Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o sprawdzenie FRST, Addition (PUP.Optional.Legacy PUP.Bit.Coin.Miner)

grubounce 26 Mar 2018 15:27 351 1
  • #2 26 Mar 2018 16:27
    Kolobos
    Spec od komputerów

    W Chrome zgraj zakladki, profil przegladarki zostanie usuniety.

    Odinstaluj:
    Google Toolbar for Internet Explorer
    McAfee Security Scan Plus
    Chrome

    Wykonaj Fixlist.txt dla FRST:
    Task: {288C1E60-16C8-41C5-BD6B-8E9D522F7926} - \{0C7D0947-040A-7D05-0B11-090D7A04110E} -> Brak pliku <==== UWAGA
    Task: {932D697A-D6DC-4132-B21F-D6E06D0FB670} - System32\Tasks\fXiwFEZbDaz2 => fxiwfezbdaz2.exe <==== UWAGA
    Task: {BAD1B505-1A9A-4841-A9D4-1DFB4570D2A8} - \Browse -> Brak pliku <==== UWAGA
    Task: {C6DA251A-5867-4F34-B32A-D35ABDE7ED4C} - System32\Tasks\cmdsrv => C:\Browse\cmdsrvs.exe [2018-03-13] (Secrypt Inc.)
    (Secrypt Inc.) C:\Browse\cmdsrvs.exe
    (Secrypt Inc.) C:\Browse\cmdsrvs.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.690\SSScheduler.exe
    (www.xmrig.com) C:\Users\Poitr\AppData\Local\Temp\xmrig.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    ShellExecuteHooks: Brak nazwy - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - C:\Windows\System32\mcicda64.dll [904704 2018-03-13] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-03-04]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.690\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    Tcpip\..\Interfaces\{87EE1363-0883-4F68-A7E7-A55A264A4BEB}: [NameServer] 82.163.142.8,95.211.158.136
    HKU\S-1-5-21-3096948118-1346271336-3541701988-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...mfKnCGsh_2yB9XLNEzbU_SALIVKGm0wxO-IXE,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2018-02-07] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2018-02-07] (Google Inc.)
    C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi




    FF Extension: (__MSG_appName__) - C:\Program Files\Mozilla Firefox\browser\features\{A5FD4672-4D73-4F90-A1C0-2ABD39DB2565}.xpi [2018-03-21] [Brak podpisu cyfrowego]
    C:\Users\Poitr\AppData\Local\Google\Chrome\User Data\Default
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.690\McCHSvc.exe [405400 2018-02-19] (McAfee, Inc.)
    S2 fXiwFEZbDaz2 Updater; C:\Program Files (x86)\fXiwFEZbDaz2 Updater\fXiwFEZbDaz2 Updater.exe [X]
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    2018-03-21 14:16 - 2018-03-21 14:56 - 000000000 ____D C:\AdwCleaner
    2018-03-21 12:13 - 2018-03-21 12:13 - 000000000 ____D C:\Program Files\YVFRPFPXKL
    2018-03-21 12:12 - 2018-03-21 12:54 - 000000000 ____D C:\Users\Poitr\AppData\Roaming\yzni4eji40e
    2018-03-21 12:12 - 2018-03-21 12:54 - 000000000 ____D C:\Users\Poitr\AppData\Roaming\mldtipza2uv
    2018-03-21 12:12 - 2018-03-21 12:54 - 000000000 ____D C:\Users\Poitr\AppData\Roaming\d3g1idmhvch
    2018-03-21 12:12 - 2018-03-21 12:18 - 000000000 ____D C:\Program Files\6XFKXCZLP4
    2018-03-21 12:11 - 2018-03-21 12:54 - 000000000 ____D C:\Users\Poitr\AppData\Roaming\hcdf0jqkqbu
    2018-03-21 12:11 - 2018-03-21 12:18 - 000000000 ____D C:\Program Files\I9HY78IOMM
    2018-03-21 12:11 - 2018-03-21 12:17 - 000000000 ____D C:\ProgramData\a0130dcff6
    2018-03-21 12:11 - 2018-03-21 12:12 - 000000266 __RSH C:\ProgramData\ntuser.pol
    2018-03-21 12:11 - 2018-03-21 12:11 - 000000000 ____D C:\Program Files\My Program
    2018-03-21 12:11 - 2018-03-13 06:19 - 000904704 ____N C:\Windows\system32\mcicda64.dll
    2018-03-21 12:10 - 2018-03-21 12:56 - 000000000 ____D C:\Program Files (x86)\foldershare
    2018-03-21 12:10 - 2018-03-21 12:54 - 000000000 ____D C:\Users\Poitr\AppData\Roaming\dacux1eqxey
    2018-03-21 12:10 - 2018-03-21 12:35 - 000000000 ____D C:\Users\Poitr\AppData\Roaming\237a8b7050894a428629806462859219
    2018-03-21 12:10 - 2018-03-21 12:35 - 000000000 ____D C:\Users\Poitr\AppData\Local\f5472a4c96b74c808d33c85ee82b0e28
    2018-03-21 12:10 - 2018-03-21 12:35 - 000000000 ____D C:\Users\Poitr\AppData\Local\7ad9efcc6f8f48c68c3efb3e24dc42f1
    2018-03-21 12:10 - 2018-03-21 12:35 - 000000000 ____D C:\ProgramData\9f7c132d164047e9825d39ab402a7091
    2018-03-21 12:10 - 2018-03-21 12:35 - 000000000 ____D C:\ProgramData\912db06ad9764722b2183ad2741171ed
    2018-03-21 12:10 - 2018-03-21 12:18 - 000000000 ____D C:\Browse
    2018-03-21 12:10 - 2018-03-21 12:18 - 000000000 ____D C:\Applications
    2018-03-21 12:10 - 2018-03-21 12:17 - 000000000 ____D C:\Program Files (x86)\xml
    2018-03-21 12:10 - 2018-03-21 12:16 - 000000000 ____D C:\Program Files\OWQT2OAD63
    2018-03-21 12:10 - 2018-03-21 12:15 - 000000000 ____D C:\Program Files (x86)\fXiwFEZbDaz2
    2018-03-21 12:10 - 2018-03-21 12:10 - 000021540 _____ C:\Windows\System32\Tasks\fXiwFEZbDaz2
    2018-03-21 12:10 - 2018-03-21 12:10 - 000003244 _____ C:\Windows\System32\Tasks\cmdsrv
    2018-03-21 12:09 - 2018-03-21 12:09 - 007594496 _____ C:\Users\Poitr\AppData\Local\agent.dat
    2018-03-21 12:09 - 2018-03-21 12:09 - 001986485 _____ C:\Users\Poitr\AppData\Local\Lamex.tst
    2018-03-21 12:09 - 2018-03-21 12:09 - 000140800 _____ C:\Users\Poitr\AppData\Local\installer.dat
    2018-03-21 12:09 - 2018-03-21 12:09 - 000126464 _____ C:\Users\Poitr\AppData\Local\noah.dat
    2018-03-21 12:09 - 2018-03-21 12:09 - 000070896 _____ C:\Users\Poitr\AppData\Local\Config.xml
    2018-03-21 12:09 - 2018-03-21 12:09 - 000005568 _____ C:\Users\Poitr\AppData\Local\md.xml
    2018-03-04 20:55 - 2018-03-21 11:38 - 000000000 ____D C:\ProgramData\McAfee Security Scan
    2018-03-04 20:55 - 2018-03-04 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2018-03-01 13:41 - 2018-03-01 13:43 - 000001282 _____ C:\Users\Poitr\Desktop\Continue WinRAR installation.lnk
    2018-02-19 21:24 - 2018-03-04 20:55 - 000000000 ____D C:\Program Files\McAfee Security Scan
    2018-02-19 20:54 - 2018-03-04 20:55 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2018-02-19 20:53 - 2018-02-19 20:53 - 000000000 ____D C:\ProgramData\McAfee
    2018-03-21 12:09 - 2018-03-21 12:09 - 007594496 _____ () C:\Users\Poitr\AppData\Local\agent.dat
    2018-03-21 12:09 - 2018-03-21 12:09 - 000070896 _____ () C:\Users\Poitr\AppData\Local\Config.xml
    2018-03-21 12:09 - 2018-03-21 12:09 - 000140800 _____ () C:\Users\Poitr\AppData\Local\installer.dat
    2018-03-21 12:09 - 2018-03-21 12:09 - 001986485 _____ () C:\Users\Poitr\AppData\Local\Lamex.tst
    2018-03-21 12:09 - 2018-03-21 12:09 - 000005568 _____ () C:\Users\Poitr\AppData\Local\md.xml
    2018-03-21 12:09 - 2018-03-21 12:09 - 000126464 _____ () C:\Users\Poitr\AppData\Local\noah.dat
    2018-03-21 12:09 - 2018-03-21 12:09 - 000032038 _____ () C:\Users\Poitr\AppData\Local\uninstall_temp.ico
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Zainstaluj Chrome ponownie, jezeli synchronizujesz ustawienia Chrome z konta google to usun rowniez dane synchronizacji z konta.

    0