Witam. Od wczorajszej aktualizacji Avasta do najnowszej wersji, mój komputer zaczął dziwnie się zachowywać. Avast odcinał połączenia z internetem, a ponadto wszystkie programy automatycznie się zamykały, a w przeglądarkach wyskakują reklamy. Odinstalowałem antywirusa i zainstalowałem w jego miejsce NOT32 oraz Malwarebytes Anti-Walware i od tamtej pory mam stabilne połączenie z internetem, ale co kilka sekund wyskakuje okienko z infekcją, adresem ip i procesem svchost.exe zlokalizowanym w systemowym folderze System 32.
Rozumiem, że mam wkleić tutaj raport z tego programu?
FRST.txt
Odinstaluj Razer Cortex Packages.Otwórz notatnik systemowy i wklej:
Task: {324CC5FF-BA5A-4C7C-9750-8605FA8FA478} - \AutoPico Daily Restart No Task File ==== ATTENTION
HKLM\...\Policies\Explorer\Run: [1589812723] = C:\Users\Kamil\AppData\Roaming\mshaedm.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [815696474] = C:\ProgramData\msfptpnc.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [358716954] = C:\ProgramData\msgzorjk.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1604843064] = C:\ProgramData\msqowrspi.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1134818987] = C:\ProgramData\msgthezev.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [2078187208] = C:\ProgramData\mszjlk.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [496338153] = C:\ProgramData\msczbdq.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [2050318306] = C:\ProgramData\msxjgirc.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1098999517] = C:\ProgramData\mstuf.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1615635827] = C:\ProgramData\msbihur.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [570288722] = C:\ProgramData\msnqv.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [959449851] = C:\ProgramData\mscsse.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [142493991] = C:\ProgramData\msftri.exe [0 2012-07-26] ()
HKLM\...\Policies\Explorer\Run: [122195089] = C:\ProgramData\mszmlu.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [2098970108] = C:\ProgramData\msqvjc.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1282637345] = C:\ProgramData\msiubxio.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1768469247] = C:\ProgramData\msdhlr.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [281120127] = C:\ProgramData\msnis.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [622242852] = C:\ProgramData\msnnarm.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1368672398] = C:\ProgramData\msxkcg.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1106739949] = C:\ProgramData\mskpkpot.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1834317630] = C:\ProgramData\msnwmflke.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1420933857] = C:\ProgramData\msvoxaibr.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1304719129] = C:\ProgramData\mswkgubs.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1586387316] = C:\ProgramData\msqgcij.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [898700008] = C:\ProgramData\mswppinb.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [732674479] = C:\ProgramData\mshklf.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1249474686] = C:\ProgramData\mszvkmfk.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [47213744] = C:\ProgramData\mszclwz.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1195062860] = C:\ProgramData\mslooku.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1855674188] = C:\ProgramData\msyuipbzo.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1406165565] = C:\ProgramData\msvdt.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [733575030] = C:\ProgramData\msuprb.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [596765244] = C:\ProgramData\msfigyxdm.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1436603224] = C:\ProgramData\msrsu.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [2076765916] = C:\ProgramData\mstdjytf.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1713663095] = C:\ProgramData\msqdyg.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1281947075] = C:\ProgramData\mscgqgz.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1602347872] = C:\ProgramData\msrcw.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [818817215] = C:\ProgramData\msoqnp.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [315585295] = C:\ProgramData\mshzawyw.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [949130346] = C:\ProgramData\msbuy.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1299022155] = C:\ProgramData\msvep.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [1807341552] = C:\ProgramData\msltumvka.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [690941635] = C:\ProgramData\mszmbme.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [996175008] = C:\ProgramData\msycy.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [479158652] = C:\ProgramData\msvakrfw.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [2095495280] = C:\ProgramData\msppvzagv.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [370205174] = C:\ProgramData\msdya.exe [56472 2012-07-26] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [145742651] = C:\ProgramData\msorccziu.exe [56472 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-2098593065-3547580855-1317692659-1001\...\Run: [122195089] = C:\ProgramData\mszmlu.exe [56472 2012-07-26] (Microsoft Corporation)
IFEO\hijackthis.exe: [Debugger] mwvazty_.exe
IFEO\housecalllauncher.exe: [Debugger] abvhyn_.exe
IFEO\rstrui.exe: [Debugger] _.exe
IFEO\spybotsd.exe: [Debugger] hemxcc_.exe
Startup: C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Omnimo.lnk [2015-03-21]
ShortcutTarget: Omnimo.lnk - C:\Users\Kamil\Documents\Rainmeter\Skins\WP7\@Resources\Common\Settings\Omnimo.exe (No File)
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalkiutm_medium=installerutm_campaign=instalki
HKU\S-1-5-21-2098593065-3547580855-1317692659-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2098593065-3547580855-1317692659-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2098593065-3547580855-1317692659-1001 - {6F0867DA-ED09-4B0B-AD20-1D9D707E59EF} URL = https://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=888596p={searchTerms}
FF SearchPlugin: D:\Documents and Settings\help\Dane aplikacji\Mozilla\Firefox\Profiles\rhp43vau.default\searchplugins\google-avast.xml [2015-03-14]
FF SearchPlugin: D:\Documents and Settings\help\Dane aplikacji\Mozilla\Firefox\Profiles\rhp43vau.default\searchplugins\key-find.xml [2015-03-05]
FF SearchPlugin: D:\Documents and Settings\help\Dane aplikacji\Mozilla\Firefox\Profiles\rhp43vau.default\searchplugins\yahoo-avast.xml [2015-03-14]
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\5yy45348.default\searchplugins\google-avast.xml [2015-03-14]
FF SearchPlugin: C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\5yy45348.default\searchplugins\yahoo-avast.xml [2015-03-14]
FF Extension: No Name - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\5yy45348.default\Extensions\{3d2ee42e-a6d9-4888-bd17-2148dc7928d7}.xpi [2015-03-05]
FF Extension: No Name - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\5yy45348.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-03-05]
CHR Extension: (Bookmark Manager) - C:\Users\Kamil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
2015-04-28 20:54 - 2015-04-28 20:56 - 00000000 ____ D () C:\AdwCleaner
C:\ProgramData\msbihur.exe
C:\ProgramData\msbuy.exe
C:\ProgramData\mscgqgz.exe
C:\ProgramData\mscsse.exe
C:\ProgramData\msczbdq.exe
C:\ProgramData\msdhlr.exe
C:\ProgramData\msdya.exe
C:\ProgramData\msfigyxdm.exe
C:\ProgramData\msfptpnc.exe
C:\ProgramData\msftri.exe
C:\ProgramData\msgthezev.exe
C:\ProgramData\msgzorjk.exe
C:\ProgramData\mshaedm.exe
C:\ProgramData\mshklf.exe
C:\ProgramData\mshzawyw.exe
C:\ProgramData\msiubxio.exe
C:\ProgramData\mskpkpot.exe
C:\ProgramData\mslooku.exe
C:\ProgramData\msltumvka.exe
C:\ProgramData\msnis.exe
C:\ProgramData\msnnarm.exe
C:\ProgramData\msnqv.exe
C:\ProgramData\msnwmflke.exe
C:\ProgramData\msoqnp.exe
C:\ProgramData\msorccziu.exe
C:\ProgramData\msppvzagv.exe
C:\ProgramData\msqdyg.exe
C:\ProgramData\msqgcij.exe
C:\ProgramData\msqowrspi.exe
C:\ProgramData\msqvjc.exe
C:\ProgramData\msrcw.exe
C:\ProgramData\msrsu.exe
C:\ProgramData\mstdjytf.exe
C:\ProgramData\mstuf.exe
C:\ProgramData\msuprb.exe
C:\ProgramData\msvakrfw.exe
C:\ProgramData\msvdt.exe
C:\ProgramData\msvep.exe
C:\ProgramData\msvoxaibr.exe
C:\ProgramData\mswkgubs.exe
C:\ProgramData\mswppinb.exe
C:\ProgramData\msxjgirc.exe
C:\ProgramData\msxkcg.exe
C:\ProgramData\msycy.exe
C:\ProgramData\msyuipbzo.exe
C:\ProgramData\mszclwz.exe
C:\ProgramData\mszjlk.exe
C:\ProgramData\mszmbme.exe
C:\ProgramData\mszmlu.exe
C:\ProgramData\mszvkmfk.exe
C:\Users\Kamil\msfptpnc.exe
C:\Users\Kamil\mshaedm.exe
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Fix wykonany, wklejam loga:
Otwórz notatnik systemowy i wklej:
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12111576 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [svchost] = C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe [56472 2014-05-27] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] = C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCEPServiceManager] = C:\Program Files\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKU\S-1-5-20\...\Run: [svchost] = C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe [56472 2014-05-27] (Microsoft Corporation)
HKU\S-1-5-21-2098593065-3547580855-1317692659-1001\...\Run: [svchost] = C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe [56472 2014-05-27] (Microsoft Corporation)
2012-07-26 04:06 - 2012-07-26 05:20 - 0056472 ___SH (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\msfptpnc.exe
2012-07-26 04:06 - 2012-07-26 05:20 - 0056472 ___SH (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\msgthezev.exe
2012-07-26 04:06 - 2012-07-26 05:20 - 0056472 ___SH (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\msgzorjk.exe
2012-07-26 04:06 - 2012-07-26 05:20 - 0056472 ___SH (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\mshaedm.exe
2012-07-26 04:06 - 2012-07-26 05:20 - 0056472 ___SH (Microsoft Corporation) C:\Users\Kamil\AppData\Roaming\msqowrspi.exe
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.