Win32/Blacked


(Sebastianoporski) #1

FRST: http://www.wklej.org/id/1731896/

Add: http://www.wklej.org/id/1731897/

Sht:http://www.wklej.org/id/1731898/

 

Problem polega na tym że AVG odnajduje mi cały czas wirusa Win32/Blacked i za każdm razem gdy go usuwam pojawia się na nowo.


(Atis) #2

Zapomniałeś napisać gdzie wykrywa tego wirusa.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

IFEO\ccleaner64.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\databasecompare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dtagent.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dtlauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\effectextractor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\eslite.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\hamachi-2-ui.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\isoviewer9.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\misc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pccompanion.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\power2go9.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\power2goexpress9.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\spreadsheetcompare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\virtualdrive9.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO-x32: Razor Web -> {2e22e1c9-9ddb-40da-85c7-0753217fff76} -> No File
2015-06-04 21:41 - 2015-06-04 21:41 - 00000000 ____ D () C:\ProgramData\boost_interprocess
C:\AdwCleaner*.txt
2015-06-06 10:38 - 2014-12-25 20:51 - 00000000 ____ D () C:\ProgramData\Temp
2015-06-05 12:01 - 2014-11-12 11:57 - 00000236 _____ () C:\service.log
2015-06-04 22:04 - 2012-01-05 19:25 - 00000000 ____ D () C:\Temp
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Sebastianoporski) #3

http://wklej.org/id/1732003/ oto Fixlog i scan http://wklej.org/id/1732004/


(Atis) #4

Skoro nie chcesz napisać gdzie wykrywa, to skasuj folder C:\FRST i radź sobie samodzielnie.


(Sebastianoporski) #5

Tylko że folder w którym znajdował się wirus uległ usunięciu po komendzie Fix w FRST :wink:


(Atis) #6

W takim razie to już wszystko.

Skasuj folder C:\FRST

Odinstaluj:

Adobe Flash Player 17 NPAPI

Adobe Flash Player 17 PPAPI

Adobe Reader 8

Java 8 Update 40

Zainstaluj:

Flash Player 17.0.0.188 NPAPI

Flash Player 17.0.0.188 ActiveX

Adobe Reader XI 11.0.11

Java 8 Update 45