Problem z raklamami Pricefountain

Dla specjalistów Bezpieczeństwo
#1

Witam. Mam problem odnośnie wyświetlania się niepożądanych przeze mnie reklam z PriceFountain. Robiłem czyszczenie  przez adwcleaner, odinstalowywałem przeglądarkę Mozilla, ale nadal nic. Mógłbym uzyskać poradę odnośnie usunięcia tego zakażenia :/?

#2
https://forum.dobreprogramy.pl/t/471355/1?source_topic_id=509087
#3

o to chodzi? Jeśli tak to prosze :slight_smile:

http://www.wklej.org/id/2168070/

http://www.wklej.org/id/2168073/

http://www.wklej.org/id/2168099/

#4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-18\...\RunOnce: [SPReview] = C:\Windows\System32\SPReview\SPReview.exe [280576 2016-02-28] (Microsoft Corporation)
SearchScopes: HKLM - DefaultScope - brak wartości
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-16] [Brak podpisu cyfrowego]
CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-213309795-2150301066-424735775-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-03-26 19:55 - 2016-03-26 19:55 - 00000016 _____ C:\ProgramData\mntemp
2016-03-26 19:47 - 2016-03-26 19:47 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Hubert\Downloads\sh-remover(1).exe
2016-03-26 19:33 - 2016-03-26 19:33 - 00000000 ____ D C:\ProgramData\GridinSoft
2016-03-26 19:08 - 2016-03-26 19:09 - 00000000 ____ D C:\sh4ldr
2016-03-26 19:07 - 2016-03-26 19:07 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Hubert\Downloads\sh-remover.exe
2016-03-26 19:07 - 2016-03-26 19:07 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Hubert\Downloads\sh-remover (1).exe
2016-03-26 18:03 - 2016-03-26 18:04 - 01013727 _____ ( ) C:\Users\Hubert\Downloads\CCleaner-13061-dp.exe
2016-03-26 18:00 - 2016-03-26 18:00 - 01013727 _____ ( ) C:\Users\Hubert\Downloads\HijackThis-12030-dp.exe
2016-03-13 00:15 - 2016-03-13 00:21 - 00000000 ____ D C:\Program Files\AdwCleaner
2016-03-12 14:40 - 2016-03-26 18:11 - 00000000 ____ D C:\Users\Hubert\AppData\Local\AdministrationsProvenly
2016-03-12 14:40 - 2016-03-26 15:40 - 00000296 _____ C:\Windows\Tasks\PriceFountainUpdateVer.job
2016-03-12 14:40 - 2016-03-12 14:40 - 07600640 _____ C:\Users\Hubert\AppData\Roaming\agent.dat
2016-03-12 14:40 - 2016-03-12 14:40 - 01786944 _____ C:\Users\Hubert\AppData\Roaming\Jaykix.tst
2016-03-12 14:40 - 2016-03-12 14:40 - 00127488 _____ C:\Users\Hubert\AppData\Roaming\Installer.dat
2016-03-12 14:40 - 2016-03-12 14:40 - 00126464 _____ C:\Users\Hubert\AppData\Roaming\noah.dat
2016-03-12 14:40 - 2016-03-12 14:40 - 00065040 _____ C:\Users\Hubert\AppData\Roaming\Config.xml
2016-03-12 14:40 - 2016-03-12 14:40 - 00018432 _____ C:\Users\Hubert\AppData\Roaming\Main.dat
2016-03-12 14:40 - 2016-03-12 14:40 - 00011424 _____ C:\Users\Hubert\AppData\Roaming\InstallationConfiguration.xml
2016-03-12 14:40 - 2016-03-12 14:40 - 00005568 _____ C:\Users\Hubert\AppData\Roaming\md.xml
2016-03-12 14:40 - 2016-03-12 14:40 - 00000000 ____ D C:\Users\Hubert\AppData\Roaming\PriceFountainUpdateVer
2016-03-03 16:13 - 2016-03-14 13:15 - 00000000 ____ D C:\ProgramData\TEMP
2016-03-01 21:40 - 2016-03-01 21:40 - 00000000 __SHD C:\Windows\system32\dtmcfg
2016-02-29 17:45 - 2016-02-29 17:45 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2016-02-29 07:01 - 2016-03-26 20:00 - 00000000 ____ D C:\AdwCleaner
2016-03-26 17:09 - 2016-02-21 20:57 - 00022536 _____ C:\ProgramData\.windows.sys
2016-02-26 22:51 - 2016-02-19 18:38 - 00000000 ___SD C:\Users\Hubert\AppData\LocalLow\Temp
Task: {1A1A33A6-6FFA-4DAD-8DBB-8EDEF559C842} - System32\Tasks\HubertAdministrationsProvenlyV2 = Rundll32.exe VaryinglyPlummiest.dll,main 7 1 ==== UWAGA
Task: {70303BA0-8032-4613-8E9B-A1E84283B3D7} - System32\Tasks\{63CEC59D-90AD-4486-9319-22875A40AB90} = pcalua.exe -a C:\Users\Hubert\Desktop\mm-wersja_ukryta.exe -d C:\Users\Hubert\Desktop
Task: {77D45925-598B-4DB4-91B4-74E2602AE7A4} - System32\Tasks\klcp_update = C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-02-19] ()
Task: {BD3D5AC5-0574-45F3-8205-595C73A4FF67} - System32\Tasks\GridinSoft Anti-Malware = C:\Program Files\GridinSoft Anti-Malware\gsam.exe
Task: {C59DA72A-FB45-4834-8D83-0BDFBA2F384F} - System32\Tasks\{89CDE7DD-0D3D-469E-811D-1BB4B71A200B} = pcalua.exe -a C:\Users\Hubert\AppData\Local\Temp\Rar$EXa0.039\setup.exe -d C:\Users\Hubert\AppData\Local\Temp\Rar$EXa0.039 -c runasadmin
Task: {C5DA01F2-4368-49B7-8DD8-A617F133DFD5} - System32\Tasks\SYSTEM = C:\ProgramData\wmc.exe ==== UWAGA
C:\ProgramData\wmc.exe
Task: {FDFBD542-295F-40AC-AF5E-E1FC8E829600} - System32\Tasks\PriceFountainUpdateVer = C:\Users\Hubert\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE ==== UWAGA
Task: C:\Windows\Tasks\PriceFountainUpdateVer.job = C:\Users\Hubert\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE ==== UWAGA
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

#5

Prosze :slight_smile:

http://www.wklej.org/id/2168296/

http://www.wklej.org/id/2168298/

#6

Skasuj folder C:\FRST

#7

Okej, dzięki za pomoc.