Laptop wrocil z serwisu z wirusami


(Giiixxxx6) #1

Dzień Dobry,

 

Laptop rodziców wrócił z serwisu z wirusami i programami z reklamami. Adwcleaner już swoje zrobił, Comodo też ale nie wiem czy coś jeszcze czasem się nie zostało

 

http://wklej.org/id/1786218/

http://wklej.org/id/1786220/

http://wklej.org/id/1786221/


(Atis) #2

Odinstaluj GeekBuddy.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2015-08-30]
SearchScopes: HKU\S-1-5-21-926564993-3035099760-1577869346-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3320133&octid=EB_ORIGINAL_CTID&ISID=M5BDF1F95-EC9B-4410-8279-37B4483B3644&SearchSource=58&CUI=&UM=8&UP=SPC81DDED4-39A2-4E0D-9DA2-C2A1DC5B8A09&D=082915&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-926564993-3035099760-1577869346-1001 -> {63992CA9-FD74-4FED-A487-E76A587A2FFC} URL = 
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
R2 DTKIrMO; C:\ProgramData\SEgDtco\DTKIrMO.exe [2732000 2015-08-30] (Useful Technology)
R2 jimocoso; C:\Program Files (x86)\F03DF103-1440906684-E211-B0DE-008CFA629EF1\jnsy2A91.tmp [227328 2015-08-30] () [Fichier non signé]
R2 totyseku; C:\Program Files (x86)\F03DF103-1440906684-E211-B0DE-008CFA629EF1\hnsc4157.tmp [137728 2015-08-30] () [Fichier non signé]
S2 gopibeko; C:\Users\Przemyslaw\AppData\Local\F03DF103-1440913936-E211-B0DE-008CFA629EF1\snsjC53D.tmp [X]
S2 ija; c:\windows\ija.exe [X]
S2 mija; c:\windows\mija.exe [X]
R2 vejisuwy; C:\Program Files (x86)\F03DF103-1440906684-E211-B0DE-008CFA629EF1\knsrD5E.tmpfs [X]
2015-08-30 05:55 - 2015-08-30 05:57 - 00000000 ____ D C:\AdwCleaner
2015-08-30 05:51 - 2015-08-30 05:51 - 00000000 ____ D C:\Program Files (x86)\F03DF103-1440906684-E211-B0DE-008CFA629EF1
2015-08-30 05:51 - 2012-07-26 07:26 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-30 05:32 - 2015-08-30 05:34 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-30 05:30 - 2015-08-30 05:30 - 00000000 ____ D C:\ProgramData\Uaruvumn
2015-08-30 05:30 - 2015-08-30 05:30 - 00000000 ____ D C:\ProgramData\MWdsManProM
2015-08-30 05:25 - 2015-08-30 05:33 - 00000000 ____ D C:\ProgramData\update
2015-08-30 05:25 - 2015-08-30 05:30 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-08-30 05:25 - 2015-08-30 05:28 - 00000000 ____ D C:\ProgramData\SEgDtco
2015-08-30 05:25 - 2015-08-30 05:26 - 00000000 ____ D C:\ProgramData\FWdsManProF
2015-08-30 06:46 - 2013-05-15 23:08 - 00000000 ____ D C:\ProgramData\McAfee
Task: {07989BAF-0F3E-4798-8D46-BCB7040154F9} - System32\Tasks\new tab helper oursurfing => C:\Users\Przemyslaw\AppData\Roaming\oursurfing\newtab_hlpr.exe
Task: {2E561ED6-BB36-4AD1-B8D5-E986C400A6D3} - System32\Tasks\Uaruvumn => C:\ProgramData\Uaruvumn\1.0.4.1\menipavu.exe [2015-08-30] ()
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
C:\Users\Przemyslaw\AppData\Local\F03DF103-1440913936-E211-B0DE-008CFA629EF1
C:\Program Files\SpaceSoundPro
C:\Users\Przemyslaw\AppData\Roaming\oursurfing
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.