Chyba jakiś wirus

[Tulku]

Avg wykrył plik expstart.exe jako zagrożenie na virustotal wyniki też są ....podejrzane
Dostępne tylko dla zarejestrowanych użytkowników
dodam że skanowałem dr web live cd 0 infekcji
Logi z frst
frst Dostępne tylko dla zarejestrowanych użytkowników
addition Dostępne tylko dla zarejestrowanych użytkowników
shortcut Dostępne tylko dla zarejestrowanych użytkowników
jakoś nie mogłem znalesc w googlach do czego służy ten plik?

[djarta]

1. Otwórz notatnik i wklej:

CloseProcesses:
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (Acresso Software Inc.)
HKU\S-1-5-21-3618955409-3267805164-1463441205-1000\...\MountPoints2: {c7698761-701a-11e4-94f2-0026185f3c49} - G:\AutoRun.exe
HKU\S-1-5-21-3618955409-3267805164-1463441205-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [916480 2014-12-28] () <==== ATTENTION
C:\Windows\expstart.exe
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
C:\Windows\explorer.backup.exe
AlternateDataStreams: C:\Windows:5C5143A93E1C1D23
Emptytemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.

2. Użyj >Dostępne tylko dla zarejestrowanych użytkowników
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt

3. Wykonaj i pokaż nowe logi z FRST.

[Tulku]

Log adwclener Dostępne tylko dla zarejestrowanych użytkowników
FRST Dostępne tylko dla zarejestrowanych użytkowników
Addition Dostępne tylko dla zarejestrowanych użytkowników
shortcut Dostępne tylko dla zarejestrowanych użytkowników

[djarta]

Czysto. Kończymy.

1. Otwórz notatnik i wklej:

ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut4_E9C83B3EDF9141A39DA5EC05C79BBB91.exe (No File)
C:\Windows\explorer.backup.exe

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix.

2. Wykonaj wszystko z tego tematu: Kroki kończące temat.
Końcowo pokazujesz: raport z DelFix oraz raport z pełnego skanowania Malwarebytes

[Tulku]

Dzięki bardzo
Co do mbam nic nie wykrył oprócz kilku keygenów które zainstalowałem
log delfix Dostępne tylko dla zarejestrowanych użytkowników

[djarta]

W takim razie powinno być OK