Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus Star.me online Nie można usunąć.

JackiBigos 02 Lis 2017 19:43 264 2
  • #1 02 Lis 2017 19:43
    JackiBigos
    Poziom 2  

    Witam,
    Mam na komputerze wirusa, którego nie mogę usunąć. Próbowałem McAfree security scan, Combofixem, a nawet spy Hunterem ( usuwając ręcznie zarażone pliki które wykrył) odinstalowywałem przeglądarkę itp. Ale i tak powracał. Trochę poczytałem i prawdopodobnie wirus siedzi gdzieś w rejestrach.



    Dziękuję z góry za pomoc.

    0 2
  • Pomocny post
    #2 02 Lis 2017 20:01
    Kolobos
    Spec od komputerów

    Chyba nic gorszego juz nie mogles zainstalowac...

    Nie uzywaj nigdy wiecej combofix, nie instaluj McAfee i SpyHuntera.

    Nawet FRST nie umiales pobrac z normalnej strony, zamiast wejsc na strone bleeping to pobrales z jakiejs ze szkodliwym menadzerem pobierania i zainstalowales dodatkowo szkodliwy ByteFence Anti-Malware.

    Odinstaluj:
    AVG PC TuneUp
    AVG Web TuneUp
    ByteFence Anti-Malware
    McAfee Security Scan Plus
    SpyHunter 4

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {09A0255E-EF79-497F-91F5-83D1B8104FEB} - System32\Tasks\1114avtUpdateInfo => C:\ProgramData\Avg_Update_1114avt\1114avt_AVG-Secure-Search-Update.exe [2014-10-08] ()
    Task: {0B435A1E-C83F-442E-AC61-25F1E4B08C14} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
    Task: {6369CE20-B362-423C-89E3-02A8633C321B} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-10-03] (Byte Technologies LLC) <==== UWAGA
    Task: {9CFDEC66-0443-4975-9CA9-6857B94D4D51} - \Program aktualizacji online firmy Adobe. -> Brak pliku <==== UWAGA
    Task: {BEA3FA31-3963-460C-B67D-D200D93AED28} - System32\Tasks\{B4D3AEED-790E-43A7-920E-65474DDF7588} => C:\Windows\system32\pcalua.exe -a C:\Users\Mistrz\Desktop\motherboard_driver_lan_realtek_8111_w7.exe -d C:\Users\Mistrz\Desktop
    Task: {C7073E39-47C4-442F-BE0C-2C541B59C45A} - System32\Tasks\{B30EF822-08FC-4037-B12E-EBCFCF7B05D4} => C:\Windows\system32\pcalua.exe -a "C:\Users\Mistrz\Desktop\Gamma Ray\nfs\Command & Conquer Red Alert 2 + Yuri's Revenge\MISSION CD Maps 1138 Official.exe" -d "C:\Users\Mistrz\Desktop\Gamma Ray\nfs\Command & Conquer Red Alert 2 + Yuri's Revenge"
    Task: {D5B804FB-1A1F-4031-BA43-8EBAE26F24C1} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2017-10-15] (Enigma Software Group USA, LLC.)
    Task: {F4B7EFB7-85DE-4EC7-8FBD-A590B47F6723} - System32\Tasks\{709ABC9F-A3D1-4D3D-A1D0-58A3EF04982E} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Far Cry 4\GDFInstall.exe" -d "C:\Program Files (x86)\Far Cry 4"
    Task: {FCFF3A45-919F-462C-93BB-F2180590160C} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-07-26] (AVG Technologies CZ, s.r.o.)
    Task: C:\Windows\Tasks\1114avtUpdateInfo.job => C:\ProgramData\Avg_Update_1114avt\1114avt_AVG-Secure-Search-Update.exe
    2017-03-07 19:18 - 2017-03-07 19:18 - 000582936 _____ () C:\Program Files\ByteFence\rsLggr.exe
    2017-11-01 12:20 - 2017-11-01 12:21 - 000302920 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    2017-11-01 12:20 - 2017-11-01 12:21 - 000620872 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    Hosts:
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe




    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TUDefragBackend64.exe
    () C:\Program Files\ByteFence\rsLggr.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe
    (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    HKLM-x32\...\Run: [] => [X]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-10-03]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1464970250-3396087750-784629469-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-1464970250-3396087750-784629469-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    FF Extension: (Avira Browser Safety) - C:\Users\Mistrz\AppData\Roaming\Mozilla\Firefox\Profiles\z0ix7vtt.default\Extensions\abs@avira.com [2014-12-17] [Brak podpisu cyfrowego]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1464970250-3396087750-784629469-501\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [clgckgfbhciacomhlchmgdnplmdiadbj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [156640 2017-10-03] (Byte Technologies LLC)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.599\McCHSvc.exe [404376 2017-09-05] (McAfee, Inc.)
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-11-01] ()
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\Sh4Service.exe [889016 2017-10-15] (Enigma Software Group USA, LLC.)
    R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5906704 2017-07-26] (AVG Technologies CZ, s.r.o.)
    R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2017-10-15] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2017-10-15] ()
    R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2017-11-01 12:20 - 2017-11-01 12:20 - 000000000 ____D C:\ProgramData\ByteFence
    2017-11-01 12:18 - 2017-11-01 14:24 - 000000000 ____D C:\Program Files\ByteFence
    2017-11-01 12:18 - 2017-11-01 12:18 - 000003404 _____ C:\Windows\System32\Tasks\ByteFence
    2017-11-01 12:18 - 2017-11-01 12:18 - 000001023 _____ C:\Users\Mistrz\Desktop\ByteFence Anti-Malware.lnk
    2017-11-01 12:18 - 2017-11-01 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    2017-11-01 12:16 - 2017-11-01 12:16 - 001617663 _____ ( ) C:\Users\Mistrz\Downloads\Farbar Recovery Scan Tool (FRST) 3.3.14.2 (14.10.2017.0)_0525659055.exe
    2017-10-15 11:31 - 2017-10-15 11:31 - 000003344 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2017-10-15 11:31 - 2017-10-15 11:31 - 000001087 _____ C:\Users\Mistrz\Desktop\SpyHunter.lnk
    2017-10-15 11:31 - 2017-10-15 11:31 - 000000000 ____D C:\Users\Mistrz\AppData\Roaming\Enigma Software Group
    2017-10-15 11:31 - 2017-10-15 11:31 - 000000000 ____D C:\sh4ldr
    2017-10-15 11:30 - 2017-10-15 11:30 - 000022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2017-10-15 11:30 - 2017-10-15 11:30 - 000000000 ____D C:\Program Files\Enigma Software Group
    2017-10-15 11:28 - 2017-10-15 11:28 - 005189808 _____ (Enigma Software Group USA, LLC.) C:\Users\Mistrz\Downloads\SpyHunter-Installer (1).exe
    2017-10-15 10:00 - 2017-10-15 10:00 - 000033165 _____ C:\ComboFix.txt
    2017-10-15 09:45 - 2017-10-15 10:00 - 000000000 ____D C:\ComboFix
    2017-10-15 09:45 - 2011-06-26 07:45 - 000256000 _____ C:\Windows\PEV.exe
    2017-10-15 09:45 - 2010-11-07 18:20 - 000208896 _____ C:\Windows\MBR.exe
    2017-10-15 09:45 - 2009-04-20 05:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2017-10-15 09:45 - 2000-08-31 01:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2017-10-15 09:45 - 2000-08-31 01:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2017-10-15 09:45 - 2000-08-31 01:00 - 000098816 _____ C:\Windows\sed.exe
    2017-10-15 09:45 - 2000-08-31 01:00 - 000080412 _____ C:\Windows\grep.exe
    2017-10-15 09:45 - 2000-08-31 01:00 - 000068096 _____ C:\Windows\zip.exe
    2017-10-15 09:44 - 2017-10-15 10:00 - 000000000 ____D C:\Qoobox
    2017-10-15 09:43 - 2017-10-15 09:43 - 005660147 ____R (Swearware) C:\Users\Mistrz\Downloads\ComboFix.exe
    2017-10-03 10:46 - 2017-10-03 10:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2017-10-03 10:46 - 2017-10-03 10:46 - 000000000 ____D C:\ProgramData\McAfee Security Scan
    2017-10-15 09:32 - 2014-05-28 16:32 - 000000000 ____D C:\AdwCleaner
    2017-10-03 10:46 - 2017-07-12 15:47 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2017-10-03 10:46 - 2015-11-17 12:11 - 000000000 ____D C:\Program Files\McAfee Security Scan


    Zrob tez pelny skan przy pomocy http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun to co wykryje.

    Po wykonaniu usun katalog C:\FRST.

    0
  • #3 03 Lis 2017 11:47
    JackiBigos
    Poziom 2  

    Dziękuje, w końcu pozbyłem się tego wirusa.

    0