Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNS Unlocker usuwanie wirusa

cinas91 28 Gru 2015 13:48 834 3
  • #1 28 Gru 2015 13:48
    cinas91
    Poziom 2  

    Witam,

    znajomy złapał na kompie DNS Unlockera. Cały czas wyskkaują reklamy. Malwarebytes Anti-Malware, niby wykrył zagrożenia i je usunąłem, ale mimo to nadal to siedzi.
    Wrzucam logy z Farbar Recovery Scan Tool
    Co mam wkleić do txt i co mam naprawić?

    0 3
  • Pomocny post
    #2 28 Gru 2015 14:05
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {2B7F481E-2CFF-4D39-8730-FC65146E623B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-658722778-3822291090-2377147638-1001Core => C:\Users\Marta Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-06] (Facebook Inc.)
    Task: {91B69ADB-C834-4942-97A1-CA49FA19EC6C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-658722778-3822291090-2377147638-1001UA => C:\Users\Marta Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-08-06] (Facebook Inc.)
    Task: {C925F79D-2F82-4A00-9BDD-6123F0397ABB} - \LaunchPreSignup -> No File <==== ATTENTION
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-658722778-3822291090-2377147638-1001Core.job => C:\Users\Marta Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-658722778-3822291090-2377147638-1001UA.job => C:\Users\Marta Marek\AppData\Local\Facebook\Update\FacebookUpdate.exe
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Anti-Theft.lnk -> C:\Program Files\Preload\McAfee Anti-Theft\StartURL.exe () -> hxxp://home.mcafee.com/root/campaign.aspx?cid=103626
    ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxp://homepage.acer.com/redirect.aspx?rid=09000001
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-658722778-3822291090-2377147638-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    Tcpip\..\Interfaces\{9FF884D6-7B14-483D-8798-8DF14757F634}: [NameServer] 199.203.131.150,82.163.143.168
    Tcpip\..\Interfaces\{B999E879-6507-4875-A711-8FEF3E721231}: [NameServer] 199.203.131.150,82.163.143.168
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-658722778-3822291090-2377147638-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
    SearchScopes: HKU\S-1-5-21-658722778-3822291090-2377147638-1001 -> DefaultScope {48294A7F-2A5D-443A-96A4-2C573B047F8A} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US662D20140708&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-658722778-3822291090-2377147638-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox




    SearchScopes: HKU\S-1-5-21-658722778-3822291090-2377147638-1001 -> {08158E13-CE81-45B6-A74E-45F2AB9F838A} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&am...0.17239&doi=2014-08-16&trgb=IE&q={searchTerms}&psv=
    SearchScopes: HKU\S-1-5-21-658722778-3822291090-2377147638-1001 -> {48294A7F-2A5D-443A-96A4-2C573B047F8A} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US662D20140708&p={searchTerms}
    FF SelectedSearchEngine: Yahoo!
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] [not signed]
    CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
    S2 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe" [X]
    S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]
    S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2015-12-24 14:25 - 2015-12-24 14:40 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
    2015-12-24 13:52 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-12-24 13:52 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-12-24 13:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-12-24 13:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-12-24 13:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-12-24 13:52 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2015-12-24 13:52 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2015-12-24 13:52 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    2015-12-24 13:43 - 2015-12-24 13:44 - 28167528 _____ (Simply Super Software ) C:\Users\Marta Marek\Downloads\trjsetup693.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #3 28 Gru 2015 14:21
    cinas91
    Poziom 2  

    Wygląda na to, że problem zniknął.
    Wielkie dzięki! :)

    0