Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Advanced Search

Search our partners

Find the latest content on electronic components. Datasheets.com
Datasheets
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Wirusy - Duzo niepotrzebnych rzeczy

wojkorz 03 Apr 2015 10:10 1137 3
Reply | New topic
  • #2
    Acorus 20
    Level 43  
    Odinstaluj GeekBuddy, Spybot - Search & Destroy. Otwórz notatnik systemowy i wklej:

    Quote:
    Task: {2D2818E6-BBEE-4616-A5FE-752059913C3C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    Task: {59498B06-0CAF-493C-96FE-6C4FEF4C4970} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: {E2056CE2-B756-4F46-8AF8-07ACB4A7433F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [283248 2015-02-04] (Filefacts.net)
    HKLM-x32\...\Run: [SFAUpdater] => C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [655984 2015-02-04] (Filefacts.net)
    HKU\S-1-5-21-2134563680-2115198138-395310871-1000\...\Run: [Gameo] => C:\Users\Wojtek\AppData\Roaming\Gameo\gameo.exe "C:\Users\Wojtek\AppData\Roaming\Gameo\gameo.dat" mode:minimized
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=14255913...&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1425...d=ST750LM022XHN-M750MBB_S2Y7J9FD704903&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1425...d=ST750LM022XHN-M750MBB_S2Y7J9FD704903&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=14255913...&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=14255913...&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1425...d=ST750LM022XHN-M750MBB_S2Y7J9FD704903&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1425...d=ST750LM022XHN-M750MBB_S2Y7J9FD704903&q={searchTerms}
    HKU\S-1-5-21-2134563680-2115198138-395310871-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=14255913...&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903
    SearchScopes: HKU\S-1-5-21-2134563680-2115198138-395310871-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2134563680-2115198138-395310871-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2134563680-2115198138-395310871-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1425...d=ST750LM022XHN-M750MBB_S2Y7J9FD704903&q={searchTerms}
    FF DefaultSearchEngine: do-search
    FF SelectedSearchEngine: do-search
    FF Homepage: hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&...tm_medium=installer&utm_campaign=instalki
    FF SearchPlugin: C:\Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\x0lvnwkx.default\searchplugins\do-search.xml [2015-04-03]
    FF Extension: Fast Start - C:\Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\x0lvnwkx.default\Extensions\1425591350_xpi [2015-03-05]
    FF Extension: Search Enginer - C:\Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\x0lvnwkx.default\Extensions\searchengine@gmail.com [2015-03-05]
    FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\x0lvnwkx.default\extensions\searchengine@gmail.com
    FF HKU\S-1-5-21-2134563680-2115198138-395310871-1000\...\Firefox\Extensions: [PrivDog@AdTrustMedia.com] - C:\Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\x0lvnwkx.default\extensions
    FF HKU\S-1-5-21-2134563680-2115198138-395310871-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
    CHR HomePage: Default -> hxxp://do-search.com/?type=hp&ts=14255913...&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903
    CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1425591342&from=cor&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903"
    CHR DefaultSearchKeyword: Default -> do-search
    CHR HKU\S-1-5-21-2134563680-2115198138-395310871-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
    S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
    U3 a6kzdusw; C:\Windows\System32\Drivers\a6kzdusw.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
    2015-03-22 18:01 - 2015-03-22 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2015-03-22 18:01 - 2015-03-22 18:01 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2015-03-18 16:13 - 2015-03-22 18:01 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2015-03-18 16:13 - 2015-03-22 18:01 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
    2015-03-10 23:47 - 2015-04-03 09:36 - 00000000 ____D () C:\Users\Wojtek\AppData\Local\Gameo
    2015-03-05 23:58 - 2015-03-05 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart File Advisor
    2015-03-05 23:58 - 2015-03-05 23:58 - 00000000 ____D () C:\Program Files (x86)\Smart File Advisor
    2015-03-05 23:35 - 2015-03-05 23:35 - 00000000 ____D () C:\Users\Wojtek\AppData\Local\PriceFountain
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
  • #3
    Kolobos
    IT specialist
    Odinstaluj:
    McAfee Security Scan Plus
    Spybot - Search & Destroy

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    (Filefacts.net) C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe
    HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [283248 2015-02-04] (Filefacts.net)
    HKLM-x32\...\Run: [SFAUpdater] => C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [655984 2015-02-04] (Filefacts.net)
    HKU\S-1-5-21-2134563680-2115198138-395310871-1000\...\Run: [Gameo] => C:\Users\Wojtek\AppData\Roaming\Gameo\gameo.exe "C:\Users\Wojtek\AppData\Roaming\Gameo\gameo.dat" mode:minimized
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=14255913...&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1425...d=ST750LM022XHN-M750MBB_S2Y7J9FD704903&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1425...d=ST750LM022XHN-M750MBB_S2Y7J9FD704903&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=14255913...&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=14255913...&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1425...d=ST750LM022XHN-M750MBB_S2Y7J9FD704903&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1425...d=ST750LM022XHN-M750MBB_S2Y7J9FD704903&q={searchTerms}
    HKU\S-1-5-21-2134563680-2115198138-395310871-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=SKY2&ocid=SKY2DHP&osmkt=pl-pl
    HKU\S-1-5-21-2134563680-2115198138-395310871-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=14255913...&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903
    SearchScopes: HKU\S-1-5-21-2134563680-2115198138-395310871-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2134563680-2115198138-395310871-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2134563680-2115198138-395310871-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1425...d=ST750LM022XHN-M750MBB_S2Y7J9FD704903&q={searchTerms}
    FF DefaultSearchEngine: do-search
    FF SelectedSearchEngine: do-search
    FF Homepage: hxxp://www.msn.com/?pc=SKY2&ocid=SKY2DHP&...tm_medium=installer&utm_campaign=instalki
    FF SearchPlugin: C:\Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\x0lvnwkx.default\searchplugins\do-search.xml [2015-04-03]
    FF Extension: Fast Start - C:\Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\x0lvnwkx.default\Extensions\1425591350_xpi [2015-03-05]
    FF Extension: Search Enginer - C:\Users\Wojtek\AppData\Roaming\Mozilla\Firefox\Profiles\x0lvnwkx.default\Extensions\searchengine@gmail.com [2015-03-05]
    CHR HomePage: Default -> hxxp://do-search.com/?type=hp&ts=14255913...&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903
    CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1425591342&from=cor&uid=ST750LM022XHN-M750MBB_S2Y7J9FD704903"
    CHR DefaultSearchKeyword: Default -> do-search
    CHR HKU\S-1-5-21-2134563680-2115198138-395310871-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
    S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
    U3 a6kzdusw; C:\Windows\System32\Drivers\a6kzdusw.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero size file/folder)
    2015-03-10 23:47 - 2015-04-03 09:36 - 00000000 ____D () C:\Users\Wojtek\AppData\Local\Gameo
    2015-03-10 23:47 - 2015-03-10 23:47 - 00001951 _____ () C:\Users\Wojtek\Desktop\Play Legend Online.lnk
    2015-03-10 23:47 - 2015-03-10 23:47 - 00001797 _____ () C:\Users\Wojtek\Desktop\Gameo.lnk
    2015-03-10 23:47 - 2015-03-10 23:47 - 00001783 _____ () C:\Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
    2015-03-10 23:47 - 2015-03-10 23:47 - 00000174 _____ () C:\Users\Wojtek\Desktop\Play Games Online.url
    2015-03-10 23:47 - 2015-03-10 23:47 - 00000174 _____ () C:\Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
    2015-03-10 23:47 - 2015-03-10 23:47 - 00000000 ____D () C:\Users\Wojtek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
    2015-03-06 00:30 - 2015-03-06 00:30 - 00001230 _____ () C:\Users\Public\Desktop\CleverReach.com.lnk
    2015-03-06 00:30 - 2015-03-06 00:30 - 00000214 _____ () C:\Users\Public\Desktop\Your Software Deals.url
    2015-03-05 23:58 - 2015-03-05 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart File Advisor
    2015-03-05 23:58 - 2015-03-05 23:58 - 00000000 ____D () C:\Program Files (x86)\Smart File Advisor
    2015-03-05 23:51 - 2015-03-05 23:55 - 00001230 _____ () C:\Users\Wojtek\Desktop\Continue Alcohol 120% Free Edition installation.lnk
    2015-03-05 23:35 - 2015-03-05 23:35 - 00000000 ____D () C:\Users\Wojtek\AppData\Local\PriceFountain
    EmptyTemp:

    W FRST wybierz Fix.
  • #4
    wojkorz
    Level 9  
    dziękuję za pomoc. Ułatwiacie życie chłopaki.
Reply | New topic