Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

kemgadeo virus problem - Problem z wirusem

dobromir12 14 Lut 2017 09:42 525 3
  • #2 14 Lut 2017 09:53
    Kolobos
    Spec od komputerów

    Z korzystaniem z forum chyba tez... zamiesc wymagane logi, a na przyszlosc wysil sie chociaz troche i przeczytaj inne watki w danym dziale PRZED napisaniem.

    0
  • #3 14 Lut 2017 10:25
    dobromir12
    Poziom 5  

    Wrzucałem logi tego byłem pewien

    0
  • #4 14 Lut 2017 11:05
    Kolobos
    Spec od komputerów

    AdBlock zmien na uBlock Origin.


    Odinstaluj: Browser Configuration Utility

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Task: {83760441-BACB-451B-8A66-E13584B31A34} - System32\Tasks\{99FC7B35-01F5-4FED-98BB-19E29B1E09FD} => pcalua.exe -a C:\Deskop\Setup.exe -d C:\Deskop
    Task: {848FD0CC-76CE-4AF0-8212-BC60F6B3ED0B} - System32\Tasks\{BD02FEBD-6099-470D-B538-6A9236C0AD66} => pcalua.exe -a "C:\Program Files\Common Files\U-Joystrong\uninstall.exe" -c shuz -f "C:\Program Files\Common Files\U-Joystrong\uninstall.dat" -a uninstallme DE53F20F-3E10-4163-92D1-6AC03DD7B69D DeviceId=99d7358f-d43e-3c56-39b6-4b83585d1911 BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
    ShortcutWithArgument: C:\Users\H1ddenfox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\H1ddenfox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\H1DDEN~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\H1ddenfox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\H1ddenfox\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\H1DDEN~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\H1DDEN~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    HKU\S-1-5-21-1032641472-2820101807-640574751-1000\...\MountPoints2: J - J:\Setup.exe
    HKU\S-1-5-21-1032641472-2820101807-640574751-1000\...\MountPoints2: {781f90cf-ef99-11e6-982c-000e2e661f02} - J:\Setup.exe
    HKU\S-1-5-18\...\Run: [] => 0
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-1032641472-2820101807-640574751-1000 -> {79BD2AC4-BF32-40f6-BF79-1767770ABA90} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
    SearchScopes: HKU\S-1-5-21-1032641472-2820101807-640574751-1000 -> {B80CC1B7-C4AD-46ca-B061-1E0E9FC4E235} URL = hxxp://www.google.com/custom?client=pub-37942...3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms}
    CHR HKLM\...\Chrome\Extension: [glcimepnljoholdmjchkloafkggfoijh] - hxxps://clients2.google.com/service/update2/crx
    2017-02-10 15:47 - 2017-02-10 15:48 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-02-10 15:47 - 2017-02-10 15:48 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-02-11 20:17 - 2016-08-29 15:40 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:

    W FRST wybierz Napraw.

    0