Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Komputer zawirusowany do granic...

smiglo5 02 Maj 2016 17:35 564 3
  • #2 02 Maj 2016 18:26
    Acorus 20
    Spec od komputerów

    Odinstaluj Tencent version 2.3, YTDownloader. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {03C0A50B-091C-4956-AA27-56FA8AAD3B00} - \SmartWeb Upgrade Trigger Task -> Brak pliku <==== UWAGA
    Task: {19C5ABA7-00D9-44C3-91F5-229172CDFA4C} - System32\Tasks\{0B659F24-3CFE-44BC-8E2D-2126E987A5CF} => Firefox.exe hxxp://ui.skype.com/ui/0/7.17.0.105/pl/abandoninstall?page=tsProgressBar
    Task: {1A80ECA9-B9C7-4E3D-A686-90BF41A384B1} - System32\Tasks\{6F285675-71E6-44C3-BE9E-6E55A6725752} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.80.102/pl/abandoninstall?page=tsMain
    Task: {1D34521A-D45F-4723-B2F0-1DA70BB15AA9} - \WordWizard Auto Updater 1.10.0.24 Core -> Brak pliku <==== UWAGA
    Task: {31C10CB1-FC97-476A-A9FB-3942C1A41A87} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> Brak pliku <==== UWAGA
    Task: {3B1DDC07-1649-470C-AAAA-3F43996D01A2} - System32\Tasks\MgHUH4z06Jy66 => C:\Users\PC\AppData\Roaming\MgHUH4z06Jy66.exe <==== UWAGA
    Task: {3CDDB36F-2003-4903-9466-7083AFEECCA9} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-09-10] (Goobzo) <==== UWAGA
    Task: {3E57B72B-B35F-49A4-8E53-D2EB6F0FB229} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-09-10] (YTDownloader) <==== UWAGA
    Task: {4FD9AE14-D11D-4755-9C34-F1E1DD621826} - System32\Tasks\Audio Security Uninstaller => C:\Program Files (x86)\Audio Security\AudioSecurity.exe [2016-04-21] () <==== UWAGA
    Task: {6D841B64-D0AD-414F-8421-5A52B54DEEE2} - \RegClean Pro -> Brak pliku <==== UWAGA
    Task: {85FC4716-3A22-4E69-9654-5AC6551BA7B0} - \WordWizard Auto Updater 1.10.0.24 Pending Update -> Brak pliku <==== UWAGA
    Task: {9E56551D-9892-4EFC-9DC9-1CA6A25225ED} - System32\Tasks\Opera scheduled Autoupdate 1430065952 => C:\Program Files (x86)\Opera\launcher.exe
    Task: {B27DAF15-8471-4EC2-B396-E1AAF0DA7A4E} - System32\Tasks\Megasoft Security Uninstaller => C:\Program Files (x86)\Megasoft Security\jptask.exe <==== UWAGA
    Task: {B659567C-2367-4EB5-935B-2711C2D75BDA} - System32\Tasks\MightySoft Computer Job => C:\Program Files (x86)\MightySoft Computer\gtrsecure.exe [2016-04-25] ()
    Task: {D7F65D25-DAB1-4949-8E44-717E3D10E03E} - System32\Tasks\Style Call => Rundll32.exe "C:\Users\PC\AppData\Local\Style Call\zBin\StyleCall.dll",#3 <==== UWAGA
    Task: {D82A57BF-ECF6-483F-9D72-D02BE998B922} - System32\Tasks\{DC79EC06-DA63-4388-A4F1-D9BFF71DFF89} => Firefox.exe hxxp://ui.skype.com/ui/0/7.8.80.102/pl/abandoninstall?page=tsMain




    Task: {DF9E2337-29A0-4FBE-BF2C-473D12FBCC14} - \Full Cleaner -> Brak pliku <==== UWAGA
    Task: {FD1D7566-0C00-4C12-8734-7A6A3F66C12E} - \WordSurfer Auto Updater 1.10.0.19 Core -> Brak pliku <==== UWAGA
    Task: C:\Windows\Tasks\MgHUH4z06Jy66.job => C:\Users\PC\AppData\Roaming\MgHUH4z06Jy66.exe <==== UWAGA
    Hosts:
    HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1991600 2015-09-10] (YTDownloader)
    HKLM-x32\...\Run: [Bron-Spizaetus] => "C:\Windows\ShellNew\RakyatKelaparan.exe"
    HKLM-x32\...\Winlogon: [Shell] Explorer.exe "C:\Windows\KesenjanganSosial.exe" [ ] () <=== UWAGA
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1991600 2015-09-10] (YTDownloader)
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\...\Run: [Tok-Cirrhatus-1167] => "C:\Users\PC\AppData\Local\br3357on.exe"
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\...\Run: [Tok-Cirrhatus] => 0
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\...\Policies\system: [DisableRegistryTools] 1
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\...\MountPoints2: {2b07d565-ef83-11e5-8f76-806e6f6e6963} - E:\Autorun.exe
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\...\MountPoints2: {8a9259f9-abc7-11e5-8692-1c6f655b7033} - E:\LGAutoRun.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    AlternateShell: cmd-brontok.exe
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    ProxyEnable: [S-1-5-21-2915103998-2275472223-2473441096-1000] => Proxy [funkcja włączona]
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-2915103998-2275472223-2473441096-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2915103998-2275472223-2473441096-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL =
    SearchScopes: HKU\S-1-5-21-2915103998-2275472223-2473441096-1000 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
    FF Homepage: hxxps://search.protectedio.com/?u=b85afb9c3dd...d7063&c=p1&src=hp&inst=1461237752
    FF SearchPlugin: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\oowx0jft.default\searchplugins\search.xml [2016-04-21]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\E06BC4931A08E81AF5B2B155F42F949CE06B [2015-11-23] <==== UWAGA
    CHR StartupUrls: Default -> "hxxps://search.protectedio.com/?u=b85afb9c3dde7f040c0af223b18d7063&c=p1&src=hp&inst=1461237752"
    CHR DefaultSearchURL: Default -> hxxps://search.protectedio.com/search.php/?q={searchTerms}&u=b85afb9c3dde7f040c0af223b18d7063&c=p1&src=srch&inst=1461237752
    CHR DefaultSearchKeyword: Default -> protecteds
    CHR Extension: (b85afb9c3dde7f040c0af223b18d7063) - C:\Program Files (x86)\Google\Chrome\Application\b85afb9c3dde7f040c0af223b18d7063 [2016-04-21]
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S3 AIDA64Driver; \??\F:\Office\AIDA64 Extreme Edition\kerneld.x64 [X]
    S3 ALSysIO; \??\C:\Users\PC\AppData\Local\Temp\ALSysIO64.sys [X]
    S0 bdirx; System32\drivers\pmuiwib.sys [X]
    2016-04-24 06:39 - 2016-04-24 06:39 - 00000000 ____D C:\Users\PC\AppData\Local\Bron.tok-16-24
    2016-04-23 20:00 - 2016-04-23 20:00 - 00040872 _____ C:\Users\PC\AppData\Local\Update.16.Bron.Tok.bin
    2016-04-23 00:00 - 2016-04-23 00:00 - 00000000 ____D C:\Users\PC\AppData\Local\Bron.tok-16-23
    2016-04-24 06:39 - 2016-04-24 06:39 - 00000000 ____D C:\Users\PC\AppData\Local\Bron.tok-16-24
    2016-04-23 20:00 - 2016-04-23 20:00 - 00040872 _____ C:\Users\PC\AppData\Local\Update.16.Bron.Tok.bin
    2016-04-23 00:00 - 2016-04-23 00:00 - 00000000 ____D C:\Users\PC\AppData\Local\Bron.tok-16-23
    2016-05-02 17:29 - 2015-09-15 10:38 - 00000986 _____ C:\Windows\Tasks\MgHUH4z06Jy66.job
    2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\PC\AppData\Roaming\MgHUH4z06Jy66
    2015-11-16 14:52 - 2015-11-16 14:52 - 0033617 _____ () C:\Users\PC\AppData\Local\Bron.tok.A16.em.bin
    2015-11-01 15:30 - 2015-11-01 15:30 - 0000051 _____ () C:\Users\PC\AppData\Local\Kosong.Bron.Tok.txt
    2015-10-31 11:49 - 2013-07-20 01:32 - 0044420 ____N () C:\Users\PC\AppData\Local\smss.exe
    2016-04-23 20:00 - 2016-04-23 20:00 - 0040872 _____ () C:\Users\PC\AppData\Local\Update.16.Bron.Tok.bin
    2015-09-15 10:48 - 2015-09-15 19:41 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    C:\Users\PC\ChromeSetup.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #3 02 Maj 2016 19:37
    smiglo5
    Poziom 3  

    Dziękuję bardzo! Wygląda na to że chodzi dużo lepiej :D

    0