Proszę o sprawdzenie loga po ataku wirusów


(!GrOcAL!) #1

Witam ,

Avast wykrył u mnie Win32.Eorezo-Cp oraz NSIS:Adloader i proszę o sprawdzenie logów .

 

http://www.wklej.org/id/1403040/

http://www.wklej.org/id/1403041/

 


(Acorus) #2

Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.


(!GrOcAL!) #3

http://www.wklej.org/id/1403157/  log  AdwCleaner

http://www.wklej.org/id/1403159/ FRS 

http://www.wklej.org/id/1403160/   Addition 


(Acorus) #4

Otwórz Notatnik i wklej:

ShellIconOverlayIdentifiers: 00avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: DropboxExt2 - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: DropboxExt3 - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: DropboxExt4 - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
CHR StartupUrls: "hxxp://start.qone8.com/?type=hpts=1398608537from=smtuid=PLEXTORXPX-128M5M_P02333105305", "hxxp://isearch.omiga-plus.com/?type=hpts=1403815041from=smtuid=PLEXTORXPX-128M5M_P02333105305", "hxxp://isearch.omiga-plus.com/?type=hpppts=1403815073from=smtuid=PLEXTORXPX-128M5M_P02333105305"
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-06-27 11:24 - 2014-06-27 11:26 - 00000000 ____ D () C:\AdwCleaner
2014-06-26 23:12 - 2014-06-27 00:50 - 00000000 ____ D () C:\Program Files (x86)\Spybot - Search Destroy 2
2014-06-26 22:49 - 2014-06-26 22:49 - 00003170 _____ () C:\Windows\System32\Tasks\{FF83CDB2-8EF3-48AF-93C4-C97BFF7D996B}
2014-06-26 22:37 - 2014-06-26 22:49 - 00000000 ____ D () C:\Users\GrOcALs\AppData\Roaming\omiga-plus
2014-06-25 22:33 - 2014-06-25 22:33 - 00000000 ____ D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-25 19:05 - 2014-06-25 22:30 - 00000000 ____ D () C:\Users\GrOcALs\AppData\Local\Lollipop_06251705

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.