Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Antywirus wykrył trojana którego nie można usunąć

Min99 08 Mar 2018 15:26 381 7
  • #2 08 Mar 2018 15:36
    safbot1st
    Poziom 43  

    Zamieść logi z FRST jak wszyscy inni w tym dziale.

    0
  • #3 08 Mar 2018 15:56
    Min99
    Poziom 3  

    Ok już dodałem

    0
  • Pomocny post
    #4 08 Mar 2018 16:16
    safbot1st
    Poziom 43  

    Odinstaluj Ace Stream Media 3.1.16.1
    Otwórz notatnik i wklej:

    Code:

    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
    HKU\S-1-5-21-3977160662-1815077209-485257366-1002\...\Run: [Damian] => explorer.exe hxxp://ozirizsoos.info <==== UWAGA
    HKU\S-1-5-21-3977160662-1815077209-485257366-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-3977160662-1815077209-485257366-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL =
    SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=agc511&hspart=avast&hsimp=yhs-001&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-3977160662-1815077209-485257366-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3977160662-1815077209-485257366-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku
    FF NewTab: Mozilla\Firefox\Profiles\baeh58og.default-1451222267518 -> hxxps://pl.search.yahoo.com/?fr=vmn&type=vmn__webcompa__1_0__ya__hp_WCYID10244_swoc_campaign_160119__yaff
    FF HKLM\...\Firefox\Extensions: [{bd6a97c0-4b18-40ed-bce7-3b7d3309e3c4}] - C:\Users\damia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{bd6a97c0-4b18-40ed-bce7-3b7d3309e3c4} => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{bd6a97c0-4b18-40ed-bce7-3b7d3309e3c4}] - C:\Users\damia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{bd6a97c0-4b18-40ed-bce7-3b7d3309e3c4} => nie znaleziono
    FF HKU\S-1-5-21-3977160662-1815077209-485257366-1002\...\Firefox\Extensions: [{bd6a97c0-4b18-40ed-bce7-3b7d3309e3c4}] - C:\Users\damia\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\extensions\{bd6a97c0-4b18-40ed-bce7-3b7d3309e3c4} => nie znaleziono
    CHR HKU\S-1-5-21-3977160662-1815077209-485257366-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files (x86)\ALLPlayer\AllPlayer.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <nie znaleziono>
    FF HKU\S-1-5-21-3977160662-1815077209-485257366-1002\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\damia\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi




    FF Extension: (__MSG_extName__) - C:\Users\damia\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-01-24]
    FF Plugin HKU\S-1-5-21-3977160662-1815077209-485257366-1002: @acestream.net/acestreamplugin,version=3.1.16.1 -> C:\Users\damia\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies)
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> Brak pliku
    ContextMenuHandlers1: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> Brak pliku
    ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> Brak pliku
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Brak pliku
    ContextMenuHandlers1_S-1-5-21-3977160662-1815077209-485257366-1002: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} =>  -> Brak pliku
    ContextMenuHandlers4_S-1-5-21-3977160662-1815077209-485257366-1002: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} =>  -> Brak pliku
    ContextMenuHandlers5_S-1-5-21-3977160662-1815077209-485257366-1002: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} =>  -> Brak pliku
    Task: {08059FD9-B896-42D4-8B4E-689328EC9857} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {0BB903EB-A535-48E0-9C3B-0A943D590D01} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {13E1BE89-B816-4FE3-ACC2-AB03D858335B} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\57532223058258192BC0E66E3FB8EC98\Update\BrowserUpdate.exe <==== UWAGA
    Task: {1617cc8e-85eb-4c88-b3f5-f8ecf374fb88} - Brak ścieżki do pliku
    Task: {1FE20DC8-E5F0-4D97-AFCD-6CA5DA31225C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {2F44593A-D87E-485C-9C7B-24D5E84F2C02} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    Task: {373699A6-B781-4731-9662-34DBD6ECC792} - System32\Tasks\{A6AF501B-1590-46B5-8D33-BC0EEAAE027A} => C:\WINDOWS\system32\pcalua.exe -a
    Task: {44966D18-11CA-4A66-9145-3B9D229B7A4B} - System32\Tasks\2ZmQg6z9GIwGgTP => C:\Users\Damian\AppData\Roaming\2ZmQg6z9GIwGgTP.exe <==== UWAGA
    Task: {45F3C310-B9E1-4CAB-BD0E-D23C36414859} - System32\Tasks\{937C7359-84B4-47EB-B1B4-3CAD63E688EA} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\ShopperPro\SPremove.exe" <==== UWAGA
    Task: {4A7E70A8-197E-4914-9139-EA8539BE5A7C} - System32\Tasks\Damian => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Damian /t REG_SZ /d "explorer.exe hxxp://ozirizsoos.info" <==== UWAGA
    Task: {4ECAD5C5-CAD0-4C84-92C6-27BD34B4D36A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {58409960-8855-43F5-93C4-84B7867BDD81} - System32\Tasks\{A52F5D28-3B57-40A9-B937-880C3B68A8ED} => C:\WINDOWS\system32\pcalua.exe -a
    Task: {62F6856D-628D-4016-BCCA-8706703F64CA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {74D2EF21-EED1-450F-B27A-5478268241DA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {799498E5-E3F9-411F-B468-71D4C2C1F515} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {7AAC4ABD-7C4A-4F05-A915-CCBDDE77BEDA} - System32\Tasks\{2118E4E7-9F61-4782-A5FB-62BC70602880} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\EA Games\Harry Potter\System\HP.exe" -d C:\PROGRA~2\EAGAME~1\HARRYP~1
    Task: {BD5C5E40-A1F5-4EDA-B653-7A0DAD291E96} - System32\Tasks\fuMn3U8y8CVCQQnLf => C:\Users\Damian\AppData\Roaming\fuMn3U8y8CVCQQnLf.exe <==== UWAGA
    Task: {C24839EF-1A64-496A-BE97-264DF0ABB6D7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-09-19] (NVIDIA Corporation)
    Task: {C5622644-1A1D-40F8-A1CD-803DD9F569D8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {CD1D4798-63AB-43B7-BACE-74176A1CBA97} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-02-24] (AVAST Software)
    Task: {CD391415-5BD2-42DD-8A32-9B2452CBE8D9} - System32\Tasks\{95FF2410-4676-4D6B-93C6-0BCBF38E7385} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Damian\Downloads\Praetorians[MoD Imperial+Maps]\Ateammaps.exe" -d "C:\Users\Damian\Downloads\Praetorians[MoD Imperial+Maps]"
    Task: {CD67BC8D-F426-41B0-B9A1-0BA0FD6A728E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {DB384566-6F88-4A39-A695-C236A24256F4} - System32\Tasks\{5BA28FAA-D8A1-46E0-A28D-5B78F6183CA4} => C:\WINDOWS\system32\pcalua.exe -a "C:\ProgramData\Caphyon\Advanced Installer\{E5B7B5A3-88D2-4842-9CC2-F8982FFD6241}\Counter-Strike Global Offensive.exe" -c /i {E5B7B5A3-88D2-4842-9CC2-F8982FFD6241}
    Task: {DF6ACA76-1E41-4399-80A8-2FF4BEFAEB1B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {E45EC7CD-29DE-49BC-AE4B-B31FBD1DA651} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
    Task: {ED262D3C-537B-4CA0-A97E-9F2E4E7598A5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\2ZmQg6z9GIwGgTP.job => C:\Users\Damian\AppData\Roaming\2ZmQg6z9GIwGgTP.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\fuMn3U8y8CVCQQnLf.job => C:\Users\Damian\AppData\Roaming\fuMn3U8y8CVCQQnLf.exe <==== UWAGA
    C:\Users\Damian\AppData\Roaming\2ZmQg6z9GIwGgTP.exe
    C:\Users\Damian\AppData\Roaming\fuMn3U8y8CVCQQnLf.exe
    2018-03-08 15:05 - 2017-05-15 13:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    EmptyTemp:

    , zapisz jako fixlist.txt w folderze z FRST.txt i w FRST wybierz "Napraw".
    Zamieść fixlog.

    0
  • Pomocny post
    #6 08 Mar 2018 18:36
    Kolobos
    Spec od komputerów

    Czy problem nadal występuje? Jeżeli nie to usuń katalog C:\FRST i to wszystko.

    0
  • #7 08 Mar 2018 20:05
    Min99
    Poziom 3  

    Antywirus nic już nie wykrywa, więc problem chyba zniknął.
    Bardzo Ci dziękuję za pomoc.

    0
  • #8 08 Mar 2018 20:06
    Min99
    Poziom 3  

    Antywirus nic już nie wykrywa, więc problem chyba zniknął.
    Bardzo Ci dziękuję za pomoc.

    Dodano po 1 [minuty]:

    Pomogli mi inni użytkownicy.

    0