Solution Real AD


(Pilers7) #1

Mam problem ze złośliwym oprogramowaniem które przekierowuje na strony z reklamami

 

bardzo proszę o pomoc bo sam nie dam rady

 

załączniki z logami FRST

 

http://wklej.org/id/1680288/

:frowning:


(Atis) #2

Usuń szkodliwe rozszerzenie Solution Real i Reverse Page w przeglądarce Firefox i Chrome

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1177238915-746137067-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150322
HKU\S-1-5-21-1177238915-746137067-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150322
SearchScopes: HKU\S-1-5-21-1177238915-746137067-839522115-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
FF Extension: Solution Real 1.0.1 - C:\Documents and Settings\Ireneusz\Dane aplikacji\Mozilla\Firefox\Profiles\3q42w0s8.default\Extensions\{1d7d694e-604c-4da2-9100-b2601d3a1c57}.xpi [2015-01-26]
FF Extension: Reverse Page 1.0.1 - C:\Documents and Settings\Ireneusz\Dane aplikacji\Mozilla\Firefox\Profiles\3q42w0s8.default\Extensions\{9664e2fb-2479-4d9b-8d32-25d1e0f46b03}.xpi [2015-01-19]
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1418292377&from=cor&uid=SAMSUNGXHD502HJ_S20BJ90Z606673"
CHR Extension: (Reverse Page) - C:\Documents and Settings\Ireneusz\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\pmalhbifcdmjbmnnmfigkignpjdnefac [2015-01-19]
CHR HKLM\...\Chrome\Extension: [gfofmjijdndbbfdfchibahfdlhncfhne] - C:\Program Files\profilinstylin\extension_2_5_1.crx [2011-06-29]
OPR Extension: (Torntv V9.0) - C:\Documents and Settings\Ireneusz\Dane aplikacji\Opera Software\Opera Stable\Extensions\lmnbobhffedhdhfpcjkjphcfpeeiocdn [2014-04-14]
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [X]
S0 uxwsm; System32\drivers\yddcdtmj.sys [X]
2015-03-19 18:13 - 2015-03-19 18:13 - 00000000 __SHD () C:\found.017
2015-03-20 23:25 - 2014-04-15 22:12 - 00000000 ____ D () C:\AdwCleaner
2015-03-08 16:57 - 2015-01-20 09:31 - 00000000 ____ D () C:\Documents and Settings\All Users\Dane aplikacji\c3e32f340000008d
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1177238915-746137067-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1177238915-746137067-839522115-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{0BA0530D-6B8A-4AC0-AF2C-9AA7CF67303A}.job => C:\WINDOWS\system32\msfeedssync.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Pilers7) #3

Dziękuję za pomoc , dalej sobie poradziłem i już wszystko jest ok.