Objawy zainfekowania:
Zauważyłem ostatnio, że proces "svchost.exe" przez większość czasu obciąża procesor na poziomie 50-60%. Wcześniej nie miałem nigdy takiej sytuacji z tym procesem. Gdy zabijam ten proces to nic się nie dzieje tzn. wszystkie programy działają ok, system również pracuje dalej ok. Po zabiciu takiego procesu po pewnym czasie ten proces znów zaczyna zużywać procesor. Dlatego prosiłbym o sprawdzenie logów, czy przypadkiem nie zadomowił się na moim komputerze jakiś dziwny program.
Programy, które mam: Malwarebytes Anti-Malware, Avast, Privatefirewall 7.0, MCShield, KeyScrambler.
Wykonywane działania:
Komputer był skanowany Malwarebytes Anti-Malware i Avastem, które nic nie wykryły. Poniżej zamieszczam LOGI z OTL i FREST
Logi:
OTL:
[Aby zobaczyć linki, zarejestruj się tutaj]
[Aby zobaczyć linki, zarejestruj się tutaj]
FRST:
[Aby zobaczyć linki, zarejestruj się tutaj]
[Aby zobaczyć linki, zarejestruj się tutaj]
Odinstaluj:
Secure Download Manager
MCShield
Do notatnika wklej:
Kod:
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeleteer] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Policies\Explorer: [NoViewOnDrive] 0
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKCU\...\Policies\Explorer: [NoViewContextMenu] 0
HKCU\...\Policies\Explorer: [NoShellSearchButton] 0
HKCU\...\Policies\Explorer: [NoFind] 0
HKCU\...\Policies\Explorer: [NoFile] 0
HKCU\...\Policies\Explorer: [HideClock] 0
HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0
HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKCU\...\Policies\Explorer: [NoSetFolders] 0
HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKCU\...\Policies\Explorer: [NoSetTaskbar] 0
HKCU\...\Policies\Explorer: [NoDeletePrinter] 0
HKCU\...\Policies\Explorer: [NoDFSTab] 0
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0
HKCU\...\Policies\Explorer: [NoLogoff] 0
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0
HKCU\...\Policies\Explorer: [NoEncryptOnMove] 0
HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKCU\...\Policies\Explorer: [NoResolveSearch] 0
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [NoHardwareTab] 0
HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0
S3 ALSysIO; \??\C:\Users\WAWRZY~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x]
U0 SR;
U2 srservice;
C:\Users\Wawrzyniec\AppData\Local\Temp\MCShield-Setup.exe
C:\Users\Wawrzyniec\AppData\Local\Temp\xmlUpdater.exe
2013-11-10 14:23 - 2013-10-01 23:05 - 00000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-10-24 11:04 - 2013-10-24 11:04 - 00000000 ____D C:\Program Files (x86)\Privacyware
2013-11-10 17:21 - 2013-05-28 20:16 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2793456884-377084171-285473230-1000UA.job
Zapisz jako
fixlist.txti umieść obok
FRST
Następnie w programie kliknij
Fix ,po wykonaniu pokaż raport i napisz czy się poprawiło.