Feedsnapdo i wyskakujące reklamy

canvasofourlife · 16 Październik 2015 12:00

Witam, tydzień temu zainstalowałam program i od tej pory mam problem z wirusami. Jest lepiej niż było wcześniej, ale w chrome ciągle instaluje się wyszukiwarka WebSearch, otwierają się reklamy i strona feed.snapdo.com która przekierowuje na search.sidecubes.com

Linki do raportów:

FRST: http://www.wklej.org/id/1818107/

Addition: http://www.wklej.org/id/1818109/

Shortcut: http://www.wklej.org/id/1818110/

Liczę na waszą pomoc

Atis · 16 Październik 2015 12:44

Po co Ci ten stary McAfee?

Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Usuń (Cleaning).

canvasofourlife · 16 Październik 2015 13:35

http://www.wklej.org/id/1818184/

Atis · 16 Październik 2015 14:00

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKU\S-1-5-21-1973737017-506514863-557159271-1000\...\Run: [MSConfig] = C:\Users\TOSHIBA\jrtl.exe [142336 2013-01-25] ()
HKU\S-1-5-21-1973737017-506514863-557159271-1000\...\Run: [AdobeBridge] = [X]
HKU\S-1-5-21-1973737017-506514863-557159271-1000\...\Run: [lollipop_05171711] = "c:\users\toshiba\appdata\local\lollipop\lollipop_05171711.exe" lollipop_05171711
HKU\S-1-5-21-1973737017-506514863-557159271-1000\...\Run: [GoogleChromeAutoLaunch_EADDA6AE232431773C2C261CB9F48191] = "C:\Program Files (x86)\MyBrowser\MyBrowser\Application\mybrowser.exe" --no-startup-window
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
GroupPolicy: Ograniczenia - Chrome ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia ======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3uid=110211PBG400M7J6SH3V_HTS545050B9Atm=1444428094
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3uid=110211PBG400M7J6SH3V_HTS545050B9Atm=1444428094
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3uid=110211PBG400M7J6SH3V_HTS545050B9Atm=1444428094
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3uid=110211PBG400M7J6SH3V_HTS545050B9Atm=1444428094
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1973737017-506514863-557159271-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdA3PxciZT9JXY4xB5H8XxW5aLTAnPfAp7PDViAmVRg-m0AMHCSvQbJ7SR28XSz81cwlw-3BvGSUwG-Af-cdAw05IS3ASApyCR9iiWIZ4Q7FIFa3pnvxFnPoWhFZzHpue64ogHcwOfqmjA4oq={searchTerms}
HKU\S-1-5-21-1973737017-506514863-557159271-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdA3PxciZT9JXY4xB5H8XxW5aLTAnPfAp7PDViAmVRg-m0AMHCSvQbJ7SR28XSz81cwlw-3BvGSUwG-Af-cdAw05IS3ASApyCR9iiWIZ4Q7FIFa3pnvxFnPoWhFZzHpue64ogHcwOfqmjA4oq={searchTerms}
HKU\S-1-5-21-1973737017-506514863-557159271-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdA3PxciZT9JXY4xB5H8XxW5aLTAnPfAp7PDViAmVRg-m0AMHCSvQbJ7SR28XSz81cDMBJS_9ElaI7bwYa-Jl6EB38Nk_v3D3rswrYbCTUfMBaVYB-0xqxzWBwI3k0XfOKKLx7QLaDPVUe8s
HKU\S-1-5-21-1973737017-506514863-557159271-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdA3PxciZT9JXY4xB5H8XxW5aLTAnPfAp7PDViAmVRg-m0AMHCSvQbJ7SR28XSz81cwlw-3BvGSUwG-Af-cdAw05IS3ASApyCR9iiWIZ4Q7FIFa3pnvxFnPoWhFZzHpue64ogHcwOfqmjA4oq={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-1973737017-506514863-557159271-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Treasure Track - {1ef422df-c387-4f0d-88d1-b75bdfd51013} - C:\Program Files (x86)\Treasure Track\Extensions\1ef422df-c387-4f0d-88d1-b75bdfd51013.dll = Brak pliku
BHO-x32: IEPluginBHO Class - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\TOSHIBA\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll = Brak pliku
FF NewTab: C:\ProgramData\Saophases\ff.NT
FF Homepage: C:\ProgramData\Saophases\ff.HP
FF Extension: nosmalltextpjsnl - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\rkoo2v12.default\Extensions\nosmalltext@pjs.nl [2015-10-13]
FF Extension: d57c9ff1638948fcb770f78bd89b6e8a - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\rkoo2v12.default\Extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} [2015-10-14]
FF Extension: Treasure Track - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\rkoo2v12.default\Extensions\{41f622d2-f0ee-4658-9f96-92d6bdce1b94}.xpi [2015-10-09]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\prefs.js [2015-10-13] ==== UWAGA (Linkuje do pliku *.cfg)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\cfg [2015-10-13] ==== UWAGA
CHR HomePage: Profile 1 - hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdA3PxciZT9JXY4xB5H8XxW5aLTAnPfAp7PDViAmVRg-m0AMHCSvQbJ7SR28XSz81cw-TkwB0LOhH9MVUYhy6RhhuK_zypNorswtAHZb0ESlrkAQBiQVJVco71OY-srLzJS2vhnuEJMyfqtH
CHR DefaultSearchURL: Profile 1 - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdA3PxciZT9JXY4xB5H8XxW5aLTAnPfAp7PDViAmVRg-m0AMHCSvQbJ7SR28XSz81cwylS2cvjOa4NQsuVabi1hwd-lIp4BY85W-ZU-YDIS4nmemOPJ7B510qXtk8xWuYNHpp4ynd9sJWegRq={searchTerms}
CHR DefaultSearchKeyword: Profile 1 - feed.sonic-search.com
CHR DefaultSuggestURL: Profile 1 - hxxps://search.yahoo.com/sugg/chrome?output=fxjsonappid=crmascommand={searchTerms}
OPR Extension: (Internet Speed Checker) - C:\Users\TOSHIBA\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbglkiiiofelplniblholffbhhjmdhhi [2014-08-31]
OPR Extension: (Filter Results) - C:\Users\TOSHIBA\AppData\Roaming\Opera Software\Opera Stable\Extensions\embjkdlfjccamokpokjfgmabeiccniie [2015-06-12]
OPR Extension: (Treasure Track) - C:\Users\TOSHIBA\AppData\Roaming\Opera Software\Opera Stable\Extensions\jielhefadplamaikldlgadajchiokdgl [2015-10-09]
OPR Extension: (Brak nazwy) - C:\Users\TOSHIBA\AppData\Roaming\Opera Software\Opera Stable\Extensions\papbadoldddalgcjcicnikcfenodpghp [2015-10-09]
R2 69ac7fee6add8e8.exe; C:\Users\TOSHIBA\AppData\Local\a739fa1977628258531dadadb91b9fb1\69ac7fee6add8e8.exe [93696 2014-05-27] () [Brak podpisu cyfrowego]
R2 updateupdaupdgteeece; C:\Users\TOSHIBA\AppData\Local\Hexjoyway.exe [59392 2015-10-09] () [Brak podpisu cyfrowego]
S2 384de7aceab425f.exe; C:\Users\TOSHIBA\AppData\Local\2f7f10e2b9b9ffad6a8bcf47d75ef08f\384de7aceab425f.exe [X]
S2 Saophase; C:\ProgramData\\Saophase\\Saophase.exe -f "C:\ProgramData\\Saophase\\Saophase.dat" -l -a
S2 Update Rock Turner; "C:\Program Files (x86)\Rock Turner\updateRockTurner.exe" [X]
R3 RegFltrX64; C:\Users\TOSHIBA\AppData\Local\a739fa1977628258531dadadb91b9fb1\RegFltrX64.sys [18064 2014-05-27] ()
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S1 {4a90d0b9-0668-4ad5-92c2-d78786884485}w64; system32\drivers\{4a90d0b9-0668-4ad5-92c2-d78786884485}w64.sys [X]
S1 {55685567-4840-4a91-962b-49a412e9485a}Gw64; system32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [X]
S1 {56db9de0-c769-4563-8e82-7e39885bf1ad}w64; system32\drivers\{56db9de0-c769-4563-8e82-7e39885bf1ad}w64.sys [X]
S1 {825c5be7-672f-4c14-9929-48a3a5e1a660}w64; system32\drivers\{825c5be7-672f-4c14-9929-48a3a5e1a660}w64.sys [X]
S1 {8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64; system32\drivers\{8ce1c375-1e13-43f7-a4fd-6530f47c4fde}w64.sys [X]
S1 {9cdb05d3-a225-439b-a302-3c928fc40412}w64; system32\drivers\{9cdb05d3-a225-439b-a302-3c928fc40412}w64.sys [X]
S1 {f2944598-b89f-4e10-b544-5173761572df}Gw64; system32\drivers\{f2944598-b89f-4e10-b544-5173761572df}Gw64.sys [X]
S1 {f2944598-b89f-4e10-b544-5173761572df}w64; system32\drivers\{f2944598-b89f-4e10-b544-5173761572df}w64.sys [X]
C:\Program Files\Common Files\*.exe
2015-10-16 12:42 - 2015-10-16 12:42 - 00000000 ____ D C:\Program Files\Common Files\hcwicaqr
2015-10-15 22:11 - 2015-10-15 22:11 - 00000000 ____ D C:\Program Files\Common Files\ujxbuxjv
2015-10-10 20:14 - 2015-10-10 20:14 - 00000000 ____ D C:\Program Files\Common Files\adfly5vv
2015-10-10 01:46 - 2015-10-10 01:46 - 00000000 ____ D C:\Program Files\Common Files\aei2kzej
2015-10-10 00:15 - 2015-10-10 00:15 - 00000000 ___DC C:\Users\Tata_2\AppData\Local\MigWiz
2015-10-10 00:01 - 2015-10-10 00:01 - 00000000 ____ D C:\Users\Tata_2\AppData\Local\MyBrowser
2015-10-10 00:01 - 2015-10-10 00:01 - 00000000 ____ D C:\Users\Tata_2\AppData\Local\Crsoft
2015-10-09 23:46 - 2015-10-09 23:46 - 00000296 _____ C:\task.vbs
2015-10-09 23:46 - 2015-10-09 23:46 - 00000000 ____ D C:\Users\TOSHIBA\AppData\Local\MyBrowser
2015-10-09 23:45 - 2015-10-09 23:45 - 00000000 ____ D C:\Users\TOSHIBA\AppData\Roaming\NetService
2015-10-09 23:35 - 2015-09-02 18:33 - 00000856 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-10-09 23:32 - 2015-10-10 00:02 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Users\TOSHIBA\AppData\Local\*.exe
2015-10-16 15:29 - 2014-05-30 18:01 - 00000000 ____ D C:\AdwCleaner
2014-04-17 09:49 - 2014-04-17 09:49 - 6000640 _____ () C:\Program Files (x86)\GUT85CF.tmp
2015-01-17 13:26 - 2015-01-17 14:32 - 0000053 _____ () C:\Users\TOSHIBA\AppData\Roaming\LogFile.txt
2015-10-09 23:38 - 2015-10-09 23:38 - 0000187 _____ () C:\Users\TOSHIBA\AppData\Local\Hexjoyway.exe.config
2015-09-13 23:28 - 2015-10-10 00:24 - 0000102 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\Users\TOSHIBA\AppData\Local\a739fa1977628258531dadadb91b9fb1
C:\ProgramData\Saophases
Task: {1FDD3769-3B13-4D7A-B4C2-A3950D7B1585} - System32\Tasks\vdU0LM1xK2LIriToZRoDQ = C:\Users\Tata_2\AppData\Roaming\vdU0LM1xK2LIriToZRoDQ.exe [2015-04-20] () ==== UWAGA
Task: {2FC0DF5B-B9B3-426E-9378-0458A918C8E0} - System32\Tasks\Adobe Acrobat Update Task = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {4C3F2EB9-F86D-4DDA-966B-8EF4BEEE245E} - System32\Tasks\{9B056229-AD05-4245-9936-DA614CAB33F1} = pcalua.exe -a C:\Users\TOSHIBA\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=cornl
Task: {5939F4C7-FCBB-46C5-9A05-3E861BBACB15} - System32\Tasks\{0CD46CBA-DD56-4103-998C-61DA255B907C} = pcalua.exe -a E:\startuj.exe -d E:\
Task: {66D5E517-C5E9-4B84-9978-F17052F5B906} - System32\Tasks\Apple\AppleSoftwareUpdate = C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {85655DB9-FEF3-4E0A-9A62-8555D8B13A08} - System32\Tasks\8ypo2KXRCKGWAXsDHlDK1I9qNQT = C:\Users\Tata_2\AppData\Roaming\8ypo2KXRCKGWAXsDHlDK1I9qNQT.exe [2015-04-20] () ==== UWAGA
Task: {885BD863-5222-4DE5-8B1A-7C43AA604951} - System32\Tasks\SvtYcrjt4zouG = C:\Users\Tata_2\AppData\Roaming\SvtYcrjt4zouG.exe [2015-04-20] () ==== UWAGA
Task: {B148A6BF-AE55-4DD2-8E9C-BC8E8E885788} - System32\Tasks\{FD9BE162-F651-47D0-80EE-92B659F8EDC9} = pcalua.exe -a C:\Users\TOSHIBA\Downloads\115-INST-WIN7-A.EXE -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {BA2A6B1A-B6AC-460A-90B8-D0D21E8F7AF9} - System32\Tasks\{7C742ECE-5CCE-4EE1-B0C0-7E6E11557415} = pcalua.exe -a C:\Users\TOSHIBA\Downloads\sąsiedzi\DirectX\dxsetup.exe -d C:\Users\TOSHIBA\Downloads\sąsiedzi\DirectX
Task: {C49A5032-8779-4670-9CE3-0B7EB26284B6} - System32\Tasks\temp_82391bc4-d5d4-4eb6-9d72-35c830901967-10_user = C:\Program Files (x86)\GoHD\82391bc4-d5d4-4eb6-9d72-35c830901967-10.exe ==== UWAGA
Task: {C6FEB27A-42E6-46BF-898C-6A12808657BF} - System32\Tasks\iroduct = C:\Windows\system32\config\systemprofile\AppData\Local\Strongplus [2015-10-09] ()
Task: {DA59B115-CA5F-430E-9B99-FB119E45000E} - System32\Tasks\Oy7K0flvO3eZEt = C:\Users\Tata_2\AppData\Roaming\Oy7K0flvO3eZEt.exe [2015-04-20] () ==== UWAGA
Task: C:\Windows\Tasks\8ypo2KXRCKGWAXsDHlDK1I9qNQT.job = C:\Users\Tata_2\AppData\Roaming\8ypo2KXRCKGWAXsDHlDK1I9qNQT.exe ==== UWAGA
Task: C:\Windows\Tasks\Oy7K0flvO3eZEt.job = C:\Users\Tata_2\AppData\Roaming\Oy7K0flvO3eZEt.exe ==== UWAGA
Task: C:\Windows\Tasks\SvtYcrjt4zouG.job = C:\Users\Tata_2\AppData\Roaming\SvtYcrjt4zouG.exe ==== UWAGA
Task: C:\Windows\Tasks\temp_82391bc4-d5d4-4eb6-9d72-35c830901967-10_user.job = C:\Program Files (x86)\GoHD\82391bc4-d5d4-4eb6-9d72-35c830901967-10.exe ==== UWAGA
Task: C:\Windows\Tasks\vdU0LM1xK2LIriToZRoDQ.job = C:\Users\Tata_2\AppData\Roaming\vdU0LM1xK2LIriToZRoDQ.exe ==== UWAGA
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc = ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS = ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc = ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc = ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS = ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire = ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek = ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys = ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk = ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys = ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp = ""="Driver"
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

canvasofourlife · 16 Październik 2015 14:45

Fixlog: http://wklej.org/id/1818234/

FRST: http://wklej.org/id/1818235/

Atis · 16 Październik 2015 15:15

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF NewTab: C:\\ProgramData\\Saophases\\ff.NT
FF Homepage: C:\\ProgramData\\Saophases\\ff.HP
OPR Extension: (Brak nazwy) - C:\Users\TOSHIBA\AppData\Roaming\Opera Software\Opera Stable\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-10-09]
OPR Extension: (Brak nazwy) - C:\Users\TOSHIBA\AppData\Roaming\Opera Software\Opera Stable\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-10-09]
OPR Extension: (Brak nazwy) - C:\Users\TOSHIBA\AppData\Roaming\Opera Software\Opera Stable\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2015-10-13]
OPR Extension: (Brak nazwy) - C:\Users\TOSHIBA\AppData\Roaming\Opera Software\Opera Stable\Extensions\omioomoieildjihcajfoobhhiecjkmfn [2015-10-13]
C:\ProgramData\Saophases
C:\Users\TOSHIBA\*.exe
RemoveProxy:
Hosts:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

canvasofourlife · 16 Październik 2015 15:20

raport z usuwania fixlog: http://www.wklej.org/id/1818267/

FRST: http://www.wklej.org/id/1818268/

Atis · 16 Październik 2015 15:39

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Skasuj folder C:\FRST

canvasofourlife · 16 Październik 2015 16:31

Wielkie dzięki! Komputer śmiga jak nowy