Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

DNS unlocker - infekcja + logi FRST

Marcin_B 09 Mar 2016 12:08 513 4
  • Pomocny post
    #2 09 Mar 2016 12:21
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj McAfee Security Scan Plus.

    Cytat:

    Task: {56BE778B-ADB8-443C-9496-5808CB4475AE} - System32\Tasks\{9E92810A-3702-4F78-9639-B37371EAB862} => pcalua.exe -a "C:\Program Files\Reimage\Reimage Repair\uninst.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-18]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
    Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{5294c4c0-ac1b-41c1-a5ca-1082cca9785b}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{714bea93-2ff4-442c-ab09-02d0c2abfbd9}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{714bea93-2ff4-442c-ab09-02d0c2abfbd9}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{b4d67cdd-a873-4f2b-bc4a-e88a370d4117}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{b4d67cdd-a873-4f2b-bc4a-e88a370d4117}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{f38d8e11-47ef-485d-af7e-91d3f6790b1c}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{f38d8e11-47ef-485d-af7e-91d3f6790b1c}: [DhcpNameServer] 82.163.142.7
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx <nie znaleziono>
    S2 HPSupportSolutionsFrameworkService; "C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
    S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]
    2016-02-18 15:52 - 2016-01-07 16:16 - 00000000 ____D C:\Program Files\McAfee Security Scan
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    0
  • #3 09 Mar 2016 12:27
    Acorus 20
    Spec od komputerów

    Odinstaluj McAfee Security Scan Plus. Otwórz notatnik systemowy i wklej:

    Spoiler:
    Cytat:
    Task: {EF025FF6-31DF-4201-AD9B-EAE24AB28C56} - System32\Tasks\{040F0547-790D-797A-0F11-0F0878051178} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (dane wartości zawierają 9452 znaków więcej).
    Hosts:
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-18]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
    Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{5294c4c0-ac1b-41c1-a5ca-1082cca9785b}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{714bea93-2ff4-442c-ab09-02d0c2abfbd9}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{714bea93-2ff4-442c-ab09-02d0c2abfbd9}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{b4d67cdd-a873-4f2b-bc4a-e88a370d4117}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{b4d67cdd-a873-4f2b-bc4a-e88a370d4117}: [DhcpNameServer] 82.163.142.7
    Tcpip\..\Interfaces\{f38d8e11-47ef-485d-af7e-91d3f6790b1c}: [NameServer] 82.163.142.7 95.211.158.134
    Tcpip\..\Interfaces\{f38d8e11-47ef-485d-af7e-91d3f6790b1c}: [DhcpNameServer] 82.163.142.7
    S2 HPSupportSolutionsFrameworkService; "C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
    S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]
    2016-02-28 15:25 - 2016-03-04 21:17 - 00000000 ____D C:\ProgramData\ca4d90f4-33f3-0
    2016-02-28 15:20 - 2016-03-04 21:17 - 00000000 ____D C:\ProgramData\ca4d90f4-64b7-0
    2016-02-28 15:20 - 2016-03-04 21:17 - 00000000 ____D C:\ProgramData\602c116a
    2016-02-28 15:19 - 2016-02-28 15:19 - 00000000 ____D C:\ProgramData\{10a391db-412c-0}
    2016-02-28 15:19 - 2016-02-28 15:19 - 00000000 ____D C:\ProgramData\{042d27ec-512c-1}
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #4 09 Mar 2016 18:06
    Marcin_B
    Poziom 7  

    Wielkie dzięki - zadziałało :)

    0