Zainfekowany e-mail


(Licznerski645) #1

Witam, dzisiaj przeglądając swój e-mail, zauważyłem w spamie dosyć nietypowe wiadomości:

Treść przykładowego maila:

"From: Karo

To: "ouiser@adelphia.net"

Cc:

Date: Sat, 7 Mar 2015 00:34:21 -0700

Subject: Good Day;) watch now peerless

Good Day start this humane http://t.co/SRmW0QJWGI"

Prawdopodobnie jakiś wirus wpakował mi się do maila i masowo wysyła SPAM do innych.

Dodatkowo mam połączony mail GMAIL i O2, przez co automatycznie wiadomości przesyłają się z o2 do Gmaila.

Nie wiem co zrobić, aby się tego pozbyć.

Dodam jeszcze, że ostatnio mam problem z aplikacją "key-find" którą za cholerę nie mogę usunąć z przeglądarki.

Liczę na waszą pomoc !


(Acorus) #2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Licznerski645) #3

Addition:


(Acorus) #4

Odinstaluj Bundled software uninstaller,Spybot - Search & Destroy.Otwórz notatnik systemowy i wklej:

Task: {17094998-9F8E-4B5D-A0AF-337F4FFDA5B4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization = D:\Programy\Spybot - Search amp; Destroy 2\SDImmunize.exe
Task: {443702B1-E811-4C24-97E9-809078BC34A2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates = D:\Programy\Spybot - Search amp; Destroy 2\SDUpdate.exe
Task: {D30B6EA3-7971-4E5A-B5A6-0B541D555143} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3680911545-3602847345-1312643189-1003UA = C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-19] (Facebook Inc.)
Task: {F2EAE08A-8A67-4974-9FCE-DAFF96BD99E3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3680911545-3602847345-1312643189-1003Core = C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-19] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3680911545-3602847345-1312643189-1003Core.job = C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3680911545-3602847345-1312643189-1003UA.job = C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] = D:\Programy\Spybot - Search Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] - {99FD978C-D287-4F50-827F-B2C658EDA8E7} = No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] - {920E6DB1-9907-4370-B3A0-BAFC03D81399} = No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] - {16F3DD56-1AF5-4347-846D-7C10C4192619} = No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyUsers\S-1-5-21-3680911545-3602847345-1312643189-1003\User: Group Policy restriction detected ======= ATTENTION
SearchScopes: HKU\S-1-5-21-3680911545-3602847345-1312643189-1003 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3680911545-3602847345-1312643189-1003 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=395049983_397234_BC03B4CCts=1424298918type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3680911545-3602847345-1312643189-1003 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=395049983_397234_BC03B4CCts=1424298918type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3680911545-3602847345-1312643189-1003 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=395049983_397234_BC03B4CCts=1424298918type=defaultq={searchTerms}
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File []
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FF DefaultSearchEngine: key-find
FF SelectedSearchEngine: key-find
R2 SDScannerService; D:\Programy\Spybot - Search Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; D:\Programy\Spybot - Search Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; D:\Programy\Spybot - Search Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-02-24 23:01 - 2015-02-24 23:01 - 00000000 ____ D () C:\Program Files (x86)\Spybot - Search Destroy 2
2015-02-24 22:59 - 2015-02-24 22:59 - 00000000 ____ D () C:\Windows\System32\Tasks\Safer-Networking
2015-02-24 22:58 - 2015-02-24 23:26 - 00000000 ____ D () C:\ProgramData\Spybot - Search Destroy
2015-02-24 22:58 - 2015-02-24 22:58 - 00001018 _____ () C:\Users\Public\Desktop\Spybot-SD Start Center.lnk
2015-02-24 22:58 - 2015-02-24 22:58 - 00001018 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-SD Start Center.lnk
2015-02-24 22:58 - 2015-02-24 22:58 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search Destroy 2
2015-02-24 22:58 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
C:\Users\User\jagex_cl_runescape_LIVE.dat
C:\Users\User\random.dat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.