Gangnamgamenet robak

XLeonard · 20 Wrzesień 2015 18:06

(gangnamgamenet robak)

Przy każdym uruchamianiu komputera włącza się przeglądarka ze stroną w tytule (przeglądarka pale moon na bazie firefox). Ponadto niektóre programy nie chcą się uruchamiać np ccleaner 3.24.

Moje logi FRST:

FRST:

http://www.wklej.org/hash/44e8cb20c0c/

Addition:

http://www.wklej.org/hash/45d60700a48/

Shortcut:

http://www.wklej.org/hash/7fb404b9826/

Bardzo proszę o pomoc w rozwiązaniu problemu.

Pozdrawiam.

Atis · 20 Wrzesień 2015 18:49

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [CMD] => cmd.exe /c start http://gangnamgame.org && exit
IFEO\adwcleaner_5.005.exe: [Debugger] svchost.exe
IFEO\AnVir.exe: [Debugger] svchost.exe
IFEO\AutoLogger.exe: [Debugger] svchost.exe
IFEO\avz.exe: [Debugger] svchost.exe
IFEO\CCleaner.exe: [Debugger] svchost.exe
IFEO\CCleaner64.exe: [Debugger] svchost.exe
IFEO\deleter.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\AutoReactivator.exe
IFEO\FRST.exe: [Debugger] svchost.exe
IFEO\FRST64.exe: [Debugger] svchost.exe
IFEO\HiJackThis.exe: [Debugger] svchost.exe
IFEO\mbam.exe: [Debugger] svchost.exe
IFEO\regedit.exe: [Debugger] svchost.exe
IFEO\RegWorks.exe: [Debugger] svchost.exe
IFEO\RSIT.exe: [Debugger] svchost.exe
IFEO\RSITx64.exe: [Debugger] svchost.exe
IFEO\vnetlib.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\AutoReactivator.exe
IFEO\vnetlib64.exe: [Debugger] C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate 7\AutoReactivator.exe
ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Brak pliku []
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => Brak pliku
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => Brak pliku
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => Brak pliku
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => Brak pliku
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => Brak pliku
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
S2 EvtEng; Brak ImagePath
S3 ICCS; Brak ImagePath
S2 Intel(R) Capability Licensing Service Interface; Brak ImagePath
S2 LMS; Brak ImagePath
S3 MyWiFiDHCPDNS; Brak ImagePath
S2 PCToolsFirewallPlus; Brak ImagePath
S2 UNS; Brak ImagePath
S3 ZAtheros Bt&Wlan Coex Agent; Brak ImagePath
S3 btwampfl; Brak ImagePath
S3 GPUZ; Brak ImagePath
S3 RegFilter; Brak ImagePath
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
2015-07-17 19:00 - 2015-07-17 19:00 - 0000016 _____ () C:\ProgramData\mntemp
Task: {09CBBDB5-635A-4A6F-BC55-A4591078E2C0} - System32\Tasks\{9DCF1039-EF9C-4C77-9721-C81BA9FC9526} => pcalua.exe -a C:\Users\Administrator\Desktop\0mch07ww.exe -d C:\Users\Administrator\Desktop
Task: {0EF65CDE-9FF9-47ED-977F-BD2087D9C918} - System32\Tasks\{B85163E9-3D1D-4961-A317-6976152E1762} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.18.0.106&amp;LastError=12002
Task: {162A9065-B0AF-4497-8A19-D1728D3524D1} - System32\Tasks\{E1FF7EBD-F117-47E5-9503-8080F3A8F2B9} => H:\Windows 7\11. Bluetooth\Setup.exe
Task: {165695BE-396A-48B1-91DF-DA37B3089CAF} - System32\Tasks\AVG_SYS_TASK_0415avi_DELETE => C:\ProgramData\Avg_Update_0415avi\AVG-Secure-Search-Update_0415avi.exe
Task: {21991B84-53BA-416B-9BBA-B4A10E06649B} - System32\Tasks\{957360D3-B43A-4C36-A190-BD068A06FF53} => C:\Users\Jerzy\Desktop\Seven Kingdoms Conquest PC ( RIP SKOMPRESOWANA )\Seven Kingdoms Conquest\Seven Kingdoms Conquest.exe
Task: {31815A92-6505-40CC-823B-7FB234AE4A48} - System32\Tasks\{4486180C-294F-4357-8C3D-32EC1C7E69F7} => F:\SEMESTR 3\druty LAB\1\TA_LAB_4_1\Fourier1\Cw5.exe
Task: {4652D409-C90C-4E59-AEAB-8EEA48F8E1B5} - System32\Tasks\{E1C69D2A-1415-4853-99C7-E499EF57CEEA} => F:\SEMESTR 3\druty LAB\1\TA_LAB_4_1\Fourier1\Cw5.exe
Task: {530D95C5-03BC-426D-82B8-4EF1B1691801} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: {585ABAF9-FC8B-44B8-AFA0-AC24A623E968} - System32\Tasks\{1A3426AB-E455-420A-81E4-11A1AE3E492F} => F:\SEMESTR 3\druty LAB\1\TA_LAB_4_1\Fourier1\Cw5.exe
Task: {5B06EF73-4529-4FAD-8A26-27BE627B431A} - System32\Tasks\{92853F31-76BA-415C-8064-F05296AF7D33} => F:\SEMESTR 3\druty LAB\1\TA_LAB_4_1\Fourier1\Cw5.exe
Task: {602B247F-020C-4757-A020-4E52BDD63F04} - System32\Tasks\{526D7F2F-7AD3-4D9B-8913-B5B9084E72E0} => F:\SEMESTR 3\druty LAB\1\TA_LAB_4_1\Fourier1\Cw5.exe
Task: {6985521E-03B3-4739-B1B9-47BB53430BAC} - System32\Tasks\{71DFAAB6-D377-492C-B1DF-58C6AD9A1ED7} => F:\SEMESTR 3\druty LAB\1\TA_LAB_4_1\Fourier1\Cw5.exe
Task: {6E89A071-9197-4FB1-B92C-5BE8A660134A} - System32\Tasks\{AA830D28-A46E-4B9B-B42D-FAAF392A7B36} => F:\SEMESTR 3\druty LAB\1\TA_LAB_4_1\Fourier1\Cw5.exe
Task: {765B8CD7-19F6-404B-87CC-96EECFF7A2A9} - System32\Tasks\{43D744E5-CFC5-4488-B087-5879C2FEF4B4} => D:\PROGRAM FILES\InvisibleInc\invisibleinc.exe
Task: {7ACAD6E6-CFB0-40D8-8623-AA480E67719C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: {7AE588B9-677C-4D67-8615-435AD19C345E} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{d9b6fb02-16a9-6d45-d9b6-6fb0216aec08}\battle.vs Chess skidrow keygen.exe <==== UWAGA
Task: {8087F563-A34E-46AC-8C47-51AF17B1F932} - System32\Tasks\{B2E87471-5EB3-48E9-B384-92C547C63008} => D:\PROGRAM FILES\InvisibleInc\invisibleinc.exe
Task: {862DD194-C7CE-43CF-BB73-6CF1C412F827} - System32\Tasks\{FF9BC02F-A303-4ED7-BADF-4280B922078B} => pcalua.exe -a "C:\Users\Jerzy\Downloads\DARK SOULS II\Nokia_PC_Suite_pol_web.exe" -d "C:\Users\Jerzy\Downloads\DARK SOULS II"
Task: {92319A1A-BADA-4B80-97A0-7DED31EFDAEB} - System32\Tasks\{53349C1B-34B5-4B19-931D-8A4825B78AD6} => pcalua.exe -a "D:\PROGRAM FILES\Assassin's Creed Rogue\GDFInstall.exe" -d "D:\PROGRAM FILES\Assassin's Creed Rogue"
Task: {95CBCF3D-A188-4FD4-BB44-1DFBD016138E} - System32\Tasks\{EF2A2B7C-93A3-4DDF-9C18-F3883E293E29} => E:\PLIKI PROGRAMÓW\Black_Box\Assassins Creed - Revelations\ACRSP.exe
Task: {98DF4C3E-528A-4491-B84D-F23F1331758D} - System32\Tasks\{7A09403D-08AC-4570-BB96-2270B30DB2F4} => pcalua.exe -a "C:\Users\Jerzy\Downloads\Czwórniki SPR\0mbt12ww.exe" -d "C:\Users\Jerzy\Downloads\Czwórniki SPR"
Task: {A4459E34-1DB7-4147-B7CE-478BC1E79632} - System32\Tasks\{8BD0BD55-88D6-401B-B398-1E7CEA7234F6} => F:\SEMESTR 3\druty LAB\1\TA_LAB_4_1\Fourier1\Cw5.exe
Task: {A94299A2-7511-484E-BC78-A1B90005E1F5} - System32\Tasks\{6013FB33-FD90-4546-B3B3-23B8844A642A} => pcalua.exe -a H:\setup.exe -d H:\
Task: {B23067EF-1A46-48F9-B605-6F5902547847} - System32\Tasks\{1D1F077B-3607-45E2-BB41-74FBF77AB8AE} => E:\PLIKI PROGRAMÓW\Assassins Creed - Revelations\AssassinsCreedRevelations.exe
Task: {B94A05C0-8788-4F90-8F26-E5B18DCF623B} - System32\Tasks\DareToTravel => c:\programdata\{a6cd0434-1bb3-1db6-a6cd-d04341bb10d0}\murgee auto mouse clicker v3.0 crack.exe <==== UWAGA
Task: {CBCF6857-9F07-4F50-B340-37F51923D2E3} - System32\Tasks\{4DDDC95B-7D58-4B22-AF91-BE43254F8E59} => E:\PLIKI PROGRAMÓW\Assassins Creed - Revelations\AssassinsCreedRevelations.exe
Task: {DE17B4FB-D889-4BD2-8B7C-15723765C18F} - System32\Tasks\{46457787-8AB9-49B0-928E-DDBAC8C3B403} => C:\Users\Jerzy\Desktop\Seven Kingdoms Conquest PC ( RIP SKOMPRESOWANA )\Seven Kingdoms Conquest\Seven Kingdoms Conquest.exe
Task: {E86BBCFA-034B-4AE2-A7A8-BEF4E8BF7295} - System32\Tasks\{F8D132F8-474C-4574-A696-BB067F1C4E80} => E:\PLIKI PROGRAMÓW\Black_Box\Assassins Creed - Revelations\ACRSP.exe
Task: {F09ED1CB-3CE5-44F5-8EE7-D274428B6C5D} - System32\Tasks\AVG_SYS_TASK_0415avi => C:\ProgramData\Avg_Update_0415avi\AVG-Secure-Search-Update_0415avi.exe
Task: {F0C185E0-6977-4F50-B137-218B902B277C} - System32\Tasks\{5A264DED-2BA6-4941-8677-8B22D726BED1} => F:\SEMESTR 3\druty LAB\1\TA_LAB_4_1\Fourier1\Cw5.exe
Task: {F229F51F-0BE8-4BDE-B1C1-C58056CF3B7A} - System32\Tasks\{20A69566-DDE9-4E92-BE80-D045910BDFC0} => pcalua.exe -a C:\Users\Jerzy\Desktop\7w_nxp_03\setup.exe -d C:\Users\Jerzy\Desktop\7w_nxp_03
Task: {F99EAAA7-E45D-4C46-B798-B6655E8970A8} - System32\Tasks\EasyReduce => c:\programdata\{aceec79a-efd8-6f5a-acee-ec79aefd1e6b}\internet download manager universal crack is here ! [fixed .exe <==== UWAGA
Task: {FA530B92-42C7-4057-BF5F-3D5DE7D3FBA6} - System32\Tasks\{526CDC78-D961-4AD1-85C6-F2432A29D5D6} => pcalua.exe -a C:\Users\Jerzy\Downloads\setup_gx.exe -d C:\Users\Jerzy\Downloads
Task: {FC55D675-C539-473F-B14A-FCAB012BC69A} - System32\Tasks\{D8C947A5-C102-4015-B519-174C3EAC341B} => Chrome.exe http://ui.skype.com/ui/0/6.20.80.104/pl/abandoninstall?page=tsProgressBar
Task: {FC7F2045-D210-460A-ACF0-13BAF12056F3} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{25b1eede-da96-e7cd-25b1-1eededa9bb7b}\intouchables_2011_french_dvdrip_xvid-fantome.exe <==== UWAGA
Task: C:\Windows\Tasks\AVG_SYS_TASK_0415avi_DELETE.job => C:\ProgramData\Avg_Update_0415avi\AVG-Secure-Search-Update_0415avi.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{d9b6fb02-16a9-6d45-d9b6-6fb0216aec08}\battle.vs Chess skidrow keygen.exe <==== UWAGA
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{25b1eede-da96-e7cd-25b1-1eededa9bb7b}\intouchables_2011_french_dvdrip_xvid-fantome.exe <==== UWAGA
Task: C:\Windows\Tasks\DareToTravel.job => c:\programdata\{a6cd0434-1bb3-1db6-a6cd-d04341bb10d0}\murgee auto mouse clicker v3.0 crack.exe <==== UWAGA
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

XLeonard · 20 Wrzesień 2015 19:15

Plik fixlog:

Atis · 20 Wrzesień 2015 19:42

Odinstaluj Advanced i IObit Malware Fighter 3.

Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Odinstaluj:

Adobe Flash Player 12 ActiveX

Adobe Shockwave Player

J2SE Runtime Environment 5.0 Update 4

Java 7 Update 51

Microsoft Silverlight

Zainstaluj:

Flash Player 18.0.0.232 ActiveX

Java 8 Update 60

Silverlight 5.1.40728.0

Internet Explorer 11

XLeonard · 20 Wrzesień 2015 21:17

Ok Wielkie Dzięki zrobiłem zgodnie z tym co napisałeś zostało jeszcze poczekać na wyniki skanowania - trochę to potrwa. Dam znać pewnie dopiero jutro.