Zainfekowany laptop

Clovin90 · 8 Październik 2017 18:38

Coś musiałem ściągnąć ponieważ pojawiają mi się dziwne reklamy i na dodatek sama przeglądarka Microsoft Edge mi się włącza. Poniżej daje raport z FRST.

http://www.wklej.org/id/3267226/
http://www.wklej.org/id/3267231/
http://www.wklej.org/id/3267232/

Jeśli napisałem coś źle to proszę mnie skarcić, z góry dziękuję za pomoc.

Atis · 8 Październik 2017 19:49

Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Oczyść (Clean).
Kliknij Skanuj (Scan) i pokaż nowy raport FRST i Addition.

Clovin90 · 8 Październik 2017 20:09

Zrobiłem wszystko według instrukcji.
FRST http://www.wklej.org/id/3267283/
Addition http://www.wklej.org/id/3267287/

Atis · 8 Październik 2017 20:33

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

HKU\S-1-5-21-4089613881-2742512903-1279515367-1001\...\Run: [ISWBE24QOVU7R7G] => "C:\Program Files (x86)\ShutdownTime\1ZX8V.exe"
HKU\S-1-5-21-4089613881-2742512903-1279515367-1001\...\Winlogon: [Shell] C:\Windows\System32\cmd.exe [271872 2017-03-18] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-4089613881-2742512903-1279515367-1001\...\Command Processor: @mode 15,1 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL 
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
HKU\S-1-5-21-4089613881-2742512903-1279515367-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKU\S-1-5-21-4089613881-2742512903-1279515367-1001 -> DefaultScope {F8A8FDFF-E2CC-4D0B-9EF7-CA074257A920} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
SearchScopes: HKU\S-1-5-21-4089613881-2742512903-1279515367-1001 -> {F8A8FDFF-E2CC-4D0B-9EF7-CA074257A920} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll No File
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.11.0.41\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.11.0.41\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
R1 wfcre; C:\WINDOWS\System32\drivers\wfcre.sys [132992 2017-09-04] ()
C:\WINDOWS\System32\drivers\wfcre.sys
2017-10-08 20:51 - 2017-10-08 21:04 - 000000000 ____D C:\AdwCleaner
2017-10-08 18:39 - 2017-10-08 19:00 - 000000000 ____D C:\Users\Huscek\AppData\Roaming\ziiofbkuakv
2017-10-08 18:39 - 2017-10-08 19:00 - 000000000 ____D C:\Users\Huscek\AppData\Roaming\kwith3xd3pu
2017-10-08 18:39 - 2017-10-08 18:57 - 000000000 ____D C:\Program Files\PCAPG2WWLG
2017-10-08 18:39 - 2017-10-08 18:54 - 000000000 ____D C:\Program Files\7Q53M8XFWX
2017-10-08 18:39 - 2017-10-08 18:53 - 000000000 ____D C:\Program Files (x86)\NrvT7FjehpKW
2017-10-08 18:39 - 2017-10-08 18:39 - 000140800 _____ C:\Users\Huscek\AppData\Local\installer.dat
2017-10-08 18:21 - 2017-10-08 18:54 - 000000000 ____D C:\Program Files\27CK16EOWZ
2017-10-08 18:19 - 2017-10-08 18:39 - 000000000 ____D C:\Users\Huscek\AppData\Roaming\AGData
2017-10-08 18:18 - 2017-10-08 19:23 - 000000000 ____D C:\Program Files (x86)\HPWhale
2017-10-08 18:18 - 2017-10-08 18:43 - 000001956 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ìîzillà Firåfîõ.lnk
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {1697A33F-446B-4EB8-9536-29EFFEBDB9C8} - \PDVDServ12 Task -> No File <==== ATTENTION
Task: {2300B6D1-D409-499E-92DF-030662B73A6B} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6 -> No File <==== ATTENTION
Task: {2CE6A85E-71D1-4739-84A1-13A76DE7D3B7} - \Nahimic2UILauncherRun -> No File <==== ATTENTION
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - \Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate -> No File <==== ATTENTION
Task: {3A856FD6-C933-4580-AB8F-CCE1651F883C} - \Dragon_Center_updater -> No File <==== ATTENTION
Task: {43A121A3-1CF8-4849-871B-8E47103897F7} - \Microsoft\Windows\UpdateOrchestrator\Maintenance Install -> No File <==== ATTENTION
Task: {443D7369-14A2-45ED-A3EB-2F9CA7CFBA56} - \Intel PTT EK Recertification -> No File <==== ATTENTION
Task: {45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1 -> No File <==== ATTENTION
Task: {48A98229-5C8E-4DDD-8139-CF35F7262A95} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {4F77EF5A-4A3F-43BD-9E5A-B2482015EF2D} - \MSI_Dragon Center -> No File <==== ATTENTION
Task: {53B89778-59CC-4384-80F8-881823813211} - \MSISCMTsk -> No File <==== ATTENTION
Task: {5587F1DC-15D0-4331-A673-6EF75E5CD9C0} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {5B07A88B-CFEC-499A-95F8-47D5DB8BDAC7} - \Nahimic2Svc64Run -> No File <==== ATTENTION
Task: {5E40A617-944C-4BA9-BB60-6C4231965B1B} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display -> No File <==== ATTENTION
Task: {61A932E0-6613-43DF-8D45-C7B4A6176EAE} - \Microsoft\Windows\UpdateOrchestrator\Policy Install -> No File <==== ATTENTION
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - \Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate -> No File <==== ATTENTION
Task: {8945294C-55D6-45A5-8708-35B8036F9DAB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8B8A1D42-1D7C-4189-A493-F24068555491} - \Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {8DD105CE-34B0-42AB-9490-E28E144CB05C} - \MSI_Help_Desk_Agent -> No File <==== ATTENTION
Task: {C881A742-1A15-4EAC-96B9-9C6EA38AC7FA} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork -> No File <==== ATTENTION
Task: {E03596C8-B2A4-4553-B379-B678F0EBCA95} - \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff -> No File <==== ATTENTION
Task: {FA798462-3746-438D-A0E1-CB022CC2D8FA} - \Nahimic2Svc32Run -> No File <==== ATTENTION
Task: {FEF3835A-690B-4399-B139-FD3F8F88B422} - \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot -> No File <==== ATTENTION
Hosts:
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

Clovin90 · 8 Październik 2017 21:05

Jeśli chodzi o raport z usuwania to chyba jest to http://www.wklej.org/id/3267318/
Tutaj raport z FRST http://wklej.org/id/3267320/

Atis · 9 Październik 2017 06:52

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Później skasuj folder C:\FRST
Włącz przywracanie systemu dla dysku systemowego C:
https://www.tenforums.com/tutorials/4533-turn-off-system-protection-drives-windows-10-a.html

Clovin90 · 9 Październik 2017 07:27

Zrobione. Czy coś jeszcze mam zrobić?

Atis · 9 Październik 2017 22:20

W takim razie to już wszystko.