Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirus na pendrive, my videos 18

kowalska1991 15 Sie 2016 22:26 651 6
  • #2 15 Sie 2016 22:31
    krzychupar
    Poziom 40  

    Uruchom ponownie program FRST zaznacz Addition.txt i zamieść ponownie obydwa powstałe logi jako załączniki.

    0
  • Pomocny post
    #5 15 Sie 2016 23:16
    krzychupar
    Poziom 40  

    Odinstaluj:
    Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
    Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
    Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
    Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.3.1.30415 - Avira Operations GmbH & Co. KG)
    Booking.com version 1.1.0.5019 (HKLM-x32\...\{958A475F-037D-401A-AC05-209725973E11}_is1) (Version: 1.1.0.5019 - Booking.com) <==== UWAGA
    Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== UWAGA
    Update for PDF Reader (HKU\S-1-5-21-3434336251-1058001465-444639220-1000\...\DSite) (Version: - ) <==== UWAGA

    Otwórr notatniok i wklej:
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Brak pliku




    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3434336251-1058001465-444639220-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Karolina\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Brak pliku
    Task: {0497DCBF-A1C0-4813-BB7C-3C615A897B26} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-05-02] (Avira Operations GmbH & Co. KG)
    Task: {1D7EED2D-EF1B-4006-8F1F-3C64A7AC97D6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {2254D65B-E99A-41DA-9E91-EC9EFBB0B9AB} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
    Task: {2CF23958-5687-4FDC-B5E7-4D78557FF708} - \Program aktualizacji online firmy Adobe. -> Brak pliku <==== UWAGA
    Task: {49AF37CE-9326-4EF7-B228-B40E3BEBAE19} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {6456D049-3284-4889-AAD2-4FE7387C654F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {6E9DA940-8206-4A91-A927-D2BA066B9FF8} - System32\Tasks\{18586F43-1E52-420C-9972-91D9FBE8337C} => pcalua.exe -a C:\Users\Karolina\AppData\Local\Temp\FooPlugin0.9Setup_2.1.exe -d C:\Users\Karolina\Desktop\programy\Last.fm -c /SILENT /DIR="C:\Users\Karolina\Desktop\programy\FOOBAR~1\COMPON~1\"
    Task: {70BF6437-3CDD-4D90-BFED-7AE1500A1465} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {76E7C538-14FA-4AC4-9CD2-2653FD6C7D27} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {7A5F396F-71B2-484D-973C-9D44BA425AB5} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA
    Task: {81015B72-474A-472F-911F-921D2EA58B6F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {8A453830-E0AA-48FF-B854-F3723F9F589C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {8CFDC78D-C84C-4A9A-B602-76C05AC21B99} - System32\Tasks\{1D5F4DEA-4B98-4D98-834A-1A251FEEF266} => pcalua.exe -a C:\Users\Karolina\Desktop\programy\KMPSetup.exe -d C:\Users\Karolina\Desktop\programy
    Task: {A3019A60-022A-4E00-A572-C41C4E263309} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {AA2B2956-B418-4AB0-A9E0-5693DD5861BA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {AF7F6B1C-CF91-45D4-8A54-ADD7E68754EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {CFA425D1-1C0E-4D74-8640-EFDD08818439} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {E2A1783C-42FC-46C0-93B1-F6044F0DC5FD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: {F5E876EF-0D22-4A51-976F-3CBA94A1C0EB} - System32\Tasks\{146C41C7-FE20-4D64-92D8-9C6AACB90CF2} => pcalua.exe -a C:\Users\Karolina\Downloads\chromeinstall-6u23.exe -d C:\Users\Karolina\Downloads
    HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [18520 2016-05-02] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\RunOnce: [] => [X]
    HKU\S-1-5-21-3434336251-1058001465-444639220-1000\...\MountPoints2: {8d295e9a-e5ea-11e4-af4b-88ae1d803f48} - E:\AutoRun.exe
    HKU\S-1-5-21-3434336251-1058001465-444639220-1000\...\MountPoints2: {8d295eb2-e5ea-11e4-af4b-88ae1d803f48} - E:\AutoRun.exe
    HKU\S-1-5-21-3434336251-1058001465-444639220-1000\...\MountPoints2: {de4a713a-ff18-11e4-a337-4c0f6e23e920} - E:\SetupWi-Fi.exe
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => Brak pliku
    HKU\S-1-5-21-3434336251-1058001465-444639220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3434336251-1058001465-444639220-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM-x32 -> DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120122225252470&tb_oid=22-01-2012&tb_mrud=22-01-2012
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKLM-x32 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120122225252470&tb_oid=22-01-2012&tb_mrud=22-01-2012
    SearchScopes: HKU\S-1-5-21-3434336251-1058001465-444639220-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    SearchScopes: HKU\S-1-5-21-3434336251-1058001465-444639220-1000 -> {D28D0AB7-92BE-4834-A540-E7F9BF070D2E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYPL&apn_uid=0d661f4e-f5e2-499b-9c80-91b2f30bb5fe&apn_sauid=29B742FC-B33F-4B98-88D6-D471B1E90C8E
    SearchScopes: HKU\S-1-5-21-3434336251-1058001465-444639220-1000 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120122225252470&tb_oid=22-01-2012&tb_mrud=22-01-2012
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
    Toolbar: HKU\S-1-5-21-3434336251-1058001465-444639220-1000 -> Brak nazwy - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Brak pliku
    FF SearchEngineOrder.1: v9
    FF Homepage: about:home
    CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> Avira
    CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
    CHR Extension: (Avira Browser Safety) - C:\Users\Karolina\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-15]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3434336251-1058001465-444639220-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Karolina\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - <Brak Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\14.0.2.14\avg.crx <nie znaleziono>
    R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
    S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [231256 2016-07-13] (Avira Operations GmbH & Co. KG)
    S2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [25736 2016-05-02] (Avira Operations GmbH & Co. KG)
    S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]
    2016-08-15 21:30 - 2016-08-15 21:31 - 00000000 ___HD C:\Users\Karolina\AppData\Roaming\Booking_helper
    2016-08-15 21:30 - 2016-08-15 21:30 - 00000000 ___HD C:\Users\Karolina\AppData\Roaming\GoldenGate
    2016-07-26 23:41 - 2016-07-26 23:41 - 00001098 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
    2016-07-30 22:14 - 2016-05-07 17:01 - 00001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Phantom VPN.lnk
    2016-07-30 22:14 - 2016-05-07 17:01 - 00001004 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
    2016-07-26 23:41 - 2016-05-07 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2016-07-24 16:00 - 2016-05-07 16:48 - 00000000 ____D C:\Program Files (x86)\Avira
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw

    1
  • #6 16 Sie 2016 00:06
    kowalska1991
    Poziom 2  

    Dziękuję Ci bardzo! :)))) Chyba już wszystko ok, niechciany folder nie pojawia się na pendrive ;)

    0
  • #7 16 Sie 2016 06:40
    krzychupar
    Poziom 40  

    Jak wszystko OK. to usuń C:\FRST i zamknij temat.
    wirus na pendrive, my videos 18

    0