Avast wariuje // Infekcja: JS:Downloader-ZY [Trj]


(Haszysz) #1

co chwila ostrzeżenia, praktycznie na każdej stronie

 

URL:    h_utils_cdneurope_com__js__mo_js|{gzip}

 

jak tego się pozbyć, czym...

 

avast ostrzega ale skanowanie nie usuwa, Eset również nieskuteczny


(Acorus) #2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Haszysz) #3

http://wklej.org/id/1348689/

 

http://wklej.org/id/1348690/


(Acorus) #4

Otwórz Notatnik i wklej:

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1392293417from=coruid=TOSHIBAXMK3255GSX_796GC2P0TXX796GC2P0Tq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1392293417from=coruid=TOSHIBAXMK3255GSX_796GC2P0TXX796GC2P0Tq={searchTerms}
URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKCU - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1392293417from=coruid=TOSHIBAXMK3255GSX_796GC2P0TXX796GC2P0Tq={searchTerms}
SearchScopes: HKLM - {5D1F7A98-E4CC-4D93-AF23-65E5D00AA569} URL = http://startsear.ch/?aff=1src=spcf=2f2da9c4-d0b6-11e0-9a4b-00235afe9f9dq={searchTerms}
SearchScopes: HKCU - {5D1F7A98-E4CC-4D93-AF23-65E5D00AA569} URL = http://startsear.ch/?aff=1src=spcf=2f2da9c4-d0b6-11e0-9a4b-00235afe9f9dq={searchTerms}
SearchScopes: HKCU - {8E3382BD-CEFA-4114-A25C-75CF69A70F78} URL = http://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8type=937811p={searchTerms}
SearchScopes: HKCU - {92713802-52A3-4A24-8526-C1EA701F1724} URL = http://startsear.ch/?aff=1q={searchTerms}
FF Extension: Site Finder - C:\Users\Michał\AppData\Roaming\Mozilla\Firefox\Profiles\eynsifti.default\Extensions\sitefinder@sitefinder.com [2014-03-23]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\MICHA~1\AppData\Local\Temp\ccex.crx []
S2 Update BrowseMark; "C:\Program Files\BrowseMark\updateBrowseMark.exe" [X]
S2 Update Mega Browse; "C:\Program Files\Mega Browse\updateMegaBrowse.exe" [X]
S2 Util Mega Browse; "C:\Program Files\Mega Browse\bin\utilMegaBrowse.exe" [X]
S3 esgiguard; \\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 iSafeNetFilter; \\C:\Program Files\iSafe\iSafeNetFilter.sys [X]
2014-04-27 19:26 - 2014-04-27 19:26 - 00000000 ____ D () C:\Users\Michał\AppData\Roaming\eCyber
2014-04-27 19:26 - 2014-04-23 12:20 - 00038912 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-04-27 19:25 - 2014-04-28 23:28 - 00000000 ____ D () C:\Users\Michał\AppData\Roaming\iSafe
2014-04-25 23:28 - 2014-04-24 12:34 - 00055232 _____ (StdLib) C:\Windows\system32\Drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}Gt.sys
2014-04-20 13:02 - 2014-04-28 20:39 - 00000000 ____ D () C:\Program Files\BrowseMark

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST