Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Komputer mocno spowolnił, podejrzenie o keyloggera, analiza FRST

natala258 23 Lip 2017 20:44 357 1
  • #2 23 Lip 2017 20:57
    Kolobos
    Spec od komputerów

    Odinstaluj: ByteFence Anti-Malware

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {2540ECCC-D689-42EE-929F-E13733505821} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {2AC1426F-A099-4150-99C5-FF2F74B991FF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {2F20D893-C4EE-4702-A419-D9176ED16F34} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {3C52AC3C-7C9F-485A-BEDE-B3D766C61E37} - System32\Tasks\{3041DA1F-D5F1-495E-8E20-4946C6054355} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Return to Castle Wolfenstein\WolfMP.exe" -d "C:\Program Files (x86)\Return to Castle Wolfenstein"
    Task: {3F6551B4-21FB-490C-A0C1-274B5713661E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {40B89254-B667-4C0B-B0C3-23706D6984B0} - System32\Tasks\{2B538505-6B0B-4867-AC84-9EB2856D82BB} => C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
    Task: {4D0CBB24-065E-485E-88B2-4C6A689D1598} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {4D6CE3C7-8340-4DC7-8F0E-C21382DC3CAF} - System32\Tasks\{48068955-8F03-4531-9C1A-3BDB202F7FCA} => C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
    Task: {50397F29-938D-45C2-B3F2-F473479DDBDB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {58B2E401-5670-437C-8142-A9A87735DE24} - System32\Tasks\{04C146C2-8F41-4641-8593-264FF916BD1C} => C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
    Task: {5E115F8D-54F8-437F-B19D-9CA7CB36700B} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2017-06-20] (Byte Technologies LLC) <==== UWAGA
    Task: {5EE75EFB-5212-416C-8780-EB86A4FA5204} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {6B6E65A5-4B11-43B3-8BEE-64C2BF30A42C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: {86CEC99C-6FB9-4A6C-A15D-BC1AA5F748C6} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-06-20] (Byte Technologies LLC) <==== UWAGA
    Task: {8E41107D-700B-4584-9E5D-52D8BB44076E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {A9B9A525-025A-4986-847F-10841FBD29A0} - System32\Tasks\{547BD0CA-8184-49A2-90B4-A26359D8D1F8} => C:\WINDOWS\system32\pcalua.exe -a C:\Users\Natalia\Desktop\Wolfensztajn\AUTORUN.EXE -d C:\Users\Natalia\Desktop\Wolfensztajn
    Task: {AF1198C1-19D9-4BE9-A175-33A8326B2DB6} - System32\Tasks\{1024528E-33F7-43F0-B306-D0CBCB6A8273} => C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
    Task: {AF6C5C17-49CB-4F59-9FA0-D12E36720AF1} - System32\Tasks\{BF011B60-6A8A-4E3B-86F9-DFCF8FCF2562} => C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe




    Task: {BA7516BF-4EF3-4679-BDB7-3C08939A82F1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {C2DA3DA5-E047-4539-BB41-FDE8BEFD5C78} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {C69F274F-56F6-4905-8152-D3BEBC5CEF36} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {D3C54E86-8EE4-447C-B620-923A100FE815} - System32\Tasks\{62049C4B-1A1C-D1BD-C043-1A7981D91447} => C:\Users\Natalia\AppData\Roaming\{62049~1\PRICEF~1.EXE [2013-04-23] () <==== UWAGA
    Task: {F4C4F61C-21CE-419B-B48B-9AC59E587FE1} - System32\Tasks\NataliaLaunchingsBefallsV2 => rundll32.exe ReenlistmentCamisole.dll,main 7 1 <==== UWAGA
    Task: C:\WINDOWS\Tasks\{62049C4B-1A1C-D1BD-C043-1A7981D91447}.job => C:\Users\Natalia\AppData\Roaming\{62049~1\PRICEF~1.EXE <==== UWAGA
    2017-07-14 19:03 - 2017-07-14 19:03 - 00304456 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    2017-07-14 19:03 - 2017-07-14 19:03 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    2016-05-25 14:38 - 2016-05-25 14:38 - 00129304 _____ () C:\Program Files\ByteFence\x64\lz4_x64.dll
    2017-03-07 20:18 - 2017-03-07 20:18 - 00582936 _____ () C:\Program Files\ByteFence\rsLggr.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
    () C:\Program Files\ByteFence\rsLggr.exe
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-56130942-3157337459-351354181-1003\...\MountPoints2: {752c7367-70bb-11e4-a8b3-0026b6d758be} - "F:\setup.exe"
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-56130942-3157337459-351354181-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    FF NewTab: Mozilla\Firefox\Profiles\eqqld9h8.default -> hxxps://www.amazon.com/gp/bit/amazonserp/ref=...nnel-17_e5a76549_1201_1403_20161203_PL_ff_nt_
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\eqqld9h8.default -> Amazon
    FF Extension: (Amazon Assistant for Firefox) - C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\eqqld9h8.default\Extensions\abb@amazon.com.xpi [2017-07-01]
    OPR Extension: (360 Internet Protection) - C:\Users\Natalia\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-06-21]
    R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [147424 2017-06-20] (Byte Technologies LLC)
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-07-14] ()
    2017-07-14 19:03 - 2017-07-14 19:03 - 00000000 ____D C:\ProgramData\ByteFence
    2017-07-14 01:24 - 2017-07-23 20:35 - 00000000 ____D C:\Program Files\ByteFence
    2017-07-14 01:24 - 2017-07-14 01:24 - 07103688 _____ (Byte Technologies LLC) C:\Users\Natalia\AppData\Roaming\Tedasi.exe
    2017-07-14 01:24 - 2017-07-14 01:24 - 00003540 _____ C:\WINDOWS\System32\Tasks\ByteFence Scan
    2017-07-14 01:24 - 2017-07-14 01:24 - 00003426 _____ C:\WINDOWS\System32\Tasks\ByteFence
    2017-07-14 01:24 - 2017-07-14 01:24 - 00001094 _____ C:\Users\Natalia\Desktop\ByteFence Anti-Malware.lnk
    2017-07-14 01:24 - 2017-07-14 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    C:\Windows\Tasks\{62049C4B-1A1C-D1BD-C043-1A7981D91447}.job
    EmptyTemp:


    Po wykonaniu usun katalog C:\FRST.

    Nie ma tutaj keyloggerow, tylko szkodliwy ByteFence.

    0