Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirus - Niechciane aplikacje na komputerze

ppiotrpp 23 Mar 2016 11:48 528 4
  • CControls
  • Pomocny post
    #2 23 Mar 2016 11:58
    Kolobos
    Spec od komputerów

    Odinstaluj:
    GTA San Andreas Packages
    McAfee Security Scan Plus
    SafeFinder

    Fixlist.txt dla FRST:
    Task: {111C034E-639E-4CE1-9DB4-DA655DF907EC} - System32\Tasks\psv_S-core => /c regedit.exe /s "C:\ProgramData\Danlax\Overranis.reg" &amp; del "C:\ProgramData\Danlax\Overranis.reg" &amp; SCHTASKS /Delete /TN "psv_S-core" /F <==== UWAGA
    Task: {2459B3C4-6C34-428D-873F-9D0FAF9B2163} - System32\Tasks\psv_Zun-Lux => /c regedit.exe /s "C:\ProgramData\Danlax\Quofix.reg" &amp; del "C:\ProgramData\Danlax\Quofix.reg" &amp; SCHTASKS /Delete /TN "psv_Zun-Lux" /F <==== UWAGA
    Task: {37838048-CE00-412D-B4E8-EAFDE43DED22} - System32\Tasks\psv_Donit => /c regedit.exe /s "C:\ProgramData\Danlax\InTraxtone.reg" &amp; del "C:\ProgramData\Danlax\InTraxtone.reg" &amp; SCHTASKS /Delete /TN "psv_Donit" /F <==== UWAGA
    Task: {617CA3C9-9A44-45BF-86FB-BD9153DDFB51} - System32\Tasks\Opera scheduled Autoupdate 1442839085 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-14] (Opera Software)
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
    HKLM-x32\...\Run: [Denzi] => C:\Program Files (x86)\Denzi\Launcher.bat --wait
    AppInit_DLLs: C:\ProgramData\Danlax\Holdlex.dll => C:\ProgramData\Danlax\Holdlex.dll [1172480 2015-09-21] ()
    AppInit_DLLs-x32: C:\ProgramData\Danlax\Triooteco.dll => C:\ProgramData\Danlax\Triooteco.dll [384512 2015-09-21] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-13]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    AutoConfigURL: [S-1-5-21-403033949-2693121034-3414106736-1001] => hxxp://stopblock.me/wpad.dat?d4cdc58a2323227fbb8bef1a006a0740446121
    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\..\Interfaces\{BA251729-9E61-471E-807E-2DA236CFCEA7}: [DhcpNameServer] 150.100.0.10
    ManualProxies: 0hxxp://stopblock.me/wpad.dat?d4cdc58a2323227fbb8bef1a006a0740446121
    HKU\S-1-5-21-403033949-2693121034-3414106736-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...lcq1A_LDNpXqQ7c9KXXIk4kAQtwP3zzRvO9A,,&q={searchTerms}




    HKU\S-1-5-21-403033949-2693121034-3414106736-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKU\S-1-5-21-403033949-2693121034-3414106736-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...QTSEcFME0FCFwEURNNfW1KBFgCVEdGFEtZAlI=&q={searchTerms}
    SearchScopes: HKLM -> OldSearch URL = hxxp://www.oursurfing.com/web/?type=ds&ts...=st1000lm024xhn-m101mbb_s30yj9hfc06146&q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...QTSEcFME0FCFwEURNNfW1KBFgCVEdGFEtZAlI=&q={searchTerms}
    FF Homepage: hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggaJgoBUAhCGBgXJAEKTA1CE1QOIg8LUxQTR1Ybc1sOA19GFwIFIk0FA1oDB0VXfV5bFElXTwh3MlxZEkwDRGFRIVpT"
    OPR Extension: (Treasure Track) - C:\Users\Lukasz\AppData\Roaming\Opera Software\Opera Stable\Extensions\hakjfioapmlckdpmcnijbpidkbdlmklb [2015-11-07]
    OPR Extension: (Discover Treasure) - C:\Users\Lukasz\AppData\Roaming\Opera Software\Opera Stable\Extensions\hmphmnjjhbjlckhfhiaomidadhpdnjgl [2015-10-03]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
    S3 McODS; "C:\ProgramData\McAfee\Update\Installs\pkg_default\Download_Files\default\vso\vso_li_cat\%VSINSTALL_DIR64%\mcods.exe" [X]
    2016-03-16 20:19 - 2015-09-21 13:38 - 00003890 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1442839085
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    Zrob pelny skan przy pomocy http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun to co wykryje.

    0
  • CControls
  • Pomocny post
    #4 23 Mar 2016 12:14
    Kolobos
    Spec od komputerów

    Wszystko sie wykonalo poprawnie.

    0
  • #5 23 Mar 2016 12:17
    ppiotrpp
    Poziom 3  

    Dzięki wielkie

    0