Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirusy - log OTL - wirusy - log OTL

Moxko 06 Sty 2017 14:17 333 4
  • #1 06 Sty 2017 14:17
    Moxko
    Poziom 3  

    Pobrałem ostatnio nieświadomie złośliwe oprogramowanie, które skutecznie rujnuje mi procek, bo wykorzystanie wzrosło na czysto z 5 % do 60 %.
    Problem w przeglądarkach, szczególnie Chrome(odinstalowałem,po ponownej instalacji dalej to samo),nie mogę się wylogować ze stron, samo otwiera mi jakieś karty, tworzy złudne profile użytkownika itp. Zrobiłem czyszczenie Malwarem, ale nie pomogło. Przesyłam log
    proszę o pomoc.

    0 4
  • Pomocny post
    #4 06 Sty 2017 15:29
    Kolobos
    Spec od komputerów

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {040F23A1-812F-4702-9C75-DD5BD355A7E2} - System32\Tasks\{166B4302-A307-4464-88B2-987520E89CDA} => C:\Program Files (x86)\Tunngle\Tunngle.exe [2015-07-14] (Tunngle.net GmbH)
    Task: {06E995DC-524D-4D47-BE16-C421E2C12AD5} - System32\Tasks\Personal Computer Updater Worker => C:\Program Files (x86)\Personal Computer Updater\Personal ComputerUpdater.exe
    Task: {0BE4EAC7-8E6A-4D1A-A35C-5713619F4C4D} - System32\Tasks\{B7C3C3BD-1BE6-4EC8-81AC-5A594B4EE5ED} => E:\autorun.exe
    Task: {1083B32C-4F2F-48E4-A643-93C3A2894E48} - System32\Tasks\{828A1269-CD61-4FE2-8890-58C5C73DCCAB} => Chrome.exe hxxps://ui.skype.com/ui/0/7.30.64.105/pl/abandoninstall?page=tsBing
    Task: {126DD16F-9623-43D1-AFA3-84AD8DB9A888} - System32\Tasks\{0E43FE9E-82E1-4862-BA4D-33CB7B6C9CF9} => C:\Program Files (x86)\League of Legends\lol.launcher.exe
    Task: {15FFA0B5-15B6-4ACF-B560-7548B8497165} - System32\Tasks\{268B6283-2560-48BC-A7BB-983FD6FF102E} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
    Task: {16CBCA8E-9B72-49F4-A3E4-CAB97C1C82C1} - System32\Tasks\{C0C56826-28E8-4256-9EE2-294F3EC840EE} => pcalua.exe -a C:\Users\Bartosz\Documents\Downloads\gothic1_playerkit-1.08k\gothic1_playerkit-1.08k.exe -d C:\Users\Bartosz\Documents\Downloads\gothic1_playerkit-1.08k
    Task: {3C6E2781-AA45-41E9-ABB8-584B120BCBBF} - System32\Tasks\{6AAD2B38-49CB-4B19-ADD5-DD1476107C7C} => C:\Program Files (x86)\Ragnarok Online\Ragnarok.exe
    Task: {426049E5-AF29-47FC-9321-CE314C664F6A} - System32\Tasks\{ADB2C97D-02FD-44B1-BC41-7A5696B477F4} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
    Task: {4951757D-4ADE-4A93-9FD9-4F9773B64376} - System32\Tasks\{3AAB6E29-0F47-4AB8-BB50-D4363F8FE45D} => Firefox.exe hxxp://ui.skype.com/ui/0/5.5.0.114/pl/abandon...,google-chrome:notoffered;alreadyoffered
    Task: {691A3F55-F736-4177-B1DC-E13087F2A70E} - System32\Tasks\{A0904595-D0D7-453E-885F-F2F93FBDD949} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-11-15] (Skype Technologies S.A.)
    Task: {6DCEC749-AE68-4CC0-999F-47F1211C6194} - System32\Tasks\{1DB20878-0EAD-422F-BB55-73A9BCFC2521} => C:\Program Files (x86)\Tunngle\Tunngle.exe [2015-07-14] (Tunngle.net GmbH)
    Task: {6E33C73C-DBD9-4700-B355-1CEE3A64EAAF} - System32\Tasks\{A1B84B7B-7C9D-40F8-B692-2F719BCD56DF} => C:\Program Files (x86)\League of Legends\lol.launcher.exe




    Task: {711EE341-B7E4-4F2A-8EBF-5843F8D61AD7} - System32\Tasks\{86292BD1-FC93-4C6C-AE75-DF9397863945} => C:\Nexon\MapleStory\MapleStory.exe
    Task: {7A184760-C5AD-46D1-9597-342F40D647FF} - System32\Tasks\{4962B911-183A-4BAC-950A-57DC8C06D49C} => C:\Program Files (x86)\FFV\FINAL FANTASY V\FFV_Launcher.exe
    Task: {96978DF8-6665-4C7D-A089-D484747E64B6} - System32\Tasks\{8A727565-7162-4957-9C28-0227CEF4ED01} => C:\Program Files (x86)\Ragnarok Online\Ragnarok.exe
    Task: {99553485-E5D6-46FB-93DE-87E98C69155A} - System32\Tasks\{F50FFB85-DF7C-48B4-B82B-95774DB46C5B} => Firefox.exe hxxp://www.skype.com/go/downloading?source=li...staller&ver=5.5.0.114&LastError=12002
    Task: {A6A3AC27-3350-4E0A-977A-E9D0A57EDC66} - System32\Tasks\{57B63989-728B-4E34-9F6D-F44E032C448C} => Firefox.exe hxxp://ui.skype.com/ui/0/5.1.0.112.259/en/aba...gle-chrome:offered-installed;madedefault
    Task: {C7F62DA0-B223-4B1C-930C-70CCA2B31906} - System32\Tasks\{9B89D7AF-B16D-49B2-9AB7-87ACCC1BA867} => pcalua.exe -a C:\Users\Bartosz\Documents\Downloads\Gothic\Gothic\gothic1_playerkit-1.08k.exe -d C:\Users\Bartosz\Documents\Downloads\Gothic\Gothic
    Task: {DABD5F67-2F66-47C9-BF92-6E4B475F20A4} - System32\Tasks\{A7150B1E-01F4-4A35-823F-495A4F13A368} => C:\Program Files (x86)\League of Legends\lol.launcher.exe
    Task: {DD872BDB-16EF-405E-860B-7E71EC1884CF} - System32\Tasks\{FF8D3A43-FC80-4ECA-9CA1-0A57E1599F31} => C:\Program Files (x86)\Ragnarok Online\Ragnarok.exe
    Task: {ECD7BC7A-FB4C-4A42-814E-E84B91E0EAF6} - System32\Tasks\{169DB73F-225A-4621-9533-20DACA14C18B} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-11-15] (Skype Technologies S.A.)
    Task: {EFB82E7C-5228-4FD8-8345-153861B0D356} - System32\Tasks\{E1D23547-E931-4398-A93C-8353FC4D60A8} => C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe
    Task: {F925C1F5-1509-4D5D-8D4B-774F89155AFB} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
    ShortcutWithArgument: C:\Users\Bartosz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\Users\Bartosz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8 [109]
    AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [121]
    Hosts:
    HKU\S-1-5-21-3729765576-2561528626-1755612139-1000\...\Run: [Clownfish] => 0
    HKU\S-1-5-21-3729765576-2561528626-1755612139-1000\...\MountPoints2: E - E:\Autorun.exe
    HKU\S-1-5-21-3729765576-2561528626-1755612139-1000\...\MountPoints2: {0acdd468-d650-11e0-80ac-806e6f6e6963} - F:\AutoRun.exe
    HKU\S-1-5-21-3729765576-2561528626-1755612139-1000\...\MountPoints2: {0acdd493-d650-11e0-80ac-0026224851e7} - F:\AutoRun.exe
    HKU\S-1-5-21-3729765576-2561528626-1755612139-1000\...\MountPoints2: {701406ac-9e9f-11e6-8f2e-9c379960128e} - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-3729765576-2561528626-1755612139-1000\...\MountPoints2: {9624e6f7-cb5e-11e0-abee-701a045417c1} - F:\AutoRun.exe
    HKU\S-1-5-21-3729765576-2561528626-1755612139-1000\...\MountPoints2: {9624e714-cb5e-11e0-abee-701a045417c1} - G:\AutoRun.exe
    HKU\S-1-5-21-3729765576-2561528626-1755612139-1000\...\MountPoints2: {b947a744-ae23-11e0-b44a-701a045417c1} - G:\AutoRun.exe
    HKU\S-1-5-21-3729765576-2561528626-1755612139-1000\...\MountPoints2: {d634de9f-d7ce-11e5-bd02-b135fa13b694} - G:\AutoRun.exe
    ShellExecuteHooks: Brak nazwy - {05637422-CCFF-11E6-8821-64006A5CFC23} - C:\Users\Bartosz\AppData\Roaming\Shhoward\Arinuch.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll -> Brak pliku
    C:\Users\Bartosz\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\wpoey2mu.default -> youndoo
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\wpoey2mu.default ->
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\wpoey2mu.default -> youndoo
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF => nie znaleziono
    S4 Verway; C:\Program Files (x86)\Edechjiherly\SjgMdl.dll [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    2017-01-05 22:07 - 2017-01-05 22:07 - 00000000 ____D C:\Program Files\MGLOFRV4S4
    2017-01-05 22:07 - 2017-01-05 22:07 - 00000000 ____D C:\Program Files\MA8BY4O0EX
    2017-01-05 22:03 - 2017-01-05 22:49 - 00000000 ____D C:\Users\Bartosz\AppData\Roaming\Shhoward
    2017-01-05 22:03 - 2017-01-05 22:05 - 00000000 ____D C:\Users\Bartosz\AppData\Local\Ckapodomcoifipy
    2016-12-08 17:28 - 2016-12-08 17:28 - 00003096 _____ C:\Windows\System32\Tasks\{828A1269-CD61-4FE2-8890-58C5C73DCCAB}
    2016-08-24 10:59 - 2016-08-24 10:59 - 7118336 _____ () C:\Users\Bartosz\AppData\Roaming\agent.dat
    2017-01-05 22:06 - 2017-01-05 22:06 - 0023622 _____ () C:\Users\Bartosz\AppData\Roaming\aliexpress.ico
    2017-01-05 22:06 - 2017-01-05 22:06 - 0099678 _____ () C:\Users\Bartosz\AppData\Roaming\booking.ico
    2016-08-24 10:58 - 2016-08-24 10:58 - 0138240 _____ () C:\Users\Bartosz\AppData\Roaming\Installer.dat
    2016-08-24 10:59 - 2016-08-24 10:59 - 0018432 _____ () C:\Users\Bartosz\AppData\Roaming\Main.dat
    2014-05-03 22:15 - 2014-05-03 22:15 - 0004608 ___SH () C:\Users\Bartosz\AppData\Roaming\Thumbs.db
    2010-09-15 22:43 - 2010-09-15 22:46 - 0001858 _____ () C:\Users\Bartosz\AppData\Roaming\UserTile.png
    2013-03-26 14:38 - 2015-02-04 09:51 - 0000630 _____ () C:\Users\Bartosz\AppData\Roaming\wklnhst.dat
    2016-11-05 20:20 - 2016-11-05 20:20 - 0003584 _____ () C:\Users\Bartosz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-05-07 15:04 - 2015-05-07 15:05 - 0004950 _____ () C:\Users\Bartosz\AppData\Local\Temp-log.txt
    2015-05-16 18:05 - 2015-05-16 18:05 - 0000000 _____ () C:\Users\Bartosz\AppData\Local\Temp.dat
    2016-07-24 17:07 - 2016-07-24 17:07 - 0000016 _____ () C:\ProgramData\mntemp
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #5 06 Sty 2017 16:23
    Moxko
    Poziom 3  

    Dzieki wielkie!!! wszystko smiga !

    0