Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Laptop/ASUS/k73sv - Trojany, Malware, Win32:Dropper-gen i inne paskudztwa

Ewelia 03 Paź 2016 21:55 474 4
  • #1 03 Paź 2016 21:55
    Ewelia
    Poziom 1  

    Cześć,
    Mam problem, o dziwo z komputerem ;p Mimo nieudolnej walki nie mogę pozbyć się wstrętnych wirusów zamieszkujących mój komputer (Trojany, Malware, Win32:Dropper-gen)
    Pytanie jak się ich pozbyć nie formatując komputera? Załączam logi.
    Proszę o pomoc!

    0 4
  • #3 03 Paź 2016 22:17
    gold-game
    Poziom 18  

    Ściągnij sobie program Malwarebytes ze strony ninite.com. Świetny program do takich wirusków. Zawsze używam z powodzeniem.

    0
  • Pomocny post
    #4 03 Paź 2016 22:23
    Kolobos
    Spec od komputerów

    Zrob kopie zakladek z Chrome o ile sa Ci potrzbene.

    Odinstaluj
    YAC(Yet Another Cleaner!)
    Google Chrome

    Usun katalog profilu przegladarki z C:\Users\Ewelia\AppData\Local\Google\Chrome\User Data\Default
    Po usunieciu zainstaluj Chrome ponownie.

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {04FBC32F-0033-403C-B255-A82330E8E058} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
    Task: {4AA3CA0F-4D51-4DA9-A3A6-FA9E942968A0} - System32\Tasks\{B352D00D-BD6C-45E5-A977-6737C4F7335E} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.3.0.101&LastError=404
    Task: {9BE98595-0250-437D-ACD9-CC78FA8ABF54} - System32\Tasks\Opera scheduled Autoupdate 1457811849 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-21] (Opera Software)
    Task: {A2E5B3BA-5917-41FD-9BF9-120AD8D60266} - System32\Tasks\{1DF57BB0-342F-4EFC-A723-FF7DD8F4B219} => pcalua.exe -a "C:\Program Files\GRAPHISOFT\ArchiCAD 19\Uninstall.AC\uninstaller.exe"
    Task: {C13A0CE9-10E4-4478-AF84-AAE970C72F0E} - System32\Tasks\{F2D3F110-8536-472D-AFBD-344EEEBE6449} => pcalua.exe -a C:\Users\Ewelia\Downloads\AutodeskDownloadManagerSetup.exe -d C:\Users\Ewelia\Downloads
    Shortcut: C:\Users\Ewelia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Redjane\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Ewelia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Redjane\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Ewelia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Redjane\Application\chrome.exe (Google Inc.)
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk -> C:\Program Files (x86)\Redjane\Application\chrome.exe (Google Inc.) -> --uninstall --system-level
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    () C:\ProgramData\UvConverter\UvConverter.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    (Emotiplus) C:\Users\Ewelia\AppData\Local\Emotiplus\Emotiplus.exe
    (Google Inc.) C:\Program Files (x86)\Redjane\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Redjane\Application\chrome.exe




    (Google Inc.) C:\Program Files (x86)\Redjane\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Redjane\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Redjane\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Redjane\Application\chrome.exe
    HKU\S-1-5-21-3048221210-1819659243-3952454914-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Ewelia\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-3048221210-1819659243-3952454914-1002\...\Run: [EmotiplusHelper] => C:\Users\Ewelia\AppData\Local\EmotiplusHelper\EmotiplusHelper.exe [136088 2016-09-03] (Emotiplus)
    HKU\S-1-5-21-3048221210-1819659243-3952454914-1002\...\Run: [GoogleChromeAutoLaunch_ABC4F5DD45B56CEC4E0C09396E8C127B] => C:\Program Files (x86)\Redjane\Application\chrome.exe [1382624 2016-09-18] (Google Inc.)
    HKU\S-1-5-21-3048221210-1819659243-3952454914-1002\...\Policies\Explorer: []
    HKU\S-1-5-21-3048221210-1819659243-3952454914-1002\...\MountPoints2: {669fd90b-f8ef-11e5-aed5-f46d04515779} - G:\AutoRun.exe
    HKU\S-1-5-21-3048221210-1819659243-3952454914-1002\...\MountPoints2: {8321961e-ea5b-11e5-a5e9-f46d04515779} - G:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-3048221210-1819659243-3952454914-1002\...\MountPoints2: {b588b62a-79be-11e6-b125-f46d04515779} - G:\HiSuiteDownLoader.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-03-15] (Microsoft Corporation)
    Startup: C:\Users\Ewelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Emotiplus.lnk [2016-08-19]
    ShortcutTarget: Emotiplus.lnk -> C:\Users\Ewelia\AppData\Local\Emotiplus\Emotiplus.exe (Emotiplus)
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participações Ltda)
    R2 UvConverter; C:\ProgramData\UvConverter\UvConverter.exe [419048 2016-09-20] ()
    S2 CornerSunshineSvc; "C:\Program Files (x86)\Corner Sunshine\CornerSunshineSvc.exe" {8A712DBD-E08B-4D5C-839D-1B9C185FE769} [X]
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda)
    2016-09-30 21:14 - 2016-09-30 21:15 - 00000003 _____ C:\Windows\SysWOW64\xaa
    2016-09-28 12:36 - 2016-09-28 12:36 - 00000000 ____D C:\Users\Ewelia\AppData\Roaming\Elex-tech
    2016-09-28 12:36 - 2016-09-28 12:36 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2016-09-28 12:36 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2016-09-28 12:36 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2016-09-22 13:51 - 2016-09-22 13:51 - 00000000 ____D C:\ProgramData\UvConverter
    2016-09-21 13:22 - 2016-09-23 11:23 - 00000000 ____D C:\Program Files (x86)\Corner Sunshine
    2016-09-19 11:48 - 2016-09-26 19:34 - 00000000 ____D C:\ProgramData\Redjane
    2016-09-19 11:45 - 2016-09-19 11:45 - 00000000 ____D C:\Users\Ewelia\AppData\Local\Redjane
    2016-09-19 11:45 - 2016-09-19 11:45 - 00000000 ____D C:\Program Files (x86)\walalala co
    2016-09-19 11:45 - 2016-09-19 11:45 - 00000000 ____D C:\Program Files (x86)\Redjane
    2016-09-19 11:44 - 2016-09-30 21:15 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2016-09-19 11:44 - 2016-09-30 21:15 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2016-09-03 16:51 - 2016-09-03 16:51 - 00000000 ____D C:\Users\Ewelia\AppData\Local\Emotiplus
    2016-09-29 21:53 - 2016-08-24 13:16 - 00000000 ____D C:\ProgramData\corss
    2016-09-29 21:06 - 2016-03-23 10:46 - 00000000 ____D C:\Users\Ewelia\AppData\Roaming\PhotoScape
    2011-01-12 16:44 - 2010-07-07 02:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #5 04 Paź 2016 21:04
    Ewelia
    Poziom 1  

    Dzięki za pomoc! Nie dałabym rady sama :)
    Laptop/ASUS/k73sv - Trojany, Malware, Win32:Dropper-gen i inne paskudztwa

    0