SafeGroup

SafeGroup > Bezpieczeństwo > Pomoc po zainfekowaniu > Trojan, brak ikonek
Pełna wersja: Trojan, brak ikonek
Aktualnie przeglądasz uproszczoną wersję forum. Kliknij tutaj, by zobaczyć wersję z pełnym formatowaniem.

sowka92

06.02.2015, 19:57
witam, kilka dni temu zlapalam wirusa, usunelo mi wszystkie zdjecia i inne dokumenty z komputera, zostaly tylko puste ikonki. moj antywirus Microsoft Security Esentials wykazal, ze byly 3 trojany, usunelam je, a takze pliki, ktore byly zainfekowane (tak mysle). Dzisiaj zniknely mi wszystkie ikonki z pulipu. system szaleje, pokazuja sie rozne reklamy.
prosze o sprawdzenie logow:
Addition:

[Aby zobaczyć linki, zarejestruj się tutaj]


FRST:

[Aby zobaczyć linki, zarejestruj się tutaj]


shortcut

[Aby zobaczyć linki, zarejestruj się tutaj]


system jest w jezyku wloskim, mam nadzieje, ze nie sprawi to problemow, pozdrawiam

tachion

06.02.2015, 21:14
No był ransom + jest masa adware

Do notatnika wklej i zapisz jako fixlist.txt

Kod:
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1857764095-3059277737-4080162609-1001\...\Run: [iLivid] => "C:\Users\giac\AppData\Local\iLivid\iLivid.exe" -autorun
AppInit_DLLs: c:\progra~2\movies~1\datamngr\x64\mgrldr.dll => c:\progra~2\movies~1\datamngr\x64\mgrldr.dll File Not Found
AppInit_DLLs-x32: c:\progra~2\movies~1\datamngr\mgrldr.dll => "c:\progra~2\movies~1\datamngr\mgrldr.dll" File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [snxPluginsShell] -> {F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE} => C:\Program Files\Alwil Software\Avast5\snxPlugins64.dll No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-1857764095-3059277737-4080162609-1001] => hauptsrasse:85
AutoConfigURL: [S-1-5-21-1857764095-3059277737-4080162609-1001] => hauptstrasse
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1384618829&from=cor&uid=WDCXWD3200BEVT-80A0RT0_WD-WXK1A508729787297&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385153697776&tguid=75087-8679-1385153697776-DA87BB8BE247584E1FF6D8A987955DDC&st=chrome&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1384618829&from=cor&uid=WDCXWD3200BEVT-80A0RT0_WD-WXK1A508729787297&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385153697776&tguid=75087-8679-1385153697776-DA87BB8BE247584E1FF6D8A987955DDC&st=chrome&q=
HKU\S-1-5-21-1857764095-3059277737-4080162609-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385153697776&tguid=75087-8679-1385153697776-DA87BB8BE247584E1FF6D8A987955DDC&st=chrome&q=
HKU\S-1-5-21-1857764095-3059277737-4080162609-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\S-1-5-21-1857764095-3059277737-4080162609-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385153697776&tguid=75087-8679-1385153697776-DA87BB8BE247584E1FF6D8A987955DDC&st=chrome&q=
HKU\S-1-5-21-1857764095-3059277737-4080162609-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=75087&tid=8679&ver=5.1&ts=1385153697776&tguid=75087-8679-1385153697776-DA87BB8BE247584E1FF6D8A987955DDC&st=chrome&q=
HKU\S-1-5-21-1857764095-3059277737-4080162609-1001\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=75087&st=home&tid=8679&ver=5.1&ts=1385153697776&tguid=75087-8679-1385153697776-DA87BB8BE247584E1FF6D8A987955DDC
HKU\S-1-5-21-1857764095-3059277737-4080162609-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=pl-PL&Src=MSE&Tid=0003295F&OHP=www.wp.pl%2F%3Fsrc01%3Ddp220141012&OSP=
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1384618829&from=cor&uid=WDCXWD3200BEVT-80A0RT0_WD-WXK1A508729787297&q={searchTerms}
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=429&systemid=406&v=n10249-179&apn_uid=5221411624614727&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://search.certified-toolbar.com?si=75087&st=bs&tid=8679&ver=5.1&ts=1385153697776&tguid=75087-8679-1385153697776-DA87BB8BE247584E1FF6D8A987955DDC&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=7151592a-848d-04b0-76e3-d29001265175&searchtype=ds&q={searchTerms}&installDate=01/12/2013
SearchScopes: HKU\S-1-5-21-1857764095-3059277737-4080162609-1001 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\S-1-5-21-1857764095-3059277737-4080162609-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1857764095-3059277737-4080162609-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1857764095-3059277737-4080162609-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=7151592a-848d-04b0-76e3-d29001265175&searchtype=ds&q={searchTerms}&installDate=01/12/2013
BHO-x32: Internet Program -> {ff0021ad-2cc3-4e0d-8e3c-b4153a64a495} -> C:\Program Files (x86)\Internet Program\Extensions\ff0021ad-2cc3-4e0d-8e3c-b4153a64a495.dll ()
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com/?type=sc&ts=1384618829&from=cor&uid=WDCXWD3200BEVT-80A0RT0_WD-WXK1A508729787297
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - C:\Program Files (x86)\vShare.tv plugin\vshareplg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [ncdghcmanhfigpijjllopocpcnjffkhl] - C:\Users\giac\AppData\Local\Temp\crxED4.tmp [Not Found]
R2 Service Mgr InternetProgram; C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe [549624 2015-02-06] ()
R2 Update Mgr InternetProgram; C:\Program Files (x86)\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.exe [351992 2015-02-06] ()
C:\Users\giac\Documents\!Decrypt-All-Files-enhhabk.bmp
C:\ProgramData\sxtiytg.html
C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9
Task: {07C1F813-69B0-464E-BB0C-F370684EAC06} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: {0E5E4B2A-35C6-46BF-B3D4-AEA4D5B4EBAC} - System32\Tasks\{90788573-3B62-487D-8D2B-416869A502C9} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.7.0.102&amp;LastError=12007
Task: {2FF380CA-2098-4D66-A739-F39BE126C893} - System32\Tasks\{18A7B1CA-BF5E-4330-8477-4AD4AF7FE883} => pcalua.exe -a "C:\Program Files (x86)\Asus\Game Park\Smileyville FREE\Uninstall.exe" -c "C:\Program Files (x86)\Asus\Game Park\Smileyville FREE\install.log"
Task: {3E1EBA3C-24A1-43F4-8049-425D21E831B4} - System32\Tasks\BonanzaDealsUpdate => C:\Program <==== ATTENTION
Task: {4A3151C0-92BA-417A-9CA8-AB585EA580CF} - System32\Tasks\Bonanza => C:\Users\giac\AppData\Roaming\Bonanza\UpdateProc\UpdateTask.exe [2013-04-30] () <==== ATTENTION
Task: {54C25362-7E7F-4942-80C0-D206DE7A871C} - System32\Tasks\{3CB43A20-2AD0-4772-8363-E920AA5742B3} => pcalua.exe -a "D:\splinter cell\scc_spolszczenie.exe" -d "D:\splinter cell"
Task: {5582BF2B-09A6-46A7-97F7-9BA302C5E83E} - System32\Tasks\Digital Sites => C:\Users\giac\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {5745078B-257B-46C6-9EE1-FFEBC7316745} - System32\Tasks\{1025BAEC-8C0E-4836-8EF1-914B1C8E4502} => pcalua.exe -a C:\Users\giac\Downloads\jxpiinstall(2).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5AAB28D3-183D-4CCA-A31C-945ABEC9B2B4} - System32\Tasks\{CB3F0307-4AA7-441C-8B00-A13D88D96961} => pcalua.exe -a "C:\Program Files (x86)\Asus\Game Park\Chicken Invaders 2\Uninstall.exe" -c "C:\Program Files (x86)\Asus\Game Park\Chicken Invaders 2\install.log"
Task: {6E1DE932-6C31-4584-9B87-07F94F0BAD86} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: {82C6552E-7CA0-4FDA-8087-37B36CAB67E9} - System32\Tasks\{1FA886E1-9B1B-4013-86AE-395229517AB4} => Iexplore.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.3.0.120.259&amp;LastError=2
Task: {85138064-2EEC-405E-91BF-1F42C880B6D2} - System32\Tasks\{1A559170-90D7-47C4-9261-35E9B3F10276} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.10.0.116&amp;LastError=12007
Task: {87C47A00-79CA-4E52-85F2-3F719623B440} - System32\Tasks\Update Bonanza => C:\Users\giac\AppData\Roaming\UpdateBonanza\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {9091E90D-ABB8-4975-A6F0-45FD48DC5D15} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {9D4A5056-9A4C-4E0B-A76E-6438277D4E79} - System32\Tasks\{EA2A6A09-3014-4275-B17F-2CC3F506CACB} => Firefox.exe http://ui.skype.com/ui/0/5.10.0.116/pl/abandoninstall?page=tsMain
Task: {A16A8BCC-8AF0-4276-9372-CA4BDC225CC0} - System32\Tasks\P4GIntlCtrl => C:\Program Files\P4G\IntlCtrl.exe [2009-09-23] (TODO: <Company name>)
Task: {A7FBF25F-5DD6-45DC-8695-8A38F60A3227} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-09-24] ()
Task: {B44E1BD5-F3FE-40BB-A07A-4F7CCBFCDFDD} - System32\Tasks\{E17ADD67-F99B-4DA8-84E9-C2B423D209C0} => pcalua.exe -a C:\Users\giac\Downloads\jxpiinstall(5).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {CAF5669A-5B8A-4993-89A0-F406C425D8BD} - System32\Tasks\{66914176-F3D9-4F07-A469-EB214DB6D12B} => pcalua.exe -a "C:\Program Files (x86)\Team17\Worms Ultimate Mayhem\Redist\vcredist_x86.exe" -d "C:\Program Files (x86)\Team17\Worms Ultimate Mayhem\Redist"
Task: {CD509BBA-6A9F-4478-9352-3A0D6961CE40} - System32\Tasks\{9B169ADA-4317-4FD6-ADA2-7B1780DBA145} => pcalua.exe -a C:\WINDOWS\ISUN0415.EXE -c -f"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0 CE\NT\Uninst.isu" -c"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0 CE\NT\Uninst.dll"
Task: {CD9F6169-2425-4979-A22F-C0C7D74CB238} - System32\Tasks\{7D75BE6E-C465-4516-B651-90187E1F8E45} => pcalua.exe -a F:\setupSNK.exe -d F:\
Task: {E0DF4371-E452-494B-AE6D-BAD3642DC889} - \SidebarExecute No Task File <==== ATTENTION
Task: {E541619C-3482-4838-B67A-841068CE9312} - System32\Tasks\{EC2433CE-E4BD-4186-9CC8-EA00C70D7809} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {EBB73629-0CA9-4552-A7EB-5EFC735656FD} - \vwrbmzi No Task File <==== ATTENTION
Task: {FCF4303F-2BE9-4AA3-AF75-8EDB4C6156BB} - System32\Tasks\DSite => C:\Users\giac\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Bonanza.job => C:\Users\giac\AppData\Roaming\Bonanza\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\giac\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\giac\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Update Bonanza.job => C:\Users\giac\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
CMD: netsh advfirewall reset
EmptyTemp:

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Fix,po wykonaniu pokaż raport z tego działania.

Odinstaluj:
Adobe Flash Player 16 NPAPI
FlvPlayer
Internet Program
McAfee Security Scan Plus
Update for Image Editor
Update_for_BonanzaDeals
Video Download Converter
vShare.tv plugin 1.3
VshareComplete

W przeglądarce Firefox

Otwórz menu w górnym rogu po prawej stronie > otwórz menu pomoc oznaczone czerwoną ramką.

[Aby zobaczyć linki, zarejestruj się tutaj]


Informacje dla pomocy technicznej > Zresetuj program Firefox. Reset nie naruszy zakładek i haseł.

Google Chrome

Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję "Zresetuj ustawienia przeglądarki".

Ściągnij program

[Aby zobaczyć linki, zarejestruj się tutaj]

kliknij Szukaj i następnie Usuń
Pokaż raport z niego.

Zrób nowe logi i przedstaw z FRST.txt > Addition.txt > Shortcut.txt

Jeśli te dane są istotne z tej lokalizacji:

C:\Users\giac\Downloads\list.TXT.enhhabk
C:\Users\giac\Downloads\Zgoda na wysy kPIT-11 drogelektroniczn _encrypted_.PDF.enhhabk
C:\Users\giac\Desktop\cv agnieszka.DOC.enhhabk
C:\Users\giac\Desktop\Nowa_Umowa_Zlecenia58213_Cucinella_Agnieszka - signed.PDF.enhhabk
C:\Users\giac\Desktop\Aneks_Cucinella_Agnieszka - signed(1).PDF.enhhabk
C:\Users\giac\Downloads\Aneks_Cucinella_Agnieszka - signed.PDF.enhhabk

To możesz je przenieść na inną partycje,być może kiedyś będzie dekoder.

sowka92

08.02.2015, 20:21
dziekuje za szybka odpowiedz.
raport fixlist:

[Aby zobaczyć linki, zarejestruj się tutaj]


raport adw:

[Aby zobaczyć linki, zarejestruj się tutaj]


nowe logi
FRST

[Aby zobaczyć linki, zarejestruj się tutaj]

Addition

[Aby zobaczyć linki, zarejestruj się tutaj]

Shortcut

[Aby zobaczyć linki, zarejestruj się tutaj]


pozdrawiam

tachion

12.02.2015, 21:50
Do notatnika wklej i zapisz jako fixlist.txt

Kod:
DeleteKey: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
FF Plugin-x32: @VideoScavenger_1e.com/Plugin -> C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\NP1eStub.dll No File
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
RemoveDirectory: C:\AdwCleaner
CMD: del /q /s C:\*enhhabk*
EmptyTemp:

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Fix,po wykonaniu pokaż raport z tego działania.

Zainstaluj Adobe Flash Player

[Aby zobaczyć linki, zarejestruj się tutaj]

ofertę opcjonalną Mcafee odhacz
SafeGroup > Bezpieczeństwo > Pomoc po zainfekowaniu > Trojan, brak ikonek