Stránka 1 z 2
Win32/ELEX.DY
Napsal: 07 čer 2015 12:39
od Xipco_CZ
Muzete mne prosim poradit, jak dostat pryc Win32/ELEX.DY ?
Neumim si s timto skodlivakem poradit. Prilohou posilam log FRSTlancher v zipu, protože je log prilis velky nevlezl se do zprávy, tak proto v zipu.
Dekuji.
Win32/ELEX.DY
Napsal: 07 čer 2015 12:40
od Xipco_CZ
Ještě posilam Log z Addition
Re: Win32/ELEX.DY
Napsal: 07 čer 2015 15:17
od Rudy
Zdravím!
Spusťte tuto utilitu:
Re: Win32/ELEX.DY
Napsal: 07 čer 2015 17:39
od Xipco_CZ
Dekuji za tip. Jiz jsem pouzil AdwCleaner dle navodu tady nekde na foru. Scan, Cleaning pak restart a PC se ted chova normalne a antivir jiz nic pri surfovani nehlasi.
Jeste jednou diky
Re: Win32/ELEX.DY
Napsal: 07 čer 2015 18:07
od Rudy
Nemáte zač. Chcete-li PC dočistit, dejte nový log FRST.
Re: Win32/ELEX.DY
Napsal: 08 čer 2015 18:56
od Xipco_CZ
Prosim o docisteni PC. Posilam log z FRST.
Dekuji
_____________________________________
Re: Win32/ELEX.DY
Napsal: 08 čer 2015 18:56
od Xipco_CZ
Jeste prikladam Addition
Re: Win32/ELEX.DY
Napsal: 08 čer 2015 19:10
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
S0 FNETHYRAMKFTS; System32\drivers\FNETHYRAMKFTS.SYS [X]
C:\Users\max\Desktop\YTD.lnk
C:\Program Files (x86)\YTD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD.lnk
C:\ProgramData\DP45977C.lfl
C:\Users\max\AppData\Local\Temp
Task: {53291C68-277A-4C65-BE6A-4045AD58AF56} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{8227153a-cf2b-1fb7-8227-7153acf254eb}\setup.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{8227153a-cf2b-1fb7-8227-7153acf254eb}\setup.exe <==== ATTENTION
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Re: Win32/ELEX.DY
Napsal: 10 čer 2015 09:58
od Xipco_CZ
Jen mam dotaz k programu "YTD" ktery pouzivam ke stahovani videa z internetu -
http://www.pepak.net/ytd/youtube-downloader/.
Vidim, ze je uvedeny ve vasem fixu.
Bude po aplykovani fixu "YTD" nadale fungovat?
Re: Win32/ELEX.DY
Napsal: 10 čer 2015 16:19
od Rudy
Nebude. YTD považuji za zbytečnost, neboť videa se dají standardně stáhnout a standardně ho mažu. Nenutím vás ho ale mazat (ani nemohu) a pokud ho chcete zachovat, odstraňte ze skriptu všechny řádky, které obsahují řetězec YTD.
Re: Win32/ELEX.DY
Napsal: 10 čer 2015 18:49
od Xipco_CZ
OK, ve vasem fixlistu jsem nic nezmeni a aplikoval ho pres FRSTLancher. "YTD" se tedy odinstaloval.
Prikladam Fixlog.txt
******************************
Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by max at 2015-06-10 19:38:11 Run:1
Running from C:\Users\max\Desktop
Loaded Profiles: max (Available Profiles: max & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
S0 FNETHYRAMKFTS; System32\drivers\FNETHYRAMKFTS.SYS [X]
C:\Users\max\Desktop\YTD.lnk
C:\Program Files (x86)\YTD
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD.lnk
C:\ProgramData\DP45977C.lfl
C:\Users\max\AppData\Local\Temp
Task: {53291C68-277A-4C65-BE6A-4045AD58AF56} - System32\Tasks\Bidaily Synchronize Task[973b] => c:\programdata\{8227153a-cf2b-1fb7-8227-7153acf254eb}\setup.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{8227153a-cf2b-1fb7-8227-7153acf254eb}\setup.exe <==== ATTENTION
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
FNETHYRAMKFTS => Service removed successfully
C:\Users\max\Desktop\YTD.lnk => moved successfully.
C:\Program Files (x86)\YTD => moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD.lnk => moved successfully.
C:\ProgramData\DP45977C.lfl => moved successfully.
"C:\Users\max\AppData\Local\Temp" folder move:
Could not move "C:\Users\max\AppData\Local\Temp" folder => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53291C68-277A-4C65-BE6A-4045AD58AF56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53291C68-277A-4C65-BE6A-4045AD58AF56}" => key removed successfully
C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b] => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[973b]" => key removed successfully
C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => moved successfully.
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-10 19:39:53)<=
C:\Users\max\AppData\Local\Temp => moved successfully
==== End of Fixlog 19:39:53 ====
Re: Win32/ELEX.DY
Napsal: 10 čer 2015 19:13
od Rudy
Smazáno. Nastala nějaká změna?
Re: Win32/ELEX.DY
Napsal: 10 čer 2015 20:08
od Xipco_CZ
Zmizel program "YTD" (i jeho ikona z plochy). Jinak jsem nic dalsiho nezpozoroval. Projel jsem PC (boot,ram,lokalni disky) antivirem (smart kontrolou) a vse vypada OK. Pri surfovani take zadne viditelne problemy.
Budeme jeste nejak cistit nebo neco aplikovat?
Jeste jeden dotaz, doporucujete na cisteni PC (vcetne registru) CCleaner?
Dekuji
Re: Win32/ELEX.DY
Napsal: 10 čer 2015 20:32
od Rudy
Spíš mne zajímá, zda zmizel ten virus. CCleaner čistí jak dočasné soubory, tak registry.
Re: Win32/ELEX.DY
Napsal: 11 čer 2015 14:21
od Xipco_CZ
Virus asi zmizel. Antivir nic nehlasi ani behem surfovani v IE.
PC se chova korektne.