Tona malware, zawirusowany facebook

Dla specjalistów Bezpieczeństwo
#1

Log z OTL

EXTRAS

 

Log z FRSC

 

ADDITTION

#2

Odinstaluj Norton Online Backup.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-19\...\RunOnce: [] => [X]
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\RunOnce: [] => [X]
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-912844974-455404007-341780939-1000\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-912844974-455404007-341780939-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TriDef Media Player.lnk
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp [2014-07-06]
CHR HKLM-x32\...\Chrome\Extension: [godimpbmfohihoaikgfknnnmlncabkkp] - C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp\coc.crx [2014-06-29]
R1 {1007bb60-cbfa-4fb2-991d-e8357416f5fb}w64; C:\Windows\System32\drivers\{1007bb60-cbfa-4fb2-991d-e8357416f5fb}w64.sys [61120 2014-05-22] (StdLib)
R4 ccSet_N360; \SystemRoot\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [X]
R4 IDSVia64; \??\C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140117.001\IDSvia64.sys [X]
R4 SRTSPX; \SystemRoot\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [X]
R4 SymDS; system32\drivers\N360x64\1504000.00D\SYMDS64.SYS [X]
R4 SymEFA; system32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [X]
C:\Windows\System32\drivers\{1007bb60-cbfa-4fb2-991d-e8357416f5fb}w64.sys
C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp
Task: {133DE2F0-7256-4610-BFB1-69CFD2F07750} - \Funmoods No Task File <==== ATTENTION
Task: {372BB76F-7AFB-4936-B542-82CB16CD0DB3} - \MySearchDial No Task File <==== ATTENTION
Task: {60430753-4D35-4D5D-BC51-E001C1516C76} - \BitGuard No Task File <==== ATTENTION
Task: {6C6C2F05-E72D-49AF-9A84-BC78E015FF77} - System32\Tasks\{FB9F8963-95C2-4496-8EBC-A708FA3EF2A4} => Chrome.exe http://ui.skype.com/ui/0/6.3.0.105/pl/abandoninstall?page=tsProgressBar
Task: {89E52571-0F97-4655-A3F1-E8D171B15F49} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E8F47EAA-E89B-486D-8652-7BD14A17CF99}.exe
Task: {A50D7E76-F5C3-45BD-BFFD-246A9733488E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C73D7363-4E71-4F44-BB4F-43F6546D0922} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{F7C8EB1B-624F-4651-903E-5F23F1CC2818}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{F7C8EB1B-624F-4651-903E-5F23F1CC2818}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E8F47EAA-E89B-486D-8652-7BD14A17CF99}.exe
CMD: del /f /s /q %TEMP%\*.*

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

#3

raport z FRST

#4

Czytanie nie boli.

#5

zrobiłem wszystko co zrobić miałem przecież, co jest źle?

#6

Dokładnie przeczytaj to: