Powered by new game - wirus


(Karolo15) #1

Zapewne przy instalacji jakiegoś programu zainstalowało się coś nie chcianego.

Dość często przy klikaniu w odnośniki lub cokolwiek innego na stronie przenosi mnie, gdzie nazwa karty to "powered by new game".

Ktoś wie jak się tego pozbyć?


(Giiixxxx6) #2

http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowi%C4%85zkowy-t478727/


(Karolo15) #3

http://www.wklej.org/id/1696921/ - FRST

http://www.wklej.org/id/1696924/ - Addition


(Acorus) #4

Odinstaluj Ace Stream Media 3.0.8,BrowseMark,Plus-HD-9.6,XTab.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

Pokaż nowe logi z FRST.


(Karolo15) #5

http://wklej.org/id/1697034/ - FRST

http://wklej.org/id/1697036/ - Addition


(Acorus) #6

Otwórz notatnik systemowy i wklej:

Task: {39A72934-532E-4B54-97B5-9AB7B83A9E74} - System32\Tasks\new_game_notification_service = C:\Program Files (x86)\new game\new_game_notification_service.exe [2015-04-01] (FileProperties_CompanyName) ==== ATTENTION
Task: {7A788B3C-8A6A-4747-B3D8-36D6B6B6222E} - System32\Tasks\{F7E23FFB-0F0F-4186-9453-CDC17D24DE0F} = pcalua.exe -a C:\Users\Karol\AppData\Roaming\do-search\UninstallManager.exe -c -ptid=cor
Task: {81A594AF-D985-4C03-8426-8E5FF10CAD59} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1841010442-525031262-402095785-1002Core = C:\Users\Karol\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {88E9B4CB-86CB-4C83-A977-803AC391B7BB} - System32\Tasks\{D5AFF407-DA85-4FB2-89B2-54DE55F93698} = Chrome.exe http://ui.skype.com/ui/0/6.14.0.104/pl/abandoninstall?page=tsProgressBar
Task: {89BE76ED-16E3-48E8-9165-E838030F3779} - System32\Tasks\{E22331EC-94A0-49B6-9EDA-BEC8A3FAAC9C} = pcalua.exe -a "C:\Program Files (x86)\Plus-HD-9.6\Uninstall.exe" -c /fcp=1
Task: {F1595C74-54CE-4B28-BA0B-534FDB03E154} - System32\Tasks\new_game_updating_service = C:\Program Files (x86)\new game\new_game_updating_service.exe ==== ATTENTION
Task: C:\Windows\Tasks\new_game_notification_service.job = C:\Program Files (x86)\new game\new_game_notification_service.exeä/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='new game' /appid='73143' /srcid='2913' /bic='9d14b84a8637803a8f28ff8272de7653' /verifier='2bedf22f04be6706d178fcdabab20d49' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif ==== ATTENTION
Task: C:\Windows\Tasks\new_game_updating_service.job = C:\Program Files (x86)\new game\new_game_updating_service.exe© /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=new_game_updating_service /funurl=http:/stats.buildomserv.com ==== ATTENTION
HKLM-x32\...\Run: [TasksWatch] = "C:\Users\Karol\AppData\Local\Temp\TasksWatch.exe" ===== ATTENTION
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [fst_en_105] = [X]
HKLM-x32\...\Run: [t4pc_en_4] = [X]
HKLM-x32\...\Run: [t4pc_en_7] = [X]
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 - {B2790B09-1B5B-4AFA-A348-32605CC089F6} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
CHR HKLM-x32\...\Chrome\Extension: [cfhlbgikcphkiacdcicmiedohdgpdlca] - C:\Program Files (x86)\OApps\chrome-sl.crx [Not Found]
OPR Extension: (Plus-HD-9.6) - C:\Users\Karol\AppData\Roaming\Opera Software\Opera Stable\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2014-06-08]
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
U3 aheayimd; C:\Windows\System32\Drivers\aheayimd.sys [0] (Advanced Micro Devices) ==== ATTENTION (zero size file/folder)
U0 sr; No ImagePath
2015-04-26 14:02 - 2015-04-26 14:06 - 00000000 ____ D () C:\AdwCleaner
2015-04-26 13:58 - 2015-04-26 13:58 - 00003128 _____ () C:\Windows\System32\Tasks\{E22331EC-94A0-49B6-9EDA-BEC8A3FAAC9C}
2015-04-26 12:02 - 2015-04-26 12:02 - 00003158 _____ () C:\Windows\System32\Tasks\{F7E23FFB-0F0F-4186-9453-CDC17D24DE0F}
2015-04-03 15:49 - 2015-04-03 15:49 - 01577472 _____ () C:\Users\Karol\AppData\Roaming\dSuaV2h1IuqXMtxP3Vwsi6kn8hJ.exe
2015-04-02 12:58 - 2015-04-03 15:49 - 01577472 _____ () C:\Users\Karol\AppData\Roaming\trzF6F9.tmp
2015-03-31 10:14 - 2015-03-31 10:14 - 0005655 _____ () C:\Users\Karol\AppData\Roaming\dSuaV2h1IuqXMtxP3Vwsi6kn8hJ
2015-04-03 15:49 - 2015-04-03 15:49 - 1577472 _____ () C:\Users\Karol\AppData\Roaming\dSuaV2h1IuqXMtxP3Vwsi6kn8hJ.exe
2015-03-31 10:14 - 2015-03-31 10:14 - 0005655 _____ () C:\Users\Karol\AppData\Roaming\g3hgX37MGHn
2014-12-30 10:01 - 2014-12-30 10:01 - 1830376 _____ (Object Browser) C:\Users\Karol\AppData\Roaming\NVSP.exe
2015-04-02 12:58 - 2015-04-03 15:49 - 1577472 _____ () C:\Users\Karol\AppData\Roaming\trzF6F9.tmp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.1.4.1018.exe