Cdneurope.com/

spajder152 · 1 Wrzesień 2014 12:14

Witam, również mam problem z wirusem cdneurope.com. Poniżej zamieszczam logi z FRST :

Acorus · 1 Wrzesień 2014 12:23

Otwórz Notatnik i wklej:

Task: {8D429FAB-29C0-4F58-A2F7-987DB1C67578} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4020428775-2862200694-2436528905-1000Core = C:\Users\Lysy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {AF5C8B5A-0260-423C-B6BE-0CABD90341F1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4020428775-2862200694-2436528905-1000UA = C:\Users\Lysy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4020428775-2862200694-2436528905-1000Core.job = C:\Users\Lysy\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4020428775-2862200694-2436528905-1000UA.job = C:\Users\Lysy\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKU\S-1-5-21-4020428775-2862200694-2436528905-1000\...\Run: [Facebook Update] = "C:\Users\Lysy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-4020428775-2862200694-2436528905-1000\...\Run: [SpybotSD TeaTimer] = C:\Program Files (x86)\Spybot - Search Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Spybot-SD IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search Destroy\SDHelper.dll (Safer Networking Limited)
FF Extension: Site Advisor - C:\Users\Lysy\AppData\Roaming\Mozilla\Firefox\Profiles\3dhsrsfw.default\Extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} [2014-08-22]
FF Extension: Website Xplorer - C:\Users\Lysy\AppData\Roaming\Mozilla\Firefox\Profiles\3dhsrsfw.default\Extensions\{a2bfe612-4cf5-48ea-907c-f3fb25bc9d6b} [2014-08-17]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 cpuz137; \\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 esgiguard; \\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 GPUZ; \\C:\Windows\TEMP\GPUZ.sys [X]
S3 MSICDSetup; \\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \\D:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-09-01 10:53 - 2014-09-01 11:08 - 00000000 ____ D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-01 10:53 - 2014-09-01 10:53 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2014-08-22 18:15 - 2014-08-22 18:15 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Lysy\Downloads\SpyHunter-Installer.exe
2014-08-22 18:00 - 2014-08-22 18:10 - 00000000 ____ D () C:\ProgramData\Spybot - Search Destroy
2014-08-22 18:00 - 2014-08-22 18:02 - 00000000 ____ D () C:\Program Files (x86)\Spybot - Search Destroy
2014-08-22 18:00 - 2014-08-22 18:00 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search Destroy
2014-08-22 17:58 - 2014-08-22 17:58 - 16409960 _____ (Safer Networking Limited ) C:\Users\Lysy\Downloads\Spybot - Search Destroy 1.6.2 [1].exe
2014-08-22 17:53 - 2014-09-01 13:35 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.