Zaloguj się

gregor1213 · 24.06.2014, 12:28

Objawy zainfekowania:
C:\Windows\diagnostics\system\networkin-0x80070002
błędy w systemie

Wykonywane działania:
Malwarebytes Anti-Malware , Kaspersky 2014

[Aby zobaczyć linki, zarejestruj się tutaj]

-FRST.text

[Aby zobaczyć linki, zarejestruj się tutaj]

-OTL.tex

[Aby zobaczyć linki, zarejestruj się tutaj]

-Extras.tex

**tachion** · 25.06.2014, 20:34

Do notatnika wklej i zapisz jako fixlist.txt

Kod:
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKLM\...\Policies\Explorer: [NoViewContextMenu] 0

HKLM\...\Policies\Explorer: [NoShellSearchButton] 0

HKLM\...\Policies\Explorer: [NoFind] 0

HKLM\...\Policies\Explorer: [NoFile] 0

HKLM\...\Policies\Explorer: [HideClock] 0

HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0

HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKLM\...\Policies\Explorer: [NoSetFolders] 0

HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKLM\...\Policies\Explorer: [NoSetTaskbar] 0

HKLM\...\Policies\Explorer: [NoDeletePrinter] 0

HKLM\...\Policies\Explorer: [NoDFSTab] 0

HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0

HKLM\...\Policies\Explorer: [NoLogoff] 0

HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0

HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKLM\...\Policies\Explorer: [NoResolveSearch] 0

HKLM\...\Policies\Explorer: [NoSaveSettings] 0

HKLM\...\Policies\Explorer: [NoHardwareTab] 0

HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKLM\...\Policies\Explorer: [NoDesktop] 0

HKLM\...\Policies\Explorer: [NoFavoritesMenu] 0

HKLM\...\Policies\Explorer: [NoRecentDocsMenu] 0

HKLM\...\Policies\Explorer: [NoNetworkConnections] 0

HKLM\...\Policies\Explorer: [NoSMMyDocs] 0

HKLM\...\Policies\Explorer: [NoSMMyPictures] 0

HKLM\...\Policies\Explorer: [NoStartMenuMyMusic] 0

HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0

HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0

HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0

HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0

HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0

HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\system: [NoDispAppearancePage] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\system: [NoDispBackgroundPage] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\system: [NoDispSettingsPage] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\system: [NoDispCPL] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\system: [NoDispScrSavPage] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\system: [NoVisualStyleChoice] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\system: [NoColorChoice] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\system: [NoSizeChoice] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoViewOnDrive] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoViewContextMenu] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoShellSearchButton] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoFind] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoFile] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [HideClock] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoTrayContextMenu] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoSetFolders] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoSetTaskbar] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoDeletePrinter] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoDFSTab] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoChangeStartMenu] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoLogoff] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoEncryptOnMove] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoResolveSearch] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoHardwareTab] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoAddPrinter] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoThemesTab] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoChangeAnimation] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoSecurityTab] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoToolbarCustomize] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoBandCustomize] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoFileMenu] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoNetHood] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoStartMenuMyGames] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoCommonGroups] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\...\Policies\Explorer: [NoSimpleStartMenu] 0

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKCU - DefaultScope {D3783DDD-BE55-4FBA-BE7B-D7DDCD009526} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=925777&p={searchTerms}

SearchScopes: HKCU - {D3783DDD-BE55-4FBA-BE7B-D7DDCD009526} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=925777&p={searchTerms}

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -No File

S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)

S1 Bprotect; No ImagePath

S3 BprotectEx; No ImagePath

S2 PCAppStoreSvc_{PCAppStore_4.3.1.5579}; No ImagePath

S1 adgnetworktdi; system32\drivers\adgnetworktdi.sys [X]

S1 Bnbase; System32\drivers\bnbasex64.sys [X]

R4 BrnFileLock; \??\c:\windows\system32\drivers\brnfilelock.sys [X]

S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]

U0 SR; 

U2 srservice; 

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

C:\Qoobox

C:\Windows\erdnt

C:\Windows\system32\Drivers\PSKMAD.sys

Task: {08FEE427-2505-46C5-8DD3-8D8861B1DDA5} - System32\Tasks\{1C350118-FCC7-422A-BD3E-1D3A65250B96} => C:\Program Files\Bitdefender\Bitdefender\seccenter.exe

Task: {2FFE9948-8A85-417C-B6CA-2E8EEDB8B80D} - \Wise Care 365 No Task File <==== ATTENTION

Task: {51F1DF44-70C0-425D-9A95-0408F96C06FD} - \Baidu Antivirus Update No Task File <==== ATTENTION

Task: {35AA89AF-CC7C-44A7-A25D-9631221244EC} - System32\Tasks\{2B5D51E2-90F2-4B10-B68A-277F844E615B} => C:\Program Files (x86)\RegCleaner\RegCleanr.exe [2014-03-26] ()

Task: {4CFE30CB-C4EB-4728-A225-18713D5E8069} - System32\Tasks\{19A381EA-F976-49C7-AF99-3B45FE26AF27} => C:\Users\TALIB\Desktop\Regcleaner.exe

Task: {932D94A0-D3C7-459F-9331-9CD6258042CA} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\25148641.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\25148641.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!

HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!

HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!

HKU\S-1-5-21-2404300989-3651579889-1108598502-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

Reboot:

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Fix,po wykonaniu pokaż raport z tego działania.

Wklej na stronę raport z SecurityCheck

[Aby zobaczyć linki, zarejestruj się tutaj]

Uruchom kliknij w dowolny klawisz,poczekaj aż program zakończy działanie.

Ściągnij

[Aby zobaczyć linki, zarejestruj się tutaj]

i kliknij Start.

Napisz jakie są efekty.

Zaloguj się
Login:
Hasło:	Nie pamiętam hasła
	Zapamiętaj mnie