Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Zawirusowany Chrome, komputer spowolnił, analiza logów z FRST

ania258 29 Maj 2017 17:52 420 1
  • #1 29 Maj 2017 17:52
    ania258
    Poziom 1  

    Witam, bardzo proszę o pomoc w przeanalizowaniu logów z FRSTa w celu usunięcia złośliwego oprogramowania oraz usunięcia wirusów z przeglądarki Chrome, z góry bardzo dziękuję za pomoc

    0 1
  • #2 29 Maj 2017 18:05
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Adobe Reader 9.3 - Polish, zmien na najnowsza wersje AR.
    BluetoothService
    McAfee Security Scan Plus

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {02307D07-A031-43EF-808B-6E114CAC2505} - System32\Tasks\{F37CE508-0501-4DA5-80B4-5ED199C0160C} => Firefox.exe hxxp://ui.skype.com/ui/0/7.15.0.103/pl/abandoninstall?page=tsMain
    ShortcutWithArgument: C:\Users\ania\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\Users\ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\ania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\ania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\Users\ania\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    Hosts:
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe
    HKU\S-1-5-21-204561738-2348009981-1700843845-1000\...\MountPoints2: F - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-204561738-2348009981-1700843845-1000\...\MountPoints2: {4b43c775-b73d-11e6-bee9-c80aa935ef01} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-204561738-2348009981-1700843845-1000\...\MountPoints2: {4b43c77d-b73d-11e6-bee9-c80aa935ef01} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-204561738-2348009981-1700843845-1000\...\MountPoints2: {8a8d6978-b443-11e5-a763-c80aa935ef01} - G:\setup.exe
    HKU\S-1-5-21-204561738-2348009981-1700843845-1000\...\MountPoints2: {9391287e-efbd-11e6-8621-c80aa935ef01} - F:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-204561738-2348009981-1700843845-1000\...\MountPoints2: {9fcd5d74-3240-11e5-bc02-c80aa935ef01} - F:\AutoRun.exe
    HKU\S-1-5-21-204561738-2348009981-1700843845-1000\...\MountPoints2: {9fcd5d83-3240-11e5-bc02-c80aa935ef01} - F:\AutoRun.exe
    HKU\S-1-5-21-204561738-2348009981-1700843845-1000\...\MountPoints2: {fe45f676-8ca1-11e6-b5a6-c80aa935ef01} - F:\HiSuiteDownLoader.exe
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe (McAfee, Inc.)




    Startup: C:\Users\ania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2016-08-28]
    ShortcutTarget: IMVU.lnk -> C:\Users\ania\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (Brak pliku)
    HKU\S-1-5-21-204561738-2348009981-1700843845-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...VXnC9JBvG5uxYwNSL1l5t7sdYjOO1wPg2zqllh&q={searchTerms}
    HKU\S-1-5-21-204561738-2348009981-1700843845-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...NdCQZUhZMDqNEKwXu43LYa5mvxGlQcFMOnZ7K8TL7LTVG
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-204561738-2348009981-1700843845-1000 -> DefaultScope {ielnksrch} URL =
    FF NewTab: Mozilla\Firefox\Profiles\et5zh0x0.default -> C:\\ProgramData\\BluetoothPoints\\ff.NT
    FF Homepage: Mozilla\Firefox\Profiles\et5zh0x0.default -> C:\\ProgramData\\BluetoothPoints\\ff.HP
    CHR Extension: (Aktualizacja Dodatku Flash) - C:\Users\ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohcihhakdfghdfcaopijkdhhkpgjbii [2016-09-17]
    CHR Extension: (Fullscreen everything) - C:\Users\ania\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmbljpblmmifajdfdheomofaeocncjca [2017-04-24]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe [404376 2017-04-18] (McAfee, Inc.)
    S3 cpuz134; \??\C:\Users\ania\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== UWAGA
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2017-05-29 17:40 - 2017-05-29 17:40 - 00368128 _____ C:\Users\ania\Downloads\FRST64.1496072412399.msi
    2017-05-29 17:40 - 2017-05-29 17:40 - 00368128 _____ C:\Users\ania\Downloads\FRST64.1496072412399 (1).msi
    2017-05-26 21:55 - 2017-05-26 21:55 - 00368128 _____ C:\Users\ania\Downloads\WwIEUSBDCRO2Y0CrG1HTnVk7Nl.msi
    2017-05-26 13:33 - 2017-05-26 13:33 - 00368128 _____ C:\Users\ania\Downloads\chrome_cleanup_tool.1495798393738.msi
    2017-05-04 18:36 - 2017-05-04 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2017-05-04 18:35 - 2017-05-04 18:35 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2017-04-30 12:52 - 2017-04-30 12:52 - 00366080 _____ C:\Users\ania\Downloads\chrome_cleanup_tool.1493549534595.msi
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    PS. Nie sciagaj programow ze stron oferujacych wlasne menadzery pobierania.

    0