Wyskakujące reklamy

Seraith · 14 Kwiecień 2015 16:43

Dzień dobry.

Acorus · 14 Kwiecień 2015 17:59

Odinstaluj Spybot - Search & Destroy.Otwórz notatnik systemowy i wklej:

Task: {AA815241-177B-4D50-A64C-06742C5B7210} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDUpdate.exe
Task: {DD174138-B0E9-41A0-9B6E-E0920D7030D0} - System32\Tasks\{61EE6B08-B7D7-44A2-85B4-CEA4CBC251BE} = Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/pl/abandoninstall?page=tsMain
Task: {E19B7013-B981-4734-B2B3-BF4176D1C809} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDScan.exe
Task: {F3BC0B69-7CF3-42D2-BF25-2B0ED81A2F8B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization = C:\Program Files (x86)\Spybot - Search amp; Destroy 2\SDImmunize.exe
HKLM\...\Run: [] = [X]
HKLM-x32\...\Run: [SDTray] = C:\Program Files (x86)\Spybot - Search Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2539595720-2576129651-1607299871-1001\...\MountPoints2: {022c2222-c6cb-11e4-8258-806e6f6e6963} - "D:\SETUP.EXE"
BootExecute: autocheck autochk * sdnclean64.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2539595720-2576129651-1607299871-1001 - DefaultScope {A17C845F-76F1-4D95-B084-77CCC4F3ACBE} URL =
SearchScopes: HKU\S-1-5-21-2539595720-2576129651-1607299871-1001 - {A17C845F-76F1-4D95-B084-77CCC4F3ACBE} URL =
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
2015-04-14 17:09 - 2015-04-14 17:09 - 00003182 _____ () C:\WINDOWS\System32\Tasks\{1528078D-6F44-4BDA-88D2-03F94DFA0228}
2015-04-13 16:41 - 2015-04-13 16:41 - 00003072 _____ () C:\WINDOWS\System32\Tasks\{61EE6B08-B7D7-44A2-85B4-CEA4CBC251BE}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Prawdopodobnie zainfekowany jest router: