Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus Baidu - uciazliwe reklamy

Tupolew1991 21 Cze 2015 13:28 1833 3
  • CControls
  • Pomocny post
    #2 21 Cze 2015 13:58
    Acorus 20
    Spec od komputerów

    Odinstaluj Smileys We Love Toolbar for IE, UpdateChecker. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {96043240-E03B-498E-8272-602D0F23611F} - \Installer_iwebar No Task File <==== ATTENTION
    Task: {EA557D47-A18A-4AF6-8194-6FFB1CC34CE0} - System32\Tasks\{A70DB539-2AF0-49CB-83C0-BF82F368BD76} => pcalua.exe -a C:\Users\Zuzia\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
    HKLM\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe [2474952 2015-04-08] (百度在线网络技术(北京)有限公司)
    HKLM-x32\...\Run: [C:\Windows\SysWOW64\V0770Ext.ax] => C:\Windows\system32\RegSvr32.exe /s C:\Windows\SysWOW64\V0770Ext.ax
    HKLM-x32\...\Run: [gmsd_pl_56] => [X]
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rs\Rs.exe
    HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe [2474952 2015-04-08] (百度在线网络技术(北京)有限公司)
    HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QQPCTRAY.EXE" /regrun /qqrepair
    HKU\S-1-5-21-1217560622-1741925875-2193850250-1000\...\Run: [Allmyapps] => "C:\Users\Zuzia\AppData\Roaming\Allmyapps\Allmyapps.exe" startup
    HKU\S-1-5-21-1217560622-1741925875-2193850250-1000\...\Run: [Allmyapps Update] => "C:\Users\Zuzia\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe" check startup
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk [2014-07-03]
    ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\QMGCShellExt64.dll No File
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =




    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.9.16350.226\TSWebMon64.dat No File
    BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
    BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
    Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-01-18] ()
    Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-01-18] ()
    FF Homepage: hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    FF Extension: CinemaP-1.9cV15.06 - C:\Users\Zuzia\AppData\Roaming\Mozilla\Firefox\Profiles\hvsgzhqe.default\Extensions\AVJYFVOD75109374@HCDE39471360.com [2015-06-19]
    FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\Zuzia\AppData\Roaming\Mozilla\Firefox\Profiles\hvsgzhqe.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2014-03-10]
    CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
    CHR HKLM-x32\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Zuzia\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx [Not Found]
    OPR Extension: (Razor Web) - C:\Users\Zuzia\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljgajomlfccacbljbhocggijdgpablpc [2015-06-17]
    OPR Extension: (CinemaP-1.9cV15.06) - C:\Users\Zuzia\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-06-19]
    R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-04-08] (百度在线网络技术(北京)有限公司)
    R2 BDKVRTP; C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [793096 2015-04-08] (百度在线网络技术(北京)有限公司)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
    R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [202576 2015-04-08] (Baidu)
    R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [196936 2015-04-08] (Baidu)
    R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [67400 2015-04-08] (Baidu)
    R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [152392 2015-04-08] (Baidu Technology)
    R2 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103240 2015-04-08] (Baidu)
    R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [56136 2015-04-08] (Baidu)
    S1 BdSandBox; system32\DRIVERS\BdSandBox.sys [X]
    S3 MSICDSetup; \??\F:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
    S1 wafd_1_10_0_18; system32\drivers\wafd_1_10_0_18.sys [X]
    2015-06-20 07:40 - 2015-06-19 18:22 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2015-06-20 07:40 - 2015-06-19 18:22 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2015-06-19 18:54 - 2015-06-20 09:46 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    2015-06-19 18:22 - 2015-06-19 18:22 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2015-06-19 18:22 - 2015-06-19 18:22 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2015-06-19 18:19 - 2015-06-20 12:26 - 00000000 ____D C:\Users\Zuzia\AppData\Roaming\Baidu
    2015-06-19 18:19 - 2015-06-20 12:26 - 00000000 ____D C:\ProgramData\Baidu
    2015-06-19 18:19 - 2015-06-19 18:19 - 00000000 ____D C:\Program Files (x86)\Baidu
    2015-06-19 18:19 - 2015-04-08 09:17 - 00202576 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys
    2015-06-19 18:19 - 2015-04-08 09:17 - 00196936 _____ (Baidu) C:\Windows\system32\Drivers\bd0002.sys
    2015-06-19 18:19 - 2015-04-08 09:17 - 00152392 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.sys
    2015-06-19 18:19 - 2015-04-08 09:17 - 00103240 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
    2015-06-19 18:19 - 2015-04-08 09:17 - 00067400 _____ (Baidu) C:\Windows\system32\Drivers\bd0003.sys
    2015-06-19 18:19 - 2015-04-08 09:17 - 00056136 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
    2014-03-20 13:05 - 2014-06-02 16:01 - 0003799 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix.

    2
  • CControls
  • #3 21 Cze 2015 14:27
    Tupolew1991
    Poziom 2  

    Pomoglo. Wielkie dzieki. :)

    0
  • Pomocny post
    #4 21 Cze 2015 14:37
    Acorus 20
    Spec od komputerów

    Skasuj folder C:\FRST.
    Wirus Baidu - uciazliwe reklamy

    2