Infekcja komputera

TajemnikTV · 1 Listopad 2015 13:17

Cześć,

Po prostu chciałbym wiedzieć czy są jakieś wirusy, a jeżeli są to jak je usunąć.

Atis · 1 Listopad 2015 15:29

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-1196804337-2449906683-3474660398-1001\...\RunOnce: [Uninstall C:\Users\Kontrabasik\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kontrabasik\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKU\.DEFAULT - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKU\.DEFAULT - {C55E0B38-7FF7-42BD-92E3-F61F4C97BF15} URL =
SearchScopes: HKU\S-1-5-21-1196804337-2449906683-3474660398-1001 - DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL =
SearchScopes: HKU\S-1-5-21-1196804337-2449906683-3474660398-1001 - {C55E0B38-7FF7-42BD-92E3-F61F4C97BF15} URL =
FF DefaultSearchUrl: hxxp://go.speedbit.com/search.aspx?s=F78bq=
FF SearchEngineOrder.1: Speedbit Search
FF SelectedSearchEngine: Speedbit Search
FF Keyword.URL: hxxp://go.speedbit.com/search.aspx?site=shdefaultpid=sshr=dq={searchTerms}
CHR HomePage: Default - hxxp://www.oursurfing.com/?type=hpts=1440263708z=1b93f8bde97950acc80d125gezaz0e5o0qcc1m8edmfrom=amtuid=ST500DM002-1BD142_S2AVCDYWXXXXS2AVCDYW
CHR DefaultSearchURL: Default - hxxp://www.oursurfing.com/web/?type=dsts=1440263708z=1b93f8bde97950acc80d125gezaz0e5o0qcc1m8edmfrom=amtuid=ST500DM002-1BD142_S2AVCDYWXXXXS2AVCDYWq={searchTerms}
CHR DefaultSearchKeyword: Default - oursurfing
CHR DefaultSuggestURL: Default - hxxp://api.searchpredict.com/api/?rqtype=ffpluginsiteID=8661dbCode=1command={searchTerms}
S3 SBUpdd; C:\Program Files\Common Files\SpeedBit\SBUpdate\sbw.sys [41568 2015-04-14] ()
S3 cleanhlp; \??\D:\EEK\bin\cleanhlp64.sys [X]
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S1 ESProtectionDriver; \??\D:\Malwarebytes Anti-Exploit\mbae64.sys [X]
2015-10-22 14:38 - 2015-10-22 14:38 - 00000000 __HDC C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1}
2015-10-01 13:58 - 2015-10-03 13:08 - 0000424 _____ () C:\Users\Kontrabasik\AppData\Local\UserProducts.xml
C:\ProgramData\*.log
C:\Program Files\Common Files\SpeedBit
C:\ProgramData\SpeedBit
Task: {2CE8E704-CE8C-4C88-9257-410285451612} - System32\Tasks\{EF2BF82A-5511-4EBE-9231-88AF70D2A857} = pcalua.exe -a "D:\yHE sIMS hISTORIE Z bEZLUDNEJ wYSPY\TSBin\PackageInstaller.exe" -d "D:\yHE sIMS hISTORIE Z bEZLUDNEJ wYSPY\TSBin"
Task: {35040B4A-803D-4824-90E3-4717FC0300EF} - System32\Tasks\{617078D0-100B-43F9-B5DD-853CF4D43B84} = pcalua.exe -a "D:\CS 1.6\Uninstal.exe"
Task: {3F2EEA24-E112-479C-A2D9-D3CBFD7C9018} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent - Brak pliku ==== UWAGA
Task: {4755963A-5E87-4771-A5DA-BFA7755E4010} - System32\Tasks\SBW_UpdateTask_Time_313432323139363234382d3437415a556c2a3223346c41 = Wscript.exe //B "C:\ProgramData\SpeedBit\sbhe.js" sbu.exe /invoke /f:check_services /l:0
Task: {4F6FF007-7A6A-4D16-9061-AA46817D7CDD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d - Brak pliku ==== UWAGA
Task: {5ACB0C8C-2920-42E1-8080-3FE489863199} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d - Brak pliku ==== UWAGA
Task: {65576E5F-4E51-4B6C-8351-62A3402DF65D} - System32\Tasks\{A4F9326D-08F9-40AE-A656-7AB1F7395539} = pcalua.exe -a "C:\Program Files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe" -c /uninstall
Task: {6E854543-4A25-4331-8F44-B7B0E09EF761} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig - Brak pliku ==== UWAGA
Task: {7A7D582A-EADA-4881-ABEF-4EB0F28CDF66} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d - Brak pliku ==== UWAGA
Task: {898B8547-7EC2-41BC-B69C-2C609F536E3A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent - Brak pliku ==== UWAGA
Task: {8F4CBB3B-C6DF-412B-ABA6-92CB1C208E73} - System32\Tasks\{567930FA-525F-47D6-9520-A5FF1DFE02FE} = pcalua.exe -a "D:\yHE sIMS hISTORIE Z bEZLUDNEJ wYSPY\SimsCS_Uninst.exe" -d "D:\yHE sIMS hISTORIE Z bEZLUDNEJ wYSPY"
Task: {A0B71672-BA7F-441F-94DE-FF928F9FE6FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess - Brak pliku ==== UWAGA
Task: {A5D8D71C-5D35-48D0-B146-023720B5664C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - Brak pliku ==== UWAGA
Task: {C00FE4CF-0251-4F1A-9EE0-403DA5172A9B} - System32\Tasks\{4874D1B3-E02F-4E3E-BCD1-6E702689B077} = pcalua.exe -a G:\DirectX\dxsetup.exe -d G:\DirectX
Task: {CF22C760-E8B1-42DF-BFC4-78D724DB202C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd - Brak pliku ==== UWAGA
Task: {D62AA5F1-4071-4C85-9307-4646DDBDC543} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d - Brak pliku ==== UWAGA
Task: {E50A55F4-0190-42C7-AF99-57D04B3A426C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d - Brak pliku ==== UWAGA
Task: C:\WINDOWS\Tasks\SBW_UpdateTask_Time_313432323139363234382d2337785a326c5b3234342d41.job = Wscript.exe M/B C:\ProgramData\SpeedBit\sbhe.js sbu.exe
Task: C:\WINDOWS\Tasks\SBW_UpdateTask_Time_313432323139363234382d3437415a556c2a3223346c41.job = Wscript.exe M/B C:\ProgramData\SpeedBit\sbhe.js sbu.exe
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

TajemnikTV · 1 Listopad 2015 16:42

Fixlog: http://wklej.org/id/1830780/

Nowy skan FRST: http://wklej.org/id/1830783/

Atis · 1 Listopad 2015 18:28

Skasuj folder C:\FRST