
Mam problem z wirusem tworzącym skrót na pendrivie, doinstalował on przy okazji wiele śmieci do systemu których nie mogę usunąć adw-cleanerem czy usb-fixem ponieważ za każdym razem, gdy próbuje dać clean, dostaje blue screena.
DisableService: VSSS
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{6e99eff9-258e-f9ec-6e99-9eff9258bfe4}\kamuda anteny.rar.exe <==== ATTENTION
Task: {F271AE4F-B2AC-4572-BDA3-BA0DEA737DDA} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{6e99eff9-258e-f9ec-6e99-9eff9258bfe4}\kamuda anteny.rar.exe <==== ATTENTION
Task: {D3567EC2-5974-422F-AF52-4BE55C5F9A64} - System32\Tasks\{AA5BAF5C-A50B-4127-B9CE-5692CB800979} => pcalua.exe -a "C:\Program Files (x86)\MATLAB71\uninstall\uninstall.exe" -c C:\Program Files (x86)\MATLAB71\
Task: {51E358A7-E5BC-46C1-A444-68D8543396D6} - System32\Tasks\{FA4341F7-0314-4A4D-A59E-B881DA79CF70} => pcalua.exe -a F:\setup.exe -d F:\
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4029287299-3378235978-2725794040-1000\...\CurrentVersion\Windows: [Load] C:\ProgramData\msiud.exe <===== ATTENTION
C:\ProgramData\msiud.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchtotal.info/?pid=24428&r=2015/06/15&hid=13431286553227397699&lg=EN&cc=PL&unqvl=88
HKU\S-1-5-21-4029287299-3378235978-2725794040-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.searchtotal.info/?pid=24428&r=2015/06/15&hid=13431286553227397699&lg=EN&cc=PL&unqvl=88
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24428&r=2015/06/15&hid=13431286553227397699&lg=EN&cc=PL&unqvl=88
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24428&r=2015/06/15&hid=13431286553227397699&lg=EN&cc=PL&unqvl=88
SearchScopes: HKU\S-1-5-21-4029287299-3378235978-2725794040-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchtotal.info/?l=1&q={searchTerms}&pid=24428&r=2015/06/15&hid=13431286553227397699&lg=EN&cc=PL&unqvl=88
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchtotal.info/?pid=24428&r=2015/06/15&hid=13431286553227397699&lg=EN&cc=PL&unqvl=88&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: hxxp://websearch.searchtotal.info/?pid=24428&r=2015/06/15&hid=13431286553227397699&lg=EN&cc=PL&unqvl=88&l=1&q=
R2 VSSS; C:\Users\Michal\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [99000064 2015-06-26] (Microsoft Corporation) [File not signed] <==== ATTENTION
C:\Users\Michal\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe
S2 matlabserver; C:\Program Files (x86)\MATLAB71\webserver\bin\win32\matlabserver.exe [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Windows\Minidump\*.dmp
C:\Program Files\UI2MAUEI.exe
C:\Program Files\P95XD1HX.exe
C:\Program Files\8SCWK4OC.exe
C:\Program Files\BZN3J3NB.exe
C:\ProgramData\boost_interprocess
F:\msiud.exe
D:\msiud.exe
F:\*.lnk
CMD: attrib /d /s -s -h F:\*
EmptyTemp:
2015-07-08 12:16 - 2015-07-08 12:16 - 08015920 _____ C:\Windows\SysWOW64\1.exe
R2 Cynical Television; C:\Program Files (x86)\Cynical Television\Cynical Television.exe [8015920 2015-07-08] () [File not signed] <==== ATTENTION
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-103"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,73,00,65,00,63,00,73,00,76,00,63,00,73,00,00,00
"Start"=dword:00000002
"Type"=dword:00000020
"Description"="@%ProgramFiles%\\Windows Defender\\MsMpRes.dll,-1176"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"ObjectName"="LocalSystem"
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,\
00,74,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
53,00,65,00,53,00,68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,\
72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,\
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,\
69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,\
00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
00,00
"DelayedAutoStart"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,\
00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,6d,00,70,00,73,\
00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\Security]
"Security"=hex:01,00,14,80,dc,00,00,00,e8,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,ac,00,06,00,00,00,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,\
05,50,00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,\
00,0b,28,00,00,00,00,10,01,06,00,00,00,00,00,05,50,00,00,00,b5,89,fb,38,19,\
84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,14,00,fd,01,02,00,01,01,\
00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
04,00,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,\
01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\TriggerInfo\0]
"Type"=dword:00000005
"Action"=dword:00000001
"GUID"=hex:e6,ca,9f,65,db,5b,a9,4d,b1,ff,ca,2a,17,8d,46,e0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000000
R2 Cynical Television; C:\Program Files (x86)\Cynical Television\Cynical Television.exe [8015920 2015-07-08] () [File not signed] <==== ATTENTION
C:\Program Files (x86)\Cynical Television
EmptyTemp:
G:\*.lnk
CMD: attrib /d /s -s -h G:\*
EmptyTemp:
DeleteQuarantine:
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 18 gości