Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Nie moge usunąc plików od wirusów

SimonJKGF 04 Maj 2017 19:28 513 8
  • #1 04 Maj 2017 19:28
    SimonJKGF
    Poziom 4  

    Nie moge usunac plikow od wirusow, bo "sa w uzyciu" przez cos. W procesach ich nie ma, ale sa w Uslugach. Gdy porobuje zakonczyc dana usluge nie moge tego zrobic, bo "Nie mam uprawnien". Jestem na koncie administratorskim. Czasami nie moge nawet usunac pustych folderow wirusow, bo sa przez cos uzywane. Te wirusy to:
    Stitught Adapter,
    WinSnare,
    Kitty,
    Grtase, w jego sklad wchodzi jakies MIO i inne wirusy
    Czy jest jakis sposob na usuniecie tych Uslug, zebys mogl usunac te zainfekowane pliki? Albo jakis inny sposob na pozbycie sie tych wirusow? Dodatkowo widzialem, ze ludzie wysylali pliki ze skanu frst (czy jakos tak), jezeli jest to potrzebne to powiedzcie jakie opcje mam zaznaczyc i czy mam cos wpisywac w polu wyszukiwania.

    0 8
  • #2 04 Maj 2017 19:38
    Kolobos
    Spec od komputerów

    W FRST nacisnij Skanuj i zamiesc logi w zalaczniku, opcji nie ruszaj.

    0
  • #4 04 Maj 2017 20:34
    Kolobos
    Spec od komputerów

    Odinstaluj: Software Version Updater

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-272952293-1678651877-2598580484-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dl => No File
    CustomCLSID: HKU\S-1-5-21-272952293-1678651877-2598580484-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dl => No File
    CustomCLSID: HKU\S-1-5-21-272952293-1678651877-2598580484-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dl => No File
    CustomCLSID: HKU\S-1-5-21-272952293-1678651877-2598580484-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\OpenOffice 4\program\shlxthdl\propertyhdl_x64 => No File
    CustomCLSID: HKU\S-1-5-21-272952293-1678651877-2598580484-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dl => No File
    CustomCLSID: HKU\S-1-5-21-272952293-1678651877-2598580484-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Simon\AppData\Local\Roblox\Versions\version-ffefd1c450cf4303\RobloxProxy64.dll => No File
    Task: {0EFDF741-86A2-4740-B171-2B6FC285D04F} - System32\Tasks\Windows-PG => powershell.exe C:\windows\psgo\psgo.ps1
    Task: {1215843F-0A93-4FB9-892A-48B73E003DDE} - \Gruzitain -> No File <==== ATTENTION
    Task: {47454B96-A0C4-4AF8-A802-5EA045C6CE0A} - \SAgent -> No File <==== ATTENTION
    Task: {91725AE4-DAD7-44DF-8CA7-4872543BEDED} - \Game_Booster_AutoUpdate -> No File <==== ATTENTION
    Task: {AD6E8EBE-E7BD-47E0-B39B-8952E0471754} - \Stitught Adapter -> No File <==== ATTENTION
    Task: {D6840A90-0B82-4237-8566-2F3C6B15F993} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe <==== ATTENTION
    Task: {ECBB9F6C-6F61-417E-A1E0-CF6FDBCF4A78} - System32\Tasks\{08B653F2-25AB-46D4-B0A6-0DBDFDA6FEAC} => pcalua.exe -a "F:\Alien Nations 2 PL\UNWISE.EXE" -c F:\Alien Nations 2 PL\INSTALL.LOG
    2017-03-14 16:04 - 2017-03-14 16:04 - 00306688 _____ () C:\Program Files (x86)\Stitught Adapter\local64spl.dll
    2017-04-28 10:28 - 2017-04-28 10:28 - 00833536 _____ () c:\users\simon\appdata\local\snare\snare.dll
    2017-04-19 15:07 - 2017-04-19 15:44 - 00754688 _____ () c:\users\simon\appdata\local\3dm\kitty.dll
    2017-04-20 16:04 - 2017-04-20 16:04 - 08635020 _____ () C:\Windows\TEMP\szmD512.tmp
    2017-04-26 12:29 - 2017-04-26 12:29 - 08467652 _____ () C:\Insist\rzf.8v0
    2017-04-28 12:43 - 2017-04-28 12:43 - 09615700 _____ () c:\Alitkojck\Hobary.x1g
    2017-05-02 12:02 - 2017-05-02 12:02 - 09258212 _____ () C:\Program Files\q2cq9u9l\{3C692D49-0D8C-4E71-9FE0-72B46A47C94F}\kgvrmmfj.stj
    2017-04-20 16:04 - 2017-05-04 15:00 - 00218624 _____ () c:\users\simon\appdata\roaming\winsapsvc\winsap.dll




    2017-05-04 11:18 - 2017-05-04 05:41 - 00105472 _____ () c:\programdata\package cache\{59399776-575d-9c54-e861-0d5eab7e707d}v10.1.14393.795\installers\iis\iisexp.dll
    2016-05-09 16:07 - 2016-01-29 14:08 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
    2017-04-24 13:04 - 2017-05-04 15:00 - 00323584 _____ () C:\Users\Simon\AppData\Local\background_fault\bf.dll
    2016-11-28 22:41 - 2016-11-28 22:41 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
    AlternateDataStreams: C:\ProgramData:NT [40]
    AlternateDataStreams: C:\ProgramData:NT2 [322]
    AlternateDataStreams: C:\Users\All Users:NT [40]
    AlternateDataStreams: C:\Users\All Users:NT2 [322]
    AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
    AlternateDataStreams: C:\ProgramData\Application Data:NT2 [322]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [322]
    AlternateDataStreams: C:\Users\Simon\Application Data:NT [40]
    AlternateDataStreams: C:\Users\Simon\Application Data:NT2 [322]
    AlternateDataStreams: C:\Users\Simon\AppData\Roaming:NT [40]
    AlternateDataStreams: C:\Users\Simon\AppData\Roaming:NT2 [322]
    HKU\S-1-5-21-272952293-1678651877-2598580484-1000\...\Run: [background_fault] => C:\Users\Simon\AppData\Local\background_fault\aswRD.exe [1419576 2017-04-24] (AVAST Software) <===== ATTENTION
    HKU\S-1-5-21-272952293-1678651877-2598580484-1000\...\MountPoints2: E - E:\setup.exe
    HKU\S-1-5-21-272952293-1678651877-2598580484-1000\...\MountPoints2: {6e30caee-3dea-11e5-a513-4cedde7f26b6} - G:\.\Driver\DriverInstaller.exe -eject
    HKU\S-1-5-21-272952293-1678651877-2598580484-1000\...\MountPoints2: {7357d031-0f81-11e5-b762-4cedde7f26b6} - G:\autorun.exe
    HKU\S-1-5-21-272952293-1678651877-2598580484-1000\...\MountPoints2: {7357d035-0f81-11e5-b762-4cedde7f26b6} - H:\SJ2_setup.exe
    HKU\S-1-5-21-272952293-1678651877-2598580484-1000\...\MountPoints2: {ef17fa7c-fccc-11e6-a911-4cedde7f26b6} - G:\LG_PC_Programs.exe
    HKLM\...\Providers\q2cq9u9l: C:\Program Files (x86)\Stitught Adapter\local64spl.dll [306688 2017-03-14] ()
    ShellExecuteHooks: No Name - {522E1946-038B-11E7-BBEE-64006A5CFC23} - C:\Users\Simon\AppData\Roaming\Shjuch\Gahokclwos.dll -> No File
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Simon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Simon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Simon\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Simon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Simon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Simon\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...HitachiXHTS545050B9A300_101222PBN403M7DH7TWEX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...HitachiXHTS545050B9A300_101222PBN403M7DH7TWEX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...XHTS545050B9A300_101222PBN403M7DH7TWEX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...HitachiXHTS545050B9A300_101222PBN403M7DH7TWEX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...HitachiXHTS545050B9A300_101222PBN403M7DH7TWEX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...XHTS545050B9A300_101222PBN403M7DH7TWEX&q={searchTerms}
    HKU\S-1-5-21-272952293-1678651877-2598580484-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...HitachiXHTS545050B9A300_101222PBN403M7DH7TWEX
    HKU\S-1-5-21-272952293-1678651877-2598580484-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...HitachiXHTS545050B9A300_101222PBN403M7DH7TWEX
    SearchScopes: HKU\S-1-5-21-272952293-1678651877-2598580484-1000 -> {2B252B86-B8E1-40DA-B90B-1D2C92E76894} URL = hxxp://www.google.com/search?q={searchTerms}
    FF Plugin HKU\S-1-5-21-272952293-1678651877-2598580484-1000: @nsroblox.roblox.com/launcher -> C:\Users\Simon\AppData\Local\Roblox\Versions\version-ffefd1c450cf4303\\NPRobloxProxy.dll [No File]
    FF Plugin HKU\S-1-5-21-272952293-1678651877-2598580484-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Simon\AppData\Local\Roblox\Versions\version-ffefd1c450cf4303\\NPRobloxProxy64.dll [No File]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    R2 3DM; C:\Users\Simon\AppData\Local\3DM\Kitty.dll [754688 2017-04-19] () [File not signed]
    S2 FirefoxDL; C:\Users\Simon\AppData\Local\Temp\19\QQBrowser.exe [131640 2017-05-04] (Tencent Inc.) <==== ATTENTION
    R2 IISvr; C:\ProgramData\Package Cache\{59399776-575D-9C54-E861-0D5EAB7E707D}v10.1.14393.795\Installers\IIS\iisexp.dll [105472 2017-05-04] () [File not signed]
    R2 Kitty; C:\Users\Simon\AppData\Local\Kitty\Kitty.dll [124928 2017-05-04] (kitty) [File not signed] <==== ATTENTION
    R2 SNARE; C:\Users\Simon\AppData\Local\SNARE\Snare.dll [833536 2017-04-28] () [File not signed]
    R2 WinSAPSvc; C:\Users\Simon\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-05-04] () [File not signed] <==== ATTENTION
    R2 WPDTSrv; C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\addons\SDKFilesVer.dll [104448 2017-03-24] () [File not signed]
    S2 ed2kidle; "C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle [X]
    S2 PearnessSU; "C:\Users\Simon\AppData\Local\Temp\3\ttff.exe" /i [X] <==== ATTENTION
    S2 SNARER; C:\Users\Simon\AppData\Roaming\SNARER\Snarer.dll [X] <==== ATTENTION
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== ATTENTION
    R4 networx; system32\drivers\networx.sys [X]
    S3 WinRing0_1_2_0; \??\C:\Game Booster 3\Driver\WinRing0x64.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2017-05-04 11:49 - 2017-05-04 11:49 - 00000000 ____D C:\Users\Simon\program
    2017-05-04 11:49 - 2017-05-04 11:49 - 00000000 ____D C:\Users\Simon\files(x86)
    2017-05-04 11:18 - 2017-05-04 11:18 - 00000000 ____D C:\Users\Public\Documents\Google
    2017-05-02 12:01 - 2017-05-02 12:01 - 00000000 ____D C:\Program Files\q2cq9u9l
    2017-04-29 20:49 - 2017-04-29 20:49 - 00003136 _____ C:\Windows\System32\Tasks\{08B653F2-25AB-46D4-B0A6-0DBDFDA6FEAC}
    2017-04-28 12:43 - 2017-04-28 12:43 - 00000000 ____D C:\Alitkojck
    2017-04-26 12:29 - 2017-04-28 12:43 - 00000000 ____D C:\Windows\psgo
    2017-04-26 12:29 - 2017-04-26 12:29 - 00000000 ____D C:\Insist
    2017-04-25 13:22 - 2017-04-25 13:22 - 00000000 ____D C:\Program Files\MK
    2017-04-24 13:04 - 2017-05-04 18:38 - 00000000 ____D C:\Users\Simon\AppData\Local\background_fault
    2017-04-21 16:25 - 2017-04-28 16:46 - 00000000 _____ C:\Windows\SysWOW64\22
    2017-04-21 16:25 - 2017-04-28 16:46 - 00000000 _____ C:\Windows\SysWOW64\11
    2017-04-19 15:07 - 2017-04-19 15:07 - 00000000 ____D C:\Users\Simon\AppData\Local\3DM
    2017-04-17 13:06 - 2017-05-04 18:38 - 00000000 ____D C:\Users\Simon\AppData\Local\SNARE
    2017-04-17 13:06 - 2017-04-20 16:05 - 00000000 ____D C:\Users\Simon\AppData\Local\Kitty
    2017-04-17 13:06 - 2017-04-17 13:06 - 00000000 ____D C:\Windows\Update
    2017-04-10 21:05 - 2017-05-04 11:19 - 00003504 _____ C:\Windows\System32\Tasks\Windows-PG
    2017-04-10 21:05 - 2017-04-10 21:05 - 00000000 ____D C:\Update
    2017-04-07 15:42 - 2017-04-12 16:25 - 00000003 _____ C:\Windows\SysWOW64\f_z
    2017-04-07 11:52 - 2017-04-19 21:48 - 00000000 ____D C:\Users\Simon\AppData\Local\AMD
    2017-04-05 18:25 - 2017-04-13 13:25 - 00000000 ____D C:\Users\Simon\AppData\Local\clean
    2017-05-04 11:18 - 2017-03-17 12:32 - 00003604 _____ C:\Windows\System32\Tasks\Milimili
    2017-05-04 11:18 - 2017-03-17 12:31 - 00000000 ____D C:\Users\Simon\AppData\Roaming\WinSAPSvc
    2017-05-04 11:16 - 2017-03-21 19:13 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-05-02 12:02 - 2017-03-14 16:04 - 00000000 ____D C:\Program Files (x86)\Grtase
    2017-04-13 13:03 - 2017-03-21 19:13 - 00000000 _____ C:\Windows\SysWOW64\4
    C:\Users\Simon\AppData\Local\background_fault\aswRD.exe
    C:\Users\Simon\postgresql_94.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #5 04 Maj 2017 21:24
    SimonJKGF
    Poziom 4  

    Przy probie odinstalowania Software Version Updater dostalem powiadomienie, ze program zostal juz prawdopodobnie usuniety i po prostu usunelo go z listy z panelu sterowania.

    A tutaj pliki, nie wiedzialem czy chodzi o kolejny skan Frst czy o plik, ktory utworzyl sie po zakonczeniu Fixa, wiec wrzucam oba.

    0
  • #6 04 Maj 2017 21:28
    Kolobos
    Spec od komputerów

    FRST.txt jest niekompletny, zamiesc nowy caly, razem z nowym addition.

    0
  • Pomocny post
    #8 04 Maj 2017 21:54
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #9 04 Maj 2017 22:03
    SimonJKGF
    Poziom 4  

    Okey, dzieki za pomoc.
    Nie moge usunąc plików od wirusów

    0