Odinstaluj:
eDeals version 1.0 (HKLM-x32\...\eDeals_is1) (Version: 1.0 - eDeals) <==== ATTENTION
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION
Your Software Deals (HKLM-x32\...\Your Software Deals_is1) (Version: - Ashampoo GmbH & Co. KG)
Obok frst.exe utworz plik fixlist.txt z zawartoscia:
ClosePorocesses:
Task: {57916653-263A-4ADD-ADAC-5A1696CD3F07} - \Optimize Start Menu Cache Files-S-1-5-21-878570952-1094920582-2464901648-1001 No Task File <==== ATTENTION
Task: {607A4926-7862-475A-8C2F-203EE22E137E} - \WPD\SqmUpload_S-1-5-21-878570952-1094920582-2464901648-1001 No Task File <==== ATTENTION
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
() C:\Windows\SysWOW64\advapidifxGUI\advapidifxGUI.exe
() C:\Windows\SysWOW64\DefaultDesktopWiget\DefaultDesktopWiget.exe
() C:\Users\Maciek97\AppData\Local\directxosSched\directxosSched.exe
() C:\Users\Maciek97\AppData\Local\directxosSched\encondingplaysndsrv_86.exe
() C:\Program Files (x86)\eDealPop\eDealPop.exe
() C:\Windows\SysWOW64\wigetpku2uRec\wigetpku2uRec.exe
HKLM-x32\...\Run: [fst_pl_110] => [X]
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [6144 2014-12-03] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-878570952-1094920582-2464901648-1006] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-878570952-1094920582-2464901648-1006] => http=127.0.0.1:10741
FF NewTab: hxxp://search.yahoo.com/?fr=hp-ddc-bd-tab&type=616_pr__alt__ddc_dsssyctab_bd_com
FF Homepage: hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=616_pr__alt__ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=616_pr__alt__ddc_dss_bd_com&p=
FF DefaultSearchEngine: V9
FF SearchEngineOrder.1: V9
FF SelectedSearchEngine: V9
FF Extension: No Name - C:\Users\Maciek97\AppData\Roaming\Mozilla\Firefox\Profiles\2sn9jo51.default\extensions\{641e52b1-3179-43ed-8bcb-f688871e52b0}.xpi [Not Found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR RestoreOnStartup: Default -> "hxxp://rts.dsrlte.com?affID=pr_ad418d28-3404-48b0-823e-6b8e35759ea0"
CHR StartupUrls: Default -> "hxxp://rts.dsrlte.com?affID=pr_ad418d28-3404-48b0-823e-6b8e35759ea0"
R2 advapidifxGUI; C:\WINDOWS\SysWOW64\advapidifxGUI\advapidifxGUI.exe [83456 2015-01-16] () [File not signed]
R2 DefaultDesktopWiget; C:\Windows\SysWOW64\DefaultDesktopWiget\DefaultDesktopWiget.exe [68096 2014-10-13] () [File not signed]
R2 directxosSched.exe; C:\Users\Maciek97\AppData\Local\directxosSched\directxosSched.exe [209408 2015-01-28] () [File not signed]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-15] (Elex do Brasil Participações Ltda)
R2 wigetpku2uRec; C:\WINDOWS\SysWOW64\wigetpku2uRec\wigetpku2uRec.exe [83456 2015-01-16] () [File not signed]
S2 addonplaysndsrvRec.exe; C:\Users\Maciek97\AppData\Local\addonplaysndsrvRec\addonplaysndsrvRec.exe [X]
S2 APICursorMotion.exe; C:\Users\Maciek97\AppData\Local\APICursorMotion\APICursorMotion.exe [X]
S2 ClassEncondingPublic.exe; C:\Users\Maciek97\AppData\Local\ClassEncondingPublic\ClassEncondingPublic.exe [X]
S2 CronNetWin32.exe; C:\Users\Maciek97\AppData\Local\CronNetWin32\CronNetWin32.exe [X]
S4 fat32cbvaSched.exe; C:\Users\Maciek97\AppData\Local\fat32cbvaSched\fat32cbvaSched.exe [X]
S2 JAVAPythonText.exe; C:\Users\Maciek97\AppData\Local\JAVAPythonText\JAVAPythonText.exe [X]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-15] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2015-01-28 22:44 - 2015-01-28 22:44 - 00000000 ____D () C:\Users\Maciek97\AppData\Local\directxosSched
2015-01-28 22:44 - 2015-01-28 22:44 - 00000000 ____D () C:\Program Files (x86)\eDealPop
2015-01-28 22:34 - 2015-01-28 22:40 - 00000000 ____D () C:\AdwCleaner
2015-01-16 17:22 - 2015-01-16 17:22 - 00000000 ____D () C:\WINDOWS\SysWOW64\wigetpku2uRec
2015-01-16 17:22 - 2015-01-16 17:22 - 00000000 ____D () C:\WINDOWS\SysWOW64\advapidifxGUI
2015-01-16 15:03 - 2015-01-03 09:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2015-01-16 15:02 - 2015-01-16 15:02 - 00000000 ____D () C:\Users\Maciek97\AppData\Roaming\Elex-tech
2015-01-16 15:02 - 2015-01-16 15:02 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-01-10 22:04 - 2015-01-10 22:04 - 00000266 __RSH () C:\ProgramData\ntuser.pol
2015-01-05 14:23 - 2015-01-05 14:24 - 00730528 _____ ( ) C:\Users\Maciek97\Downloads\GeForce-Experience(46129)-dp.exe
2015-01-02 02:04 - 2015-01-02 02:05 - 00373056 _____ () C:\Users\Maciek97\Downloads\SoftonicDownloader_dla_ds3-tool.exe
EmptyTemp:
W FRST wybierz Fix.
Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
