Witam, prawdopodobnie mam na komputerze keyloggera/wirusa w przeciągu kilku dni trzeci raz zostało skradzione mi konto steam, proszę o pomoc, zamieszczam logi po skanie! FRST
Otwórz notatnik systemowy i wklej:
Task: {2151E709-DB52-4E1B-A51C-4D7CD89E62C6} - System32\Tasks\{96CD0528-1D91-4B74-8282-70DF64DAA6FC} = Iexplore.exe http://www.skype.com/go/downloading?source=lightinstalleramp;ver=6.18.0.105amp;LastError=12007
Task: {59B5BB95-676B-473F-A5E2-B276A109B452} - System32\Tasks\{ABBD3409-42EF-4650-97A3-FB8DC2265F96} = pcalua.exe -a C:\Users\mati\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
Task: {5D205909-3977-44BE-A808-11172692133C} - System32\Tasks\SPBIW_UpdateTask_Time_343032373433363933312d5b5b4a346c4123452a5a556c = Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 ==== ATTENTION
Task: {F3693190-88DE-42AB-89C7-2FD072663A7D} - System32\Tasks\{738C5BA2-9702-4FBF-B8E6-D4C3F0997864} = Chrome.exe http://www.skype.com/go/downloading?source=lightinstalleramp;ver=6.18.0.105amp;LastError=12007
Task: {F750EA08-C349-4B7D-805F-06404D9B018D} - System32\Tasks\{7795CBDC-2A8E-490A-B342-236FC635E7AA} = Iexplore.exe http://www.skype.com/go/downloading?source=lightinstalleramp;ver=6.18.0.105amp;LastError=12007
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\mati\Application Data:NT
AlternateDataStreams: C:\Users\mati\Application Data:NT2
AlternateDataStreams: C:\Users\mati\AppData\Roaming:NT
AlternateDataStreams: C:\Users\mati\AppData\Roaming:NT2
HKLM\...\Run: [mbot_pl_79] = [X]
HKU\S-1-5-21-1064585617-2567022817-1060468388-1000\...\Run: [SPDriver] = C:\Program Files\ShopperPro\JSDriver\1.37.0.1405\jsdrv.exe
HKU\S-1-5-21-1064585617-2567022817-1060468388-1000\...\MountPoints2: {9eb229a5-9816-11e4-9880-bcaec594fc98} - M:\LGAutoRun.exe
HKU\S-1-5-21-1064585617-2567022817-1060468388-1000\...\MountPoints2: {b7f16e6f-6d7a-11e4-b7bd-bcaec594fc98} - F:\autorun.exe
Startup: C:\Users\mati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download.lnk
ShortcutTarget: Download.lnk - C:\ProgramData\{81be5dcc-e516-4832-81be-e5dcce517733}\Download.exe ()
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (No Name) - C:\Users\mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-19]
S3 FairplayKD; \\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S2 SPDRIVER_1.37.0.1405; \\C:\Program Files\ShopperPro\JSDriver\1.37.0.1405\jsdrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-31 15:45 - 2014-08-01 12:19 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.4.1028.exe
Fixlist.txt masz umieścić tam gdzie jest FRST czyli C:\Users\mati\Downloads
Zrobione wszystko jak pisałeś wyżej co dalej?
I to by było na tyle.Skasuj folder C:\FRST
To rozumiem że miałem na kompie jakieś keyloggery? I teraz już wszystko cacy?
Nie wiem.Nie widziałem loga z Malwarebytesa.