Witam,
mam problem w przeglądarkach internetowych. Przeglądając strony internetowe wyskakują mi reklamy. Ten wirus to FineDealSoft. Poniżej zamieszczam raport FRST i Addition.
Pozdrawiam :)
Raport FRST
Raport Addition
Odinstaluj Spybot - Search & Destroy,Your Software Deals.Otwórz notatnik systemowy i wklej:
Task: {42A9C2FF-657C-4764-9BF1-405A3D1E9AA4} - \OPHMZ No Task File ==== ATTENTION
Task: {87CEDB7E-6AE4-42B9-8073-0304F8CC82E2} - System32\Tasks\Ad-Aware Update (Weekly) = C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2015-01-18] (Lavasoft Limited
Task: {C759BE68-63E9-4B16-94E9-89A73D5F91C7} - \UCPFP No Task File ==== ATTENTION
Task: C:\WINDOWS\Tasks\OPHMZ.job = C:\Users\natalia\AppData\Roaming\OPHMZ.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\UCPFP.job = C:\Users\natalia\AppData\Roaming\UCPFP.exe ==== ATTENTION
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM-x32\...\Run: [LManager] = [X]
HKLM-x32\...\Run: [WinCheck] = C:\Users\natalia\AppData\Local\wincheck\wincheck.exe
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1392325932-1202368925-3383936997-1002\...\Run: [SpybotSD TeaTimer] = C:\Program Files (x86)\Spybot - Search Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
BootExecute: autocheck autochk * bootdeletebootdelete
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
ProxyEnable: [.DEFAULT] = Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] = http=127.0.0.1:52798;https=127.0.0.1:52798
ProxyServer: [S-1-5-21-1392325932-1202368925-3383936997-1002] = http=127.0.0.1:52798;https=127.0.0.1:52798
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1392325932-1202368925-3383936997-1001 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
FF DefaultSearchEngine: Ask Web Search
FF SelectedSearchEngine: Ask Web Search
FF SearchPlugin: C:\Users\natalia\AppData\Roaming\Mozilla\Firefox\Profiles\04ebw2m2.default-1421868716899\searchplugins\ask-web-search.xml [2015-04-07]
CHR Extension: (No Name) - C:\Users\natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\idleccfmggiaaiekjmagphfmpjdpfghl [2015-01-16]
CHR Extension: (No Name) - C:\Users\natalia\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdeaofcapijfmeopimkgcepdpbdepnb [2015-01-16]
CHR Extension: (FineDealoSoft) - C:\ProgramData\jhafnpahhllbaokemhkjffednfmmcada\ []
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2015-03-04] (Lavasoft Limited)
S2 panda_url_filtering; C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [X]
S3 panda_url_filteringd; \\C:\ProgramData\Panda Security URL Filtering\panda_url_filteringd.sys [X]
2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\natalia\AppData\Roaming\OPHMZ
2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\natalia\AppData\Roaming\UCPFP
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Dziękuję pomogło! :)
Byłabym też wdzięczna za pomoc w drugim przypadku.
Wklejam logi
FRST
Addition
Nie zakładam nowego tematu gdyż nie chcę zaśmiecać forum a jest to podobny problem, dziekuję za pomoc z góry :)
Odinstaluj Callout Compress,CinemaPlus-3.2cV07.05,Edu App,GamesDesktop 008.109,HD Cinema Pro 1.8cV06.05,istartsurf uninstall,iWebar,MyBestOffersToday 008.194,Object Browser,oursurfing uninstall,PraIceLuEss,Shopper-Pro,SmartWeb,Support PL 1.1,YTDownloader.Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
Pokaż nowe logi z FRST.
Otwórz notatnik systemowy i wklej:
HKLM\...\Run: [cpuminer] = C:\WINDOWS\system32\cpuminer-gw64.exe [1353488 2015-05-08] ()
HKLM\...\Run: [cpuminer-gpu] = C:\Users\Asika\AppData\Roaming\cpuminer\sgminer\sgminer.cmd [96 2015-05-02] ()
HKLM-x32\...\Run: [mbot_pl_194] = [X]
HKLM-x32\...\Run: [gmsd_pl_109] = [X]
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1640847110-3398383204-705248648-1001 - {ABF95F84-C336-421A-8C97-89345092F991} URL = http://ask-tb.com/web?tpid=SLS-RGo=Y10004pf=V7p2=^B9P^YYYYYY^YY^PLgct=itbv=12.23.0.191apn_uid=7978994F-6BF1-4487-AC0B-3EBD5BF39F5Bapn_ptnrs=^B9Papn_dtid=^YYYYYY^YY^PLapn_dbr=iexplore.exe_6_11.0.9600.17416doi=2015-02-10trgb=ALLq={searchTerms}psv=pt=tb
R2 xepyqixi; C:\Users\Asika\AppData\Local\C97CDF30-1431133228-81F5-373B-40167E100821\snsiAC2.tmp [235520 2015-05-09] () [File not signed]
S2 kopibuve; C:\Users\Asika\AppData\Roaming\C97CDF30-1431125792-81F5-373B-40167E100821\jnskBE05.tmp [X]
S2 pujodigi; C:\Users\Asika\AppData\Roaming\C97CDF30-1431125792-81F5-373B-40167E100821\nsc3E87.tmp [X]
S3 WinRing0_1_2_0; \\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
2015-05-11 20:30 - 2015-05-11 20:33 - 00000000 ____ D () C:\AdwCleaner
2015-05-09 01:04 - 2015-05-11 20:34 - 00001024 _____ () C:\WINDOWS\Tasks\51dCgkFN0uOHBcImL9M42.job
2015-05-09 01:04 - 2015-05-09 01:04 - 00004024 _____ () C:\WINDOWS\System32\Tasks\51dCgkFN0uOHBcImL9M42
2015-05-09 01:00 - 2015-05-09 01:00 - 00000000 ____ D () C:\Users\Public\Documents\ShopperPro
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Asika\AppData\Roaming\51dCgkFN0uOHBcImL9M42
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Asika\AppData\Roaming\51dCgkFN0uOHBcImL9M42.exe
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Asika\AppData\Roaming\GqTWF2izG4ALH1g27RkN
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Asika\AppData\Roaming\GqTWF2izG4ALH1g27RkN.exe
2015-05-09 01:14 - 2015-05-09 01:14 - 0613255 _____ (CMI Limited) C:\Users\Asika\AppData\Local\nsxAE9.tmp
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
C:\Users\Asika\Uninstall XVM FULL 5.5.1 conf by DjVirusPL 0.9.5 v3.exe
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Niestety to nic nie pomogło :/
Wklejam jeszcze raz nowe logi z FRST i Addition
FRST
Addition
Otwórz notatnik systemowy i wklej:
Task: {3C39F289-DF84-44A3-BB03-295BB557B869} - System32\Tasks\GqTWF2izG4ALH1g27RkN = C:\Users\Asika\AppData\Roaming\GqTWF2izG4ALH1g27RkN.exe ==== ATTENTION
Task: C:\WINDOWS\Tasks\GqTWF2izG4ALH1g27RkN.job = C:\Users\Asika\AppData\Roaming\GqTWF2izG4ALH1g27RkN.exe ==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
ShellIconOverlayIdentifiers-x32: [SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} = C:\Users\Asika\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} = C:\Users\Asika\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll No File
ShellIconOverlayIdentifiers-x32: [SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} = C:\Users\Asika\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll No File
CHR Extension: (bpconcjcammlapcogcnnelfmaeghhagj) - C:\Users\Asika\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2015-05-14]
CHR Extension: (Bookmark Manager) - C:\Users\Asika\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-12]
R2 setylewu; C:\Users\Asika\AppData\Local\C97CDF30-1431133196-81F5-373B-40167E100821\cnssA39E.tmp [183808 2015-05-09] () [File not signed]
S2 insvc_1.10.0.14; "C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe" [X]
R1 innfd_1_10_0_14; C:\Windows\System32\drivers\innfd_1_10_0_14.sys [58224 2015-04-10] (Infonaut)
2015-05-14 15:08 - 2015-05-14 15:08 - 00000000 ____ D () C:\Users\Asika\Downloads\FRST-OlderVersion
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Przeskanuj programem Malwarebytes Anti-Malware http://www.malwarebytes.org/8/
Dziękuję bardzo! Pomogło 