Zasyfione przegladarki

Dla specjalistów Bezpieczeństwo
#1

Witam,

Prosze o pomoc w usunieciu syfu z komputera.

 

Shortcut: http://wklej.org/id/1789015/

Addition: http://wklej.org/id/1789016/

FRST: http://wklej.org/id/1789017/

#2

Otwórz notatnik systemowy i wklej:

Task: {8B0DBFDD-351D-406D-9B2D-1D6C0DC888D3} - System32\Tasks\{3B8B5A72-5588-48AC-8BEC-F9E1EC284D53} = pcalua.exe -a "C:\Users\Marcin\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrsetup.exe" -c /uninstl
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1245059721-2201663632-1288364862-1001\...\Run: [Yahoo! Search] = C:\Users\Marcin\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.26.12\dsrlte.exe
GroupPolicy: Zasady grupy Chrome wykryto ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń ======= UWAGA
SearchScopes: HKU\S-1-5-21-1245059721-2201663632-1288364862-1001 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1245059721-2201663632-1288364862-1001 - {63734F14-A805-4204-BC4C-24876BA4BD4C} URL = hxxp://searchsimple-a.akamaihd.net/?affID=mt-isq={searchTerms}r=584
S1 {2c7e9044-6b3b-4ecc-9224-8b8c893f6fc1}Gw64; system32\drivers\{2c7e9044-6b3b-4ecc-9224-8b8c893f6fc1}Gw64.sys [X]
S1 {442ad619-2fad-4d96-9434-49e6d1c6e280}Gw64; system32\drivers\{442ad619-2fad-4d96-9434-49e6d1c6e280}Gw64.sys [X]
S1 {5fa86e60-a54d-4e77-b1f1-f7bc1e215749}w64; system32\drivers\{5fa86e60-a54d-4e77-b1f1-f7bc1e215749}w64.sys [X]
S1 {82adbb5d-7d8c-4f2d-9936-53071e499858}Gw64; system32\drivers\{82adbb5d-7d8c-4f2d-9936-53071e499858}Gw64.sys [X]
S1 {8fb4e628-35c6-4275-89be-ce3462febcc4}Gw64; system32\drivers\{8fb4e628-35c6-4275-89be-ce3462febcc4}Gw64.sys [X]
S1 {a081059f-4e06-4f49-9a1e-4b92e171ba25}w64; system32\drivers\{a081059f-4e06-4f49-9a1e-4b92e171ba25}w64.sys [X]
S1 {db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64; system32\drivers\{db4225e9-90b8-4ca5-99da-da423e504d3d}Gw64.sys [X]
S1 {f17a6425-9752-4042-9063-36eef24d8b77}Gw64; system32\drivers\{f17a6425-9752-4042-9063-36eef24d8b77}Gw64.sys [X]
2015-09-02 19:13 - 2015-09-02 19:19 - 00000000 ____ D C:\AdwCleaner
2015-09-02 18:53 - 2015-09-02 18:53 - 00003176 _____ C:\WINDOWS\System32\Tasks\{3B8B5A72-5588-48AC-8BEC-F9E1EC284D53}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware https://www.malwarebytes.org/downloads/