Prośba o sprawdzenie logów

[wawrzu]

Objawy zainfekowania:
Zauważyłem ostatnio, że proces "svchost.exe" przez większość czasu obciąża procesor na poziomie 50-60%. Wcześniej nie miałem nigdy takiej sytuacji z tym procesem. Gdy zabijam ten proces to nic się nie dzieje tzn. wszystkie programy działają ok, system również pracuje dalej ok. Po zabiciu takiego procesu po pewnym czasie ten proces znów zaczyna zużywać procesor. Dlatego prosiłbym o sprawdzenie logów, czy przypadkiem nie zadomowił się na moim komputerze jakiś dziwny program.

Programy, które mam: Malwarebytes Anti-Malware, Avast, Privatefirewall 7.0, MCShield, KeyScrambler.

Wykonywane działania:
Komputer był skanowany Malwarebytes Anti-Malware i Avastem, które nic nie wykryły. Poniżej zamieszczam LOGI z OTL i FREST

Logi:
OTL:

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

FRST:

[Aby zobaczyć linki, zarejestruj się tutaj]

[Aby zobaczyć linki, zarejestruj się tutaj]

[tachion]

Odinstaluj:

Secure Download Manager
MCShield

Do notatnika wklej:

Kod:

HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeleteer] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Policies\Explorer: [NoViewOnDrive] 0
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKCU\...\Policies\Explorer: [NoViewContextMenu] 0
HKCU\...\Policies\Explorer: [NoShellSearchButton] 0
HKCU\...\Policies\Explorer: [NoFind] 0
HKCU\...\Policies\Explorer: [NoFile] 0
HKCU\...\Policies\Explorer: [HideClock] 0
HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0
HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKCU\...\Policies\Explorer: [NoSetFolders] 0
HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKCU\...\Policies\Explorer: [NoSetTaskbar] 0
HKCU\...\Policies\Explorer: [NoDeletePrinter] 0
HKCU\...\Policies\Explorer: [NoDFSTab] 0
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0
HKCU\...\Policies\Explorer: [NoLogoff] 0
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0
HKCU\...\Policies\Explorer: [NoEncryptOnMove] 0
HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKCU\...\Policies\Explorer: [NoResolveSearch] 0
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [NoHardwareTab] 0
HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0
S3 ALSysIO; \??\C:\Users\WAWRZY~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x]
U0 SR;
U2 srservice;
C:\Users\Wawrzyniec\AppData\Local\Temp\MCShield-Setup.exe
C:\Users\Wawrzyniec\AppData\Local\Temp\xmlUpdater.exe
2013-11-10 14:23 - 2013-10-01 23:05 - 00000433 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-10-24 11:04 - 2013-10-24 11:04 - 00000000 ____D C:\Program Files (x86)\Privacyware
2013-11-10 17:21 - 2013-05-28 20:16 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2793456884-377084171-285473230-1000UA.job

Zapisz jako fixlist.txti umieść obok FRST
Następnie w programie kliknij Fix ,po wykonaniu pokaż raport i napisz czy się poprawiło.