Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Wirus który po usunięciu sam sie instaluje.

Adeklo 24 Sie 2018 21:23 126 4
  • #1 24 Sie 2018 21:23
    Adeklo
    Poziom 3  

    Mam wirusa na komputerze który po usunięciu sam się instaluje. Usuwałem go w adwcleaner ale to nic nie dało. zrobiłem skan FRST i zalączam logi w załączniku. wirus ten spowalnia mój komputer i otwiera samoczynnie strony różnych gier. Prosze o pomoc z góry dzięki.

    0 4
  • Pomocny post
    #2 24 Sie 2018 21:48
    Kolobos
    Spec od komputerów

    Jeszcze addition.txt.

    0
  • #3 24 Sie 2018 22:23
    Adeklo
    Poziom 3  

    Kolobos napisał:
    Jeszcze addition.txt.

    już dodałem w załaczniku

    0
  • Pomocny post
    #4 24 Sie 2018 22:29
    Kolobos
    Spec od komputerów

    Odinstaluj:
    McAfee SiteAdvisor
    CamStudio Packages

    Uzyj: https://sourceforge.net/projects/adobeflashup...an%20Remover/RemoveMcAfee_silent.exe/download

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    BHO-x32: Brak nazwy -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> Brak pliku
    FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\wkita_000\AppData\Roaming\Mozilla\Firefox\Profiles\qf3ffws7.default\extensions\searchffv2@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\wkita_000\AppData\Roaming\Mozilla\Firefox\Profiles\qf3ffws7.default\extensions\sweetsearch@gmail.com => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    C:\Users\wkita_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
    CHR Extension: (McAfee® WebAdvisor) - C:\Users\wkita_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-07-06]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    C:\Users\wkita_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme




    OPR Extension: (Super Auto Refresh) - C:\Users\wkita_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghjaeanhfafkigkehjgapnlobfhefkme [2017-09-23]
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-07-17] (McAfee, Inc.)
    S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
    S3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
    S4 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
    2018-08-01 15:04 - 2018-08-22 17:14 - 000002810 _____ C:\WINDOWS\System32\Tasks\{4DF56986-E0BE-1524-49B0-35BB436824B4}
    2018-08-01 15:04 - 2018-08-22 17:14 - 000002764 _____ C:\WINDOWS\System32\Tasks\{03C57C6A-8D1F-5789-7D8A-96D2D98EC013}
    2018-08-01 15:04 - 2018-08-22 17:14 - 000002692 _____ C:\WINDOWS\System32\Tasks\{5C42ADFF-5EE4-8CC0-D08E-F0437D513479}
    2018-08-01 15:04 - 2018-08-01 15:04 - 000000002 _____ C:\Users\wkita_000\AppData\Local\imw.ini
    2018-08-01 15:00 - 2018-08-01 15:00 - 000000287 _____ C:\Users\wkita_000\Downloads\the-sims-4-v1_44_77_1020_8KVWYR (1).torrent
    2018-07-29 19:08 - 2018-07-29 19:08 - 027796088 _____ (Digital Wave Ltd ) C:\Users\wkita_000\Downloads\FreeTorrentDownload_1.0.73.1027_d.exe
    2018-07-29 19:07 - 2018-07-29 19:07 - 001736290 _____ (Rugoriroh ) C:\Users\wkita_000\Downloads\Free-Torrent-Download-57214-AsystentPobierania_2413878718.ex
    2018-08-23 20:55 - 2015-05-29 15:33 - 000000000 ____D C:\AdwCleaner
    2018-08-01 15:04 - 2018-08-01 15:04 - 000000002 _____ () C:\Users\wkita_000\AppData\Local\imw.ini
    2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\wkita_000\AppData\Local\PoineAYYu.exe
    Task: {0D1F5B33-3EDA-4768-8FEE-89F4FB56B929} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {144BE04F-507D-422A-A7DD-1E92CD5A99E0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {27C23A7F-FB49-4CB9-A02F-D5FCC639D583} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {2838B846-88FE-4B6A-A24A-4DE6F4EF4D7D} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    Task: {2A27AA33-0930-4FCF-817A-3B75865E3C64} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {2D9E4A1A-8871-4600-927F-B4FD4D3B05EB} - \WPD\SqmUpload_S-1-5-21-586550046-459237688-3547557073-1001 -> Brak pliku <==== UWAGA
    Task: {434C858B-8C37-4E77-9138-23F981049D95} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {49394393-109D-4CC0-88E1-FC089F24C115} - System32\Tasks\{03C57C6A-8D1F-5789-7D8A-96D2D98EC013} => C:\WINDOWS\SysWOW64\ivIVaXjsIicJ.exe [2018-04-12] (Microsoft Corporation)
    C:\WINDOWS\SysWOW64\ivIVaXjsIicJ.exe
    Task: {506883F4-132A-4F5B-B861-E7E234F16DDD} - System32\Tasks\Opera scheduled Autoupdate 1432906048 => C:\Program Files (x86)\Opera\launcher.exe [2018-07-25] (Opera Software)
    Task: {7D99BD57-50CB-4708-A6B1-A702CE26795B} - System32\Tasks\{4DF56986-E0BE-1524-49B0-35BB436824B4} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://su-news.ru/cl/?guid=e263v8a4ht8q5463r6g1l5gxjsmvbzvg&prid=1&pid=4_1324_0
    Task: {86178779-A7D3-472B-8629-129C12A397A1} - System32\Tasks\{E75FA9B9-49D6-4478-8877-97B8D87AC1CF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2017-10-06] (Skype Technologies S.A.)
    Task: {8EBEAD53-55BB-47D5-BC88-82783315D72E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {9771B574-3C94-45B3-8F13-070CF5D4321B} - System32\Tasks\{157B7DB8-3033-4C6B-A7B7-CE5327C504C8} => C:\WINDOWS\system32\pcalua.exe -a E:\AUTORUN.EXE -d E:\
    Task: {A2C6475A-46EF-4980-B083-E76A54E6634B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {A71C782D-9DDD-4FE7-84E4-6EA28904B3AF} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\WINDOWS\TEMP\DeleteFolderTask.exe <==== UWAGA
    Task: {B6CC1F4F-0A85-4D21-9FB4-E57317D215E4} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe
    Task: {BA6AB452-F57C-4FB9-A80C-7FE2BDAA2904} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {C1FF7C34-F89F-40FA-8471-B84B8A611D37} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {E11A4824-38A0-43FD-B39F-11F551AA60F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {ECA97A64-0B3F-4FDC-9B7E-E2C46BDCCB84} - System32\Tasks\{5C42ADFF-5EE4-8CC0-D08E-F0437D513479} => C:\Users\wkita_000\AppData\Local\PoineAYYu.exe [2018-04-12] (Microsoft Corporation)
    C:\Users\wkita_000\AppData\Local\PoineAYYu.exe
    Task: {F7AF6E81-20B3-4FA7-BC4B-80B146465FC8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?ta...=16251&utm_medium=desktop&x-pos=Metro

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #5 25 Sie 2018 10:18
    Adeklo
    Poziom 3  

    zrobilem to co mi kazal kolobos czyli usunąlem programy i zrobilem plik fixlist w frst

    0