Komputer rozsyła 200 maili dziennie


(Stallionc53) #1

Witam. Komputer z którego podaję logi rozsyła 200 maili dziennie z uniwersyteckiego konta e-mailowego gmail. Komputer jest przeskanowany za pomocą AdwCleaner, po tym zostały wykonane logi. Proszę o pomoc :slight_smile:

 

FRST: http://wklej.org/id/1798266/

Shortcut: http://wklej.org/id/1798267/

Addition: http://wklej.org/id/1798268/

 

Pozdr

Sluuz


(Acorus) #2

Otwórz notatnik systemowy i wklej:

Task: {C9421788-A88D-4589-93B0-699E435F8013} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2449129456-59762620-2741093941-1002Core = C:\Users\Okatarzyna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-08] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2449129456-59762620-2741093941-1002Core.job = C:\Users\Okatarzyna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2449129456-59762620-2741093941-1002UA.job = C:\Users\Okatarzyna\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM\...\Run: [] = [X]
HKLM\...\Run: [NPSStartup] = [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia ======= UWAGA
HKU\S-1-5-21-2449129456-59762620-2741093941-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia ======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2449129456-59762620-2741093941-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://isearch.avg.com/?cid={43C4E9C3-B8C9-450F-8C52-83CCB5583A8B}mid=fd8bec4239554a1ba6aeca6d67d49f80-0bc170c4adaa6c9a36a13371a3f38b86a8bb6162lang=ends=hk014pr=sad=2012-09-04 16:17:07v=12.2.0.5sap=hp
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2449129456-59762620-2741093941-1002 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=dsts=1432816659z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlmafrom=coruid=TOSHIBAXMK5059GSXP_Z1TET1XBTXXZ1TET1XBTq={searchTerms}
SearchScopes: HKU\S-1-5-21-2449129456-59762620-2741093941-1002 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?type=dsts=1432816659z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlmafrom=coruid=TOSHIBAXMK5059GSXP_Z1TET1XBTXXZ1TET1XBTq={searchTerms}
SearchScopes: HKU\S-1-5-21-2449129456-59762620-2741093941-1002 - {58245810-4BCC-4EDA-90BF-AF8FA0EB3027} URL = hxxp://services.zinio.com/search?s={searchTerms}rf=sonyslices
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
S3 catchme; \\C:\Users\OKATAR~1\AppData\Local\Temp\catchme.sys [X]
R3 PavTPK.sys; \\C:\Windows\system32\PavTPK.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
2015-09-17 12:48 - 2015-07-17 11:59 - 00000000 ____ D C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Stallionc53) #3

Wielkie dzięki za odpowiedź :slight_smile:


(Acorus) #4

Skasuj folder C:\FRST