Infekcja FileRepMetagen

Witam.

 

Od niedawna Avast zaczął wykrywać co jakiś czas wirusa FileRepMetagen. Nie wiem jak bardzo może to zaszkodzić, więc proszę o pomoc. Logi w załączniku.

OTL.Txt

Extras.Txt

http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowiązkowy-t478727/

FRST: http://www.wklej.org/id/1746773/

Addition: http://www.wklej.org/id/1746774/

Shortcut: http://www.wklej.org/id/1746775/

Odinstaluj ASUS WebStorage Sync Agent.Otwórz notatnik systemowy i wklej:

CloseProcesses:
Task: {8AC7C833-80EA-46D8-9F05-130DF4F82C69} - System32\Tasks\{2762581C-49A0-4718-94F4-FE50423F1506} => pcalua.exe -a "C:\Program Files (x86)\BonanzaDeals\uninst.exe" -c /uninstall
Task: {A871A72A-E70D-4DAD-98F2-B34281360ACC} - System32\Tasks\{54D11474-367F-4C0B-A0CC-E86F25BFA303} => Firefox.exe http://ui.skype.com/ui/0/6.16.60.105/pl/abandoninstall?page=tsMain
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKU\S-1-5-21-3521157769-3517004250-149364021-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\inosek\AppData\Local\Akamai\netsession_win.exe"
ShellIconOverlayIdentifiers: [SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3521157769-3517004250-149364021-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {f439aa7e-a2a0-4635-99a2-164180e848ca} -> No File
S2 McSchedulerSvc; "C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 dump_wmimmc; \\D:\Program Files\Webzen\FlyFF\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \\C:\WINDOWS\xhunter1.sys [X]
2015-06-05 17:54 - 2015-06-25 21:33 - 00000000 ____ D C:\AdwCleaner
2015-06-05 17:12 - 2015-06-05 17:12 - 00003140 _____ C:\WINDOWS\System32\Tasks\{0AB4DC6C-1A78-46B7-8D3E-1146B05530F6}
C:\ProgramData\hash.dat
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Dziękuje za pomoc, wszystko gra. Zrobić coś jeszcze po tym? (pytam się dla pewności)

Skasuj folder C:\FRST