Problem z wirusem: polizja

[dreakus]

Witam, starałem się to usunąć na własną rękę, jednak nie dałem rady. Mianowicie nie idzie odpalić żadnego trybu awaryjnego, jedynie cmd z opcji naprawiania gdzie użyłem FRST.

Wirus polega na tym iż po odpaleniu systemu wyskakuje okno na cały pulip z napisem Polizja. Biuro służby kryminalnej i chcę 500zł opłaty . Nie działa żaden alt-tab, menedżer zadań itp.



Poniżej Log z tego programu.

Dziękuje bardzo za pomoc i pozdrawiam

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2014
Ran by SYSTEM on MININT-58RO3DP on 23-02-2014 17:26:50
Running from F:\
Windows 7 Ultimate (X86) OS Language: Polish
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4186112 2006-12-01] (Realtek Semiconductor)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [614400 2006-12-09] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-15] (AVAST Software)
HKU\Piotr\...\Run: [Mobile Partner] - C:\Program Files\PLAY Web partner\PLAY Web partner
Startup: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zj9bmqj3.lnk
ShortcutTarget: zj9bmqj3.lnk -> C:\ProgramData\3jqmb9jz.cpp (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-15] (AVAST Software)
S2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-02-06] (HiTRSUT)
S2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2006-12-22] (Acer Inc.)
S2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [126976 2006-12-28] (Acer Inc.)
S2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-01-02] ()
S2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [276048 2013-02-06] ()
S2 Winmgmt; C:\ProgramData\3jqmb9jz.cpp [175145 2014-02-20] (Microsoft Corporation)
S2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [135168 2007-01-02] (acer)

==================== Drivers (Whitelisted) ====================

S1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [20624 2012-10-30] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-15] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-02-15] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-02-15] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-15] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-15] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2014-02-15] ()
S2 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-03] (Dritek System Inc.)
S3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [62208 2006-10-25] (ENE Technology Inc.)
S3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [42240 2006-10-25] (ENE Technology Inc.)
S3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [76928 2006-10-25] (ENE Technology Inc.)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [101248 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [70528 2013-03-04] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [27776 2013-03-04] (Huawei Technologies Co., Ltd.)
S2 int15; C:\Windows\system32\drivers\int15.sys [76584 2007-01-02] ()
S2 port_nt; c:\windows\system32\drivers\port_nt.sys [3608 2000-10-23] ()
S0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20264 2007-02-06] (HiTRUST)
S0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-02-06] (HiTRUST)
S0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-02-06] (HiTRUST)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-23 17:25 - 2014-02-23 17:26 - 00000000 ____D () C:\FRST
2014-02-20 12:53 - 2014-02-20 12:55 - 95027928 ____T () C:\ProgramData\zj9bmqj3.fee
2014-02-20 12:53 - 2014-02-20 12:53 - 00175145 _____ (Microsoft Corporation) C:\ProgramData\3jqmb9jz.cpp
2014-02-15 09:37 - 2014-02-15 09:37 - 00000000 ____D () C:\Users\Piotr\AppData\Roaming\AVAST Software
2014-02-15 09:20 - 2014-02-15 09:29 - 00180248 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-02-15 09:20 - 2014-02-15 09:29 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-02-13 21:19 - 2014-02-15 11:29 - 00000000 ____D () C:\Users\Piotr\Desktop\Nowiec 57
2014-02-13 18:12 - 2014-02-13 18:13 - 00693704 _____ () C:\Windows\Minidump\021314-25599-01.dmp
2014-02-07 22:43 - 2014-02-08 00:00 - 00000000 ____D () C:\Users\Piotr\Desktop\Zapp m.pokazowe
2014-02-07 19:12 - 2014-02-07 19:46 - 00000000 ____D () C:\Users\Piotr\Desktop\Potęgowska 9A18
2014-02-06 23:15 - 2014-02-06 23:28 - 00000000 ____D () C:\Users\Piotr\Desktop\Lędowo
2014-02-06 12:49 - 2014-02-15 10:52 - 00000000 ____D () C:\Users\Piotr\Desktop\Dz.Luty 2014
2014-02-02 19:09 - 2013-06-03 05:11 - 00381952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbwwan.sys
2014-02-02 19:09 - 2013-05-28 10:34 - 00208384 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juwwanecm.sys
2014-02-02 19:09 - 2013-03-04 09:31 - 00101248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcacm.sys
2014-02-02 19:09 - 2013-03-04 09:31 - 00077824 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jubusenum.sys
2014-02-02 19:09 - 2013-03-04 09:31 - 00070528 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_jucdcecm.sys
2014-02-02 19:09 - 2013-03-04 09:31 - 00027776 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_juextctrl.sys
2014-02-02 19:09 - 2013-03-04 09:20 - 00199168 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ewusbmdm.sys
2014-02-02 19:09 - 2013-01-25 02:16 - 00095232 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_hwusbdev.sys
2014-02-02 19:09 - 2012-12-22 02:46 - 00011904 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_usbenumfilter.sys
2014-02-02 19:09 - 2010-10-08 09:55 - 00025856 _____ (Huawei Tech. Co., Ltd.) C:\Windows\System32\Drivers\ewdcsc.sys
2014-02-02 19:09 - 2010-09-26 11:09 - 00019200 _____ (Huawei Technologies Co., Ltd.) C:\Windows\System32\Drivers\ew_hwupgrade.sys
2014-02-02 19:09 - 2010-08-06 00:42 - 00861696 _____ (DiBcom SA) C:\Windows\System32\Drivers\mod7700.sys
2014-01-28 12:43 - 2014-01-28 19:36 - 00000000 ____D () C:\Users\Piotr\Desktop\Przytulna

==================== One Month Modified Files and Folders =======

2014-02-23 17:26 - 2014-02-23 17:25 - 00000000 ____D () C:\FRST
2014-02-23 17:07 - 2009-07-14 05:39 - 00146523 _____ () C:\Windows\setupact.log
2014-02-23 16:32 - 2009-07-14 05:34 - 00016944 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 16:32 - 2009-07-14 05:34 - 00016944 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 13:00 - 2012-09-07 14:13 - 01339824 _____ () C:\Windows\WindowsUpdate.log
2014-02-20 14:15 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-02-20 12:58 - 2012-09-07 14:19 - 00000000 ____D () C:\Users\Piotr\AppData\Local\VirtualStore
2014-02-20 12:55 - 2014-02-20 12:53 - 95027928 ____T () C:\ProgramData\zj9bmqj3.fee
2014-02-20 12:53 - 2014-02-20 12:53 - 00175145 _____ (Microsoft Corporation) C:\ProgramData\3jqmb9jz.cpp
2014-02-16 11:19 - 2012-09-07 14:24 - 01558380 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-16 11:19 - 2009-07-14 09:07 - 00701260 _____ () C:\Windows\System32\perfh015.dat
2014-02-16 11:19 - 2009-07-14 09:07 - 00136246 _____ () C:\Windows\System32\perfc015.dat
2014-02-15 11:29 - 2014-02-13 21:19 - 00000000 ____D () C:\Users\Piotr\Desktop\Nowiec 57
2014-02-15 10:52 - 2014-02-06 12:49 - 00000000 ____D () C:\Users\Piotr\Desktop\Dz.Luty 2014
2014-02-15 09:37 - 2014-02-15 09:37 - 00000000 ____D () C:\Users\Piotr\AppData\Roaming\AVAST Software
2014-02-15 09:35 - 2012-09-07 16:20 - 00044676 _____ () C:\Windows\PFRO.log
2014-02-15 09:30 - 2013-01-07 08:33 - 00002007 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-15 09:29 - 2014-02-15 09:20 - 00180248 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-02-15 09:29 - 2014-02-15 09:20 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-02-15 09:29 - 2012-09-07 16:31 - 00410784 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2014-02-15 09:29 - 2012-09-07 16:30 - 00775952 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-02-15 09:29 - 2012-09-07 16:30 - 00270240 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-02-15 09:29 - 2012-09-07 16:30 - 00079720 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2014-02-15 09:29 - 2012-09-07 16:30 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-02-15 09:29 - 2012-09-07 16:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-15 09:22 - 2012-09-07 16:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-15 09:20 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\System32\config.nt
2014-02-13 18:13 - 2014-02-13 18:12 - 00693704 _____ () C:\Windows\Minidump\021314-25599-01.dmp
2014-02-13 18:12 - 2012-12-22 16:13 - 149257416 _____ () C:\Windows\MEMORY.DMP
2014-02-13 18:12 - 2012-12-22 16:13 - 00000000 ____D () C:\Windows\Minidump
2014-02-10 21:35 - 2013-03-26 20:08 - 00000000 ____D () C:\Users\Piotr\Desktop\Nowy folder
2014-02-08 00:00 - 2014-02-07 22:43 - 00000000 ____D () C:\Users\Piotr\Desktop\Zapp m.pokazowe
2014-02-07 19:46 - 2014-02-07 19:12 - 00000000 ____D () C:\Users\Piotr\Desktop\Potęgowska 9A18
2014-02-06 23:28 - 2014-02-06 23:15 - 00000000 ____D () C:\Users\Piotr\Desktop\Lędowo
2014-02-06 13:00 - 2012-09-07 19:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-02-06 13:00 - 2012-09-07 19:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-02-03 22:04 - 2012-09-07 16:32 - 00002095 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-03 12:57 - 2014-01-04 11:58 - 00000000 ____D () C:\Users\Piotr\Desktop\Dz. Styczeń 2014
2014-01-31 13:53 - 2014-01-22 21:50 - 00000000 ____D () C:\Users\Piotr\Desktop\Płowce
2014-01-28 19:36 - 2014-01-28 12:43 - 00000000 ____D () C:\Users\Piotr\Desktop\Przytulna

Files to move or delete:
====================
C:\ProgramData\zj9bmqj3.fee


Some content of TEMP:
====================
C:\Users\Piotr\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Piotr\AppData\Local\Temp\ose00000.exe
C:\Users\Piotr\AppData\Local\Temp\ResetDevice.exe
C:\Users\Piotr\AppData\Local\Temp\RtkBtMnt.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 72%
Total physical RAM: 502.12 MB
Available physical RAM: 137.86 MB
Total Pagefile: 502.12 MB
Available Pagefile: 130.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1942.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:32.52 GB) (Free:13.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:32.25 GB) (Free:31.79 GB) NTFS
Drive e: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:4.08 GB) NTFS
Drive f: () (Removable) (Total:1.87 GB) (Free:0.19 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 75 GB) (Disk ID: 9FE66FA0)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=33 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=32 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 9A84B234)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-05-13 17:43

==================== End Of Log ============================

[ordynat]

Spróbuj to:
1. Otwórz Notatnik i wklej w nim:

Startup: C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\zj9bmqj3.lnk
ShortcutTarget: zj9bmqj3.lnk -> C:\ProgramData\3jqmb9jz.cpp
S2 Winmgmt; C:\ProgramData\3jqmb9jz.cpp
C:\ProgramData\zj9bmqj3.fee
C:\ProgramData\zj9bmqj3.fee

Plik zapisz pod nazwą fixlist.txt. Umieść obok narzędzia FRST.

2. Uruchom FRST, wskaż mu Windows 7 jako system do naprawy, wybierz opcję Fix. Powstanie plik fixlog.txt.

3) Jeśli to się uda, to zrobisz nowe logi z FRST - już w Trybie Normalnym.
.