C:\Users\Kamil\Desktop\W7
    Hosts:
    HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
    HKLM-x32\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs, [X]
    HKU\S-1-5-21-2666217857-3478716824-260387446-1000\...\MountPoints2: {135ba3f7-999b-11e3-904c-e7ff14fa50fd} - H:\AutoRun.exe
    HKU\S-1-5-21-2666217857-3478716824-260387446-1000\...\MountPoints2: {ab1b8f98-97ed-11e3-ac56-f46d042ca3ad} - F:\AutoRun.exe
    HKU\S-1-5-21-2666217857-3478716824-260387446-1000\...\MountPoints2: {d9f396c7-ed0b-11e4-b8eb-f46d042ca3ad} - F:\AutoRun.exe
    HKU\S-1-5-21-2666217857-3478716824-260387446-1000\...\MountPoints2: {db92cd83-9550-11e3-a969-f46d042ca3ad} - F:\AutoRun.exe
    HKU\S-1-5-21-2666217857-3478716824-260387446-1000\...\MountPoints2: {db92cd8e-9550-11e3-a969-f46d042ca3ad} - H:\AutoRun.exe
    HKU\S-1-5-21-2666217857-3478716824-260387446-1000\...\MountPoints2: {f8b9cf30-eb34-11e3-81f4-f46d042ca3ad} - F:\AutoRun.exe
    ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
    BootExecute:
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    URLSearchHook: HKU\S-1-5-21-2666217857-3478716824-260387446-1000 - (Brak nazwy) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - Brak pliku
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    FF Homepage: search.mpc.am
    S2 BB1111874; C:\Windows\GJFix\BB1111874 [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-15] ()
    R1 {e2f71795-3334-49b2-b329-0a00cf320340}Gw64; C:\Windows\System32\drivers\{e2f71795-3334-49b2-b329-0a00cf320340}Gw64.sys [48752 2016-03-14] (StdLib)
    U3 aa24o61y; C:\Windows\System32\Drivers\aa24o61y.sys [0 ] (Integrated Technology Express, Inc.) <==== UWAGA (zerobajtowy plik/folder)
    S3 ALSysIO; \??\C:\Users\Kamil\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 cpuz136; \??\C:\Users\Kamil\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
    R1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
    S1 SRepairDrv; \??\C:\Windows\GJFix\SRepairDrv [X]
    S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-03-15 10:22 - 2016-03-15 10:58 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
    2016-03-15 10:10 - 2016-03-15 10:10 - 00000000 ____D C:\Users\Kamil\Desktop\SpyHunter 4 Key Generator
    2016-03-15 09:38 - 2016-03-15 10:57 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Enigma Software Group
    2016-03-15 09:38 - 2016-03-15 09:38 - 00000000 _____ C:\autoexec.bat
    2016-03-15 09:37 - 2016-03-15 09:37 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-03-15 09:36 - 2016-03-15 09:36 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Kamil\Downloads\SpyHunter-Installer(1).exe
    2016-03-15 09:35 - 2016-03-15 09:35 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Kamil\Downloads\SpyHunter-Installer.exe
    2016-03-15 09:21 - 2016-03-15 09:21 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\MCorp
    2016-03-15 02:46 - 2016-03-15 10:24 - 00000000 ____D C:\Users\Kamil\AppData\Local\app
    2016-03-14 22:48 - 2016-03-15 11:12 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-03-14 22:43 - 2016-03-14 22:43 - 00005120 _____ C:\Users\Kamil\AppData\Roaming\GiftBag.db
    2016-03-14 22:34 - 2016-03-14 12:22 - 00048752 _____ (StdLib) C:\Windows\system32\Drivers\{e2f71795-3334-49b2-b329-0a00cf320340}Gw64.sys
    2016-03-14 23:10 - 2014-02-08 16:55 - 00000000 ____D C:\ProgramData\UTubeAdBulock
    2016-03-14 23:09 - 2014-02-08 16:55 - 00000000 ____D C:\ProgramData\mcakhenkcdmmlkadhdpccgcmllakaphm
    2016-03-14 22:43 - 2016-03-14 22:43 - 0005120 _____ () C:\Users\Kamil\AppData\Roaming\GiftBag.db
    C:\Users\Kamil\ipscan24.exe
    EmptyTemp:

    Po wykonaniu zainstaluj https://support.microsoft.com/en-us/kb/2545227

    Usun katalog C:\FRST i to wszystko.

    0
  • #3 15 Mar 2016 16:47
    Kamil 198711
    Poziom 18  

    Dziękuje, pomogło.

    0