Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Windows 7 - Usunięcie wirusa DNS Locker - utworzenie Fixlist.

pawel_222 06 Mar 2016 19:20 828 5
  • #2 06 Mar 2016 19:34
    Kolobos
    Spec od komputerów

    Odinstaluj SpyBot.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {00E94363-D36F-4D30-A200-679FCD599978} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {05243AB2-6BE1-411B-BEBC-ED60FB4FEB5A} - System32\Tasks\SilenceCallers => c:\programdata\{e6d98bb2-8f32-47f3-e6d9-98bb28f32eca}\windows loader 3.1 update(1).exe <==== UWAGA
    Task: {0B0FF133-D67B-4255-8587-C4EC4B5AFF85} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {4C0AB558-D16E-4B33-A16F-2250234B2C32} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {702A8F4C-637F-43A7-BB2C-22BBE6482339} - System32\Tasks\{0E7A0D47-787E-7A79-0411-780408091178} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand
    Task: {DF846EAA-A710-4B7B-A76A-0D7D1DF6F11C} - System32\Tasks\booking.com Sat2 => C:\Program Files\Booking.com\Booking.com.exe
    Task: C:\Windows\Tasks\SilenceCallers.job => c:\programdata\{e6d98bb2-8f32-47f3-e6d9-98bb28f32eca}\windows loader 3.1 update(1).exe <==== UWAGA
    2016-03-04 21:16 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-03-04 21:16 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
    2016-03-04 21:16 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-03-04 21:16 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
    2016-03-04 21:16 - 2012-04-03 17:06 - 00565640 ____C () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
    HKU\S-1-5-21-127300931-3808539377-3008331778-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-07-20] (Microsoft Corporation)
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{6628F51A-DD4C-43E6-944C-9DC9F7E49995}: [NameServer] 82.163.143.171 82.163.142.173
    CHR Extension: (eShield) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmjljdbbgogihjcapfhgkonfmccbffp [2016-03-06]
    CHR HKLM\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
    R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-02-20] ()
    S3 cpuz134; \??\C:\Users\PAWE~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
    2016-03-04 21:16 - 2016-03-04 21:18 - 00000000 ___DC C:\Program Files\Spybot - Search & Destroy 2
    2016-03-04 21:16 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
    2016-03-04 21:15 - 2016-03-04 21:15 - 00000000 ___HD C:\Users\Paweł\AppData\Roaming\GoldenGate
    2016-03-04 21:15 - 2016-03-04 21:15 - 00000000 ___HD C:\Users\Paweł\AppData\Roaming\Booking_helper
    2016-02-20 23:00 - 2016-02-20 23:00 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-03-05 21:19 - 2015-07-03 20:19 - 00000370 _____ C:\Windows\Tasks\SilenceCallers.job
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • #4 13 Kwi 2016 15:01
    Domino_2
    Pomocny dla użytkowników

    Załącz jeszcze raz FRST.txt bo jest praktycznie pusty.

    0
  • #6 13 Kwi 2016 15:39
    krzychupar
    Poziom 41  

    Odinstaluj:
    McAfee Security Scan Plus

    Otwórz notatnik i wklej:
    Task: {DB142159-F3F8-4A2F-8784-6F6834F49C0B} - \{0C790947-7D79-0578-0A11-047E0405110F} -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\Public\Desktop\ZTE MF823.lnk -> C:\Program Files (x86)\ZTE MF823\LaunchWebUI.exe () -> hxxp://m.home
    2015-08-20 21:19 - 2013-03-19 21:49 - 00417536 _____ () C:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe
    2015-08-20 21:19 - 2013-02-25 15:41 - 00446720 _____ () C:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
    HKU\S-1-5-21-2663979471-2119590874-3880033422-1000\...\MountPoints2: {26d3fb51-4d5d-11e5-8e7e-002622028051} - F:\AutoRun.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-11]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
    Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{26E6DDCE-DD16-4AB5-B60A-B710CDF26CB0}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{729B26B8-6779-411B-8C61-5121204A01A7}: [NameServer] 82.163.143.171 82.163.142.173
    Tcpip\..\Interfaces\{729B26B8-6779-411B-8C61-5121204A01A7}: [DhcpNameServer] 82.163.143.171
    Tcpip\..\Interfaces\{FA5032B3-AB5D-4658-A18F-FC7240EB3ED0}: [NameServer] 82.163.143.171 82.163.142.173
    Toolbar: HKU\S-1-5-21-2663979471-2119590874-3880033422-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
    U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
    2016-04-11 13:44 - 2016-04-11 14:13 - 00000000 ____D C:\ProgramData\c9d177a6
    2016-04-11 13:44 - 2016-04-11 13:44 - 00000000 ____D C:\ProgramData\{2aa6fd7c-212c-0}
    2016-04-11 13:44 - 2016-04-11 13:44 - 00000000 ____D C:\ProgramData\{0dbc1dcd-112c-1}
    2016-03-21 11:36 - 2016-04-11 13:45 - 00000000 ____D C:\ProgramData\7954e4e9-63b1-1
    2016-03-21 11:36 - 2016-04-11 13:44 - 00000000 ____D C:\ProgramData\7954e4e9-28b1-0
    2016-04-11 14:26 - 2015-11-18 23:50 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-04-11 14:26 - 2015-08-24 22:50 - 00001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0