Elektroda.pl
Elektroda.pl
X
Prosz, dodaj wyj徠ek www.elektroda.pl do Adblock.
Dzi瘯i temu, 瞠 ogl康asz reklamy, wspierasz portal i u篡tkownik闚.

Serch snap do jak usun望 ten wirus.

lyba100 22 Pa 2015 15:01 1617 19
  • #2 22 Pa 2015 15:11
    Domino_2
    Pomocny dla u篡tkownik闚

    Odinstaluj McAfee Security Scan Plus.

    Cytat:

    Task: {2C313932-3F0E-4EB4-95BE-81A7F8FB3AFA} - System32\Tasks\k877gA8dvv06Nx => C:\Users\Pawel\AppData\Roaming\k877gA8dvv06Nx.exe <==== UWAGA
    Task: {D41B229F-C284-4AFD-AE6B-40FB5BA52EA7} - System32\Tasks\uHPRSTlhx => C:\Users\Pawel\AppData\Roaming\uHPRSTlhx.exe <==== UWAGA
    Task: C:\Windows\Tasks\k877gA8dvv06Nx.job => C:\Users\Pawel\AppData\Roaming\k877gA8dvv06Nx.exe <==== UWAGA
    Task: C:\Windows\Tasks\uHPRSTlhx.job => C:\Users\Pawel\AppData\Roaming\uHPRSTlhx.exe <==== UWAGA
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-10-06]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
    SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => Brak pliku




    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => Brak pliku
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...X36xWHt9g36Dk38_u4GJNEUNYUMV0gfZRcBNqYcIe_e2s
    CHR StartupUrls: Default -> "hxxp://www.elektroda.pl/rtvforum/topic2795834.html"
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...3PRjEeXaibOa4aAXRPVn1pzlcqWjd1sFdZthfp&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
    U3 agww8j49; C:\Windows\System32\Drivers\agww8j49.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    U3 axu6rzdw; C:\Windows\System32\Drivers\axu6rzdw.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
    S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
    2015-10-22 14:53 - 2015-10-22 14:53 - 00067926 _____ C:\Users\Pawel\Downloads\Extras (1).Txt
    2015-10-22 14:39 - 2015-10-22 14:39 - 00067138 _____ C:\Users\Pawel\Downloads\Extras.Txt
    2015-10-22 14:37 - 2015-10-22 14:37 - 00065898 _____ C:\Users\Pawel\Downloads\OTL.Txt
    2015-10-22 14:20 - 2015-10-22 14:20 - 00602112 _____ (OldTimer Tools) C:\Users\Pawel\Downloads\OTL.exe
    2015-10-22 14:11 - 2015-10-22 14:22 - 00000000 ____D C:\AdwCleaner
    2015-10-19 20:47 - 2015-10-19 20:47 - 00004038 _____ C:\Windows\System32\Tasks\k877gA8dvv06Nx
    2015-10-19 20:46 - 2015-10-22 14:24 - 00001000 _____ C:\Windows\Tasks\k877gA8dvv06Nx.job
    2015-10-19 19:22 - 2015-10-22 14:24 - 00000990 _____ C:\Windows\Tasks\uHPRSTlhx.job
    2015-10-19 19:22 - 2015-10-19 19:22 - 00004028 _____ C:\Windows\System32\Tasks\uHPRSTlhx
    2015-10-06 22:49 - 2015-10-06 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2015-10-06 22:49 - 2015-10-06 22:49 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2015-10-22 13:51 - 2014-07-24 22:49 - 00001942 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazw fixlist.txt i umie嗆 w folderze gdzie znajduje si plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    0
  • #3 22 Pa 2015 15:16
    Acorus 20
    Spec od komputer闚

    Otw鏎z notatnik systemowy i wklej:

    Cytat:
    Task: {2C313932-3F0E-4EB4-95BE-81A7F8FB3AFA} - System32\Tasks\k877gA8dvv06Nx => C:\Users\Pawel\AppData\Roaming\k877gA8dvv06Nx.exe <==== UWAGA
    Task: {84A25B74-00B9-499F-8804-4A0426154292} - System32\Tasks\{F48DB6A6-CC48-4316-A142-2390799F836A} => pcalua.exe -a C:\Users\Pawel\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=smt
    Task: {D41B229F-C284-4AFD-AE6B-40FB5BA52EA7} - System32\Tasks\uHPRSTlhx => C:\Users\Pawel\AppData\Roaming\uHPRSTlhx.exe <==== UWAGA
    Task: C:\Windows\Tasks\k877gA8dvv06Nx.job => C:\Users\Pawel\AppData\Roaming\k877gA8dvv06Nx.exe <==== UWAGA
    Task: C:\Windows\Tasks\uHPRSTlhx.job => C:\Users\Pawel\AppData\Roaming\uHPRSTlhx.exe <==== UWAGA
    HKU\S-1-5-21-718611916-2933861279-951270359-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-718611916-2933861279-951270359-1000\...\MountPoints2: {288e769b-31f9-11e4-b3f1-d4f81a823db9} - H:\setup.exe
    HKU\S-1-5-21-718611916-2933861279-951270359-1000\...\MountPoints2: {58dee8be-1b59-11e4-be5e-d139cac7f2b5} - F:\Startme.exe
    HKU\S-1-5-21-718611916-2933861279-951270359-1000\...\MountPoints2: {6f484d22-4ed4-11e4-95b5-c33020b0b8ae} - F:\Startme.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-10-06]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...X36xWHt9g36Dk38_u4GJNEUNYUMV0gfZRcBNqYcIe_e2s
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...3PRjEeXaibOa4aAXRPVn1pzlcqWjd1sFdZthfp&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    U3 agww8j49; C:\Windows\System32\Drivers\agww8j49.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    U3 axu6rzdw; C:\Windows\System32\Drivers\axu6rzdw.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
    S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
    2015-10-22 14:11 - 2015-10-22 14:22 - 00000000 ____D C:\AdwCleaner
    2015-10-20 16:04 - 2015-10-22 01:29 - 00000000 ____D C:\Program Files\Common Files\ng0fsb3d
    2015-10-20 16:04 - 2015-10-20 16:04 - 05431892 _____ C:\Program Files\Common Files\jeaz0uzr.exe
    2015-10-19 22:08 - 2015-10-22 01:29 - 00000000 ____D C:\Program Files\Common Files\sje0acyd
    2015-10-19 22:08 - 2015-10-19 22:08 - 05431892 _____ C:\Program Files\Common Files\1ny2wov1.exe
    2015-10-06 22:49 - 2015-10-06 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2015-10-06 22:49 - 2015-10-06 22:49 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2015-10-19 22:08 - 2015-10-19 22:08 - 5431892 _____ () C:\Program Files\Common Files\1ny2wov1.exe
    2015-10-20 16:04 - 2015-10-20 16:04 - 5431892 _____ () C:\Program Files\Common Files\jeaz0uzr.exe
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Plik zapisz pod nazw fixlist.txt i umie嗆 obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #5 22 Pa 2015 15:49
    Domino_2
    Pomocny dla u篡tkownik闚

    Odinstaluj przegl康ark (zaznaczaj帷 aby usun掖 wszystkie dane), a nast瘼nie zainstaluj ponownie wersj stablin.

    0
  • #6 22 Pa 2015 16:44
    lyba100
    Poziom 7  

    Nic to nie da這 tu po zainstalowaniu w ustawieniach jest ten sam problem :(

    0
  • #7 22 Pa 2015 17:24
    Acorus 20
    Spec od komputer闚

    Poka nowy log z FRST bez Addition i Shortcut.

    0
  • #9 22 Pa 2015 18:20
    Acorus 20
    Spec od komputer闚

    Otw鏎z notatnik systemowy i wklej:

    Cytat:
    Task: {84A25B74-00B9-499F-8804-4A0426154292} - System32\Tasks\{F48DB6A6-CC48-4316-A142-2390799F836A} => pcalua.exe -a C:\Users\Pawel\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=smt
    Task: {9F844D28-B42A-4EBF-AF5D-275A83F7BC06} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
    HKU\S-1-5-21-718611916-2933861279-951270359-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-718611916-2933861279-951270359-1000\...\MountPoints2: {288e769b-31f9-11e4-b3f1-d4f81a823db9} - H:\setup.exe
    HKU\S-1-5-21-718611916-2933861279-951270359-1000\...\MountPoints2: {58dee8be-1b59-11e4-be5e-d139cac7f2b5} - F:\Startme.exe
    HKU\S-1-5-21-718611916-2933861279-951270359-1000\...\MountPoints2: {6f484d22-4ed4-11e4-95b5-c33020b0b8ae} - F:\Startme.exe
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...X36xWHt9g36Dk38_u4GJNEUNYUMV0gfZRcBNqYcIe_e2s
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...3PRjEeXaibOa4aAXRPVn1pzlcqWjd1sFdZthfp&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    U3 acr1rvrr; C:\Windows\System32\Drivers\acr1rvrr.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U3 atuqovby; C:\Windows\System32\Drivers\atuqovby.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
    2015-10-22 11:59 - 2015-10-22 15:23 - 00003240 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
    2015-10-22 11:58 - 2015-10-22 11:58 - 00000000 ____D C:\ProgramData\GridinSoft
    2015-10-20 16:04 - 2015-10-22 01:29 - 00000000 ____D C:\Program Files\Common Files\ng0fsb3d
    2015-10-20 16:04 - 2015-10-20 16:04 - 05431892 _____ C:\Program Files\Common Files\jeaz0uzr.exe
    2015-10-19 22:08 - 2015-10-22 01:29 - 00000000 ____D C:\Program Files\Common Files\sje0acyd
    2015-10-19 22:08 - 2015-10-19 22:08 - 05431892 _____ C:\Program Files\Common Files\1ny2wov1.exe
    2015-10-19 22:08 - 2015-10-19 22:08 - 5431892 _____ () C:\Program Files\Common Files\1ny2wov1.exe
    2015-10-20 16:04 - 2015-10-20 16:04 - 5431892 _____ () C:\Program Files\Common Files\jeaz0uzr.exe


    Plik zapisz pod nazw fixlist.txt i umie嗆 obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw. Odinstaluj Chrome zaznaczaj帷 usuni璚ie danych przegl康ania.
    Najpierw mo瞠sz wyeksportowa zak豉dki: https://support.google.com/chrome/answer/96816?hl=pl
    P騧niej zainstaluj stabiln wersj: https://www.google.pl/chrome/browser/desktop/

    0
  • #10 22 Pa 2015 18:56
    lyba100
    Poziom 7  

    Po odinstalowaniu i zainstaowaniu by這 dobrze lecz po wy陰czeniu i w豉czeniu nadal ten sam problem :(

    0
  • #12 22 Pa 2015 19:04
    lyba100
    Poziom 7  

    W tym s瘯 瞠 nie jestem zalogowany po zainstalowaniu Chroma.
    Jedym wyj軼iem jest chyba format? Czego nie chc robi.

    0
  • Pomocny post
    #13 23 Pa 2015 09:19
    Acorus 20
    Spec od komputer闚

    Poka nowy log z FRST.

    0
  • Pomocny post
    #15 24 Pa 2015 09:47
    Acorus 20
    Spec od komputer闚

    Otw鏎z notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10810912 2010-05-13] (Realtek Semiconductor)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    AppInit_DLLs: C:\ProgramData\Bamcof\StatDox.dll => C:\ProgramData\Bamcof\StatDox.dll [518656 2015-10-20] ()
    AppInit_DLLs-x32: C:\ProgramData\Bamcof\Tantech.dll => C:\ProgramData\Bamcof\Tantech.dll [320512 2015-10-20] ()
    Hosts:
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...X36xWHt9g36Dk38_u4GJNEUNYUMV0gfZRcBNqYcIe_e2s
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...OPu83PRjEeXaibOa4aAXRPVn1pzlcqWjd1sFdZthfp&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    R2 Bamcof; C:\ProgramData\\Bamcof\\Bamcof.exe [807936 2015-10-14] () [Brak podpisu cyfrowego]
    U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
    2015-10-20 16:04 - 2015-10-24 00:17 - 00000000 ____D C:\ProgramData\Bamcof
    EmptyTemp:


    Plik zapisz pod nazw fixlist.txt i umie嗆 obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw. Przeskanuj programem Dr.WEB CureIt http://www.freedrweb.com/cureit/?lng=pl

    0
  • #17 24 Pa 2015 14:19
    lyba100
    Poziom 7  

    Acorus 20 napisa:
    Otw鏎z notatnik systemowy i wklej:
    Cytat:
    CloseProcesses:
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10810912 2010-05-13] (Realtek Semiconductor)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    AppInit_DLLs: C:\ProgramData\Bamcof\StatDox.dll => C:\ProgramData\Bamcof\StatDox.dll [518656 2015-10-20] ()
    AppInit_DLLs-x32: C:\ProgramData\Bamcof\Tantech.dll => C:\ProgramData\Bamcof\Tantech.dll [320512 2015-10-20] ()
    Hosts:
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...X36xWHt9g36Dk38_u4GJNEUNYUMV0gfZRcBNqYcIe_e2s
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...OPu83PRjEeXaibOa4aAXRPVn1pzlcqWjd1sFdZthfp&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    R2 Bamcof; C:\ProgramData\\Bamcof\\Bamcof.exe [807936 2015-10-14] () [Brak podpisu cyfrowego]
    U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
    2015-10-20 16:04 - 2015-10-24 00:17 - 00000000 ____D C:\ProgramData\Bamcof
    EmptyTemp:


    Plik zapisz pod nazw fixlist.txt i umie嗆 obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw. Przeskanuj programem Dr.WEB CureIt http://www.freedrweb.com/cureit/?lng=pl


    Po tym skanie uda這 mi si pozbyc tego dziadostwa, ale nie skanowa貫m programem kt雡 poda貫s. dzi瘯i za pomoc :P

    0
  • #18 24 Pa 2015 14:42
    Acorus 20
    Spec od komputer闚

    lyba100-Skasuj folder C:\FRST.
    olej911-za堯 osobny temat.

    0
  • #19 24 Pa 2015 16:52
    lyba100
    Poziom 7  

    Dlaczego trzeba go usun望?

    0
  • #20 24 Pa 2015 17:22
    Acorus 20
    Spec od komputer闚

    A po Ci jest potrzebny? Tam jest kwarantanna FRST. Jak wszystko dzia豉 to usuwamy. FRST te mo瞠sz usun望.

    0