Koń trojański


(Eliw5) #1

Witam mam problem program antywirusowy caly czas ostrzega mnie o

  hxxp://utils.cdneurope.com/js/mo.js Użyłam programu FRST32 

 

 

załączam pliki

 

Addition.txt

 

FRST.txt


(Acorus) #2

Otwórz Notatnik i wklej:

Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove No Task File ==== ATTENTION
HKLM\...\Run: [ASUSWebStorage] = C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
ShellIconOverlayIdentifiers: 00avast - {472083B0-C522-11CF-8763-00608CC02F24} = No File
SearchScopes: HKCU - {876BC490-7C6B-4E66-8CE3-AA8EDDFAF2D2} URL = http://websearch.ask.com/custom/java/redirect?client=ietb=ORJo=100000026src=crmq={searchTerms}locale=apn_ptnrs=U3apn_dtid=OSJ000
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}fr=mkg028
BHO: No Name - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF Extension: Website Xplorer Lite - C:\Users\Elzbieta\AppData\Roaming\Mozilla\Firefox\Profiles\xoc3wjcr.default\Extensions\{d87d56b2-1379-49f4-b081-af2850c79d8e} [2014-08-23]
CHR Extension: (No Name) - C:\Users\Elzbieta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-06]
CHR Extension: (No Name) - C:\Users\Elzbieta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-18]
CHR Extension: (No Name) - C:\Users\Elzbieta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa []
S1 archlp; system32\drivers\archlp.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [X]
S3 cpuz134; \\C:\Users\Elzbieta\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U3 DfSdkS; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
2014-08-26 00:19 - 2014-08-26 00:57 - 00000000 ____ D () C:\Users\Elzbieta\Doctor Web
2014-08-25 22:16 - 2014-08-25 22:45 - 00000000 ____ D () C:\AdwCleaner
2014-08-25 20:10 - 2014-08-25 20:14 - 00000163 _____ () C:\windows\Reimage.ini
2014-08-25 20:09 - 2014-08-25 20:10 - 00931768 _____ (Reimage®) C:\Users\Elzbieta\Downloads\ReimageRepair.exe
2014-08-01 22:11 - 2014-08-03 21:05 - 00000000 ____ D () C:\Program Files\Deal Keeper
C:\Windows\Tasks\{1E3262F8-854D-466B-B98B-814179DBA755}.job
C:\Windows\Tasks\{1FAD2D09-7260-4F37-AA76-6BE2E2771D35}.job
C:\Windows\Tasks\{22DAAD22-3553-40E2-BDE0-2CBBAD6E9EB4}.job
C:\Windows\Tasks\{2A6C4044-39A3-4B29-86D8-5EED93EDA731}.job
C:\Windows\Tasks\{4E0F441E-D8D7-4EEE-A5E5-58B479CB2D2C}.job
C:\Windows\Tasks\{5F9B75B8-86D9-494E-ACF6-A30B95343365}.job
C:\Windows\Tasks\{66CA5EE3-4FB4-4900-9240-69E285978633}.job
C:\Windows\Tasks\{81F6E316-FB7C-4018-8C30-4B2EF7445F1E}.job
C:\Windows\Tasks\{82975FF4-E447-420C-AB55-FBAD1D800355}.job
C:\Windows\Tasks\{87C6F816-EB43-4740-A8BC-95AF6DA9E9B0}.job
C:\Windows\Tasks\{B32EC568-FF54-4E5F-9A1A-8F14C586FE8D}.job
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Eliw5) #3

ok…już to robię :slight_smile:


(Acorus) #4

Masz zapisać tam-Running from C:\Users\Elzbieta\Downloads


(Eliw5) #5

Zdaje się ze nie głupia ze mnie dziewczyna ale za nic w swiecie nie moge tego znaleść:(


(Acorus) #6

Pokaż nowe logi z FRST.


(Eliw5) #7

Takie mam logi

 

Addition…txt

 

 

FRST…txt

 

 


(Acorus) #8

Nic nie wykonane.Otwórz Notatnik i wklej:

Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove No Task File ==== ATTENTION
HKU\S-1-5-21-435736060-3629706465-3198665431-1000\Software\Classes\.exe: = ===== ATTENTION!
HKLM\...\Run: [ASUSWebStorage] = C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: 00avast - {472083B0-C522-11CF-8763-00608CC02F24} = No File
SearchScopes: HKCU - {876BC490-7C6B-4E66-8CE3-AA8EDDFAF2D2} URL = http://websearch.ask.com/custom/java/redirect?client=ietb=ORJo=100000026src=crmq={searchTerms}locale=apn_ptnrs=U3apn_dtid=OSJ000
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yahoo.com/search?p={searchTerms}fr=mkg028
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
FF Extension: Website Xplorer Lite - C:\Users\Elzbieta\AppData\Roaming\Mozilla\Firefox\Profiles\xoc3wjcr.default\Extensions\{d87d56b2-1379-49f4-b081-af2850c79d8e} [2014-08-23]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR Extension: (No Name) - C:\Users\Elzbieta\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-06]
CHR Extension: (No Name) - C:\Users\Elzbieta\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-18]
CHR Extension: (No Name) - C:\Users\Elzbieta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
S1 archlp; system32\drivers\archlp.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; \SystemRoot\system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; \SystemRoot\system32\DRIVERS\btwrchid.sys [X]
S3 cpuz134; \\C:\Users\Elzbieta\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
U3 DfSdkS; No ImagePath
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
2014-08-26 23:23 - 2014-08-26 23:23 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-26 23:23 - 2014-08-26 23:23 - 00000000 ____ D () C:\Program Files\McAfee Security Scan
2014-08-26 23:21 - 2014-08-26 23:23 - 00001978 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-08-26 00:19 - 2014-08-26 00:57 - 00000000 ____ D () C:\Users\Elzbieta\Doctor Web
2014-08-25 22:16 - 2014-08-25 22:45 - 00000000 ____ D () C:\AdwCleaner
2014-08-25 20:10 - 2014-08-25 20:14 - 00000163 _____ () C:\windows\Reimage.ini
2014-08-25 20:09 - 2014-08-25 20:10 - 00931768 _____ (Reimage®) C:\Users\Elzbieta\Downloads\ReimageRepair.exe
C:\Windows\Tasks\{1E3262F8-854D-466B-B98B-814179DBA755}.job
C:\Windows\Tasks\{1FAD2D09-7260-4F37-AA76-6BE2E2771D35}.job
C:\Windows\Tasks\{22DAAD22-3553-40E2-BDE0-2CBBAD6E9EB4}.job
C:\Windows\Tasks\{2A6C4044-39A3-4B29-86D8-5EED93EDA731}.job
C:\Windows\Tasks\{4E0F441E-D8D7-4EEE-A5E5-58B479CB2D2C}.job
C:\Windows\Tasks\{5F9B75B8-86D9-494E-ACF6-A30B95343365}.job
C:\Windows\Tasks\{66CA5EE3-4FB4-4900-9240-69E285978633}.job
C:\Windows\Tasks\{81F6E316-FB7C-4018-8C30-4B2EF7445F1E}.job
C:\Windows\Tasks\{82975FF4-E447-420C-AB55-FBAD1D800355}.job
C:\Windows\Tasks\{87C6F816-EB43-4740-A8BC-95AF6DA9E9B0}.job
C:\Windows\Tasks\{B32EC568-FF54-4E5F-9A1A-8F14C586FE8D}.job

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Eliw5) #9

Zrobiłam tak jak pisałeś.

Podaję nowe logi

 

 

Fixlog.txt

 

FRST.txt


(Acorus) #10

Otwórz Notatnik i wklej:

2014-08-26 23:23 - 2014-08-26 23:23 - 00000000 ____ D () C:\Users\Elzbieta\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-08-26 23:23 - 2014-08-26 23:23 - 00000000 ____ D () C:\Users\Elzbieta\AppData\Roaming\com.adobe.mauby
2014-08-26 23:23 - 2014-08-26 23:23 - 00000000 ____ D () C:\Users\Elzbieta\AppData\Local\Adobe
2014-08-01 22:11 - 2014-08-03 21:05 - 00000000 ____ D () C:\Program Files\Deal Keeper
Emptytemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Skasuj folder C:\FRST


(Eliw5) #11

Częśc już wykonałam. Mam tylko pytanie(żeby znowu nie zrobić czegoś źle) mam skasować cały folder gdzie zapisywałam te logi?


(Acorus) #12

Możesz wszystko skasować od FRST.