Dzień Dobry,
nie mogę usunąć wirusa. Czy mógłby mi ktoś pomóc w pozbyciu się tego?
Oto logi:
FRST:
Additional:
Pozdrawiam
W panelu sterowania odinstaluj:
Norton Internet Security
Norton PC Checkup
SpyHunter
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKU\S-1-5-21-2167232543-4056050368-1067044302-1000\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1455.0.0.0\jsdrv.exe
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2167232543-4056050368-1067044302-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Cyti Web 1.0.0.6 -> {aa2fac44-d24d-4fed-9e32-397d138365f1} -> C:\Program Files (x86)\Cyti Web\CytiWebbho.dll No File
Toolbar: HKU\S-1-5-21-2167232543-4056050368-1067044302-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2167232543-4056050368-1067044302-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Extension: Better Finder - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\kj6jsbxz.default\Extensions\{142c88f6-8b34-46f3-938d-72ffd58238dc} [2014-12-30]
FF Extension: Cyti Web 1.0.1 - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\kj6jsbxz.default\Extensions\{14d0f170-74e0-4cbf-843b-3db832216c50}.xpi [2014-12-30]
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1419953693&from=amt&uid=KINGSTONXSV300S37A120G_50026B733104360F
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1419953693&from=amt&uid=KINGSTONXSV300S37A120G_50026B733104360F"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR Extension: (HQ-Video-Pro-2.1cV30.12) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnkbaeamfbhdnmilamlkagpfgimgppo [2014-12-30]
S2 YTDUpdt; C:\PROGRA~2\YTDOWN~1\YTDUPD~1.EXE [X]
S1 ccnfd_1_10_0_5; system32\drivers\ccnfd_1_10_0_5.sys [X]
C:\AdwCleaner
C:\Users\Tomek\AppData\Local\nst3DD2.tmp
Task: {3350F330-67B6-4BCC-BDC3-B8D87659F311} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {35A5F5C3-EF44-4283-9090-679EA4BB18A6} - System32\Tasks\{DFB31754-5458-472C-A04B-3EBB4FBA61D0} => pcalua.exe -a C:\Users\Tomek\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=amt
Task: {3F254F31-2CDF-48E4-AF60-E7061A9A5D68} - System32\Tasks\SPBIW_UpdateTask_Time_323339313038323936332d344a414155342a2a236c6c5a => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {4AECB942-B605-4C84-BA97-464E940C67C8} - System32\Tasks\Voo Update => C:\Users\Tomek\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4F81FF64-F8EF-4455-9196-4340E74CAB00} - System32\Tasks\OTGSOUVA => C:\Users\Tomek\AppData\Roaming\OTGSOUVA.exe [2014-12-30] (Object Browser) <==== ATTENTION
Task: {709DCAF9-96FC-480A-B766-97F83BD31E58} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {7B6FC2FF-54EB-4DE5-874A-4046E361DE64} - System32\Tasks\XDT => C:\Users\Tomek\AppData\Roaming\XDT.exe [2014-12-30] (Object Browser) <==== ATTENTION
Task: {93DDA860-CC60-4809-9DF4-1F1467CFF4B1} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-01-03] (Enigma Software Group USA, LLC.)
Task: {9A8B5CDD-CC63-4BB0-8FE3-7DEBFDD2410B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {BC40CFEA-7C66-4560-A0E0-CD9110D41373} - System32\Tasks\TGFW => C:\Users\Tomek\AppData\Roaming\TGFW.exe [2014-12-30] (HQ-VideoV30.12) <==== ATTENTION
Task: {D4800787-77F9-4D89-BE57-824958CF3307} - System32\Tasks\WFEC => C:\Users\Tomek\AppData\Roaming\WFEC.exe [2014-12-30] (HQ-VideoV30.12) <==== ATTENTION
Task: C:\Windows\Tasks\OTGSOUVA.job => C:\Users\Tomek\AppData\Roaming\OTGSOUVA.exe <==== ATTENTION
Task: C:\Windows\Tasks\TGFW.job => C:\Users\Tomek\AppData\Roaming\TGFW.exe <==== ATTENTION
Task: C:\Windows\Tasks\Voo Update.job => C:\Users\Tomek\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\WFEC.job => C:\Users\Tomek\AppData\Roaming\WFEC.exe <==== ATTENTION
Task: C:\Windows\Tasks\XDT.job => C:\Users\Tomek\AppData\Roaming\XDT.exe <==== ATTENTION
C:\Users\Tomek\AppData\Roaming\*.exe
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
Skasuj folder C:\FRST
Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
http://wstaw.org/m/2014/03/25/2014-03-25_123039.png
Język PL > Settings > General Settings > Language > Polish
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK
Odinstaluj:
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.03)
Microsoft Silverlight
Zainstaluj:
Flash Player 16.0.0.235 ActiveX