Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Proszę, dodaj wyjątek dla www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirus ziiky i provider - wyskakujace reklamy

miniex 22 Mar 2015 10:16 1419 1
  • Pomocny post
    #2 22 Mar 2015 10:56
    Acorus 20
    Spec od komputerów

    Odinstaluj PriceFountain (remove only), Update for PriceFountain. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {CC8E55A5-2EAF-472F-AC16-0B86E743E6BE} - System32\Tasks\Malware Cleaner => C:\Users\Natalia\AppData\Roaming\D5B4.tmp.exe [2015-03-18] () <==== ATTENTION
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    ProxyEnable: [S-1-5-21-1429604921-2151314115-3297444707-1001] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-1429604921-2151314115-3297444707-1001] => 127.0.0.1:8118
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts...ST500LT012-9WS142_W0VJR255XXXXW0VJR255&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts...ST500LT012-9WS142_W0VJR255XXXXW0VJR255&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts...ST500LT012-9WS142_W0VJR255XXXXW0VJR255&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts...ST500LT012-9WS142_W0VJR255XXXXW0VJR255&q={searchTerms}
    HKU\S-1-5-21-1429604921-2151314115-3297444707-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKU\S-1-5-21-1429604921-2151314115-3297444707-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.sweet-page.com/web/?utm_source=b&a...255&ts=1426610141&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1429604921-2151314115-3297444707-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.sweet-page.com/web/?utm_source=b&a...255&ts=1426610141&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1429604921-2151314115-3297444707-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.sweet-page.com/web/?utm_source=b&a...255&ts=1426610141&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1429604921-2151314115-3297444707-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.sweet-page.com/web/?utm_source=b&a...255&ts=1426610141&type=default&q={searchTerms}
    BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
    BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Natalia\AppData\Local\PriceFountain\PriceFountainIE.dll [2015-01-11] ()
    FF DefaultSearchEngine: GoSearch
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2015-03-21]
    FF HKU\S-1-5-21-1429604921-2151314115-3297444707-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    R2 Live Malware Protection; C:\Windows\mlwps.exe [239104 2015-03-18] (AV Security Software) [File not signed] <==== ATTENTION
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
    R2 PrivoxyService; C:\Program Files (x86)\Safesoft Protector\privoxy.exe [371200 2015-03-18] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    S2 Update Primary Result; "C:\Program Files (x86)\Primary Result\updatePrimaryResult.exe" [X]
    S2 Util Primary Result; "C:\Program Files (x86)\Primary Result\bin\utilPrimaryResult.exe" [X]
    R1 {1601c372-fdd4-4d07-81cb-8d80cd533a89}Gw64; C:\Windows\System32\drivers\{1601c372-fdd4-4d07-81cb-8d80cd533a89}Gw64.sys [48792 2015-03-18] (StdLib)
    R1 {7edae523-2f47-48a4-be5c-2db16c2cad61}Gw64; C:\Windows\System32\drivers\{7edae523-2f47-48a4-be5c-2db16c2cad61}Gw64.sys [48792 2015-03-17] (StdLib)
    2015-03-21 20:41 - 2015-03-21 20:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2015-03-21 20:41 - 2015-03-21 20:41 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2015-03-18 23:22 - 2015-03-19 15:32 - 00000000 ____D () C:\Program Files (x86)\Safesoft Protector
    2015-03-18 23:22 - 2015-03-18 23:22 - 00775168 _____ () C:\Users\Natalia\AppData\Roaming\D5B4.tmp.exe
    2015-03-18 23:22 - 2015-03-18 23:22 - 00239104 _____ (AV Security Software) C:\Windows\mlwps.exe
    2015-03-18 23:22 - 2015-03-18 23:22 - 00003332 _____ () C:\Windows\System32\Tasks\Malware Cleaner
    2015-03-18 23:22 - 2015-03-18 23:22 - 00000000 _____ () C:\Users\Natalia\AppData\Roaming\D5B4.tmp
    2015-03-18 23:21 - 2015-03-18 23:22 - 00000000 ____D () C:\Program Files (x86)\PrivateVPN
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    1