Usunięcie wirusa OffersWizard


(Blondass323) #1

Nie mogę tego cholerstwa usunąc...

http://www.wklej.org/id/1413132/

http://www.wklej.org/id/1413133/

(Atis) #2

W panelu sterowania odinstaluj:

IePluginService12.27.0.3326

LiveVDO

Network System Driver

Media View

Media Watch

SupTab

FLV Player

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Pobierz Farbar Recovery Scan Tool 32-Bit Version

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.


(Blondass323) #3
http://www.wklej.org/id/1413192/
http://www.wklej.org/id/1413193/

(Atis) #4

Odinstaluj Trust Media Viewer.

Pobierz i uruchom MCPR.exe:

http://service.mcafee.com/FAQDocument.aspx?id=TS101331

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %system%\webcheck.dll No File
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = 
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - URL http://search.certified-toolbar.com?si=43251&st=bs&tid=3623&ver=3.2&ts=1368018672484&tguid=43251-3623-1368018672484-EB4B8EB9EB51CF4364AA4FB1A5C89A7B&q={searchTerms}
SearchScopes: HKLM - SuggestionsURL_JSON http://api.widdit.com/suggestions/?format=ffplugin&ua=ie&src=addon&si=43251&gid=43251-3623-1368018672484-EB4B8EB9EB51CF4364AA4FB1A5C89A7B&dbCode=1&command={searchTerms}
SearchScopes: HKLM - TopResultURLFallback http://search.certified-toolbar.com?si=43251&st=bs&tid=3623&ver=3.2&ts=1368018672484&tguid=43251-3623-1368018672484-EB4B8EB9EB51CF4364AA4FB1A5C89A7B&q={searchTerms}
SearchScopes: HKCU - {7C06E0F7-876F-4BA3-8441-81C5A5A8AAB2} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-shoutcast-chromesbox-en-us
BHO: Trust Media Viewer - {960a58a0-46a4-4f30-998e-abc4cd275855} - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha258\ie\TrustMediaViewerV1alpha258.dll ()
BHO: Media Watch - {a99dc711-dfa8-4a00-bc86-30baa8f51113} - C:\Program Files\MediaWatchV1\MediaWatchV1home569\ie\MediaWatchV1home569.dll No File
FF Extension: عارض PDF - C:\Documents and Settings\Basia\Dane aplikacji\Mozilla\Firefox\Profiles\olsfyncq.default\Extensions\uriloader@pdf.js.xpi [2012-11-18]
FF HKLM\...\Firefox\Extensions: [{6E19037A-12E3-4295-8915-ED48BC341614}] - C:\Program Files\RelevantKnowledge
FF HKLM\...\Firefox\Extensions: [ext@MediaWatchV1home569.net] - C:\Program Files\MediaWatchV1\MediaWatchV1home569\ff
FF HKLM\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha258.net] - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha258\ff
FF Extension: Trust Media Viewer - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha258\ff [2014-06-28]
CHR Extension: (Media View) - C:\Documents and Settings\Basia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\apndggcglggkdilebbmchnbkieioiapb [2014-03-08]
CHR Extension: (Media Watch) - C:\Documents and Settings\Basia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\cbpdfnkbefenfopilkgiilmjdfealbkb [2014-03-23]
CHR Extension: (Media View) - C:\Documents and Settings\Basia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\dodoiijhcclmfbkddibipcehpeemjlib [2014-03-16]
CHR Extension: (Rich Media View) - C:\Documents and Settings\Basia\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\knppfgdjcjnjanecplaaanhmijkmbnhl [2014-06-16]
CHR HKLM\...\Chrome\Extension: [cbpdfnkbefenfopilkgiilmjdfealbkb] - C:\Program Files\MediaWatchV1\MediaWatchV1home569\ch\MediaWatchV1home569.crx [2013-06-02]
CHR HKLM\...\Chrome\Extension: [dnglljjcfknkmbmeoonidnlieaafgkdi] - C:\Program Files\TrustMediaViewerV1\TrustMediaViewerV1alpha258\ch\TrustMediaViewerV1alpha258.crx [2014-06-25]
CHR HKLM\...\Chrome\Extension: [pbigfkbippnoeffniighecdghnbnmced] - C:\Program Files\HomeTab\chrome\HomeTab.crx [2011-12-12]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S4 IntelIde; No ImagePath
U3 ak3xstis; No ImagePath
U3 aymbpfsg; No ImagePath
C:\awh*.tmp
C:\AdwCleaner
C:\Program Files\HomeTab
C:\Program Files\TrustMediaViewerV1
C:\Documents and Settings\Basia\*.exe
C:\Documents and Settings\Basia\Ustawienia lokalne\temp\*.exe
Task: C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
Task: C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files\WinZip Registry Optimizer\Winzipro.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Blondass323) #5
http://wklej.to/zS0vy
http://wklej.to/OijSx

(Atis) #6

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-1060284298-1214440339-725345543-1004\...\RunOnce: [Shockwave Updater] - C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100465.exe [447928 2008-08-06] (Adobe Systems, Inc.)
FF SearchEngineOrder.1: v9
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File

Uruchom FRST i kliknij Fix. Później skasuj folder C:\FRST

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj Java 7 Update 51 i dobe Shockwave Player 11.

Zainstaluj Java 7 Update 60 i Internet Explorer 8