Dodaj do ulubionych

wirus? utils.cdneurope.com

07.07.14, 16:40
Prosze o pomoc. Nie mogę korzystac z przegladarki bo avast co chwile mnie informuje ze:

Zablokowana infekcja

URL
hxxp://utils.cdneurope.com/js/mo.js

Infekcja
URL:Mal



Logi:
wklej.org/id/1411281/
wklej.org/id/1411282/
wklej.org/id/1411290/
--
Make Tea Not War

/\,,/\
( o o )
Obserwuj wątek
    • Gość: @ Re: wirus? utils.cdneurope.com IP: *.dynamic.chello.pl 07.07.14, 20:11
      Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

      ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => No File
      StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
      SearchScopes: HKLM-x32 - DefaultScope value is missing.
      SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://yandex.ru/yandsearch?win=92&clid=1989596&text={searchTerms}
      Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
      FF SearchPlugin: C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\q6bii29b.default\searchplugins\yandex.ru-142237.xml
      FF SearchPlugin: C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\q6bii29b.default\searchplugins\yqs-barff-yandex.xml
      FF Extension: Site Matcher - C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\q6bii29b.default\Extensions\sitematchersite@sitematchersite.com [2014-06-28]
      S3 gdrv; \??\C:\Windows\gdrv.sys [X]
      C:\Program Files (x86)\SiteLookup
      C:\AdwCleaner
      C:\Users\Ja\AppData\Roaming\Orbit
      C:\ProgramData\hpeEA01.dll
      C:\Users\Ja\AppData\Local\Temp\*.dll
      C:\Users\Ja\AppData\Local\Temp\*.exe

      Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
      Kliknij Scan i pokaż nowy raport z FRST bez Addition.
      • anthonyruzam Re: wirus? utils.cdneurope.com 11.09.14, 16:36
        Proszę o pomoc. Mam podobny problem. Nod32 wyświetla mi następującą informację:
        Zablokowano adres: http:/utils.cdneurope.com/js/link-ff.js
        Czytałem forum ale również nie wiem od czego zacząć. Jestem laikiem i jeśli można to proszę krok po kroku.
        Dzięki.
            • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.zask.pl 11.09.14, 19:15
              Odinstaluj: Dll-Files Fixer

              Obok frst.exe utworz plik fixlist.txt z zawartoscia:
              FF Extension: Website Counselor - C:\Users\Zdzisław\AppData\Roaming\Mozilla\Firefox\Profiles\llrwkl65.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [2014-09-11]
              2014-09-11 16:15 - 2014-09-11 16:57 - 00000000 ____D () C:\AdwCleaner
              2014-09-11 16:13 - 2014-09-11 16:13 - 00000277 _____ () C:\AdwCleaner[S3].txt
              2014-09-11 16:11 - 2014-09-11 16:11 - 00001536 _____ () C:\AdwCleaner[R4].txt
              2014-09-11 16:10 - 2014-09-11 16:10 - 00001417 _____ () C:\AdwCleaner[R3].txt
              2014-09-11 16:10 - 2014-09-11 16:10 - 00000277 _____ () C:\AdwCleaner[S2].txt
              2014-09-11 15:53 - 2014-09-11 15:53 - 00001822 _____ () C:\AdwCleaner[R2].txt
              2014-09-11 15:53 - 2014-09-11 15:53 - 00001725 _____ () C:\AdwCleaner[S1].txt
              2014-09-11 15:52 - 2014-09-11 15:52 - 00001762 _____ () C:\AdwCleaner[R1].txt
              2014-09-11 15:13 - 2014-09-11 15:13 - 00033601 _____ () C:\ComboFix.txt
              2014-09-11 12:40 - 2014-09-11 12:40 - 00000000 ____D () C:\Users\Zdzisław\AppData\Roaming\WebExtend
              2014-09-02 08:05 - 2014-09-03 08:07 - 00000282 _____ () C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
              2014-09-02 08:05 - 2014-09-02 11:57 - 00000298 _____ () C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
              2014-09-02 08:05 - 2014-09-02 08:05 - 00003046 _____ () C:\Windows\System32\Tasks\DLL-Files.Com Fixer_Updates
              2014-09-02 08:05 - 2014-09-02 08:05 - 00003032 _____ () C:\Windows\System32\Tasks\DLL-Files.Com Fixer_MONTHLY
              2014-09-02 08:05 - 2014-09-02 08:05 - 00000000 ____D () C:\Users\Zdzisław\AppData\Roaming\dll-files.com
              2014-09-02 07:57 - 2014-09-02 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer
              2014-09-02 07:57 - 2014-09-02 07:57 - 00000000 ____D () C:\Program Files (x86)\Dll-Files.com Fixer
              2014-08-27 22:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
              2014-08-27 22:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
              2014-08-27 22:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
              2014-08-27 22:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
              2014-08-27 22:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
              2014-08-27 22:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
              2014-08-27 22:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
              2014-08-27 22:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
              2014-09-11 17:06 - 2014-09-11 17:06 - 00000000 ____D () C:\rsit
              2014-09-11 17:06 - 2014-09-11 17:06 - 00000000 ____D () C:\Program Files (x86)\trend micro
              2014-09-11 15:13 - 2014-09-11 15:13 - 00033601 _____ () C:\ComboFix.txt
              2014-09-11 15:13 - 2014-07-28 21:41 - 00000000 ____D () C:\Qoobox
              2014-09-03 08:07 - 2014-09-02 08:05 - 00000282 _____ () C:\Windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
              2014-09-02 11:57 - 2014-09-02 08:05 - 00000298 _____ () C:\Windows\Tasks\DLL-Files.Com Fixer_Updates.job
              2014-09-02 08:05 - 2014-09-02 08:05 - 00003046 _____ () C:\Windows\System32\Tasks\DLL-Files.Com Fixer_Updates
              2014-09-02 08:05 - 2014-09-02 08:05 - 00003032 _____ () C:\Windows\System32\Tasks\DLL-Files.Com Fixer_MONTHLY

              W FRST wybierz Fix.

              Usun katalog C:\FRST i to wszystko.
          • escuela1 Re: wirus? utils.cdneurope.com 01.01.15, 19:13
            Mam niestety to samo plus jakąś informację click.status-code.net - Mozilla.. i otwierające się dodatkowe okna.
            Też jestem laikiem, ale wklejam pliki z OLT, mam nadzieję że dobre..
            wklej.org/id/1581200/
            wklej.org/id/1581205/
            Być może ktoś może pomóc
            Z góry dziękuję
        • darsmol Re: wirus? utils.cdneurope.com 29.09.14, 21:40
          Proszę o pomoc. Jestem bezradny.
          Podczas przeglądania stron internetowych Nod32 wyświetla mi następującą informację:
          Zablokowano adres: cdneurope/components/components....... Końcówki adresu bywają różne.
          Oprócz tego często wyskakują okienka z reklamami.
          Jakby tego było mało to na stronach internetowych jest mnóstwo wyrazów
          a nawet pojedynczych liter, które są podświetlone i są odnośnikami do strony tlbserach.com lub java.com
          Będę bardzo wdzięczny za pomoc.

          wklej.org/id/1475803/
          wklej.org/id/1475806/
          wklej.org/id/1475810/
            • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.internetdsl.tpnet.pl 14.10.14, 11:50
              Odinstaluj:
              Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
              Norton Security Scan (HKLM-x32\...\NSS) (Version: 3.7.2.10 - Symantec Corporation)
              Qtrax Player (HKCU\...\1948873604.portal.qtrax.com) (Version: - portal.qtrax.com)

              Obok frst.exe utworz plik fixlist.txt z zawartoscia:
              Task: {37318EB1-2B1D-4455-83B6-016C542E6965} - \DLL-Files.Com Fixer_Updates No Task File <==== ATTENTION
              Task: {A77CEF4C-C0FF-4796-A3D1-A2C9800758DD} - System32\Tasks\Yahoo! Search => C:\Users\herbatkowy\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe <==== ATTENTION
              Task: {C3F9D3BE-3F4B-4D7C-B252-A4DDFE4ADC34} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
              Task: {E2DFFB35-F758-4B18-BB51-B7A66F4BF1B6} - \DLL-Files.Com Fixer_MONTHLY No Task File <==== ATTENTION
              Task: {E82313FC-ABF2-441D-AAC2-CF76B7270BA3} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
              Task: {F43B3AA3-75FB-4667-82B9-18FBE272BB1B} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
              Task: C:\Windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{C6EB05FC-674C-4814-A424-00874A822899}.exe
              Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{CFB20131-7899-485F-971B-7207D6A2C2EA}.exe
              Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{B5AF53AE-B510-4437-ACD7-C7B9A74400D7}.exe
              Task: C:\Windows\Tasks\Norton Security Scan for herbatkowy.job => C:\PROGRA~2\NORTON~2\Engine\372~1.10\Nss.exe
              HKLM-x32\...\Run: [tuto4pc_pl_17] => [X]
              FF Extension: Site Matcher - C:\Users\herbatkowy\AppData\Roaming\Mozilla\Firefox\Profiles\cfl141db.default-1365783148474\Extensions\sitematcher@sitematcher.com [2014-07-19]
              FF Extension: Website Counselor Pro - C:\Users\herbatkowy\AppData\Roaming\Mozilla\Firefox\Profiles\cfl141db.default-1365783148474\Extensions\{1cdbda58-45f8-4d91-b566-8edce18f8d0a} [2014-10-02]
              S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
              S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
              R3 TRIXX; \??\C:\Users\HERBAT~1\AppData\Local\Temp\TRIXX.sys [X]
              S3 VGPU; System32\drivers\rdvgkmd.sys [X]
              2014-10-13 19:51 - 2014-10-13 19:56 - 00000000 ____D () C:\AdwCleaner
              EmptyTemp:

              W FRST wybierz Fix.

              Usun katalog C:\FRST i to wszystko.
          • kolobos Re: wirus? utils.cdneurope.com 29.07.14, 21:21
            Odinstaluj:
            Smileys We Love Toolbar for IE (HKLM-x32\...\{3F88EB8A-98B0-4A22-A65C-2E3B695199F7}) (Version: 3.0.26 - SqueekyChocolate, LLC) <==== ATTENTION
            UpdateChecker (HKCU\...\Popajar, inc UpdateChecker) (Version: - Popajar, inc) <==== ATTENTION

            Fixlist.txt dla Frst:
            BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll ()
            BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll ()
            Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll ()
            Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll ()
            FF Extension: Site Matcher - C:\Users\Agnieszka\AppData\Roaming\Mozilla\Firefox\Profiles\apfbrtp4.default\Extensions\sitematcher_srcs@sitematcher_srcs.com [2014-07-22]
            2014-07-18 14:16 - 2014-07-28 20:49 - 00000000 ____D () C:\AdwCleaner
            • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.zask.pl 02.09.14, 10:52
              W adwc wybierz Usun.

              Odinstaluj: Java(TM) 6 Update 24
              Zainstaluj ninite.com/java/

              Obok frst.exe utworz plik fixlist.txt z zawartoscia:
              (Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
              HKLM-x32\...\Run: [] => [X]
              HKU\S-1-5-21-4162016553-1367968791-2029159846-1000\...\Run: [AdobeBridge] => [X]
              HKU\S-1-5-21-4162016553-1367968791-2029159846-1000\...\Run: [Facebook Update] => C:\Users\Dom\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-03] (Facebook Inc.)
              HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1409165294&from=cor&uid=WDCXWD5000AZRX-00A8LB0_WD-WMC1U158571085710&q={searchTerms}
              HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1409165294&from=cor&uid=WDCXWD5000AZRX-00A8LB0_WD-WMC1U158571085710&q={searchTerms}
              HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1409165294&from=cor&uid=WDCXWD5000AZRX-00A8LB0_WD-WMC1U158571085710&q={searchTerms}
              HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1409165294&from=cor&uid=WDCXWD5000AZRX-00A8LB0_WD-WMC1U158571085710&q={searchTerms}
              HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1409165294&from=cor&uid=WDCXWD5000AZRX-00A8LB0_WD-WMC1U158571085710&q={searchTerms}
              HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1409165294&from=cor&uid=WDCXWD5000AZRX-00A8LB0_WD-WMC1U158571085710&q={searchTerms}
              SearchScopes: HKCU - {BE980B54-A582-441A-B368-4AB1426D6D60} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=B309679A-CE0C-4288-B69C-2541D72FF0B3&apn_sauid=E30128FD-DC15-4365-AE70-4650907BA8DD
              FF Extension: shortcut - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\1y6d36id.default\Extensions\shortcutff@gmail.com [2014-07-28]
              FF Extension: Site Advisor - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\1y6d36id.default\Extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} [2014-08-27]
              FF Extension: BonanzaDeals - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\1y6d36id.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi [2013-12-26]
              CHR HomePage: Default -> B06F32E42BCB51579AAE46F50F616BA55DDFBAB40DCCE37A3C971C5AEB29FFE1
              CHR StartupUrls: Default -> "hxxp://www.sweet-page.com/?type=hp&ts=1409165294&from=cor&uid=WDCXWD5000AZRX-00A8LB0_WD-WMC1U158571085710"
              CHR DefaultSearchKeyword: Default -> 408110F07E8D023324ABAB8EF4897C3C7B24CA7C176AD54676B6C99F9E95B963
              CHR DefaultSearchProvider: Default -> D24CAFEC5889BB81F34F7CF36ABA448BC26767BB16AC317C398D8174D675F242
              CHR DefaultSearchURL: Default -> 2E33F4DA3861EA857E04EA2AB100EC7246B501A1F1DACCAB2AE32B760138703D
              CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
              R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-08-27] (Cherished Technololgy LIMITED)
              2014-08-27 20:53 - 2014-08-27 20:53 - 00000000 ____D () C:\Users\Dom\Documents\Optimizer Pro
              2014-08-27 20:49 - 2014-08-27 21:16 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
              2014-08-27 20:49 - 2014-08-27 20:49 - 00000000 ____D () C:\ProgramData\IePluginServices
              2014-08-27 20:48 - 2014-08-27 21:11 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
              2014-08-27 20:48 - 2014-08-27 20:48 - 00000000 ____D () C:\Users\Dom\AppData\Roaming\SimilarAddon
              2014-08-27 20:48 - 2014-08-27 20:48 - 00000000 ____D () C:\Program Files\coupon downloader
              2014-08-27 20:48 - 2014-08-27 20:48 - 00000000 ____D () C:\Program Files (x86)\SiteLookup
              2014-08-27 20:47 - 2014-08-31 17:08 - 00000000 ____D () C:\Program Files\004
              2014-08-27 20:47 - 2014-08-27 20:47 - 33678024 _____ (DVDVideoSoft Ltd. ) C:\Users\Dom\Downloads\Free Video Flip and Rotate 2.1.9.827 [1].exe
              2014-08-27 20:46 - 2014-08-27 20:46 - 00700360 _____ ( ) C:\Users\Dom\Downloads\Free Video Flip and Rotate 2.1.9.827.exe
              2014-08-27 20:44 - 2014-08-27 20:54 - 128856420 _____ () C:\Users\Dom\Downloads\Free Video Flip And Rotate 2.1.9.827 - Obracanie Video Portable.rar
              2014-08-27 20:43 - 2014-08-27 20:43 - 01119301 _____ () C:\Users\Dom\Downloads\Free Video Flip and Rotate 2.1.9.725.rar
              2014-09-02 01:05 - 2014-06-19 21:06 - 00000000 ____D () C:\AdwCleaner
              2014-09-01 23:53 - 2014-02-03 21:48 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4162016553-1367968791-2029159846-1000UA.job
              2014-08-27 21:11 - 2014-08-27 21:11 - 00000000 ____D () C:\ProgramData\374311380
              Task: {338F83CE-2032-4876-9DDE-8ED10C01A00C} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
              Task: {5FACC4AA-33EC-4A0A-A527-BC955AFCB0F8} - \DealPlyUpdate No Task File <==== ATTENTION
              Task: {6AB07441-0DE9-4F6F-AF60-1C2DD19513F0} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION
              Task: {986D54CA-B78D-4B50-99A7-C779BAFA7FB7} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
              Task: {C0DB1578-94C5-4A69-B6EA-DC1DF2075673} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4162016553-1367968791-2029159846-1000Core => C:\Users\Dom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-03] (Facebook Inc.)
              Task: {D0102FF5-E7ED-45B6-B742-21A9C92220C9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4162016553-1367968791-2029159846-1000UA => C:\Users\Dom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-03] (Facebook Inc.)
              Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4162016553-1367968791-2029159846-1000Core.job => C:\Users\Dom\AppData\Local\Facebook\Update\FacebookUpdate.exe
              Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4162016553-1367968791-2029159846-1000UA.job => C:\Users\Dom\AppData\Local\Facebook\Update\FacebookUpdate.exe

              W FRST wybierz Fix.

          • kolobos Re: wirus? utils.cdneurope.com 05.08.14, 11:38


            Obok frst.exe utworz plik fixlist.txt z zawartoscia:
            SearchScopes: HKCU - {6245E965-57E1-44D9-BCC0-B2D9F18D85C2} URL = http://asksearch.ask.com/redirect?client=ie&src=kw&tb=SLS-RG&itbv=12.7.0.2399&o=Y10004&locale=en_US&apn_uid=822D0899-1FE2-4AEC-8389-C726612B71FB&apn_ptnrs=%5EB9P&apn_dtid=%5EYYYYYY%5EYY%5EPL&apn_dbr=ff_25.0&doi=2013-12-08&q={searchTerms}&
            SearchScopes: HKCU - {94A0B6AE-107E-47CC-90D4-B5B9399B5033} URL = http://www.mysearchresults.com/search?c=3524&t=01&q={searchTerms}
            FF SearchEngineOrder.1: Ask Search
            FF Extension: Site Matcher - C:\Users\dom\AppData\Roaming\Mozilla\Firefox\Profiles\b9qdfaeu.default-1384708889499\Extensions\sitematcher_srcs@sitematcher_srcs.com [2014-07-29]
            2014-08-01 20:01 - 2014-08-04 23:16 - 00000000 ____D () C:\AdwCleaner
            2014-07-29 21:23 - 2014-07-29 21:23 - 00000000 ____D () C:\Users\dom\AppData\Roaming\SimilarAddon
            2014-07-29 21:23 - 2014-07-29 21:23 - 00000000 ____D () C:\Users\dom\AppData\Local\WorldofTanks
            2014-07-29 21:23 - 2014-07-29 21:23 - 00000000 ____D () C:\Program Files\SiteLookup
            C:\ProgramData\hash.dat

            W FRST wybierz Fix.
          • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.zask.pl 04.09.14, 20:53
            Odinstaluj:
            Java(TM) 6 Update 13 (64-bit)
            McAfee Security Scan Plus
            Java(TM) 6 Update 20
            Adobe Reader 9 - Polish

            Zainstaluj ninite.com/java-foxit/


            Wykonaj skrypt w OTL:

            :OTL
            IE - HKU\S-1-5-21-3096013137-2962115112-3383505104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
            FF - prefs.js..extensions.enabledAddons: %7Bbda388db-b4e9-4193-b83a-bca1947df5c3%7D:0.1
            FF - prefs.js..network.proxy.backup.ftp: "42.62.5.115:9686"
            FF - prefs.js..network.proxy.backup.ftp_port: 0
            FF - prefs.js..network.proxy.backup.socks: "42.62.5.115:9686"
            FF - prefs.js..network.proxy.backup.socks_port: 0
            FF - prefs.js..network.proxy.backup.ssl: "42.62.5.115:9686"
            FF - prefs.js..network.proxy.backup.ssl_port: 0
            FF - prefs.js..network.proxy.ftp: "42.62.5.115"
            FF - prefs.js..network.proxy.ftp_port: 65535
            FF - prefs.js..network.proxy.http: "42.62.5.115"
            FF - prefs.js..network.proxy.http_port: 65535
            FF - prefs.js..network.proxy.share_proxy_settings: true
            FF - prefs.js..network.proxy.socks: "42.62.5.115"
            FF - prefs.js..network.proxy.socks_port: 65535
            FF - prefs.js..network.proxy.ssl: "42.62.5.115"
            FF - prefs.js..network.proxy.ssl_port: 65535
            FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04 12:36:14 | 000,010,691 | ---- | M] ()
            [2014-09-01 11:35:35 | 000,000,000 | ---D | M] ("Website Tipster") -- C:\Users\Andrzej\AppData\Roaming\mozilla\Firefox\Profiles\wpc9508x.default\extensions\{bda388db-b4e9-4193-b83a-bca1947df5c3}
            O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
            O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Value error.)
            O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
            O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 10.7.2)
            O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.67.2)
            O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
            O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.67.2)
            [2014-09-04 00:06:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner

            :Files
            C:\Users\Andrzej\AppData\Local\Temp*.html

            :Commands
            [emptytemp]

            Po wykonaniu wybierz w OTL Sprzatanie i to wszystko.


      • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.zask.pl 04.09.14, 20:58
        Odinstaluj:
        Adobe Reader 9.5.5
        coupon downloader

        Zainstaluj ninite.com/foxit/

        Obok frst.exe utworz plik fixlist.txt z zawartoscia:
        URLSearchHook: HKCU - Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL No File
        BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
        FF Extension: Website Tipster - C:\Documents and Settings\XX\Dane aplikacji\Mozilla\Firefox\Profiles\hzj11opl.default\Extensions\{bda388db-b4e9-4193-b83a-bca1947df5c3} [2014-08-28]
        S2 rqpbhevlkc32; C:\Program Files\004\rqpbhevlkc32.exe run options=01100010040000000000000000000000 sourceguid=C78087A8-C960-4464-A618-3D351DF6C0D7 [X]
        S3 catchme; \??\C:\DOCUME~1\XX\USTAWI~1\Temp\catchme.sys [X]
        2014-08-28 18:05 - 2014-08-28 18:05 - 00000000 ____D () C:\Program Files\coupon downloader
        2014-08-28 18:05 - 2014-08-28 18:05 - 00000000 ____D () C:\Documents and Settings\XX\Dane aplikacji\SimilarAddon
        2014-08-28 18:04 - 2014-08-28 18:23 - 00000000 ____D () C:\Program Files\004
        EmptyTemp:

        W FRST wybierz Fix.

        Po wykonaniu usun katalog C:\FRST i to wszystko.
      • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.zask.pl 05.09.14, 09:48
        Odinstaluj:
        Adobe Reader 6.0.2 CE (HKLM\...\{AC76BA86-7AD7-1038-7B44-CEA000000001}) (Version: 006.000.002 - Adobe Systems Incorporated)
        Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
        Yet Another Cleaner! (HKLM\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== ATTENTION

        Zainstaluj ninite.com/java-foxit/

        Obok frst.exe utworz plik fixlist.txt z zawartoscia:
        (Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc.exe
        (Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeSvc2.exe
        (Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeTray.exe
        (Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafe.exe
        () C:\Program Files\iSafe\ipcdl.exe
        (Elex do Brasil Participações Ltda) C:\Program Files\iSafe\iSafeUpdate.exe
        HKU\S-1-5-21-1220945662-573735546-839522115-1003\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [1035264 2008-04-14] (Microsoft Corporation) <==== ATTENTION
        BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
        DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
        DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
        FF Extension: Website Tipster - C:\Documents and Settings\rs\Dane aplikacji\Mozilla\Firefox\Profiles\6zsk48g4.default-1381689194812\Extensions\{bda388db-b4e9-4193-b83a-bca1947df5c3} [2014-09-01]
        R2 iSafeService; C:\Program Files\iSafe\iSafeSvc.exe [118048 2014-08-08] (Elex do Brasil Participações Ltda)
        R1 iSafeKrnl; C:\Program Files\iSafe\iSafeKrnl.sys [214592 2014-08-08] (Elex do Brasil Participações Ltda)
        S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [40768 2014-08-08] (Elex do Brasil Participações Ltda)
        R1 iSafeKrnlKit; C:\Program Files\iSafe\iSafeKrnlKit.sys [68288 2014-08-08] (Elex do Brasil Participações Ltda)
        R1 iSafeKrnlR3; C:\Program Files\iSafe\iSafeKrnlR3.sys [37696 2014-08-08] (Elex do Brasil Participações Ltda)
        R1 iSafeNetFilter; C:\Program Files\iSafe\iSafeNetFilter.sys [55464 2014-08-06] (Elex do Brasil Participações Ltda)
        S3 catchme; \??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys [X]
        S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
        2014-09-04 20:18 - 2014-09-04 20:18 - 00000000 ____D () C:\Documents and Settings\rs\Dane aplikacji\eCyber
        2014-09-04 20:17 - 2014-09-04 20:55 - 00000000 ____D () C:\Program Files\iSafe
        2014-09-04 20:17 - 2014-09-04 20:21 - 00000000 ____D () C:\Documents and Settings\rs\Dane aplikacji\iSafe
        2014-09-04 20:17 - 2014-09-04 20:17 - 00001455 _____ () C:\Documents and Settings\All Users\Pulpit\YAC.lnk
        2014-09-04 20:17 - 2014-09-04 20:17 - 00001455 _____ () C:\Documents and Settings\All Users\Menu Start\YAC.lnk
        2014-09-04 20:17 - 2014-09-04 20:17 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Start\Programy\YAC
        2014-09-04 20:17 - 2014-08-08 08:24 - 00040768 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
        2014-09-04 17:28 - 2014-09-04 19:16 - 00000000 ____D () C:\AdwCleaner
        2014-09-04 18:23 - 2014-09-04 18:23 - 00000000 ____D () C:\Program Files\Enigma Software Group
        Reboot:

        W FRST wybierz Fix.

        Po wykonaniu usun katalog C:\FRST i to wszystko.
      • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.zask.pl 10.09.14, 16:01
        Odinstaluj: Java(TM) 6 Update 35 zainstaluj ninite.com/java/

        Fixlist.txt dla Frst:
        HKU\S-1-5-21-484763869-963894560-839522115-1004\...\Run: [] => [X]
        SearchScopes: HKLM - URL startsear.ch/?aff=2&src=sp&cf=d1be8da4-55b9-11e1-9524-14dae9937a1c&q={searchTerms}
        SearchScopes: HKCU - URL startsear.ch/?aff=2&src=sp&cf=d1be8da4-55b9-11e1-9524-14dae9937a1c&q={searchTerms}
        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
        DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
        FF Extension: Website Counselor - E:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\atzpobgo.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [2014-09-07]
        S2 UpdaterSvcMegaBrowse; "E:\Program Files\Mega Browse\updater.exe" [X]
        2014-09-09 20:59 - 2014-09-10 11:23 - 00000000 ____D () E:\AdwCleaner
        EmptyTemp:

        Po wykonaniu usun katalog C:\Frst i to wszystko.
      • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.internetdsl.tpnet.pl 17.09.14, 09:44
        Brak addition.txt z FRST, na przyszlosc o tym pamietaj.

        Odinstaluj Google Toolbar, zainstaluj ninite.com/java/

        Fixlist.txt dla FRST:
        SearchScopes: HKLM - {4A494EFD-2546-4162-A4D2-76BD3D24FCAB} URL = http://startsear.ch/?aff=2&src=sp&cf=daeef868-2c0e-11e1-821a-00037a94b426&q={searchTerms}
        SearchScopes: HKLM - {59583FB9-7C44-4BC4-8723-F59ADFBDCFBE} URL = http://startsear.ch/?aff=2&src=sp&cf=daeef868-2c0e-11e1-821a-00037a94b426&q={searchTerms}
        SearchScopes: HKLM - {79E22E54-0C0E-4245-8BFE-7FDFE21202D9} URL = http://startsear.ch/?aff=1&src=sp&cf=daeef868-2c0e-11e1-821a-00037a94b426&q={searchTerms}
        FF Extension: Website Counselor - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\4fjkeumv.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [2014-09-16]
        CHR DefaultSearchKeyword: Default -> startsear.ch
        CHR DefaultSearchProvider: Default -> Web Search
        CHR DefaultSearchURL: Default -> startsear.ch/?aff=2&src=sp&cf=daeef868-2c0e-11e1-821a-00037a94b426&q={searchTerms}
        CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
        2014-09-16 21:24 - 2014-09-16 22:04 - 00000000 ____D () C:\AdwCleaner
        2014-09-16 20:43 - 2014-09-16 20:43 - 00000000 ____D () C:\Program Files\TheHDvid-Codec V10
        EmptyTemp:

        Po wykonaniu usun katalog C:\FRST i to wszystko.
      • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.internetdsl.tpnet.pl 30.09.14, 09:20
        Odinstaluj: Search App by Ask

        Fixlist.txt dla FRST:
        FF Extension: Site Advisor - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\9h0azlov.default\Extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} [2014-08-21]
        FF Extension: Search App by Ask - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\9h0azlov.default\Extensions\toolbar_ORJ-SPE@apn.ask.com.xpi [2014-08-01]
        2014-09-29 20:11 - 2014-09-29 20:27 - 00000000 ____D () C:\AdwCleaner
        EmptyTemp:

        Po wykonaniu usun katalog C:\FRST i to wszystko.
        • darsmol Re: wirus? utils.cdneurope.com 30.09.14, 14:31
          Proszę o pomoc. Jestem bezradny.
          Podczas przeglądania stron internetowych Nod32 wyświetla mi następującą informację:
          Zablokowano adres: cdneurope/components/....... Końcówki adresu bywają różne.
          Oprócz tego często wyskakują okienka z reklamami.
          Jakby tego było mało to na stronach internetowych jest mnóstwo wyrazów
          a nawet pojedynczych liter, które są podświetlone i są odnośnikami do strony tlbserach.com, qualitychekner.net lub java.com
          Będę bardzo wdzięczny.

          wklej.org/id/1475803/
          wklej.org/id/1475806/
          wklej.org/id/1475810/
          • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.zask.pl 30.09.14, 14:45
            Fixlist.txt dla FRST:
            SearchScopes: HKCU - {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}
            FF Extension: Site Counselor - C:\Users\darek\AppData\Roaming\Mozilla\Firefox\Profiles\ckbt50cu.default\Extensions\{e0352044-1439-48ba-99b6-b05ed1a4d2de} [2014-09-21]
            EmptyTemp:

            Po wykonaniu usun katalog C:\FRST i to wszystko.
      • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.internetdsl.tpnet.pl 01.10.14, 09:12
        Odinstaluj:
        Foxtab (HKLM-x32\...\foxtab) (Version: - FoxTab) <==== ATTENTION
        Qtrax Player (HKCU\...\2609911222.portal.qtrax.com) (Version: - portal.qtrax.com)

        Fixlist.txt dla FRST:
        Task: {CA476AA7-B005-438A-92DA-837DC847BAF8} - System32\Tasks\FoxTab => C:\Users\jerzykierasinski\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
        Task: C:\Windows\Tasks\FoxTab.job => C:\Users\JERZYK~1\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
        HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=A4829C2A70CC776E&affID=119357&tsp=5023
        SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A4829C2A70CC776E&affID=119357&tsp=5023
        FF Extension: Site Counselor - C:\Users\jerzykierasinski\AppData\Roaming\Mozilla\Firefox\Profiles\b8gbvpiq.default\Extensions\{e0352044-1439-48ba-99b6-b05ed1a4d2de} [2014-09-28]
        FF Extension: Foxtab Speed Dial - C:\Users\jerzykierasinski\AppData\Roaming\Mozilla\Firefox\Profiles\b8gbvpiq.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2014-09-29]
        2014-09-28 10:58 - 2014-09-30 21:58 - 00000316 _____ () C:\Windows\Tasks\FoxTab.job
        2014-09-28 10:58 - 2014-09-28 10:58 - 00003272 _____ () C:\Windows\System32\Tasks\FoxTab
        2014-09-28 10:58 - 2014-09-28 10:58 - 00000000 ____D () C:\Users\jerzykierasinski\AppData\Roaming\WebExtend
        2014-09-28 10:58 - 2014-09-28 10:58 - 00000000 ____D () C:\Users\jerzykierasinski\AppData\Roaming\FoxTab
        2014-09-28 10:58 - 2014-09-28 10:58 - 00000000 ____D () C:\Program Files (x86)\Foxtab
        EmptyTemp:

        Po wykonaniu usun katalog C:\FRST i to wszystko.
          • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.internetdsl.tpnet.pl 07.10.14, 11:01

            Fixlist.txt dla FRST:
            HKU\S-1-5-21-1960408961-1682526488-725345543-1003\...\Run: [Math Optimize] => "C:\Documents and Settings\WacBaw\Ustawienia lokalne\Dane aplikacji\Math Problem Solver\Optimize.exe" /path="Software\Math Problem Solver"
            C:\Documents and Settings\WacBaw\Ustawienia lokalne\Dane aplikacji\Math Problem Solver\
            GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
            FF Extension: Web Finder Pro - C:\Documents and Settings\Wacław\Dane aplikacji\Mozilla\Firefox\Profiles\wnkjdtkd.default\Extensions\{9802047e-5a84-4da3-b103-c55995d147d1} [2014-10-04]
            CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
            S3 catchme; \??\C:\DOCUME~1\WACAW~1\USTAWI~1\Temp\catchme.sys [X]
            2014-10-04 10:17 - 2014-10-06 22:56 - 00000000 ____D () C:\AdwCleaner
            EmptyTemp:

            Po wykonaniu usun katalog C:\FRST i to wszystko.
            • pikka6 Re: wirus? utils.cdneurope.com 04.11.14, 20:38
              Witam, Również BARDZU proszę o pomoc w temacie:

              wklej.org/id/1509432/

              Z góry dziękuje za pomoc.

              --
              [url=http://lilypie.com][img]https://lb4m.lilypie.com/TikiPic.php/opqsnug.jpg[/img][img]https://lb4m.lilypie.com/opqsp2.png[/img][/url] [url=http://lilypie.com][img]https://lb1m.lilypie.com/de8Pp2.png[/img][/url]
                  • Gość: Kolobos Re: wirus? utils.cdneurope.com IP: *.internetdsl.tpnet.pl 07.01.15, 09:58

                    Nie postarales sie, brakuje addition.txt, do tego przed uzyciem Frst nie uzyles AdwCleanera.

                    Uzyj: www.bleepingcomputer.com/download/adwcleaner/ opcja Szukaj i Usun.

                    Fixlist.txt dla FRST:
                    HKU\S-1-5-21-1202660629-725345543-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1418422351&from=cor&uid=ST3250410AS_6RY107CRXXXX6RY107CR&q={searchTerms}
                    HKU\S-1-5-21-1202660629-725345543-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1418422351&from=cor&uid=ST3250410AS_6RY107CRXXXX6RY107CR&q={searchTerms}
                    FF Extension: Solution Real 1.0.1 - G:\Documents and Settings\maro1\Dane aplikacji\Mozilla\Firefox\Profiles\ggzcjzb9.default\Extensions\{edf2e803-e64b-4078-9a9f-33672590ad18}.xpi [2015-01-01]
                    S2 Update DigiHelp; "G:\Program Files\DigiHelp\updateDigiHelp.exe" [X]
                    S2 Update Solution Real; "G:\Program Files\Solution Real\updateSolutionReal.exe" [X]
                    S2 Util DigiHelp; "G:\Program Files\DigiHelp\bin\utilDigiHelp.exe" [X]
                    S2 Util Solution Real; "G:\Program Files\Solution Real\bin\utilSolutionReal.exe" [X]
                    S2 WindowsMangerProtect; G:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]
                    R1 {3211ae5b-d056-4176-9f6e-b51496f003f1}Gt; G:\WINDOWS\System32\drivers\{3211ae5b-d056-4176-9f6e-b51496f003f1}Gt.sys [55816 2014-12-12] (StdLib)
                    R1 {edf2e803-e64b-4078-9a9f-33672590ad18}Gt; G:\WINDOWS\System32\drivers\{edf2e803-e64b-4078-9a9f-33672590ad18}Gt.sys [55832 2014-12-31] (StdLib)
                    2015-01-05 12:07 - 2015-01-05 12:07 - 00000000 ____D () G:\Documents and Settings\maro1\Dane aplikacji\WebTest
                    2015-01-05 12:07 - 2015-01-05 12:07 - 00000000 ____D () G:\Documents and Settings\maro1\Dane aplikacji\PennyBee
                    2015-01-01 09:55 - 2014-12-31 20:44 - 00055832 _____ (StdLib) G:\WINDOWS\system32\Drivers\{edf2e803-e64b-4078-9a9f-33672590ad18}Gt.sys
                    2014-12-12 23:21 - 2014-12-12 06:28 - 00055816 _____ (StdLib) G:\WINDOWS\system32\Drivers\{3211ae5b-d056-4176-9f6e-b51496f003f1}Gt.sys
                    2014-12-12 23:12 - 2014-12-13 08:59 - 00000000 ____D () G:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect
                    2014-12-12 23:12 - 2014-12-12 23:50 - 00000000 ____D () G:\Documents and Settings\maro1\Dane aplikacji\omiga-plus
                    EmptyTemp:


                    Daj brakujacy Addition.txt.
                      • kolobos Re: wirus? utils.cdneurope.com 12.01.15, 21:01
                        Odinstaluj: Java(TM) 6 Update 22

                        Obok frst.exe utworz plik fixlist.txt z zawartoscia:
                        HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
                        FF Extension: Security Protection - C:\Users\geospec03\AppData\Roaming\Mozilla\Firefox\Profiles\l0yuwths.default\Extensions\detgdp@gmail.com [2014-12-10]
                        FF Extension: Site Advisor - C:\Users\geospec03\AppData\Roaming\Mozilla\Firefox\Profiles\l0yuwths.default\Extensions\{6d0f26ba-45b8-4871-9c07-43ab341d5b73} [2014-08-26]
                        FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-12-11]
                        CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
                        2015-01-12 14:58 - 2015-01-12 14:59 - 00000000 ____D () C:\AdwCleaner
                        EmptyTemp:

                        W FRST wybierz Fix. Po wykonaniu usun katalog C:\FRST i to wszystko.
Inne wątki na temat:

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka