Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

PC stacjonarny - Zawirusowany komputer, proszę o sprawdzenie logów FRST

Adanos13 30 Wrz 2016 09:34 342 1
  • #2 30 Wrz 2016 09:50
    Kolobos
    Spec od komputerów

    Sciagnij http://www.fixitpc.pl/picasso/download/malware/sality_regkeys.zip rozpakuj i uruchom SafeBootWinXP.reg

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
    HKLM\...\Run: [Systemmonitor] => C:\Program Files\Common Files\windows monitor\ogtxcdlve.exe [0 ] ()
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\Run: [] => [X]
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\Run: [Systemmonitor] => C:\Program Files\Common Files\windows monitor\ogtxcdlve.exe [0 ] ()
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\Run: [Wondershare Helper Compact.exe] => "C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelperSetup.exe"
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: G - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {0ecfe7bc-2665-11e6-a0e7-00183701f62a} - G:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {2d95fc40-7e57-11e6-a167-00183701f62a} - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {2e9017fd-1103-11e5-a48a-806d6172696f} - E:\setup.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {37269da2-1757-11e6-a0cf-00183701f62a} - G:\Startme.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {3b2343a4-52d7-11e5-9e9e-00183701f62a} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {3b2343a6-52d7-11e5-9e9e-00183701f62a} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {3b2343ab-52d7-11e5-9e9e-022e4004757c} - F:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {729ffc74-1f24-11e6-a0dc-00183701f62a} - G:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {780d6202-4802-11e6-a125-00183701f62a} - G:\autorun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {8351e49c-3d08-11e6-a111-00183701f62a} - G:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {91403521-2fa1-11e5-9e7b-00183701f62a} - G:\setup.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {9140352b-2fa1-11e5-9e7b-00183701f62a} - F:\sources\SetupError.exe x64
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {9512d3c3-0af2-11e6-85db-00183701f62a} - G:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {b59018fa-7f30-11e6-a168-00183701f62a} - G:\HiSuiteDownLoader.exe




    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {b5a8ffd1-c020-11e5-a09c-00183701f62a} - H:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {bdc1665e-7cb3-11e6-a166-00183701f62a} - G:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {beb2aa6f-7052-11e6-a15b-00183701f62a} - G:\autorun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {cc6fbf13-20c1-11e6-a0dd-00183701f62a} - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {cc6fbf17-20c1-11e6-a0dd-00183701f62a} - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {cc6fbf45-20c1-11e6-a0dd-00183701f62a} - G:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {d33798a3-40e0-11e5-9e89-00183701f62a} - F:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {d33798a5-40e0-11e5-9e89-00183701f62a} - F:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {d33798a7-40e0-11e5-9e89-00183701f62a} - F:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {dba76074-4f13-11e6-a130-00183701f62a} - G:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {dba7607c-4f13-11e6-a130-00183701f62a} - G:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {f8abe171-34f6-11e5-9e7e-00183701f62a} - H:\AutoRun.exe
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\...\MountPoints2: {f8abe177-34f6-11e5-9e7e-00183701f62a} - F:\AutoRun.exe
    IFEO\rstrui.exe: [Debugger] cpcn.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    Startup: C:\Documents and Settings\admin\Menu Start\Programy\Autostart\TeamViewer 11.lnk [2016-04-06]
    ShortcutTarget: TeamViewer 11.lnk -> C:\Program Files\TeamViewer\TeamViewer.exe (Brak pliku)
    AlternateShell:
    HKU\S-1-5-21-1614895754-2049760794-1801674531-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yandex.ru/?win=212&clid=2100767-002
    SearchScopes: HKU\S-1-5-21-1614895754-2049760794-1801674531-1005 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=212&clid=2100768-002&text={searchTerms}
    SearchScopes: HKU\S-1-5-21-1614895754-2049760794-1801674531-1005 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/search/?win=212&clid=2100768-002&text={searchTerms}
    Toolbar: HKU\S-1-5-21-1614895754-2049760794-1801674531-1005 -> Brak nazwy - {093F479D-712E-46CD-9E06-62E734A05F68} - Brak pliku
    FF SelectedSearchEngine: Яндекс
    FF SearchPlugin: C:\Documents and Settings\admin\Dane aplikacji\Mozilla\Firefox\Profiles\eqve2xyd.default\searchplugins\yandex.ru-151505.xml [2016-01-20]
    FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\InternetManager_Z\Bin\addon => nie znaleziono
    FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09]
    CHR HKLM\...\Chrome\Extension: [ahmpjcflkgiildlgicmcieglgoilbfdp] - hxxps://clients2.google.com/service/update2/crx
    U0 aswVmm; Brak ImagePath
    U2 CertPropSvc; Brak ImagePath
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 filtertdidriver; system32\drivers\ewfiltertdidriver.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
    S3 hwusb_cdcecm; system32\DRIVERS\ew_cdcecm.sys [X]
    S3 USBCCID; system32\DRIVERS\usbccid.sys [X]
    C:\Documents and Settings\admin\Del1C5B.bat
    C:\Documents and Settings\Default User\Del1C5B.bat
    EmptyTemp:

    W FRST wybierz Napraw.

    0