Prosze o sprawdzenie logu po infekcji


(kylo20) #1

Witam proszę o sprawdzenie moich logów 

 

FRST.txt

 

wklej.to/Xi3CC

 

Additional.txt

 

 

http://wklej.to/orF7P

 

shortcut.txt

 

http://wklej.to/gqGQy

 


(Acorus) #2

Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1361112 2013-10-28] (Realtek Semiconductor)
HKLM\...\Run: [RtsCM] = C:\Windows\RTSCM64.EXE [142040 2013-08-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3781849532-686401373-1539455486-1001 - {6034D7BE-7F85-405B-8B74-B3903D98979F} URL = http://rover.ebay.com/rover/1/710-42480-16445-33/4?mpre=http://shop.ebay.co.uk/?oemInLn=ieSrch-_nkw={searchTerms}
CHR HomePage: Default - hxxp://www.sweet-page.com/?type=hpts=1428259323from=coruid=AXNS381E-128GM-B_2E0320007251
CHR StartupUrls: Default - "hxxp://www.sweet-page.com/?type=hpts=1428259323from=coruid=AXNS381E-128GM-B_2E0320007251"
CHR DefaultSearchKeyword: Default - sweet-page
CHR Extension: (browse pulse) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohaifmlpecbkpanlpandmagoinoogjn [2015-04-29]
OPR Extension: (browse pulse) - C:\Users\Sebastian\AppData\Roaming\Opera Software\Opera Stable\Extensions\oohaifmlpecbkpanlpandmagoinoogjn [2015-05-04]
S2 lwsvc_1.10.0.12; "C:\Program Files (x86)\LinkWiz_1.10.0.12\Service\lwsvc.exe" [X]
S4 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [X]
S2 mfevtp; "C:\Windows\system32\mfevtps.exe" [X]
S0 cfwids; system32\drivers\cfwids.sys [X]
S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
R0 mfeavfk; system32\drivers\mfeavfk.sys [X]
S0 mfeelamk; system32\drivers\mfeelamk.sys [X]
S0 mfefirek; system32\drivers\mfefirek.sys [X]
R0 mfehidk; system32\drivers\mfehidk.sys [X]
R0 mfewfpk; system32\drivers\mfewfpk.sys [X]
2015-06-02 14:30 - 2015-06-02 14:32 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(kylo20) #3

Dziękuje za pomoc  i pozdrawiam Kylo20


(Acorus) #4

Skasuj folder C:\FRST