Wirus reklamowy - TremendousCoupo

Mam wirusa reklamowego TremendousCoupo. Pomoże ktoś?

 

//Nie krzycz w tytule …

 

 

http://forum.dobreprogramy.pl/regulamin-działu-bezpieczeństwo-t503173/

FRST

http://www.wklej.org/id/1694549/

 

Addition

http://www.wklej.org/id/1694550/

 

Shortcut

http://www.wklej.org/id/1694552/

Odinstaluj Mini - Adblocker,SegmentUpgrader,TremeeNdooussCoUpo.Otwórz notatnik systemowy i wklej:

CustomCLSID: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 - C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 - C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 - C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 - C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe No File
Task: {12346A2C-167B-46F8-BA3F-04D8E5615824} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv = C:\windows\TEMP\{10B7F26B-3FA8-45C9-BB33-4DD81019229E}.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TremeeNdooussCoUpo - {12b91518-164c-4eb7-a97d-58780964f729} - C:\Program Files (x86)\TremeeNdooussCoUpo\6pWrtz8gnAJLmi.x64.dll [2015-04-21] ()
BHO: CleaorrNicEEBrOowuse - {5bf6f907-b330-4039-81de-ad69ac4e52cc} - C:\Program Files (x86)\CleaorrNicEEBrOowuse\ZbKwiSUtbRFuV7.x64.dll [2015-04-21] ()
BHO-x32: TremeeNdooussCoUpo - {12b91518-164c-4eb7-a97d-58780964f729} - C:\Program Files (x86)\TremeeNdooussCoUpo\6pWrtz8gnAJLmi.dll [2015-04-21] ()
BHO-x32: CleaorrNicEEBrOowuse - {5bf6f907-b330-4039-81de-ad69ac4e52cc} - C:\Program Files (x86)\CleaorrNicEEBrOowuse\ZbKwiSUtbRFuV7.dll [2015-04-21] ()
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
FF Extension: TremeeNdooussCoUpo - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\rzklgh44.default\Extensions\ibD@OYhGum3m.edu [2015-04-21]
FF Extension: DealNoDeal - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\rzklgh44.default\Extensions\tdkhombywstsah@izgxoxlyppqo.net [2015-04-21]
CHR StartupUrls: Default - "hxxp://isearch.omiga-plus.com/?type=hpts=1419063762from=coruid=WDCXWD5000BEVT-35A0RT0_WD-WXF1A40L9890L9890"
CHR Extension: (Mailto:) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppbppehiogfokmpligejhaepeopajdf [2015-04-21]
CHR Extension: (TremeeNdooussCoUpo) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgldgjaakknkgflmflpcjfngogjinkdi [2015-04-21]
R2 46119abd; c:\Program Files (x86)\UpgraderSystem\UpgraderSystem.dll [1736192 2015-04-21] () [File not signed]
U3 a7taobx5; C:\Windows\System32\Drivers\a7taobx5.sys [0] (Microsoft Corporation) ==== ATTENTION (zero size file/folder)
2015-04-21 01:05 - 2015-04-21 01:05 - 00000000 ____ D () C:\Program Files (x86)\UpgraderSystem
2015-04-21 01:04 - 2015-04-21 01:04 - 00000000 ____ D () C:\Program Files (x86)\TremeeNdooussCoUpo
2015-04-21 01:04 - 2015-04-21 01:04 - 00000000 ____ D () C:\Program Files (x86)\CleaorrNicEEBrOowuse
2015-04-21 01:04 - 2015-04-21 01:04 - 00000000 ____ D () C:\Program Files (x86)\ActiveCoupon
2015-04-14 16:16 - 2015-04-14 16:16 - 00003116 _____ () C:\windows\System32\Tasks\{8345AFB7-D4A8-431D-A8FC-9FC7439179C5}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.

Fixlog http://www.wklej.org/id/1694681/

Mini-adblocker nie dało się odinstalować, pokazuje otwartą pprzeglądarke. Niestety utracilemu w laptopie internet. Zginęły dostępne połączenia i wyskakuje błąd bluetooth stack com server przestał działać. Pomocy!

http://windows.microsoft.com/pl-pl/windows7/products/features/system-restore

Czy przy przywracaniu systemu cofnie mnie do momentu stworzenia kopii zapasowej 2 lata temu? Czy będę mógł wybrać dokładną datę i godzinę do której chce cofnąć? Czy pliki (moje dane) na dysku systemowym (partycji gdzie zainstalowany jest system ) zginą?

Jakie znowu dwa lata? Najstarszy punkt jest z 20-04-2015 22:36:39.

 

Reklamy powróciły, pomóżcie.

 

FRST - http://www.wklej.org/id/1700176/

Addition - http://www.wklej.org/id/1700177/

Shortcut - http://www.wklej.org/id/1700178/

Reklamy powróciły, pomóżcie.

 

FRST - http://www.wklej.org/id/1700176/

Addition - http://www.wklej.org/id/1700177/

Shortcut - http://www.wklej.org/id/1700178/

Przestań instalować szkodliwe programy.

Utwórz punkt przywracania: http://windows.microsoft.com/pl-pl/windows7/create-a-restore-point

W panelu sterowania odinstaluj:

DiscountExt

LighterInstance

Malwarebytes Anti-Malware wersja 1.75.0.1300

Mini - Adblocker

Usuń szkodliwe rozszerzenie DealNoDeal i AuToDealsApp w przeglądarce Firefox

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
CreateRestorePoint:
Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Edward Clinton Ezell The black rifle M16 retrospective Collector Grade Publications (1992) pdf.lnk [2015-03-20]
Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\washington wizards live streaming,nba live streaming, nba live stream, watch nba.lnk [2015-02-26]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: AuToDealsApp -> {b73dff06-4dd0-4a2f-bab9-9497b59ac767} -> C:\Program Files (x86)\AuToDealsApp\fpIaKnIPUCtH75.x64.dll [2015-04-30] ()
BHO: CllearNicceBrooWsee -> {ee2cb440-f5ef-4c4a-887a-e85d2b0d8388} -> C:\Program Files (x86)\CllearNicceBrooWsee\XHVdWozPZCrz08.x64.dll [2015-04-30] ()
BHO-x32: AuToDealsApp -> {b73dff06-4dd0-4a2f-bab9-9497b59ac767} -> C:\Program Files (x86)\AuToDealsApp\fpIaKnIPUCtH75.dll [2015-04-30] ()
BHO-x32: CllearNicceBrooWsee -> {ee2cb440-f5ef-4c4a-887a-e85d2b0d8388} -> C:\Program Files (x86)\CllearNicceBrooWsee\XHVdWozPZCrz08.dll [2015-04-30] ()
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL No File
FF Extension: DealNoDeal - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\rzklgh44.default\Extensions\fmxex_llyxrynwlwmgu@ejgcanf_nrtqml.com [2015-04-30]
FF Extension: AuToDealsApp - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\rzklgh44.default\Extensions\puuO5k@uD9i.edu [2015-04-30]
FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2010-03-06]
CHR Extension: (No Name) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-03]
R2 fd3b02ee; c:\Program Files (x86)\SystemSafeguard\SystemSafeguard.dll [1711104 2015-04-30] () [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [203280 2009-01-23] ()
2015-04-30 08:19 - 2015-04-30 08:19 - 00000000 ____ D () C:\Program Files (x86)\SystemSafeguard
2015-04-30 08:18 - 2015-04-30 08:18 - 00000000 ____ D () C:\Program Files (x86)\Page up top
2015-04-30 08:18 - 2015-04-30 08:18 - 00000000 ____ D () C:\Program Files (x86)\DiscountExt
2015-04-30 08:18 - 2015-04-30 08:18 - 00000000 ____ D () C:\Program Files (x86)\CllearNicceBrooWsee
2015-04-30 08:17 - 2015-04-30 08:17 - 00000000 ____ D () C:\Program Files (x86)\AuToDealsApp
C:\Users\mike\AppData\Local\Temp*.html
C:\Program Files (x86)\McAfee
C:\ProgramData\{78ff2ebc-9e28-f34b-78ff-f2ebc9e2baf2}
2015-04-22 20:13 - 2015-04-22 20:24 - 00000000 ____ D () C:\AdwCleaner
2015-04-22 19:15 - 2015-04-22 19:15 - 00000000 ____ D () C:\ProgramData\{3fc4110b-c6e7-c0b5-3fc4-4110bc6e442f}
2015-04-30 08:18 - 2015-03-08 18:59 - 00000000 ____ D () C:\ProgramData\7696464283835259695
2015-04-30 08:17 - 2015-02-26 03:20 - 00000000 ____ D () C:\ProgramData\{9d415dab-7737-bebd-9d41-15dab77376ad}
2015-04-23 16:01 - 2015-03-09 03:35 - 00000000 ____ D () C:\ProgramData\9ed75fd40000669f
2011-07-28 14:16 - 2011-07-28 14:16 - 0000000 _____ () C:\Users\mike\AppData\Local\{0DD302C5-3FE2-4BB7-B189-827F025FAAD9}
2011-06-23 12:47 - 2011-06-23 12:47 - 0000000 _____ () C:\Users\mike\AppData\Local\{3C13AB21-B009-4C5A-94B5-B3875A9C7397}
2011-06-23 10:09 - 2011-06-23 10:09 - 0000000 _____ () C:\Users\mike\AppData\Local\{3CB126BE-6066-40C2-A407-2E2956F75D76}
2011-06-23 09:26 - 2011-06-23 09:26 - 0000000 _____ () C:\Users\mike\AppData\Local\{7A15D310-811C-4028-9FDC-6C76A4F531CE}
2011-06-30 10:56 - 2011-06-30 10:56 - 0000000 _____ () C:\Users\mike\AppData\Local\{9F2810B3-460C-410B-8657-7EB320EAAAEC}
2013-06-14 21:01 - 2013-06-15 20:39 - 0000000 _____ () C:\ProgramData\kjhy64.txt
C:\ProgramData\*.log
CustomCLSID: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe /Automation No File
CustomCLSID: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2012 - Polski\acad.exe No File
Task: {12346A2C-167B-46F8-BA3F-04D8E5615824} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{10B7F26B-3FA8-45C9-BB33-4DD81019229E}.exe
Task: {31A343B1-A547-4500-8E97-91190CEA7150} - System32\Tasks\{3B612E71-6D66-415C-ADD0-55065994A141} => pcalua.exe -a D:\Programy\directx-90c-pl-websetup.exe -d D:\Programy
Task: {38569C9D-73FC-4994-91DC-4B0C5C1C4011} - System32\Tasks\{DF6B374E-94DC-43B7-9D08-35C4EF88EBE2} => pcalua.exe -a E:\NeostradaTP\Neostrada.exe -d E:\NeostradaTP
Task: {50CB0DFC-107A-44B7-869F-E282B0E437B6} - System32\Tasks\{E7CA65F9-CC28-4A5A-9582-4EC8A59E7F0D} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {70E95CF6-F2FB-4C68-B4CF-44D76BE9B26E} - System32\Tasks\{C4557C5E-0F4C-436D-862E-B7FF8E7D79E1} => pcalua.exe -a C:\EDIABAS\Hardware\ADS\ADS32\ADSSETUP.EXE -d C:\EDIABAS\Hardware\ADS\ADS32
Task: {98336707-28A7-468C-BB07-92E3E6A1F18D} - System32\Tasks\{20B2C64C-9EA4-4C7D-A931-9A44A51B1FE3} => pcalua.exe -a "C:\Users\mike\Desktop\DiAGNOSTYKA\000 - OBD SCAN PROGRAMS\ScanXL_ELM_2.0.7axim\ScanXL ELM 2.0.7.exe" -d "C:\Users\mike\Desktop\DiAGNOSTYKA\000 - OBD SCAN PROGRAMS\ScanXL_ELM_2.0.7axim"
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

Mini - Adblocker nie dał się usunąć.

 

FRST http://www.wklej.org/id/1700209/

Fixlog  http://www.wklej.org/id/1700210/

Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.

Najpierw możesz wyeksportować zakładki: KLIK

Geek Uninstaller Free: KLIK

Później zainstaluj stabilną wersję: KLIK

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
2015-04-22 20:27 - 2015-04-29 21:43 - 0000020 _____ () C:\Users\mike\AppData\Roaming\appdataFr3.bin
2015-04-22 19:16 - 2015-04-22 19:16 - 0011742 _____ () C:\Users\mike\AppData\Local\Temp-log.txt
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj:

Java 7 Update 45

Java 7 Update 71

Microsoft Silverlight

Zainstaluj:

Java 8 Update 45

Silverlight 5.1.30514.0

Internet Explorer 11