Wirus coupextension

[ado2307]

Witam! Posiadam wirus CoupExtension i nie wiem jak go usunąć. Nie ma nic w panelu sterowania jak i w "program files" nie ma dziwnych folderów.

Posiadam natomiast jakieś skany. Są w załącznikach.

Jestem zielony w tych logach itd ,prosiłbym o pomoc krok po kroku. Z góry dziękuję za pomoc !

[ordynat]

1) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.

2) Otwórz Notatnik i wklej w nim:

Task: {0AB3EB64-BED1-466F-9F61-7B3E4E6ABF82} - System32\Tasks\{BBD99E24-AEF7-400D-A6AC-0C04E73C1999} => pcalua.exe -a C:\Users\Dom\Desktop\Pobrane\IN1CHP49WW1.exe -d C:\Users\Dom\Desktop\Pobrane
Task: {19A110CF-17B7-4635-AB1E-ACB5589924FC} - System32\Tasks\{F0D16CC3-05A1-40AF-900B-F793E60CA2E8} => pcalua.exe -a C:\Users\Dom\Desktop\Pobrane\IN1CHP36WW5.exe -d C:\Users\Dom\Desktop\Pobrane
Task: {32E714A2-EB57-4B74-89BE-AFE34DDDEF2C} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{880264d0-6939-77be-8802-264d06939341}\trainz-railroad-simulator-2006.exe <==== ATTENTION
Task: {42CE829B-3CFA-46BD-A6BC-32D1BDD21CB0} - System32\Tasks\{D71FB6CB-6EC6-442B-A473-082671749837} => pcalua.exe -a D:\setup.exe -d D:\
Task: {6C8BA221-92DB-4700-9018-358A13335A67} - System32\Tasks\{875A489F-14ED-433A-BE62-C63EE641B862} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{2628FF13-AAAF-44EF-8907-8F97358051A6}\setup.exe" -c -runfromtemp -l0x0015 -removeonly
Task: {860BDFC9-74BF-4BEB-92F9-99DB48EA8AE7} - System32\Tasks\PennyBee => C:\Users\Dom\AppData\Roaming\PennyBee\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Dom\AppData\Roaming\PennyBee
Task: {A5853786-724C-4F4F-9F2B-34C1ABC45748} - System32\Tasks\{521701D8-1D41-4760-8E0A-A58387B315AE} => pcalua.exe -a "C:\Users\Dom\Desktop\Zuma Deluxe - Pełna Wersja (1).exe" -d C:\Users\Dom\Desktop
Task: {C45BC6B2-76F5-419D-8D8C-E68157B6E184} - System32\Tasks\{378BE812-06F7-4FE5-8B9E-AB717EDEDD2B} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\The Sims 2\EAUninstall.exe"
Task: {DC6C22F2-E910-45A4-B7E5-73CB844D20A0} - System32\Tasks\{79AB60E2-5198-474F-9B17-8E056CA640CB} => pcalua.exe -a C:\Users\Dom\Desktop\ \Private\Pobrane\cenega_poland_colonize101pl.exe -d C:\Users\Dom\Desktop\ \Private\Pobrane
Task: {E246D2C8-1562-48AB-B9AF-232C694F0C01} - System32\Tasks\{B8BDC349-F6C1-4AFA-BA2F-DB69D4C62C09} => pcalua.exe -a "C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization IV Colonization\civ4colonPL.exe" -d "C:\Program Files (x86)\Firaxis Games\Sid Meier's Civilization IV Colonization"
Task: {EF393FAC-A3B5-4A51-A573-025E3C79196A} - System32\Tasks\{E1F6CD98-27D7-4676-9CC5-7A92DC7D9DEA} => pcalua.exe -a "C:\Users\Dom\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {F37E016E-75C4-4922-B6C5-300E32D3B57D} - System32\Tasks\{A3E63324-D30D-4B8C-8EA7-5EF1757A6823} => pcalua.exe -a C:\Users\Dom\Desktop\ \Private\Pobrane\civ4colonPL.exe -d C:\Users\Dom\Desktop\ \Private\Pobrane
Task: {F642CD99-2C64-4F3F-BD2B-7B5EF96E375A} - System32\Tasks\{DA0C54B4-705B-4293-913A-D5018AFBD2DB} => pcalua.exe -a "C:\Users\Dom\Desktop\Pobrane\Warcraft III Frozen Throne - PL.exe" -d C:\Users\Dom\Desktop\Pobrane
Task: C:\Windows\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{880264d0-6939-77be-8802-264d06939341}\trainz-railroad-simulator-2006.exe <==== ATTENTION
Task: C:\Windows\Tasks\GuitarBuddy.job => c:\programdata\{dae118f6-1b9d-6a34-dae1-118f61b963d8}\3521545306418519160c.exe <==== ATTENTION
Task: C:\Windows\Tasks\PortEjector.job => c:\programdata\{af2256ae-06f6-4119-af22-256ae06f5ab8}\346383452858173955b.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeakerBang.job => c:\programdata\{31b411c5-caf3-c146-31b4-411c5caf4717}\4818156674569154387b.exe <==== ATTENTION
c:\programdata\{af2256ae-06f6-4119-af22-256ae06f5ab8}
c:\programdata\{dae118f6-1b9d-6a34-dae1-118f61b963d8}
c:\programdata\{31b411c5-caf3-c146-31b4-411c5caf4717}
ShortcutTarget: medal of honor allied assault game.lnk -> C:\ProgramData\{4f6f62de-09ad-1d1b-4f6f-f62de09a8b78}\medal of honor allied assault game.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2602477805-140324561-851832763-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1436618044&z=e0864da4e61f6f814d9fa64gaz4c5q7qcg5b9efzam&from=dig2&uid=TOSHIBAXMQ01ABD032_52TFP1TVTXX52TFP1TVT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1436618044&z=e0864da4e61f6f814d9fa64gaz4c5q7qcg5b9efzam&from=dig2&uid=TOSHIBAXMQ01ABD032_52TFP1TVTXX52TFP1TVT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1436618044&z=e0864da4e61f6f814d9fa64gaz4c5q7qcg5b9efzam&from=dig2&uid=TOSHIBAXMQ01ABD032_52TFP1TVTXX52TFP1TVT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1436618044&z=e0864da4e61f6f814d9fa64gaz4c5q7qcg5b9efzam&from=dig2&uid=TOSHIBAXMQ01ABD032_52TFP1TVTXX52TFP1TVT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=sc&ts=1436618044&z=e0864da4e61f6f814d9fa64gaz4c5q7qcg5b9efzam&from=dig2&uid=TOSHIBAXMQ01ABD032_52TFP1TVTXX52TFP1TVT
FF Extension: PrrIcaeMinus - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xpnmtxax.default\Extensions\1d@5.com [2015-07-12]
FF Extension: youtubeadblocker - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xpnmtxax.default\Extensions\bE@7.edu [2015-07-12]
FF Extension: UNIDEalse - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xpnmtxax.default\Extensions\H@kvk.edu [2015-07-12]
FF Extension: UniDealse - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xpnmtxax.default\Extensions\hje6M5Fr3@x.edu [2015-07-12]
FF Extension: UnIDeaalsi - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xpnmtxax.default\Extensions\kPILm1@WO.com [2015-07-12]
FF Extension: JoniCCoupon - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xpnmtxax.default\Extensions\OVPl@6.com [2015-07-12]
FF Extension: ExsttrASAvings - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xpnmtxax.default\Extensions\p@ODlhvQ.com [2015-07-12]
FF Extension: CouppExtensIon - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xpnmtxax.default\Extensions\t@HUzoHKADS.net [2015-07-12]
FF Extension: cioMPuaareItAopplicc - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xpnmtxax.default\Extensions\TMwn@Wg.net [2015-07-12]
FF Extension: NetoCoupoN - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\xpnmtxax.default\Extensions\TnJAq@h2U.edu [2015-07-12]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-11] (DTools LIMITED) <==== ATTENTION
R1 {027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64; C:\Windows\System32\drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys [48784 2015-07-11] (StdLib)
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
C:\Windows\System32\drivers\{027aeb7e-f8c3-4c10-be2c-627699fea100}Gw64.sys
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 SBIOSIO; \??\C:\Users\Dom\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]
S3 zgwhsdiag; system32\DRIVERS\gwhsdiag.sys [X]
S3 zgwhsmdm; system32\DRIVERS\gwhsmdm.sys [X]
S3 zgwhsnmea; system32\DRIVERS\gwhsnmea.sys [X]
C:\Users\Dom\Desktop\ \Private\Programy\pivot\Pivot 3 PL.exe.lnk
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.

----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

.

[ado2307]

Podczas uruchamiania wyskakuje komunikat:
Wersja tego pliku jest niezgodna z wersją używanego systemu windows. Sprawdź w informacjach dotyczących systemu na tym komputerze ,jaka wersja programu jest potrzebna (x86 - 32-bitowa czy x64 - 64 bitowa) ,a następnie skontaktuj się z wydawcą oprogramowania.

Nie wiem co zrobić ,proszę o pomoc.

[ordynat]

Platform: Windows 7 Home Premium Service Pack 1 (X64)

nie rozumiem, w czym problem? Adw-cleaner działa zarówno na 64 bit, jak i na 32 bit.

.

[ado2307]

Adw zadziałał ,nie działa ten "program" z notatnika.

[ordynat]

jak to nie działa - przecież robiłeś logi z niego