Zainfekowanych: 90 Co robić?


(Archlord159357) #1

Witam to moj pierwszy post na tym forum wiec: witam wszystkich! ;] Otóż przeskanowałem kompa programem Malwarebytes' i otrzymałem:

Wersja bazy: 4594

Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|)

Przeskanowano obiektów: 290697

Upłynęło: 45 minut(y), 47 sekund(y)

Zainfekowanych procesów w pamięci: 0

Zainfekowanych modułów w pamięci: 0

Zainfekowanych kluczy rejestru: 53

Zainfekowanych wartości rejestru: 4

Zainfekowane informacje rejestru systemowego: 3

Zainfekowanych folderów: 12

Zainfekowanych plików: 18

Zainfekowanych procesów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:

(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:

HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\Interface{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\Interface{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\Interface{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Interface{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\Interface{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\TypeLib{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\CLSID{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> No action taken.

HKEY_CLASSES_ROOT\Typelib{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.

HKEY_CURRENT_USER{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Zainfekowanych wartości rejestru:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search(default) (Adware.Hotbar) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.

Zainfekowane informacje rejestru systemowego:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Zainfekowanych folderów:

C:\Documents and Settings\All Users\Dane aplikacji\Sukoku (Adware.Zwangi) -> No action taken.

C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690 (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\Data (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\components (Adware.DoubleD) -> No action taken.

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.

C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.

C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.

C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

Zainfekowanych plików:

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\NPIEAddOn.dll (Adware.DoubleD) -> No action taken.

C:\Documents and Settings\All Users\Dane aplikacji\Sukoku\sukoku119.exe (Adware.Ziniky) -> No action taken.

C:\Documents and Settings\Eryk i Patryk\Ustawienia lokalne\Temp\comver.dll (Adware.GameSpyArcade) -> No action taken.

E:\Pobieranie\MAXON.CINEMA.4D.Studio.Bundle.v11.008\PARADOX\keygen.exe (Trojan.Downloader) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\NPCommon.dll (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\unins000.dat (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\unins000.exe (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\Data\config.md (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome.manifest (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\install.rdf (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.dll (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.

C:\Program Files\Internet Saving Optimizer\3.8.1.4690\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.

C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.

Co zrobic z ty fantem ? Z góry dzieki za pomoc...


(Piotrkijak) #2

Usunąć, proste.


(Łukash) #3

Witaj na forum DP :slight_smile:

Usuwać ,MBAM jest bardzo dobrym programem ,po usuwaniu dołącz log z usuwania. Zrób logi OTL extras i otl na http://www.wklej.org ,oraz GMER ,

Przed uruchomieniem powyższych narzędzi odinstaluj,jak posiadasz wszelkie programy, tworzące wirtualne napędy (Daemon Tools, Alcohol itp.) i usuń instalowany przez nie sterownik SPTD - > SPTDInst z opcji Uninstall (jeśli będzie zszarzałe, to OK).


(Archlord159357) #4

tylko gdzies czytalem ze nie powinno sie chyba usuwac tych 3 rejestru systemowego czy usunac wszystko ?


(Łukash) #5

Usuwaj wszystko.


(Archlord159357) #6

Dobra dzieki ;D i jak usune to git, ładnie wszystko bedzie smigac czy cos jeszcze musze zrobic zeby sie tego pozbyc? (wiem zetroche glupie pytania ale wole miec pewnosc)


(kosti1) #7

to są wpisy dotyczące powiadomien centrum zabespieczen,jak je wywalisz to bedziesz mial powiadomienia o nie zainstalowanym antivirusie ,wylaczonych aktualizacjach i wyłączonej zaporze,no chyba ze masz to wszystko wtedy nie bedzie powiadomien


(Archlord159357) #8

mowisz o tych 3 z rejestru systemowego czy o wszystkim ?

a i czy ta infekcja jest groźna dla kompa czy raczej nie ?


(Łukash) #9

zainfekowanych-robic-t413375.html#p2643348


(Archlord159357) #10

dobra dzieki;D


(kosti1) #11

tak o tzch 3