New Malware.bm / zawiesza się komputer

abdull1 · 4 Grudzień 2014 05:17

Witam

Acorus · 4 Grudzień 2014 09:12

Odinstaluj McAfee Browser Protection Service,McAfee Firewall Protection Service,McAfee Virus and Spyware Protection Service.Otwórz Notatnik i wklej:

Task: {371F6F76-F8C4-4EAF-97AE-C7FCC41FC397} - System32\Tasks\{E7FF37AC-EFB8-4C77-BFD0-D45EA0C84F1C} = Iexplore.exe http://ui.skype.com/ui/0/4.2.0.169.259/pl/abandoninstall?source=lightinstalleramp;page=tsMainamp;installinfo=google-toolbar:notoffered;userdeclined,google-chrome:offered-installed;madedefault
Task: {3A0432FD-0DF0-4643-A057-A9BD29420D8F} - System32\Tasks\{13B9D4D7-B404-4F0D-897C-23BD31B0B4C3} = Iexplore.exe http://ui.skype.com/ui/0/5.1.0.104.259/en/abandoninstall?page=tsMainamp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed;madedefault
Task: {79DA4073-D2D5-4B6F-88C1-AB567E7C569E} - System32\Tasks\{9977FA2A-542B-4CE2-9BC2-89489FC004F1} = Iexplore.exe http://ui.skype.com/ui/0/5.1.0.112.259/lv/abandoninstall?page=tsDownloadamp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:notoffered;alreadyoffered
AlternateDataStreams: C:\Users\Agnieszka\Dane aplikacji:NT
AlternateDataStreams: C:\Users\Agnieszka\AppData\Roaming:NT
AlternateDataStreams: C:\ProgramData\TEMP:436DEE1E
AlternateDataStreams: C:\ProgramData\TEMP:4EE74317
AlternateDataStreams: C:\ProgramData\TEMP:6BE50C2B
HKU\S-1-5-21-1281259468-2590399742-1433334613-1004\...\Run: [UniblueRegistryBooster] = "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
HKU\S-1-5-21-1281259468-2590399742-1433334613-1004\...\Run: [AdobeBridge] = [X]
BootExecute: autocheck autochk /p \\C:autocheck autochk *
SearchScopes: HKLM - DefaultScope {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = http://www.bigseekpro.com/search/toolbar/howfytdl/{DE5732CD-F728-93A2-327C-FF186F37B9F5}?q={searchTerms}
SearchScopes: HKLM - {7321541E-F83A-4D84-AF9B-1DCF1814EF82} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602query={searchTerms}invocationType=tb50hpcmnbie7-pl-pl
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=iebsystemid=2q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT2247187
SearchScopes: HKLM - {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = http://www.bigseekpro.com/search/toolbar/howfytdl/{DE5732CD-F728-93A2-327C-FF186F37B9F5}?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1281259468-2590399742-1433334613-1004 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1281259468-2590399742-1433334613-1004 - {7321541E-F83A-4D84-AF9B-1DCF1814EF82} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1602query={searchTerms}invocationType=tb50hpcmnbie7-pl-pl
SearchScopes: HKU\S-1-5-21-1281259468-2590399742-1433334613-1004 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69} URL = http://search.bearshare.com/web?src=iebsystemid=2q={searchTerms}
SearchScopes: HKU\S-1-5-21-1281259468-2590399742-1433334613-1004 - {A4D77406-E733-4297-9831-78B92527C012} URL = http://websearch.ask.com/redirect?client=ietb=MTVo=1700src=crmq={searchTerms}locale=en_USapn_ptnrs=^AALapn_dtid=^YYYYYY^YY^PLapn_uid=a8e09bd2-1c08-4031-bc97-b3b1d607b204apn_sauid=DF7E2C6C-14EB-462F-82BF-B514C985B1AC
SearchScopes: HKU\S-1-5-21-1281259468-2590399742-1433334613-1004 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT2247187
SearchScopes: HKU\S-1-5-21-1281259468-2590399742-1433334613-1004 - {E627DC4B-8C04-4234-A2D4-1D634EE01C41} URL = http://www.bigseekpro.com/search/toolbar/howfytdl/{DE5732CD-F728-93A2-327C-FF186F37B9F5}?q={searchTerms}
FF HKU\.DEFAULT\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6173\FF
FF Extension: McAfee SiteAdvisor - C:\Program Files\SiteAdvisor\6173\FF [2008-06-29]
FF HKU\S-1-5-19\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6173\FF
FF HKU\S-1-5-20\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files\SiteAdvisor\6173\FF
CHR Plugin: (Native Client) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\Application\39.0.2171.65\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Agnieszka\AppData\Local\Google\Chrome\Application\39.0.2171.65\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
S2 adfs; No ImagePath
S0 cjxtpv; No ImagePath
U1 eabfiltr; No ImagePath
S3 EagleNT; \\C:\windows\system32\drivers\EagleNT.sys [X]
S3 LLRING0; \\C:\Program Files\EmeraldMU\MuGuard\llck.sys [X]
S0 mtqjxm; No ImagePath
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

abdull1 · 4 Grudzień 2014 11:29

W trakcie pracy program się zawiesił więc wklejam 2 fixlogi.

1

http://www.wklej.org/id/1547478/

2

http://www.wklej.org/id/1547476/

Acorus · 4 Grudzień 2014 13:16

Pokaż nowy FRST.txt bez Addition.

abdull1 · 4 Grudzień 2014 14:03

FRST

http://www.wklej.org/id/1547611/

Z tego co zauważyłem to komputer przestał się zawieszać.

Acorus · 4 Grudzień 2014 15:20

Otwórz Notatnik i wklej:

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 0198101417690645mcinstcleanup; C:\Users\AGNIES~1\AppData\Local\Temp\019810~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

abdull1 · 4 Grudzień 2014 15:26

http://www.wklej.org/id/1547712/

Koniec, czysto ?

Acorus · 4 Grudzień 2014 15:31

To wszystko.

abdull1 · 4 Grudzień 2014 15:40

Dzięki wielkie Acorus! :piwo: