Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Szkodliwe oprogramowanie, prośba o fixlist, desperacja :(

gomolaa 17 Lut 2016 22:04 513 4
  • #2 17 Lut 2016 22:34
    Kolobos
    Spec od komputerów

    frst.txt jest pusty, powtorz skan i zamiesc poprawny log.


    Fixlist.txt dla FRST (na razie tylko z addition.txt):
    Task: {196E7102-D1FB-4949-97E5-C373FC7FA553} - System32\Tasks\psv_Tansantip => /c regedit.exe /s "C:\ProgramData\Lightzap\Tanlax.reg" &amp; del "C:\ProgramData\Lightzap\Tanlax.reg" &amp; SCHTASKS /Delete /TN "psv_Tansantip" /F <==== UWAGA
    Task: {6BB9BC63-2891-4032-B24F-FB880F55F4DB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1263843566-77738696-2606937977-1002UA => C:\Users\Gomiix3\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-09] (Facebook Inc.)
    Task: {6F89B981-CF0C-4AB7-A816-2CD38760D7D8} - System32\Tasks\Gomiix3NormalsPenalV2 => Rundll32.exe ReattainsVitamin.dll,main 7 1 <==== UWAGA
    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1263843566-77738696-2606937977-1002Core.job => C:\Users\Gomiix3\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1263843566-77738696-2606937977-1002UA.job => C:\Users\Gomiix3\AppData\Local\Facebook\Update\FacebookUpdate.exe
    2016-02-15 15:50 - 2016-02-15 15:50 - 00674816 _____ () C:\ProgramData\Lightzap\Lightzap.exe
    C:\ProgramData\Lightzap\


    Odinstaluj po wykonaniu: SafeFinder

    0
  • #4 18 Lut 2016 08:47
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {196E7102-D1FB-4949-97E5-C373FC7FA553} - System32\Tasks\psv_Tansantip => /c regedit.exe /s "C:\ProgramData\Lightzap\Tanlax.reg" &amp; del "C:\ProgramData\Lightzap\Tanlax.reg" &amp; SCHTASKS /Delete /TN "psv_Tansantip" /F <==== UWAGA
    Task: {6BB9BC63-2891-4032-B24F-FB880F55F4DB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1263843566-77738696-2606937977-1002UA => C:\Users\Gomiix3\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-09] (Facebook Inc.)
    Task: {6F89B981-CF0C-4AB7-A816-2CD38760D7D8} - System32\Tasks\Gomiix3NormalsPenalV2 => Rundll32.exe ReattainsVitamin.dll,main 7 1 <==== UWAGA
    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1263843566-77738696-2606937977-1002Core.job => C:\Users\Gomiix3\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1263843566-77738696-2606937977-1002UA.job => C:\Users\Gomiix3\AppData\Local\Facebook\Update\FacebookUpdate.exe
    2016-02-15 15:50 - 2016-02-15 15:50 - 00674816 _____ () C:\ProgramData\Lightzap\Lightzap.exe
    () C:\ProgramData\Lightzap\Lightzap.exe
    () C:\ProgramData\Lightzap\Lightzap.exe
    HKU\S-1-5-21-1263843566-77738696-2606937977-1002\...\Run: [Facebook Update] => C:\Users\Gomiix3\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-09] (Facebook Inc.)
    HKU\S-1-5-21-1263843566-77738696-2606937977-1002\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1263843566-77738696-2606937977-1002\...\Run: [ALLUpdate] => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep"
    HKU\S-1-5-21-1263843566-77738696-2606937977-1002\...\MountPoints2: {fc625510-73d1-11e3-be7d-240a6482f6a8} - "F:\Autorun.exe"
    AppInit_DLLs: C:\ProgramData\Lightzap\Zercore.dll => C:\ProgramData\Lightzap\Zercore.dll [805376 2016-02-15] ()
    AppInit_DLLs-x32: C:\ProgramData\Lightzap\YearOtlex.dll => C:\ProgramData\Lightzap\YearOtlex.dll [257536 2016-02-15] ()
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1263843566-77738696-2606937977-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...mXpgZgKDRQdfCJewPbj8yqEFtbSOAxoktBqUYwDHXRLHe
    HKU\S-1-5-21-1263843566-77738696-2606937977-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tAQRuTLNlqYDTh2B6b3zdoonRr94_NzGstQo2g&q={searchTerms}




    HKU\S-1-5-21-1263843566-77738696-2606937977-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tAQRuTLNlqYDTh2B6b3zdoonRr94_NzGstQo2g&q={searchTerms}
    HKU\S-1-5-21-1263843566-77738696-2606937977-1003\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tAQRuTLNlqYDTh2B6b3zdoonRr94_NzGstQo2g&q={searchTerms}
    URLSearchHook: [S-1-5-21-1263843566-77738696-2606937977-1003] UWAGA => Brak domyślnego URLSearchHook
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1263843566-77738696-2606937977-1003 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tAQRuTLNlqYDTh2B6b3zdoonRr94_NzGstQo2g&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1263843566-77738696-2606937977-1003 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...tAQRuTLNlqYDTh2B6b3zdoonRr94_NzGstQo2g&q={searchTerms}
    FF NewTab: C:\\ProgramData\\Lightzaps\\ff.NT
    CHR Extension: (Google Wallet) - C:\Users\Gomiix3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-02] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    R2 Lightzap; C:\ProgramData\\Lightzap\\Lightzap.exe [674816 2016-02-15] () [Brak podpisu cyfrowego]
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [X]
    S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
    2016-02-15 15:51 - 2016-02-15 15:51 - 00000000 ____D C:\ProgramData\Lightzaps
    2016-02-15 15:50 - 2016-02-17 22:52 - 00000000 ____D C:\ProgramData\Lightzap
    2016-02-15 15:50 - 2016-02-15 15:50 - 07950848 _____ C:\Users\Gomiix3\AppData\Roaming\agent.dat
    2016-02-15 15:50 - 2016-02-15 15:50 - 01882412 _____ C:\Users\Gomiix3\AppData\Roaming\VoyaIng.tst
    2016-02-15 15:50 - 2016-02-15 15:50 - 00674816 _____ C:\Users\Gomiix3\AppData\Roaming\VoyaIng.exe
    2016-02-15 15:50 - 2016-02-15 15:50 - 00126976 _____ C:\Users\Gomiix3\AppData\Roaming\Installer.dat
    2016-02-15 15:50 - 2016-02-15 15:50 - 00126464 _____ C:\Users\Gomiix3\AppData\Roaming\noah.dat
    2016-02-15 15:50 - 2016-02-15 15:50 - 00062976 _____ C:\Users\Gomiix3\AppData\Roaming\Config.xml
    2016-02-15 15:50 - 2016-02-15 15:50 - 00018432 _____ C:\Users\Gomiix3\AppData\Roaming\Main.dat
    2016-02-15 15:50 - 2016-02-15 15:50 - 00011472 _____ C:\Users\Gomiix3\AppData\Roaming\InstallationConfiguration.xml
    2016-02-15 15:50 - 2016-02-15 15:50 - 00005568 _____ C:\Users\Gomiix3\AppData\Roaming\md.xml
    2016-02-15 15:50 - 2016-02-15 15:50 - 00003446 _____ C:\WINDOWS\System32\Tasks\Gomiix3NormalsPenalV2
    2016-02-15 15:50 - 2016-02-15 15:50 - 00001989 _____ C:\Users\Gomiix3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\allegro.pl .lnk
    2016-02-15 15:50 - 2016-02-15 15:50 - 00000000 ____D C:\Users\Gomiix3\AppData\Local\NormalsPenal
    2016-02-15 15:50 - 2016-02-15 15:50 - 0062976 _____ () C:\Users\Gomiix3\AppData\Roaming\Config.xml
    2016-02-15 15:50 - 2016-02-15 15:50 - 0011472 _____ () C:\Users\Gomiix3\AppData\Roaming\InstallationConfiguration.xml
    2016-02-15 15:50 - 2016-02-15 15:50 - 0126976 _____ () C:\Users\Gomiix3\AppData\Roaming\Installer.dat
    2016-02-15 15:50 - 2016-02-15 15:50 - 0018432 _____ () C:\Users\Gomiix3\AppData\Roaming\Main.dat
    2016-02-15 15:50 - 2016-02-15 15:50 - 0005568 _____ () C:\Users\Gomiix3\AppData\Roaming\md.xml
    2016-02-15 15:50 - 2016-02-15 15:50 - 0126464 _____ () C:\Users\Gomiix3\AppData\Roaming\noah.dat
    2014-01-14 22:45 - 2016-01-22 00:48 - 0000132 _____ () C:\Users\Gomiix3\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
    2015-02-17 16:20 - 2015-02-17 16:20 - 0000132 _____ () C:\Users\Gomiix3\AppData\Roaming\Preferencje formatu Targa CS6 firmy Adobe
    2013-12-25 05:39 - 2016-02-17 21:30 - 0000062 _____ () C:\Users\Gomiix3\AppData\Roaming\sp_data.sys
    2016-02-15 15:50 - 2016-02-15 15:50 - 0032038 _____ () C:\Users\Gomiix3\AppData\Roaming\uninstall_temp.ico
    2016-02-15 16:50 - 2016-02-15 16:50 - 0000045 _____ () C:\Users\Gomiix3\AppData\Roaming\WB.CFG
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    Odinstaluj po wykonaniu: SafeFinder

    0
  • #5 18 Lut 2016 10:13
    gomolaa
    Poziom 2  

    Bardzo dziękuję, pomogło :)

    0