Windows 8. Długie uruchamianie. Ciągły komunikat zagrożenie Win32:evo-gen[susp]


(Kamila G 7) #1

Witam,

mam problem z uruchamianiem systemu windows 8, mianowicie przed uruchomieniem przez dobre 2-3 min jest czarny ekran, dopiero później wyskakuje kursor i system startuje. Ponadto ciągle wyskakuje mi komunikat z avasta zagrożenie Win32:evo-gen[susp]. Po skanowaniu wykryło mi 1 trojana i jakieś 3 wirusy, niby usunięte. Ale dalej komputer długo się uruchamia. Wyłączyłam co się da w autostarcie z programem Odkurzacz. 

OTL: http://www.wklej.org/id/1514320/

OTL Extras: http://www.wklej.org/id/1514321/


(Acorus) #2

Odinstaluj "iSafe" = YAC(Yet Another Cleaner!).

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Kamila G 7) #3

FRST: http://www.wklej.org/id/1514400/

Addition: http://www.wklej.org/id/1514406/


(Acorus) #4

Otwórz Notatnik i wklej:

Task: {1A3EDC32-8F60-46EB-99AE-B97D38816B19} - \Plus-HD-9.0-chromeinstaller No Task File ==== ATTENTION
Task: {84F9D7A3-C3FE-4A49-AD9E-5A73C34F7D84} - \Plus-HD-9.0-enabler No Task File ==== ATTENTION
Task: {99435DB9-321E-4DF0-AA00-DFDCAF756D1E} - \Plus-HD-9.0-updater No Task File ==== ATTENTION
Task: {DBAA6C12-FA09-4925-B839-D7C19110701D} - \Plus-HD-9.0-codedownloader No Task File ==== ATTENTION
Task: {F7A5D595-0C9B-4F4E-8355-DA129A848837} - \Plus-HD-9.0-firefoxinstaller No Task File ==== ATTENTION
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-3552173484-3152586011-3957802877-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3552173484-3152586011-3957802877-1001\...\MountPoints2: {0b97c890-beff-11e2-be90-6894235afb70} - "G:\AutoRun.exe"
HKU\S-1-5-21-3552173484-3152586011-3957802877-1001\...\MountPoints2: {380b33c3-5c8d-11e2-be74-6894235afb70} - "F:\Autorun.exe"
HKU\S-1-5-21-3552173484-3152586011-3957802877-1001\...\MountPoints2: {43a51d55-88b2-11e2-be83-6894235afb70} - "G:\AutoRun.exe"
HKU\S-1-5-21-3552173484-3152586011-3957802877-1001\...\MountPoints2: {43a51da4-88b2-11e2-be83-6894235afb70} - "G:\AutoRun.exe"
HKU\S-1-5-21-3552173484-3152586011-3957802877-1001\...\MountPoints2: {8a408241-462b-11e4-bf6d-6894235afb70} - "G:\Startme.exe"
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll No File
BootExecute: autocheck autochk * sdnclean64.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?tpid=FF3-SPo=APN11414pf=V7trgb=CRp2=%5EBBM%5Eaaa154%5EYY%5EPLgct=hpapn_ptnrs=%5EBBMapn_dtid=%5Eaaa154%5EYY%5EPLapn_dbr=cr_37.0.2062.124apn_uid=02AA110A-E011-4EC0-922B-E0AE0AE58DFCitbv=12.18.0.3023doi=2014-10-14psv=pt=tb
SearchScopes: HKLM - {755DB651-7812-46A9-8984-9F065DD7BC73} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {755DB651-7812-46A9-8984-9F065DD7BC73} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {A3BEF099-9392-475A-969C-81B39D76EEFB} URL = http://www.search.ask.com/web?tpid=FF3-SPo=APN11414pf=V7p2=^BBM^aaa154^YY^PLgct=itbv=12.18.0.3023apn_uid=02AA110A-E011-4EC0-922B-E0AE0AE58DFCapn_ptnrs=^BBMapn_dtid=^aaa154^YY^PLapn_dbr=cr_37.0.2062.124doi=2014-10-14trgb=CRq={searchTerms}psv=pt=tb
SearchScopes: HKCU - {755DB651-7812-46A9-8984-9F065DD7BC73} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKCU - {A3BEF099-9392-475A-969C-81B39D76EEFB} URL = http://www.search.ask.com/web?tpid=FF3-SPo=APN11414pf=V7p2=^BBM^aaa154^YY^PLgct=itbv=12.18.0.3023apn_uid=02AA110A-E011-4EC0-922B-E0AE0AE58DFCapn_ptnrs=^BBMapn_dtid=^aaa154^YY^PLapn_dbr=cr_37.0.2062.124doi=2014-10-14trgb=CRq={searchTerms}psv=pt=tb
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR Extension: (Ask Search) - C:\Users\Kamila\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaadgepjkdffhjbkfjgnnffnfcffbg [2014-10-14]
S3 ALSysIO; \\C:\Users\Kamila\AppData\Local\Temp\ALSysIO64.sys [X]
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
S3 WinRing0_1_2_0; \\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
2014-11-08 17:19 - 2014-11-08 17:19 - 17417312 _____ (Elex do Brasil Participações Ltda) C:\Users\Kamila\Downloads\yet_another_cleaner_sk_152856.exe
C:\Users\Kamila\TombRaiderAnniversary_demo.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Kamila G 7) #5

Fixlog : http://www.wklej.org/id/1514665/

 

FRST: http://www.wklej.org/id/1514668/


(Acorus) #6

Skasuj folder C:\FRST Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.


(Kamila G 7) #7

Przeskanowałam znalazło jakieś 2 non-malware objects. Poszły do kwarantanny. Uruchomiłam komp żeby zobaczyć i uruchomił się bez czarnego ekranu i dużo szybciej. Zobaczymy czy tak już będzie. Dzięki wielkie za pomoc.