Trojan VBS/LNK.Jenxcus.Gen - kontynuacja

alabama1 · 12 Marzec 2015 18:13

Witam. Ostatnio miałem problem opisany tutaj: http://forum.dobreprogramy.pl/trojan-vbslnkjenxcusgen-t499740/

Atis · 12 Marzec 2015 23:02

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-4123692781-362594998-3339309360-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOSHIBA Online Product Information] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe
HKU\S-1-5-21-4123692781-362594998-3339309360-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Connectify] => C:\Program Files (x86)\Connectify\Connectify.exe
HKU\S-1-5-21-4123692781-362594998-3339309360-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Expressivo] => "C:\Program Files (x86)\ivo\Expressivo\expressivo.exe" -t -nosplash
HKU\S-1-5-21-4123692781-362594998-3339309360-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ExprOElauncher] => C:\Program Files (x86)\ivo\Expressivo\integr\OutlookExpress\ExprOElauncher.exe
HKU\S-1-5-21-4123692781-362594998-3339309360-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Windows File Locker Helper] => "C:\Program Files (x86)\GiliSoft\Privacy Protector\WinFLockerHelp.exe" UnmountDisk
HKU\S-1-5-21-4123692781-362594998-3339309360-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
HKU\S-1-5-21-4123692781-362594998-3339309360-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
HKU\S-1-5-21-4123692781-362594998-3339309360-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] => C:\Windows\system32\External\FirmwareUpdate\KiesPDLR.exe
URLSearchHook: HKU\S-1-5-21-4123692781-362594998-3339309360-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No File
SearchScopes: HKU\S-1-5-21-4123692781-362594998-3339309360-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2530240
Toolbar: HKU\S-1-5-21-4123692781-362594998-3339309360-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FF Extension: ArcaBit Ext. - C:\Program Files (x86)\Mozilla Firefox\extensions\arcabit@www.arcabit.pl [2014-12-27]
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{426996ef-a7f0-30a7-a0ca-40aa14be892e} [2014-12-27]
U3 Tosrfcom; No ImagePath
2014-02-12 17:41 - 2014-02-12 17:41 - 49940480 _____ () C:\Program Files (x86)\GUT9787.tmp
2012-12-28 09:47 - 2012-12-28 09:47 - 0000220 _____ () C:\Users\Administrator\AppData\Roaming\DOMINIKA.MTBF.txt
2012-05-12 11:01 - 2012-05-12 11:01 - 0000484 _____ () C:\Users\Administrator\AppData\Roaming\ex_log.txt
2013-12-23 23:57 - 2014-03-03 18:32 - 0016711 _____ () C:\Users\Administrator\AppData\Roaming\UserTile.png
2012-12-28 13:07 - 2012-12-28 13:07 - 0000067 _____() C:\ProgramData\__FileUploader.log
Task: {02892FCF-E122-4593-93EB-E7F3AB1BAFE2} - System32\Tasks\{85793B40-C0AF-496B-9185-E159FB4FAB1A} => E:\uruchom.exe
Task: {02E1F307-C5CB-4400-B6F0-FBAA59CF422C} - System32\Tasks\{8A69E1A8-685B-44AE-9F62-15295FA7073D} => pcalua.exe -a "C:\PROGRA~2\Joanna d'Arc\UNWISE.EXE" -c C:\PROGRA~2\Joanna d'Arc\INSTALL.LOG
Task: {0435A64E-D1B6-4043-A418-A74D5CEC69B8} - System32\Tasks\{D40A1D6A-24B4-47C1-9941-6B829CA50C7A} => E:\uruchom.exe
Task: {05FD70FA-9CC3-432D-A51C-FD92C125B99C} - System32\Tasks\{5A581D30-4418-4862-9263-59876E737F97} => E:\bin\Sm7imprt.exe
Task: {112DA2DE-39E2-4B0C-BF99-ABA2F8AABF21} - System32\Tasks\{C823658E-87A8-4606-BA64-3B39AC661FE7} => E:\uruchom.exe
Task: {134CEF7B-C4A6-49D0-869B-FD0B3F09C570} - \{DA9948AC-8E27-46A0-B07D-C6D6ECECB677} No Task File <==== ATTENTION
Task: {16FBEE49-576B-41D4-BCEB-BE04267FFB95} - System32\Tasks\{B3ABBB74-CA27-445F-94F9-79E46E955721} => C:\Program Files (x86)\Origin Games\FIFA 15 DEMO\fifa15_demo.exe
Task: {17D51751-74E8-4ECA-B399-C9527F9282CE} - System32\Tasks\{2C314140-D98A-4951-9A7A-59E375D6F8EC} => D:\pascal (2)\TurboPascal-7.0\BIN\TURBO.EXE
Task: {18B5E692-AD6B-40EA-BB18-12800E5F4033} - System32\Tasks\{4F89613E-055D-40CF-8C46-8CE800C2FB0A} => D:\Eom.exe
Task: {1AFA17B1-7461-4E29-9B21-C41A64CDB264} - \{7DF55065-8004-4229-BAE5-16990D5E4001} No Task File <==== ATTENTION
Task: {2720775A-53F3-40BD-97D8-BD77C292F47E} - System32\Tasks\{54A2DFE3-5F20-4862-A129-249ED2828F1B} => pcalua.exe -a "E:\Setup\MS Windows\Installer\Installer.exe" -d "E:\Setup\MS Windows\Installer"
Task: {2809EAE0-D039-46E5-9293-B65853C26B1D} - \{648CC32D-51D9-42DE-9304-F91140D20E37} No Task File <==== ATTENTION
Task: {2ED95C90-25E9-4E9B-9370-C7A3A153CA72} - System32\Tasks\{3518725C-D4BF-4876-8C1B-8B5579CDBBAF} => C:\Users\Administrator\Desktop\VAG-COM 3112 z laptopa\VagCom.exe
Task: {30A962E8-E816-497F-852D-93F8096CAC4C} - System32\Tasks\{FE76CD1D-1F74-4BF0-8849-CA00D1EAE283} => C:\Users\Administrator\Desktop\VAG-COM 3112 z laptopa\VagCom.exe
Task: {326F9D49-C5D8-44C5-BA54-A8AEC0C12514} - System32\Tasks\{69B99D49-7B76-4F48-B332-110599AB2220} => pcalua.exe -a E:\Drivers\SIEMENS\generic\setup.exe -d E:\Drivers\SIEMENS\generic
Task: {35162B86-B781-4AD6-A486-D21B62D95FFC} - \{A964A464-4F3D-4566-B67D-B1451907190A} No Task File <==== ATTENTION
Task: {35777140-A207-42D2-BAE8-93C249760723} - System32\Tasks\{C568A3B8-7EE1-4DC7-8C92-B53E3C94E250} => pcalua.exe -a E:\Drivers\SIEMENS\vista_32\setup.exe -d E:\Drivers\SIEMENS\vista_32
Task: {3F53905F-B454-4C6F-9363-CCD0B3B4D0B2} - System32\Tasks\{ABF5AE69-BA7B-479E-85EF-F6926BDB3F75} => pcalua.exe -a C:\WCH.CN\CH341SER\SETUP.EXE -d C:\WCH.CN\CH341SER
Task: {3FD62398-F09F-4F87-91BD-F56AD45A9355} - System32\Tasks\{F406C0ED-FEC0-420F-A8BF-9454E26F9F9E} => pcalua.exe -a F:\Expressivo_1.5.0.exe -d F:\
Task: {43F96CC8-B78E-4FE7-AB76-C34B868ACEE8} - System32\Tasks\{DC421AA3-DF02-40A0-A476-2BB88D8FB14F} => E:\bin\Sm7imprt.exe
Task: {456FB70D-B51A-4B33-A688-F163599D0E46} - System32\Tasks\{18A8143A-94E6-4413-82BB-210951B8E201} => C:\Users\Administrator\Desktop\VAG-COM 3112 z laptopa\VagCom.exe
Task: {4740CCF7-26A2-44F8-8676-981E6ED9D9D6} - System32\Tasks\{6BAD0C13-E1FA-4203-88F7-CC7808800364} => E:\uruchom.exe
Task: {4B558D15-0639-4A7B-9429-59FECF343C1A} - System32\Tasks\{4CB1B163-A9AA-4BD3-AA20-1B1294DA73E0} => E:\bin\Sm7imprt.exe
Task: {4C337C98-13E3-48F4-BF3A-12DA86A7646E} - System32\Tasks\{BF30392D-D0F9-45CA-B8A4-FC90ACDAB3D0} => pcalua.exe -a C:\Windows\IsUn0415.exe -c -f"C:\Program Files (x86)\SuperMemo francuski_podstawowy\Uninst.isu"
Task: {4EDFACBD-7306-4F8E-A2B7-7DC554D86A93} - System32\Tasks\{C76BE3BC-71B8-48BA-99C6-BCF07F8E0B67} => E:\uruchom.exe
Task: {5703E989-9803-48F0-B7D1-AD6BFA296D67} - System32\Tasks\{F5FC016E-B029-4CBE-BBE6-47D44FED07DD} => D:\Eom.exe
Task: {643A5E92-4B45-4A33-9912-D0D5E850A99E} - \{80877F00-36BE-420C-9A93-BD213EEA7ACC} No Task File <==== ATTENTION
Task: {68787379-BB3B-4D2E-B6F3-C9D9871D2EAE} - \{EB4E28DD-8AE3-440F-9BB3-08FB86EEC444} No Task File <==== ATTENTION
Task: {699A22CE-64C2-40A7-B583-03E4D61914EE} - System32\Tasks\{A52AAFF5-322F-462B-85DA-D7EBF37D0924} => pcalua.exe -a "E:\usb driver.EXE" -d E:\
Task: {6C73B2D2-B968-4415-8B4F-ECA464FFB0FB} - System32\Tasks\{1CD538AD-75F5-4994-96B1-3AA23A66DFDF} => pcalua.exe -a "C:\Program Files (x86)\Design Science\MathPlayer\Setup.exe" -d "C:\Program Files (x86)\Design Science\MathPlayer"
Task: {720090CE-C83C-4853-BAE5-7E6CFEE37E5B} - System32\Tasks\{2AAB6FF5-E6E4-49C3-A9C1-FCC2DA22E46F} => E:\bin\Sm7imprt.exe
Task: {777F3FE4-B57D-4C39-8C4D-1F3F78EE0E94} - \{F13D79EB-18EA-4E4A-9171-01FB56A3482B} No Task File <==== ATTENTION
Task: {7860C92A-F1CC-4F09-BAAF-0E18A3A614D5} - System32\Tasks\{586B7365-56DA-4D26-A3BD-B8EE6C26AAC9} => E:\uruchom.exe
Task: {7F05D4C1-4D36-42CE-B62B-7E1F9C73F9BB} - \{99BF7C09-4F39-4787-96FA-C7915A5D03F2} No Task File <==== ATTENTION
Task: {7FCA8DA7-3461-4213-8B9B-97E4637EC124} - System32\Tasks\{3393A3B6-A1D9-43E1-9288-ADB7DAFA9499} => C:\Users\Administrator\Desktop\VAG-COM 3112 z laptopa\VagCom.exe
Task: {8710EED9-7A46-48F7-9F09-D6DF5E212617} - \{E35960A1-2230-4AF0-983B-00E5F230CA58} No Task File <==== ATTENTION
Task: {8930C236-6EB7-4889-BCAB-826267399406} - System32\Tasks\{013B9583-8A7C-43C2-AC74-4D4D0165C12B} => E:\uruchom.exe
Task: {973DA0FB-020D-446A-AE45-3D1ED02DFDD7} - System32\Tasks\{8977BA50-8092-4659-B206-229EC23EE783} => E:\uruchom.exe
Task: {A2721198-3D74-45CD-ADFC-7C135EF93CFA} - System32\Tasks\{5CCE45F8-CDEE-496F-B0FF-CE1D767806DF} => pcalua.exe -a C:\Users\Administrator\Desktop\OALD\setup.exe -d C:\Users\Administrator\Desktop\OALD
Task: {A42E73BB-4F0D-4C8C-8F81-4873D2825012} - System32\Tasks\{2B8811B1-4408-4442-BE7E-E7DDB9EAF8E7} => E:\uruchom.exe
Task: {A4BAE33F-4728-4D54-BC39-5B29C982C918} - System32\Tasks\{D0699A3A-E004-444D-AA1A-B54097483F70} => E:\uruchom.exe
Task: {A8793D01-70D7-4AE3-9C87-5365C04AD209} - System32\Tasks\{2983AB52-1C62-41DE-BF22-D20D5B274D2F} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe" -c RealNetworks|RealPlayer|12.0
Task: {A9AE5A29-67E1-4711-90EF-94126FE6BE7F} - System32\Tasks\{EFB2AEE8-D367-4C00-A003-A59369E22521} => E:\uruchom.exe
Task: {AA08BCDA-843D-4430-8D78-4CEED576FD29} - System32\Tasks\{7C46D49E-134D-4913-9FB0-D26DDBCD8CDB} => C:\Users\Administrator\Desktop\VAG-COM 3112 z laptopa\VagCom.exe
Task: {ABC93817-3E39-4D2E-A0EA-C12B49AA0E8E} - System32\Tasks\{6DC99A45-822C-4328-9E18-C8DEF161331F} => pcalua.exe -a "C:\Users\Dominika\Desktop\priv\other\komp. stacjonarny1\Program Files\Orange\Installer.exe" -d "C:\Users\Dominika\Desktop\priv\other\komp. stacjonarny1\Program Files\Orange"
Task: {AE74E72F-FBD4-462B-8593-85612A857CCC} - \{3BDDA749-58F0-401C-A76D-E111F22F36B8} No Task File <==== ATTENTION
Task: {B0E07448-1FE0-46D0-9BC8-87E0BF273C76} - System32\Tasks\{F318D7EC-5481-4D8D-9A83-920DEF141693} => pcalua.exe -a D:\Uninstall.exe -d D:\
Task: {B1A3C199-BF71-462F-AB85-C456FFBF8B18} - System32\Tasks\{D8BF959D-B426-41DA-BDDF-5F91F6EBA34D} => E:\uruchom.exe
Task: {B22AB567-588B-4F7C-9DF8-815EE7BFA013} - System32\Tasks\{DEAABA35-FB4B-4A5A-A1B1-7A6FE126682F} => E:\bin\Sm7imprt.exe
Task: {C336BA0C-B9D5-4E95-90A0-6C801844F639} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4123692781-362594998-3339309360-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {C4F7C9CD-D988-4F30-B1DC-1C9560F08DD8} - System32\Tasks\{A2C6CBB0-E166-424B-8915-6A5DAA134FEA} => pcalua.exe -a C:\Users\Administrator\Downloads\MathPlayer3.0Pr1setup.exe -d C:\Users\Administrator\Desktop
Task: {C6C01DCE-02FD-42A7-9CA8-778765F5BB06} - System32\Tasks\{DDDA0A1C-7666-4052-9795-8F2DC2117127} => E:\uruchom.exe
Task: {C9D06C0A-A57E-4BA6-8086-960A9D291019} - System32\Tasks\{517298FE-B46A-4A9D-9A6C-E0A01DF5601E} => pcalua.exe -a "G:\Expressivo_1.5.0 (1).exe" -d G:\
Task: {D0527AF5-AB6D-44DF-861E-38F5080AD33F} - System32\Tasks\{46F78987-8128-46B0-A5A4-45A5BAD1EF8A} => pcalua.exe -a "C:\Program Files (x86)\GiliSoft\Privacy Protector\unins000.exe" -d "C:\Program Files (x86)\GiliSoft\Privacy Protector"
Task: {D38D48BA-E9B5-4E22-9EFA-825CDFEE32CF} - \{424383ED-B446-4D7E-8A2B-A8E7CB767708} No Task File <==== ATTENTION
Task: {D6859EF7-6643-4BBB-859D-DAB0E2BF6DF2} - System32\Tasks\{7E387EB5-BD96-414A-A529-3BFD2B160F76} => pcalua.exe -a "C:\Program Files (x86)\GiliSoft\Privacy Protector\unins001.exe"
Task: {D84BF0EA-DB40-4018-8711-73DC874B038C} - \{F7FBE951-303C-472D-8384-9B48F850EB0D} No Task File <==== ATTENTION
Task: {D9D7CB2A-50B3-4036-AA68-239C7B2A9986} - System32\Tasks\{2C03A0DE-49E7-4103-8CAB-8754D80BF676} => C:\Program Files (x86)\ivo\Expressivo\expressivo.exe
Task: {DEF80299-62D5-41F0-8F1F-C698EAD6EB03} - System32\Tasks\{9B6B4377-0995-45C6-9CA2-4AA53E89FB16} => E:\bin\Sm7imprt.exe
Task: {E0202F9B-E506-4845-877A-1E9E6956AFB6} - \{02491CDD-5E5D-41D5-AA37-E9A25A4CF610} No Task File <==== ATTENTION
Task: {E0803EDB-231E-4AE6-8CC9-7DA1A7034D44} - \{DA9AAC01-3402-474E-B329-3359B18E8E4A} No Task File <==== ATTENTION
Task: {E0B9EEFF-B5EF-4E08-9D6E-040693FF7B60} - System32\Tasks\{CDD4A093-03D8-4EFB-8597-E528D332E450} => pcalua.exe -a C:\Users\Administrator\Downloads\irfanview_plugins_438_setup.exe -d C:\Users\Administrator\Downloads
Task: {E18DEE2F-6658-48F4-8CA4-8C6A8FBA758F} - \{8AEF97E2-E967-465F-A52D-2806A0D7981B} No Task File <==== ATTENTION
Task: {E511820B-4FF6-49CD-83A7-121E51031F5D} - System32\Tasks\{B73998C0-F040-45D4-8A94-BB9AC60EB1D9} => pcalua.exe -a C:\Users\Administrator\Desktop\Expressivo_1.5.0.exe -d C:\Users\Administrator\Desktop
Task: {E77223CD-1C54-4C1E-99BE-7FB4AF5072AE} - System32\Tasks\{C8ECFF79-EB6D-49A5-AC5C-8DDFC6EF6F04} => E:\uruchom.exe
Task: {E9C2AA25-54F4-459A-9596-0723CD548CCE} - System32\Tasks\{8B30A268-50B2-41E6-A6C1-0078FCEBE264} => E:\uruchom.exe
Task: {EA94D49D-4681-46C5-A110-3900C2862E77} - System32\Tasks\{9B4DFD34-7CA5-44E7-9B8A-7D941F67C046} => E:\uruchom.exe
Task: {EF40B88D-AA70-4C44-B93E-C5685E8AAA7F} - System32\Tasks\Connectify.Administrator => C:\Program Files (x86)\Connectify\ConnectifyService.exe
Task: {F4D83810-8706-4CAC-9D79-5E1EA9E10604} - \{0B767630-C43E-4593-ABF9-C24059CBC140} No Task File <==== ATTENTION
Task: {F73249F5-C453-47E3-9908-ACAF418D4E85} - System32\Tasks\{F493F76A-2C32-4AE2-8225-0FEAFF228611} => C:\Program Files (x86)\ivo\Expressivo\expressivo.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.