Re: win32 malware gen
Napsal: 18 bře 2018 18:37
V příloze je log.
A tady je log z DelFix, jen pro pořádek:
# DelFix v1.013 - Logfile created 18/03/2018 at 18:30:31
# Updated 17/04/2016 by Xplode
# Username : GWC - SMOKIE
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\GWC\Desktop\Addition.txt
Deleted : C:\Users\GWC\Desktop\Fixlog.txt
Deleted : C:\Users\GWC\Desktop\FRST.txt
Deleted : C:\Users\GWC\Desktop\FRST64.exe
Deleted : C:\Users\GWC\Desktop\FRSTLauncher.exe
Deleted : C:\Users\GWC\Downloads\adwcleaner_7.0.8.0.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
~ Cleaning system restore ...
Deleted : RP #165 [Naplánovaný kontrolní bod | 10/27/2017 06:25:10]
Deleted : RP #166 [Naplánovaný kontrolní bod | 11/03/2017 07:38:25]
Deleted : RP #167 [Windows Zálohování | 11/04/2017 13:32:42]
Deleted : RP #157 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 16:11:37]
Deleted : RP #158 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 16:29:05]
Deleted : RP #159 [Checkpoint by HitmanPro | 03/17/2018 16:32:28]
Deleted : RP #160 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 18:34:03]
Deleted : RP #162 [Restore Point Created by FRST | 03/17/2018 19:44:06]
Deleted : RP #163 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 19:47:11]
Deleted : RP #164 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 20:14:07]
Deleted : RP #166 [Restore Point Created by FRST | 03/17/2018 20:17:33]
Deleted : RP #167 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 20:22:05]
Deleted : RP #169 [Restore Point Created by FRST | 03/17/2018 20:54:05]
Deleted : RP #170 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 20:56:59]
Deleted : RP #171 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/18/2018 07:10:59]
Deleted : RP #172 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/18/2018 08:33:05]
Deleted : RP #173 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/18/2018 12:25:27]
Deleted : RP #175 [Restore Point Created by FRST | 03/18/2018 16:52:29]
New restore point created !
########## - EOF - ##########
A tady je log z DelFix, jen pro pořádek:
# DelFix v1.013 - Logfile created 18/03/2018 at 18:30:31
# Updated 17/04/2016 by Xplode
# Username : GWC - SMOKIE
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\GWC\Desktop\Addition.txt
Deleted : C:\Users\GWC\Desktop\Fixlog.txt
Deleted : C:\Users\GWC\Desktop\FRST.txt
Deleted : C:\Users\GWC\Desktop\FRST64.exe
Deleted : C:\Users\GWC\Desktop\FRSTLauncher.exe
Deleted : C:\Users\GWC\Downloads\adwcleaner_7.0.8.0.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys
~ Cleaning system restore ...
Deleted : RP #165 [Naplánovaný kontrolní bod | 10/27/2017 06:25:10]
Deleted : RP #166 [Naplánovaný kontrolní bod | 11/03/2017 07:38:25]
Deleted : RP #167 [Windows Zálohování | 11/04/2017 13:32:42]
Deleted : RP #157 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 16:11:37]
Deleted : RP #158 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 16:29:05]
Deleted : RP #159 [Checkpoint by HitmanPro | 03/17/2018 16:32:28]
Deleted : RP #160 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 18:34:03]
Deleted : RP #162 [Restore Point Created by FRST | 03/17/2018 19:44:06]
Deleted : RP #163 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 19:47:11]
Deleted : RP #164 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 20:14:07]
Deleted : RP #166 [Restore Point Created by FRST | 03/17/2018 20:17:33]
Deleted : RP #167 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 20:22:05]
Deleted : RP #169 [Restore Point Created by FRST | 03/17/2018 20:54:05]
Deleted : RP #170 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/17/2018 20:56:59]
Deleted : RP #171 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/18/2018 07:10:59]
Deleted : RP #172 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/18/2018 08:33:05]
Deleted : RP #173 [Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 | 03/18/2018 12:25:27]
Deleted : RP #175 [Restore Point Created by FRST | 03/18/2018 16:52:29]
New restore point created !
########## - EOF - ##########
