Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Bot rozsylajacy spam - logi z FRST.

stiv02 06 Paź 2015 15:41 411 2
  • Pomocny post
    #2 06 Paź 2015 15:54
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj Softonic toolbar on IE and Chrome.

    Spoiler:
    Cytat:

    CustomCLSID: HKU\S-1-5-21-3249610471-2040494073-3445530326-1000_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\Users\Semper\Desktop\BESTplayer.exe => No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3249610471-2040494073-3445530326-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-3249610471-2040494073-3445530326-1000 -> DefaultScope {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20120211&user_guid=7AE9792D48B5499CB0E14C199080883C&machine_id=357260c9c6097c9fb0c5da224b845df1&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source}
    SearchScopes: HKU\S-1-5-21-3249610471-2040494073-3445530326-1000 -> {0388404D-6072-4CEB-B521-8F090FEAEE57} URL = hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20120211&user_guid=7AE9792D48B5499CB0E14C199080883C&machine_id=357260c9c6097c9fb0c5da224b845df1&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source}
    SearchScopes: HKU\S-1-5-21-3249610471-2040494073-3445530326-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredimail.com/mb59/?search={searchTerms}&loc=search_box&u=92541461020544762
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    FF user.js: detected! => C:\Users\Semper\AppData\Roaming\Mozilla\Firefox\Profiles\w9lj0ixu.default\user.js [2015-09-23]
    FF SearchPlugin: C:\Users\Semper\AppData\Roaming\Mozilla\Firefox\Profiles\w9lj0ixu.default\searchplugins\MyStart Search.xml [2011-09-06]
    FF SearchPlugin: C:\Users\Semper\AppData\Roaming\Mozilla\Firefox\Profiles\w9lj0ixu.default\searchplugins\yahoo-zugo.xml [2012-02-11]
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe, odpal go i kliknij Fix/Napraw.

    Przeskanuj komputer programami ADWCleaner i MBAM i usuń wszystko co znalazły.

    0
  • #3 16 Mar 2016 07:03
    stiv02
    Poziom 16  

    Pomogło, dzięki.

    0