Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirus iSafe - jak to usunąć?

Ventual 23 Maj 2016 22:53 1365 4
  • #1 23 Maj 2016 22:53
    Ventual
    Poziom 12  

    Cześć

    Dzisiaj brat naściągał jakiś wirusów. Wcześniej było tego więcej, jakieś toolbary, sam nie wiem co... Już 4 razy używałem AdwCleaner, ale tych jakiś wirusów iSafe nie da się usunąć, wszystko inne zostało pousuwane.

    wirus iSafe - jak to usunąć?


    Tu załączam log z AdwCleaner z ostatniego czyszczenia które nie przyniosło rezultatów. Proszę o pomoc.

    0 4
  • #2 23 Maj 2016 22:54
    Kolobos
    Spec od komputerów

    Wymagane sa logi z FRST.

    0
  • #5 24 Maj 2016 13:06
    Kolobos
    Spec od komputerów

    Odinstaluj: WinZip

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {042993E1-F0F2-465C-AA42-BF88A4A67B22} - System32\Tasks\{686BE1D0-DF8F-4688-9AC5-C8AF6AC11BE9} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {13F15C0C-1E1E-4D81-8F51-759F2E9133AE} - System32\Tasks\{396A960B-5F8B-4D41-B27F-5E3F221AA515} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {23E4091E-C921-4566-A19B-41A7E038EA87} - System32\Tasks\{A3CC269C-26AE-4F38-AD7A-98F574BBDA15} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {2BB19DAA-DF59-4D77-A476-56F7F0AF8DA5} - System32\Tasks\{393270D7-BD6F-42AC-95D3-A13AACE9EDFB} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {3553C37B-8BF5-4664-B217-0941C3E5D9B9} - System32\Tasks\{ED4E7C34-DE3B-4102-AD7A-AC2905120390} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {411AF067-EE66-4A46-BF0F-368C3A681706} - System32\Tasks\{919119A0-23A4-4DB9-9C0F-5A8036C2C3A1} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {72515085-F936-4C4E-9533-185D9A464D4B} - no path
    Task: {75E56901-0FBE-4979-A2FB-C6F03F9BB143} - System32\Tasks\{E8D93826-1847-46A5-9C7F-E4B63A10B75F} => pcalua.exe -a E:\0575_USB_Vibration_Joystick_V10.exe -d E:\
    Task: {7D26C77A-DF7E-437A-844B-731E65702191} - System32\Tasks\{C0CD54C7-A7E5-4194-A669-382462AF003E} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {811E96EF-B6A4-46DB-8795-23599CD601A5} - System32\Tasks\PED_Torrent_Search => Rundll32.exe 4mW3UU0.dll,#67
    Task: {83FF0660-0639-41F1-A520-F17A4C2F2E91} - System32\Tasks\{6EEF9AF5-D4D3-496D-A929-E24776B83BF1} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {940DAD9E-FC80-46FA-AFC2-68BE05AC1AD7} - System32\Tasks\Opera scheduled Autoupdate 1443110749 => D:\Program Files (x86)\Opera beta\launcher.exe [2016-05-18] (Opera Software)
    Task: {9C3B3ADD-E319-46FB-B292-1F9A72ACD6F4} - System32\Tasks\{B37704FE-2803-4B0A-8428-704BC22A4C87} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {A13D8299-12F8-4E1D-B099-074877B046AC} - System32\Tasks\{BB8A913E-F6E5-4E11-B8BE-638AF2D7CD5F} => pcalua.exe -a E:\0575_USB_Vibration_Joystick_V10.exe -d E:\
    Task: {A38750B8-ADD9-4DC4-A709-403BEC5E1B76} - System32\Tasks\BangoneUpdateTaskMachineCore => C:\Program Files (x86)\Bangone\Update\BangoneUpdate.exe [2016-05-20] ()
    Task: {AC3EABDB-4D3F-492E-B98E-602007271B13} - System32\Tasks\{6EB91E9E-B500-40E4-B405-A6A2E4821092} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {B5D0FEA3-DEC9-42B8-A794-B5541CC8BE19} - System32\Tasks\{83E1FDE7-484B-4B48-A058-92181499CC3B} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {B7725759-9FA8-4B9E-8B73-D8EBF06B1E7D} - System32\Tasks\{0C4354EB-1EB7-48D6-A503-CB31D5DA0531} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)




    Task: {BDACA3FA-0BFB-45E6-A8F9-EB492C00861B} - System32\Tasks\{393BDF2B-EB99-4B1B-9C9A-515C36038C6B} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {C0CDA9D6-8FC0-4FB8-A850-90899B4F07D7} - System32\Tasks\{30B9F9BA-7F32-4CB7-836D-55CAB27355B7} => pcalua.exe -a C:\Users\Adrian\Desktop\MinecraftZyczu.exe -d C:\Users\Adrian\Desktop
    Task: {C7109094-155E-4755-9970-092A2BCA2075} - System32\Tasks\{97BF47FD-C132-4F0D-B0C3-7E7D747EB01A} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {C937E1CC-15A0-4180-A5DE-36AA40D84C68} - System32\Tasks\Opera scheduled Autoupdate 1422631159 => C:\Program Files (x86)\Opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {D4D417D0-B321-400D-B0E3-5A8037A1CDD6} - System32\Tasks\{16D68DCF-909A-4CB6-ACCA-D22A72ADB41A} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {EE4423CC-C2BE-4E11-AC93-43DA8868F4A3} - System32\Tasks\{F83C6C7B-33D0-4F07-96B5-C43EC4966C39} => Chrome.exe http://ui.skype.com/ui/0/7.18.85.112/pl/abandoninstall?page=tsProgressBar
    Task: {EFC3B5EC-86DD-4E21-9CE7-5459485EB981} - System32\Tasks\{1DC6ADBE-1B00-4161-BCF2-5981EE031296} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {F7603609-0792-4A64-B4DB-8BFF3973DED1} - System32\Tasks\{3A94A358-0B64-4C41-A53A-16556AF82EC6} => c:\program files (x86)\opera\launcher.exe [2016-05-09] (Opera Software)
    Task: {FA0A2FD4-A940-4B14-8956-00EF707BFB7A} - System32\Tasks\BangoneUpdateTaskMachineUA => C:\Program Files (x86)\Bangone\Update\BangoneUpdate.exe [2016-05-20] ()
    Task: C:\Windows\Tasks\PED_Torrent_Search.job => C:\ProgramData\Torrent_Search_PED\rundll32.exe4mW3UU0.dll
    2016-05-20 11:41 - 2016-05-20 08:58 - 00365952 _____ () C:\ProgramData\Bangone\Bangone.exe
    AlternateDataStreams: C:\ProgramData:NT
    AlternateDataStreams: C:\ProgramData:NT2
    AlternateDataStreams: C:\Users\All Users:NT
    AlternateDataStreams: C:\Users\All Users:NT2
    AlternateDataStreams: C:\Users\Adrian\Application Data:NT
    AlternateDataStreams: C:\Users\Adrian\Application Data:NT2
    AlternateDataStreams: C:\Users\Adrian\AppData\Roaming:NT
    AlternateDataStreams: C:\Users\Adrian\AppData\Roaming:NT2
    AlternateDataStreams: C:\ProgramData\Application Data:NT
    AlternateDataStreams: C:\ProgramData\Application Data:NT2
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
    () C:\ProgramData\Bangone\Bangone.exe
    HKU\S-1-5-21-1899133592-2113707025-2501600615-1001\...\Run: [AdobeBridge] => [X]
    GroupPolicyScripts: Group Policy detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
    OPR Extension: (Hola Better Internet) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekmmelpnmfdegjhnmadddcfjcahpajnm [2015-12-20]
    OPR Extension: (stormbreakerbg) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\jmbefbhbhjgnjbegmnhmakmmldnfogcd [2016-04-08]
    OPR Extension: (Gerald) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2016-03-23]
    StartMenuInternet: (HKU\S-1-5-21-1899133592-2113707025-2501600615-1001) Operabeta - "D:\Program Files (x86)\Opera beta\Launcher.exe"
    R2 BangoneP; C:\ProgramData\Bangone\Bangone.exe [365952 2016-05-20] ()
    S2 BangoneU; C:\Program Files (x86)\Bangone\Update\BangoneUpdate.exe [492416 2016-05-20] ()
    S3 AODDriver; \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [X]
    S3 BioNTDrv; \??\C:\Program Files\Paragon Software\Backup and Recovery 2014 Free\program\BioNTDrv.SYS [X]
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
    S3 cpuz138; \??\C:\Users\Adrian\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-05-23 22:28 - 2016-05-24 10:09 - 00000000 ____D C:\Users\Adrian\AppData\Roaming\Elex-tech
    2016-05-20 11:44 - 2016-05-20 11:44 - 00000000 ____D C:\ProgramData\Bangone
    2016-05-20 11:41 - 2016-05-24 10:14 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2016-05-20 11:41 - 2016-05-24 00:04 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2016-05-20 11:41 - 2016-05-23 21:47 - 00000000 ____D C:\Windows\system32\log
    2016-05-20 11:41 - 2016-05-20 11:41 - 00003548 _____ C:\Windows\System32\Tasks\BangoneUpdateTaskMachineCore
    2016-05-20 11:41 - 2016-05-20 11:41 - 00003462 _____ C:\Windows\System32\Tasks\BangoneUpdateTaskMachineUA
    2016-05-20 11:41 - 2016-05-20 11:41 - 00000000 ____D C:\Users\Radek\AppData\Local\Bangone
    2016-05-20 11:41 - 2016-05-20 11:41 - 00000000 ____D C:\Program Files (x86)\Bangone
    2016-05-19 14:42 - 2016-05-23 16:33 - 00000001 _____ C:\Windows\SysWOW64\pl.html
    2016-05-19 14:42 - 2016-05-19 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    2016-05-18 15:07 - 2016-05-18 15:25 - 00000000 ____D C:\Program Files (x86)\Chefusp
    2016-05-18 15:06 - 2016-05-24 00:04 - 00000348 _____ C:\Windows\Tasks\PED_Torrent_Search.job
    2016-05-18 15:06 - 2016-05-23 23:36 - 00000000 ____D C:\ProgramData\Torrent_Search_PED
    2016-05-18 15:06 - 2016-05-18 15:06 - 00003368 _____ C:\Windows\System32\Tasks\PED_Torrent_Search
    2016-05-23 22:14 - 2015-01-18 02:57 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    W FRST wybierz Napraw.

    1