Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Multum wirusów. Log z FRST. Proszę o fix.

chojny1995 22 Mar 2016 15:33 462 2
  • Pomocny post
    #2 22 Mar 2016 15:41
    Kolobos
    Spec od komputerów

    Fixlist.txt dla FRST:
    Task: {22ECE2CD-97BF-4DD2-AEB6-0CA684CAA72A} - System32\Tasks\{517AB5DB-6BB3-4471-B9FD-0CFEEE4F5E27} => pcalua.exe -a C:\Users\Mariolka\AppData\Local\Temp\Temp1_LAN_Realtek_Win7_64_VER706106122012.zip\setup.exe
    Task: {EB9D55A8-0FF6-4A37-862F-5C851D92F53C} - System32\Tasks\Gedlatj => C:\Program
    2016-03-21 19:21 - 2016-03-21 19:21 - 00174408 _____ () C:\Users\Mariolka\AppData\Roaming\Uvofcaianr\Uvofcaianr.exe
    2016-03-21 19:21 - 2016-03-21 19:21 - 00670536 _____ () C:\Users\Mariolka\AppData\Roaming\Uvofcaianr\Jedziwihu.dll
    2016-03-21 19:21 - 2016-03-21 19:21 - 00115528 _____ () C:\Users\Mariolka\AppData\Roaming\Uvofcaianr\Caagauy.exe
    2016-03-21 19:21 - 2016-03-21 19:21 - 00146248 _____ () C:\Users\Mariolka\AppData\Roaming\Uvofcaianr\Jedziwihu.exe
    2016-03-21 22:34 - 2016-03-21 22:34 - 01895424 _____ () C:\Users\Mariolka\AppData\Roaming\UPUpdata\mspop.exe
    2016-03-21 19:21 - 2016-03-21 19:21 - 00261960 _____ () C:\Users\Mariolka\AppData\Roaming\Uvofcaianr\Caagauy.dll
    Hosts:
    () C:\Users\Mariolka\AppData\Roaming\Uvofcaianr\Uvofcaianr.exe
    () C:\Users\Mariolka\AppData\Roaming\Uvofcaianr\Jedziwihu.exe
    () C:\Users\Mariolka\AppData\Roaming\Uvofcaianr\Caagauy.exe
    (© 2015 Microsoft Corporation) C:\Users\Mariolka\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    () C:\Users\Mariolka\AppData\Roaming\UPUpdata\mspop.exe
    HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16923.222\QQPCTray.exe" /regrun
    HKLM-x32\...\Run: [SystemClose] => D:\Documents\systemfile.exe
    HKU\S-1-5-21-887697183-1252705721-1128697598-1000\...\Run: [C] => cmd /c(@attrib -H -R -S C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@copy/b/y C:\Windows\system32\GroupPolicy\Machine\R C:\Windows\system32\GroupPolicy\Machine\Registry.pol >nul)&(@att (dane wartości zawierają 99 znaków więcej).
    HKU\S-1-5-21-887697183-1252705721-1128697598-1000\...\Run: [BingSvc] => C:\Users\Mariolka\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-20] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-887697183-1252705721-1128697598-1000\...\Run: [msiql] => C:\Users\Mariolka\AppData\Roaming\UPUpdata\mspop.exe [1895424 2016-03-21] ()
    HKU\S-1-5-21-887697183-1252705721-1128697598-1000\...\MountPoints2: {6338b195-ebc5-11e5-87b3-240a64524fac} - K:\Autorun.exe
    HKU\S-1-5-21-887697183-1252705721-1128697598-1000\...\MountPoints2: {9e2ce722-ebb3-11e5-b90a-240a64524fac} - F:\Autorun.exe
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Brak pliku
    URLSearchHook: HKU\S-1-5-21-887697183-1252705721-1128697598-1000 - (Brak nazwy) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - Brak pliku
    R2 Ycajdu; C:\Users\Mariolka\AppData\Roaming\Uvofcaianr\Uvofcaianr.exe [174408 2016-03-21] ()
    S2 Loawnoa; "C:\Users\Mariolka\AppData\Roaming\WikauDovf\Piatnh.exe" -cms [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-03-21 22:54 - 2016-03-21 22:54 - 00000000 _____ C:\autoexec.bat




    2016-03-21 22:39 - 2016-03-22 14:57 - 00000000 ____D C:\AdwCleaner
    2016-03-21 22:37 - 2016-03-21 22:37 - 00000000 ____D C:\Users\Mariolka\AppData\Local\app
    2016-03-21 22:34 - 2016-03-21 22:34 - 00425984 _____ C:\Users\Mariolka\AppData\Roaming\svrupg.exe
    2016-03-21 22:34 - 2016-03-21 22:34 - 00003416 _____ C:\Windows\System32\Tasks\Gedlatj
    2016-03-21 22:34 - 2016-03-21 22:34 - 00000000 ____D C:\Windows\system32\qel
    2016-03-21 22:34 - 2016-03-21 22:34 - 00000000 ____D C:\Users\Mariolka\AppData\Roaming\Uvofcaianr
    2016-03-21 22:34 - 2016-03-21 22:34 - 00000000 ____D C:\Users\Mariolka\AppData\LocalLow\Company
    2016-03-21 22:34 - 2016-03-21 22:34 - 00000000 ____D C:\Users\Mariolka\AppData\Local\Tempfolder
    2016-03-21 22:34 - 2016-03-21 22:34 - 00000000 ____D C:\uninst
    2016-03-21 22:34 - 2016-03-21 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yeaplayer
    2016-03-21 22:19 - 2016-03-22 15:21 - 00000000 ____D C:\Users\Mariolka\AppData\Roaming\UPUpdata
    2016-03-21 22:03 - 2016-03-21 22:03 - 02744348 _____ C:\Windows\chromebrowser.exe
    2016-03-16 22:51 - 2016-03-16 22:56 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
    2016-03-16 22:44 - 2016-03-16 22:44 - 00005120 _____ C:\Users\Mariolka\AppData\Roaming\GiftBag.db
    2016-03-16 22:44 - 2016-03-16 22:44 - 00000096 _____ C:\Windows\SysWOW64\L
    2016-03-16 22:39 - 2016-03-16 23:12 - 00000008 __RSH C:\ProgramData\ntuser.pol
    2016-03-16 22:39 - 2016-03-16 22:39 - 00000008 __RSH C:\Users\Mariolka\ntuser.pol
    2016-03-16 15:17 - 2016-03-16 15:19 - 00000032 _____ C:\Windows\0
    2016-03-16 15:17 - 2016-03-16 15:17 - 00000000 _____ C:\Windows\system32\0
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    Zainstaluj tez https://support.microsoft.com/pl-pl/kb/2545227

    0
  • #3 22 Mar 2016 15:50
    chojny1995
    Poziom 2  

    Pomogło. Wielkie dzięki :)

    0