Zasyfiony komputer

Comb0 · 6 Grudnia 2014

Proszę o sprawdzenie logów z FRST w celu oczyszczenia komputera z syfu.

Dziekuję za pomoc.

logi w załączniku.

picasso · 10 Grudnia 2014

Temat założony w niewłaściwym dziale. Przenoszę do działu diagnostyki infekcji, gdyż mamy tu do czynienia z problemem paskudnych i mnogich instalacji adware. Usuwanie będzie podzielone na kilka etapów. Wstępnie przeprowadź następujące operacje:

1. Otwórz Notatnik i wklej w nim:

CloseProcesses:
R1 {0c6ad4fc-d56b-44cb-a06e-debba12bf68a}w64; C:\Windows\System32\drivers\{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}w64.sys [48824 2014-10-19] (StdLib)
R1 {1de0dec0-675e-482f-a756-fd24c6796c8e}w64; C:\Windows\System32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys [48832 2014-12-05] (StdLib)
R1 {3c9eada7-386c-4a04-ab1e-4eb122397ced}w64; C:\Windows\System32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w64.sys [48824 2014-10-21] (StdLib)
R1 {44b76908-31ad-4fdd-90ce-abbdbb78f175}w64; C:\Windows\System32\drivers\{44b76908-31ad-4fdd-90ce-abbdbb78f175}w64.sys [48824 2014-10-15] (StdLib)
R1 {6191cc23-5db4-4079-aaac-546c45b08af1}w64; C:\Windows\System32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w64.sys [48824 2014-10-23] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys [61112 2014-07-08] (StdLib)
R1 {6fcd6092-9615-4f7f-8898-8df53980e5d2}w64; C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys [61624 2014-08-06] (StdLib)
R1 {9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}w64; C:\Windows\System32\drivers\{9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}w64.sys [48824 2014-10-17] (StdLib)
R1 {a00759f4-8f6e-4f04-880d-18a7306588c3}w64; C:\Windows\System32\drivers\{a00759f4-8f6e-4f04-880d-18a7306588c3}w64.sys [48824 2014-10-13] (StdLib)
R1 {b66d62b0-ebea-42c8-88c7-71cdab32919e}w64; C:\Windows\System32\drivers\{b66d62b0-ebea-42c8-88c7-71cdab32919e}w64.sys [48832 2014-11-30] (StdLib)
R1 {b7f87806-4a32-46e7-ad9b-12f73fb810a9}w64; C:\Windows\System32\drivers\{b7f87806-4a32-46e7-ad9b-12f73fb810a9}w64.sys [48832 2014-11-28] (StdLib)
R1 {cb987b80-b481-4623-9e86-1b830e33479a}w64; C:\Windows\System32\drivers\{cb987b80-b481-4623-9e86-1b830e33479a}w64.sys [48832 2014-11-27] (StdLib)
R1 {cfbbf934-a234-4282-8ef3-310abb84c3e4}w64; C:\Windows\System32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w64.sys [48824 2014-10-19] (StdLib)
R1 {df8d93ab-56ab-414d-b711-87b0e2749bbd}w64; C:\Windows\System32\drivers\{df8d93ab-56ab-414d-b711-87b0e2749bbd}w64.sys [48824 2014-10-17] (StdLib)
R1 {f916f162-d4e9-413b-95d2-589769dc98ff}w64; C:\Windows\System32\drivers\{f916f162-d4e9-413b-95d2-589769dc98ff}w64.sys [48824 2014-10-15] (StdLib)
S4 F06DEFF2-5B9C-490D-910F-35D3A9119622; C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc2.cfg [41872 2014-07-16] (Aztec Media Inc)
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41856 2014-12-02] ()
R2 SPDRIVER_1.37.0.486; C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.sys [52584 2014-11-24] ()
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-11] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-11] (globalUpdate) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [759688 2014-07-09] (Cherished Technololgy LIMITED)
R2 MaintainerSvc2.04.9173792; C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4\maintainer.exe [123680 2014-12-06] ()
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346880 2014-12-02] (ShopperPro)
R2 Update NetCrawl; C:\Program Files (x86)\NetCrawl\updateNetCrawl.exe [523552 2014-12-06] ()
R2 Util NetCrawl; C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe [524064 2014-12-06] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [535936 2014-07-09] (Fuyu LIMITED)
R2 YouTubeAcceleratorService; C:\Program Files (x86)\YouTube Accelerator\YouTubeAcceleratorService.exe [1510248 2014-08-11] (GOOBZO)
Task: {16D317AB-8E0C-4AE4-B313-7AE6781B405F} - System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-5 => C:\Program Files (x86)\iWebar\4bd3ec58-c42f-443e-8edb-0a5b2d035380-5.exe [2014-08-11] (iWebar) 
Task: {1A20BD29-3D03-45A4-B549-B0FB5C474CFC} - System32\Tasks\UNELEVATE_18933 => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [2014-11-24] () 
Task: {21109AF4-CD87-43DE-BCAC-5D754546BB29} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-11] (globalUpdate) 
Task: {3AFC1BCB-DF81-46E1-A4FB-1A2F670F63A9} - System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4 => C:\Program Files (x86)\iWebar\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.exe [2014-08-11] (iWebar) 
Task: {44D96133-C53F-46CF-8E5F-179390774BEE} - System32\Tasks\YTAHelper => C:\Program Files (x86)\YTAHelper\YTAHelper.exe [2014-06-15] (Goobzo LTD) 
Task: {4BBA6643-3770-4ADB-9A73-5FC93F515F36} - System32\Tasks\Yahoo! Search Updater => C:\Users\Kuba\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrsetup.exe [2014-10-28] (Pay By Ads LTD) 
Task: {53F8F166-C56D-4062-BB51-015770B787E2} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe [2014-12-02] (Goobzo) 
Task: {621B6E71-DAD1-45FF-9DAD-8B22219B93F1} - System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2 => C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.exe [2014-08-11] (Object Browser) 
Task: {6A508869-4DE6-434C-ACDB-A7C06FC076FB} - System32\Tasks\UNELEVATE_1370 => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [2014-11-24] () 
Task: {6D6AA47E-413C-4DFB-B24F-847072268C01} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [2014-11-24] () 
Task: {76AE72D9-603B-44C5-B22C-6DEDED81886D} - System32\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4 => C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.exe [2014-08-11] (Object Browser) 
Task: {7AF6F753-D989-417E-BB27-1E37EEAFE134} - System32\Tasks\AppCloudUpdater => C:\Users\Kuba\AppData\Roaming\AppCloudUpdater\UpdateProc\UpdateTask.exe [2013-04-12] () 
Task: {7B9805F7-8EF3-49A0-A714-B04065FF857C} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe 
Task: {7F715724-02F0-49E1-9FAC-BA7B93AF1F7E} - System32\Tasks\AppSafe => C:\Program Files (x86)\AppSafe\AppSafe.exe 
Task: {866DA713-6504-4DA3-94E0-3E565DC3A1C1} - System32\Tasks\SPBIW_UpdateTask_Time_323235303931333934342d414a34413734452a786c5a5a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 
Task: {86F309FB-169D-47DA-A46A-CF97B7F9E67B} - System32\Tasks\UNELEVATE_462 => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [2014-11-24] () 
Task: {8D70FD3A-56C5-4111-A335-1C180DE08BC9} - System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-2 => C:\Program Files (x86)\iWebar\4bd3ec58-c42f-443e-8edb-0a5b2d035380-2.exe [2014-08-11] (iWebar) 
Task: {933B8981-251D-4824-8CEC-87A8CA4114AD} - System32\Tasks\Yahoo! Search => C:\Users\Kuba\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe [2014-10-28] (Pay By Ads LTD) 
Task: {97BDF87A-DCC5-49E2-81A9-32F37B08704D} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-11] (globalUpdate) 
Task: {A4E34F8C-3834-4A6D-B2F7-77CE9DC3F783} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe 
Task: {A5C58D27-CE98-49F4-A37E-EA806F438A8E} - System32\Tasks\Math Problem Solver CPU => C:\Users\Kuba\AppData\Local\Math Problem Solver\cpu\Solve.exe [2014-01-23] () 
Task: {AECEF5CE-757A-4ECC-8366-A0EF3C756ACD} - System32\Tasks\YTAUpdate_logon => C:\PROGRA~2\YOUTUB~1\Updater.exe 
Task: {C8A5E979-23D1-4D94-BD26-C5B23FBB9730} - System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-6 => C:\Program Files (x86)\iWebar\iWebar-novainstaller.exe [2014-08-11] (iWebar) 
Task: {D37B20AD-823E-4F50-BF9D-EBAD57607660} - System32\Tasks\Math Problem Solver Optimize => C:\Users\Kuba\AppData\Local\Math Problem Solver\Optimize.exe [2014-01-20] () 
Task: {DC91D712-4AA3-437F-9BD6-A84EBAFDCEE3} - System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-7 => C:\Program Files (x86)\iWebar\iWebar-nova.exe [2014-08-11] (iWebar) 
Task: {FC2DAA8F-87AB-4BA1-B5B7-8AAB194A2763} - System32\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-1 => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe [2014-08-11] (iWebar) 
Task: C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-1.job => C:\Program Files (x86)\iWebar\iWebar-codedownloader.exe 
Task: C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-2.job => C:\Program Files (x86)\iWebar\4bd3ec58-c42f-443e-8edb-0a5b2d035380-2.exe 
Task: C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.job => C:\Program Files (x86)\iWebar\4bd3ec58-c42f-443e-8edb-0a5b2d035380-4.exe 
Task: C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-5.job => C:\Program Files (x86)\iWebar\4bd3ec58-c42f-443e-8edb-0a5b2d035380-5.exe 
Task: C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-6.job => C:\Program Files (x86)\iWebar\iWebar-novainstaller.exe 
Task: C:\Windows\Tasks\4bd3ec58-c42f-443e-8edb-0a5b2d035380-7.job => C:\Program Files (x86)\iWebar\iWebar-nova.exe 
Task: C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Kuba\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE 
Task: C:\Windows\Tasks\AppSafe.job => C:\Program Files (x86)\AppSafe\AppSafe.exe 
Task: C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.job => C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-2.exe 
Task: C:\Windows\Tasks\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.job => C:\Program Files (x86)\Sense\fbe97edd-eb2f-44c5-b8f7-f44c01ece1de-4.exe 
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe 
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe 
HKLM-x32\...\Run: [sPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [3224064 2014-11-24] ()
HKU\S-1-5-21-633783451-1812332228-2872719219-1000\...\Run: [AppSafe] => C:\Program Files (x86)\AppSafe\AppSafe.exe
HKU\S-1-5-21-633783451-1812332228-2872719219-1000\...\Run: [sPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1.37.0.486\jsdrv.exe [3224064 2014-11-24] ()
HKU\S-1-5-21-633783451-1812332228-2872719219-1000\...\Run: [Yahoo! Search] => C:\Users\Kuba\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.15.4\dsrlte.exe [533352 2014-10-28] (Pay By Ads LTD)
HKU\S-1-5-21-633783451-1812332228-2872719219-1000\...\MountPoints2: {576c0ff0-1279-11e4-964d-485ab603288a} - F:\LGAutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\suptab\search~1.dll => "c:\progra~2\suptab\search~1.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction 
CHR HKU\S-1-5-21-633783451-1812332228-2872719219-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=scpp&ts=1405077162&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX51A93Y3939Y3939
ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.sweet-page.com/?type=scpp&ts=1405077162&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX51A93Y3939Y3939
ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.sweet-page.com/?type=scpp&ts=1405077162&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX51A93Y3939Y3939
ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.sweet-page.com/?type=scpp&ts=1405077162&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX51A93Y3939Y3939
ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.sweet-page.com/?type=scpp&ts=1405077162&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX51A93Y3939Y3939
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.sweet-page.com/?type=scpp&ts=1405077162&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX51A93Y3939Y3939
HKU\S-1-5-21-633783451-1812332228-2872719219-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://rts.dsrlte.com?affID=na
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1404925820&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX51A93Y3939Y3939&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1404925820&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX51A93Y3939Y3939&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1404925820&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX51A93Y3939Y3939&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1404925820&from=cor&uid=WDCXWD5000LPVX-80V0TT0_WD-WX51A93Y3939Y3939&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=175&itype=n&ver=13396&tm=414&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=175&itype=n&ver=13396&tm=414&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-633783451-1812332228-2872719219-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=175&itype=n&ver=13396&tm=414&src=ds&p={searchTerms}
BHO: iWebar -> {11111111-1111-1111-1111-110311551110} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll (iWebar)
BHO: Sense -> {11111111-1111-1111-1111-110411821192} -> C:\Program Files (x86)\Sense\Sense-bho64.dll (Object Browser)
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\Kuba\AppData\Local\Linkey\IEExtension\iedll64.dll (Aztec Media Inc)
BHO: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro64.dll (Goobzo Ltd.)
BHO: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper64.dll (Goobzo Ltd.)
BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\Kuba\AppData\Local\Linkey\IEEXTE~1\iedll.dll No File
BHO-x32: NetCrawl 1.0.0.5 -> {769a91da-209f-47fe-88b9-b0321b0982c8} -> C:\Program Files (x86)\NetCrawl\NetCrawlBHO.dll (NetCrawl)
BHO-x32: Shopper Pro -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> C:\ProgramData\ShopperPro\ShopperPro.dll (Goobzo Ltd.)
BHO-x32: YTAHelper -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> C:\ProgramData\YTAHelper\YTAHelper.dll (Goobzo Ltd.)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
C:\Program Files (x86)\globalUpdate
C:\ProgramData\0fd8dc4b-3fdb-4d7c-a6d4-ff64cff56cc4
C:\ProgramData\TEMP
C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Preferences
C:\Users\Kuba\AppData\Local\Google\Chrome\User Data\Default\Local Storage\*localstorage*
C:\Users\Kuba\AppData\Roaming\Opera Software\Opera Stable\Local Storage\*localstorage*
C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
C:\Users\Kuba\Desktop\_\*.lnk
C:\Users\Kuba\Downloads\battlelog-web-plugins_*.exe
C:\Users\Kuba\Downloads\InstallFlashPlayerUpdate*.exe
C:\Users\Kuba\Downloads\UnityWebPlayer*.exe
C:\Users\Kuba\Downloads\yet_another_cleaner*.exe
C:\Windows\System32\drivers\{0c6ad4fc-d56b-44cb-a06e-debba12bf68a}w64.sys
C:\Windows\System32\drivers\{1de0dec0-675e-482f-a756-fd24c6796c8e}w64.sys
C:\Windows\System32\drivers\{3c9eada7-386c-4a04-ab1e-4eb122397ced}w64.sys
C:\Windows\System32\drivers\{44b76908-31ad-4fdd-90ce-abbdbb78f175}w64.sys
C:\Windows\System32\drivers\{6191cc23-5db4-4079-aaac-546c45b08af1}w64.sys
C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}Gw64.sys
C:\Windows\System32\drivers\{6fcd6092-9615-4f7f-8898-8df53980e5d2}w64.sys
C:\Windows\System32\drivers\{9cdb10b4-16db-41f0-b75d-2e3cfff0fbde}w64.sys
C:\Windows\System32\drivers\{a00759f4-8f6e-4f04-880d-18a7306588c3}w64.sys
C:\Windows\System32\drivers\{b66d62b0-ebea-42c8-88c7-71cdab32919e}w64.sys
C:\Windows\System32\drivers\{b7f87806-4a32-46e7-ad9b-12f73fb810a9}w64.sys
C:\Windows\System32\drivers\{cb987b80-b481-4623-9e86-1b830e33479a}w64.sys
C:\Windows\System32\drivers\{cfbbf934-a234-4282-8ef3-310abb84c3e4}w64.sys
C:\Windows\System32\drivers\{df8d93ab-56ab-414d-b711-87b0e2749bbd}w64.sys
C:\Windows\System32\drivers\{f916f162-d4e9-413b-95d2-589769dc98ff}w64.sys
CMD: C:\Windows\SysWOW64\regsv32.exe /u "C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"
CMD: C:\Windows\SysWOW64\regsv32.exe /u C:\ProgramData\YTAHelper\YTAHelper.dll
CMD: netsh winsock reset
Reboot:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Przejdź w Tryb awaryjny Windows. Uruchom FRST i kliknij w Fix. Gdy Fix ukończy pracę, nastąpi restart systemu - opuść Tryb awaryjny. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

2. Przez Panel sterowania odinstaluj:

- Adware: AppCloudUpdater, iWebar, Linkey, Math Problem Solver, My Program version 1.5, NetCrawl, Remote Desktop Access, Sense, Settings Manager, Shopper-Pro, WindowsMangerProtect20.0.0.502, Yahoo! Search.

- Stare wersje: Adobe Flash Player 11, Java 6 Update 17.

3. W Google Chrome:

Ustawienia > karta Rozszerzenia > odinstaluj NetCrawl (o ile będzie nadal widoczny po w/w deinstalacjach)
Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Zresetuj ustawienia przeglądarki. Zakładki i hasła nie zostaną naruszone.
Ustawienia > karta Ustawienia > sekcja Wyszukiwanie > klik w Zarządzanie wyszukiwarkami > skasuj z listy niedomyślne śmieci (o ile będą).
Zresetuj cache wtyczek. W pasku adresów wpisz chrome://plugins i ENTER. Na liście wtyczek wybierz dowolną i kliknij Wyłącz. Następnie wtyczkę ponownie Włącz.

Żadne z narzędzi nie skanuje konfiguracji Opery - zweryfkuj samodzielnie w rozszrzeniach czy są jakieś podejrzane dodatki, a znalezione odinstaluj.

4. Zrób nowy log FRST z opcji Scan, zaznacz ponownie pole Addition, by powstały dwa logi. Dołącz też plik fixlog.txt.

.

Zaloguj się

Zasyfiony komputer

Rekomendowane odpowiedzi

Comb0

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Zarejestruj nowe konto

Zaloguj się

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność