marekublade Opublikowano 12 Marca 2015 Zgłoś Udostępnij Opublikowano 12 Marca 2015 Witam, mam problem z przeglądarkami w każdej ustawia się strona startowa ominboxes.com i nie da się tego usunąć, korzystałem z narzędzi ze strony bleepingcomputer.com (adwcleaner,roguhkiller,JTR) niestety nie dały rady. Załączam obowiązkowe logi: GMER.txt FRST.txt Addition.txt Shortcut.txt Odnośnik do komentarza
picasso Opublikowano 17 Marca 2015 Zgłoś Udostępnij Opublikowano 17 Marca 2015 Obecnie przekierowania Omnibox widać tylko w Google Chrome. Był tu używany także ComboFix... Działania do przeprowadzenia: 1. Przez Panel sterowania odinstaluj stare wersje i zbędniki: Adobe Flash Player 16 NPAPI, Adobe Shockwave Player 12.1, Akamai NetSession Interface, Java 7 Update 67, Java 8 Update 25. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: CHR HKLM\SOFTWARE\Policies\Google: Policy restriction CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=1425494452&from=obw&uid=ST3500413AS_Z2A7FQ7PXXXXZ2A7FQ7P" CHR DefaultSearchKeyword: Default -> omniboxes CHR HKLM-x32\...\Chrome\Extension: [ahllmicjfilnopfmpmokidfabdacfkpi] - C:\ProgramData\Bcool\ahllmicjfilnopfmpmokidfabdacfkpi.crx [Not Found] FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File FF Plugin HKU\S-1-5-21-3251776730-861767313-4254609882-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File HKU\S-1-5-21-3251776730-861767313-4254609882-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-3251776730-861767313-4254609882-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} URLSearchHook: HKU\S-1-5-21-3251776730-861767313-4254609882-1000 - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File SearchScopes: HKU\S-1-5-21-3251776730-861767313-4254609882-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - No File Handler: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - No File HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe HKU\S-1-5-21-3251776730-861767313-4254609882-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasementDuster => ""="service" S3 MEMSWEEP2; C:\Windows\system32\3901.tmp [6144 2009-06-18] (Sophos Plc) [File not signed] U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-05] () U3 albxpmi3; No ImagePath S3 andnetadb; System32\Drivers\lgandnetadb.sys [X] S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X] S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X] S3 andnetndis; system32\DRIVERS\lgandnetndis64.sys [X] S3 appliandMP; system32\DRIVERS\appliand.sys [X] S2 ATE_PROCMON; \??\C:\Program Files (x86)\Anti Trojan Elite\ATEPMon.sys [X] S3 ATSZIO; \??\C:\Program Files (x86)\ASUS\ASUS PC Diagnostics\ATSZIO64.sys [X] S2 BasementDuster; C:\Program Files (x86)\IGS\BasementDuster.exe [X] S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S0 fsned; system32\drivers\bbcqq.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X] S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO64.SYS [X] S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] U2 TMAgent; No ImagePath S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 usbbus; system32\DRIVERS\lgx64bus.sys [X] S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X] S3 USBModem; system32\DRIVERS\lgx64modem.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S3 vserial; System32\DRIVERS\vserial.sys [X] S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X] S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [X] S0 zhhh; system32\drivers\emeqb.sys [X] Task: {08F20D13-4690-4FC1-91C2-835CA17F784A} - System32\Tasks\{DD2ADB99-A079-4391-ADA9-6304C9F26FFE} => pcalua.exe -a C:\LGE400\USB_Driver\LG_SmartPhone\LGWindowsMobile_USBDriver_WHQL_ML_Ver_1.0.exe -d C:\LGE400\USB_Driver\LG_SmartPhone Task: {17A79EF3-7E4C-4B2D-8C07-E5ED82ADC51C} - System32\Tasks\{02C4D9D8-33BF-49FD-A366-ACA003139FDE} => pcalua.exe -a C:\Users\Marek\Downloads\AutodeskDesignRevSetup(1).exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {18B249CF-88D6-4CB1-ACB9-3C69326C220D} - System32\Tasks\{D71B946D-AE97-437E-AB40-FE5482C62F72} => pcalua.exe -a H:\RGSC\setup.exe -d H:\RGSC Task: {1C309FD6-D0B9-4B7E-A15A-CE8A743DA69C} - System32\Tasks\{60FEDB73-3B5A-40DA-AAC7-60A4EDAC31BE} => pcalua.exe -a C:\Users\Marek\Desktop\LiveSuitPack_1.11\LiveSuitPack_1.11\drvinstaller_X86.exe -d C:\Users\Marek\Desktop\LiveSuitPack_1.11\LiveSuitPack_1.11 Task: {1E296070-4AE2-476A-B145-BE85FAC337C3} - System32\Tasks\{C9EAA7F7-692B-4B00-AACD-5456C25D86D3} => pcalua.exe -a "C:\Users\Marek\tadeusza\kopia kartaMSD\Achicad15_PL\ArchiCAD 15\Setup.exe" -d "C:\Users\Marek\tadeusza\kopia kartaMSD\Achicad15_PL\ArchiCAD 15" Task: {1E633E3B-D70E-429D-8AD9-F4E418841244} - System32\Tasks\{C1105FE9-91FE-46AC-A8B8-2DFED467AAD7} => pcalua.exe -a D:\Setup.exe -d D:\ Task: {206AB8BF-B78C-4E89-86FB-0BA6CE7B5183} - System32\Tasks\{6D8FBAE8-EF73-4C15-ACA2-CF8722532925} => pcalua.exe -a C:\Users\Marek\Downloads\Sims3EP10\Sims3EP10\Sims3EP10Setup.exe -d C:\Users\Marek\Downloads\Sims3EP10\Sims3EP10 Task: {216E8A22-E8F1-4975-8D93-6C2A08326FF4} - System32\Tasks\{953D42B0-83D8-4ED3-B06F-1740FAA41902} => pcalua.exe -a C:\Users\Marek\Downloads\AC9-2172.exe -d "C:\Program Files\Graphisoft\ArchiCAD 15" Task: {222B3FA3-5036-4456-8F50-759401E9518D} - System32\Tasks\{8F129C33-F3CF-40C4-82F8-A713F2562375} => pcalua.exe -a "C:\Program Files (x86)\TornPlusTV_version1.11\UninstallBrw.exe" -d "C:\Program Files (x86)\TornPlusTV_version1.11" Task: {2AD44A90-0CC7-4C22-B8BC-1B030897E43C} - System32\Tasks\{6A0EE277-B121-43EA-8925-CA087E2945B4} => pcalua.exe -a "C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\spolszczenie GTA 4 0.97b.exe" -d "C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV" Task: {30B62D51-C4B5-4CFD-9FCB-5F5B092AD01D} - System32\Tasks\{383F8D4C-6311-46D9-A503-FD199FF77807} => pcalua.exe -a C:\Users\Marek\Downloads\nor4full\nor4full\Setup.exe -d C:\Users\Marek\Downloads\nor4full\nor4full Task: {37C428CC-CA5E-4072-9813-E0D0B23AE4B2} - System32\Tasks\{CAE3FC35-FC83-4925-912A-2AD2184496EB} => pcalua.exe -a "C:\Users\Marek\tadeusza\kopia kartaMSD\Achicad15_PL\ArchiCAD 15\ArchiCAD 15-Win64\archive.exe" -d "C:\Users\Marek\tadeusza\kopia kartaMSD\Achicad15_PL\ArchiCAD 15\ArchiCAD 15-Win64" Task: {39D8AD39-648D-46E1-9847-A1E1236B4CE1} - System32\Tasks\{0885A0E0-9032-48DD-81D7-269709935185} => pcalua.exe -a "C:\Program Files (x86)\Samsung\Kies\KiesDriverInstaller.exe" -d "C:\Program Files (x86)\Samsung\Kies" Task: {3C97B31E-8B19-47D9-9667-7FD2AD4943A8} - System32\Tasks\{F678BBD6-D866-4504-8B20-6D7C6119EA68} => pcalua.exe -a "C:\Users\Marek\Documents\Archicad 15 pl\ArchiCAD 15\ArchiCAD 15-Win64\Setup.exe" -d "C:\Users\Marek\Documents\Archicad 15 pl\ArchiCAD 15\ArchiCAD 15-Win64" Task: {49C1EE6F-0F20-4775-A860-2C8026BEBC5B} - \hdtotal1.3-chromeinstaller No Task File Task: {4CF90ABA-19FB-413A-8C5E-5FC47F0BBC5E} - System32\Tasks\{C93A41AD-E21C-4768-B432-632ECAA6846D} => pcalua.exe -a C:\Users\Marek\Downloads\Second_Life_Setup.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {50CC78FF-6186-4524-AE7F-1A9DB5AEEC14} - System32\Tasks\{CAB4599B-DBE6-4E9F-B6F0-34442F762910} => pcalua.exe -a "C:\Program Files (x86)\Samsung\Kies\KiesDriverInstaller.exe" -d "C:\Program Files (x86)\Samsung\Kies" Task: {52BE1C64-C26E-4EDD-8A88-192DDF37D836} - System32\Tasks\{6AA1B680-C346-4410-AD1F-11DDE7B0B54F} => C:\Program Files (x86)\Concilio\ProjectFuture\projectfuture.exe Task: {68D8FBC5-8C7E-4CDD-8041-B7729B18CB87} - System32\Tasks\{D3FCEDEB-8DB0-4D98-B3C8-3CB9D39BA019} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -c -runfromtemp -l0x0015 -removeonly Task: {6A7EE5EA-8184-4B70-8B05-44CFF1AA9626} - System32\Tasks\{1EE6F774-B12D-40EF-B995-754B3D224B7F} => pcalua.exe -a C:\Users\Marek\Downloads\Flash_Disinfector.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {6E4DE8AC-987B-4017-9CAC-43C5B59E99D5} - System32\Tasks\{CE222A91-2952-46BC-A751-725498793F43} => pcalua.exe -a C:\instalatory\programy\IVT.BlueSoleil.v6.4.249.0.Incl.Keymaker\IVT.BlueSoleil.v6.4.249.0.Incl.Keymaker\install\setup.exe -d C:\instalatory\programy\IVT.BlueSoleil.v6.4.249.0.Incl.Keymaker\IVT.BlueSoleil.v6.4.249.0.Incl.Keymaker\install Task: {795CA726-7113-41F0-A020-CF4CD47922CD} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe Task: {7B4F158A-F0AE-4052-9511-C5C5D180539E} - System32\Tasks\{5189E901-8899-4B9D-B02F-CF518C04C5C3} => pcalua.exe -a "C:\instalatory\programy\stery do tv\DirectX\dx9install.exe" -d "C:\instalatory\programy\stery do tv\DirectX" Task: {8193B431-08A2-4A89-808C-72922A8D47B9} - System32\Tasks\{95D927FD-4B7B-44C3-9ED6-D7ED9E8C169E} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/pl/abandoninstall?page=tsMain Task: {829C5D4A-1897-4FA0-BE7E-933D7FE33968} - \hdtotal1.3-enabler No Task File Task: {83EFCDAA-CCBF-4A62-86E9-C79BEF057324} - System32\Tasks\{C3ABCCEE-F216-4136-AE4D-9DB02F53ABAE} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="2M0K-K085-4W59-U5LW-585P-W083-MM85-1Z8L-257X-66XA-TC3T-K1M8-3204-2A2C-5T2C-2408-4W3C-6482" Task: {84101856-1EB2-4C0F-9D1C-FA165785B408} - System32\Tasks\{1C79DFE8-4301-4BDE-940C-40257101A229} => pcalua.exe -a "C:\Program Files (x86)\Combined Community Codec Pack\Filters\madVR\InstallFilter.exe" -d "C:\Program Files (x86)\Combined Community Codec Pack\Filters\madVR" Task: {871187CE-ADA5-41F2-9E00-4B727DF9C226} - System32\Tasks\{57573279-914B-4833-8628-F5CCD446E132} => pcalua.exe -a "C:\Program Files (x86)\HDDGURU LLF Tool\unins000.exe" -d "C:\Program Files (x86)\HDDGURU LLF Tool" Task: {8CE9278D-FAB4-4F5E-8D8F-DE014B6227D5} - \hdtotal1.3-codedownloader No Task File Task: {9E23C915-11AD-47F4-9EC5-1C1363838720} - System32\Tasks\{55445773-79E0-4EC3-8CC8-AD3A3A0B0BE9} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{7E19B002-4CA3-4C9F-BA92-91D101B97219}\setup.exe" -c -runfromtemp -l0x0009 -removeonly Task: {A5B4CED1-8847-4194-B001-DCD3F75B6C51} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3251776730-861767313-4254609882-1000 Task: {B05B7162-F070-412A-AF43-BA342DC153A0} - System32\Tasks\{6703D721-F800-4CF7-BC1D-22F39B830235} => pcalua.exe -a "Q:\gry i programy\antymalware\sar_15_sfx.exe" -d "Q:\gry i programy\antymalware" Task: {B466D0BA-E4B2-4534-BF37-D1D396F68473} - \hdtotal1.3-updater No Task File Task: {C373681C-C9C1-4370-BC5F-9A1A6EEF73CE} - System32\Tasks\{A34D8324-5C67-4278-9C18-5CBCCCD9DEDC} => C:\Program Files (x86)\Concilio\ProjectFuture\projectfuture.exe Task: {C8FE7D71-7FA1-4746-B05A-1541F1E0DBA6} - System32\Tasks\{EBC13C0C-79CD-4675-8E05-4CCC9FC40977} => pcalua.exe -a "C:\Program Files (x86)\The SIMS 4 Deluxe Edition\__Installer\vp6\vp6install.exe" -d "C:\Program Files (x86)\The SIMS 4 Deluxe Edition\__Installer\vp6" Task: {CA3E3153-A271-4414-91BB-ECBDC4DAFE69} - System32\Tasks\{5852168C-8337-4D69-90AA-8864BF9D5495} => C:\Program Files (x86)\Dziobas Rar Player\DziobasPlayer.exe Task: {CC549727-BE44-4552-A46A-8A4F3659E141} - System32\Tasks\{44E91F80-513D-432F-A858-BE58D06BB4AF} => C:\Program Files (x86)\iPlus\iPlusManager.exe Task: {CD74A4A6-3202-493A-A828-D5F442A7E883} - System32\Tasks\{D5616665-48F2-461B-A18D-D43DECEFDDFF} => pcalua.exe -a D:\Portable.Adobe.Photoshop.CS4-PL\PhotoshopPortable.exe -d D:\Portable.Adobe.Photoshop.CS4-PL Task: {CE8A146F-3D1A-4F84-BED8-BA7BCACAEE54} - System32\Tasks\{381A7BB8-1770-4944-ACD0-8D1B7E534A1C} => C:\Program Files (x86)\KryptoANSI\KryptoANSI.exe Task: {D39596FD-E820-4EFE-BAE2-005F461306C4} - System32\Tasks\{D8220155-1EC4-4B00-A4EF-64752FFCAFED} => C:\Program Files (x86)\KryptoANSI\KryptoANSI.exe Task: {D667EBB4-E48B-4B66-BB4B-496102BBC695} - System32\Tasks\{6F9F6ACA-2BC2-4169-93D1-7F019752CE16} => pcalua.exe -a "C:\Program Files (x86)\Combined Community Codec Pack\madVR\InstallFilter.exe" -d "C:\Program Files (x86)\Combined Community Codec Pack\madVR" Task: {D8FF207C-78C8-4BBB-BFDD-342028082D87} - System32\Tasks\{78902D5B-13CF-4C59-B0DF-3624594BB45D} => pcalua.exe -a "C:\Program Files (x86)\Audials\Audials 10\AudialsWebInstaller.exe" -d "C:\Program Files (x86)\Audials\Audials 10" Task: {DF528FED-40A0-4A34-89CB-A436FD65DB76} - \PandaUSBVaccine No Task File Task: {E0282C77-C540-4C52-9BA4-03F56A712122} - System32\Tasks\{AAA19B20-6EFF-4158-821D-E2B361A1A2BB} => pcalua.exe -a "C:\Program Files (x86)\Torntv V9.0\Uninstall.exe" -c /fromcontrolpanel=1 Task: {E2D6CF48-73EC-4BA5-BFFA-3033906C2823} - \hdtotal1.3-firefoxinstaller No Task File Task: {E2DF7DB9-8D61-4709-A525-F3D94CE22F29} - System32\Tasks\{B7C0AE89-C6B8-4ADD-BD70-16D27A2821BC} => pcalua.exe -a I:\wyk\Instaluj.exe -d I:\wyk Task: {E3834461-5543-4ADF-8CE8-92888A82D2EB} - System32\Tasks\{234B74DB-ADB2-4535-8CFA-0BCD5742312C} => C:\instalatory\programy\IVT.BlueSoleil.v6.4.249.0.Incl.Keymaker\IVT.BlueSoleil.v6.4.249.0.Incl.Keymaker\install\setup.exe Task: {E5E98EA4-CC59-42AD-9ED4-E4EAA13E9B01} - System32\Tasks\{541C7703-F1EA-4FC1-8BE2-CCE302FC9AD3} => pcalua.exe -a C:\Users\Marek\Downloads\PhotoScapeSetup_V3.0.exe -d "C:\Program Files (x86)\Mozilla Firefox" Task: {E9007F25-D992-476B-BF50-E27FCFDED0E3} - System32\Tasks\{F7AE00DC-16D0-4D81-855B-3DC19C25CC8E} => pcalua.exe -a "C:\Users\Marek\tadeusza\kopia kartaMSD\Achicad15_PL\ArchiCAD 15\ArchiCAD 15-Win64\Setup.exe" -d "C:\Users\Marek\tadeusza\kopia kartaMSD\Achicad15_PL\ArchiCAD 15\ArchiCAD 15-Win64" Task: {FAA9AB2A-9D4D-4D36-8E4D-DA25EE666D07} - System32\Tasks\{E89746D9-5A43-4694-BBC0-5726DB179D8D} => pcalua.exe -a C:\Users\Marek\Fasttrack.Schedule.10.0.1.Build.5000-ENGiNE\Fasttrack.Schedule.10.0.1.Build.5000-ENGiNE\FastTrack_Schedule_10_Install.exe -d C:\Users\Marek\Fasttrack.Schedule.10.0.1.Build.5000-ENGiNE\Fasttrack.Schedule.10.0.1.Build.5000-ENGiNE C:\ProgramData\bdinstall.bin C:\ProgramData\svcnet2.cfg C:\ProgramData\svcnet2.inc C:\ProgramData\svcnet2.txt C:\ProgramData\Malwarebytes Anti-Exploit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GRID 2.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AquaSoft C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike 1.6 v23 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disney Interactive Studios C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Low Level Format Tool C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NSS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planista 6.3 demo C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planista 6.5 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Planista BD 2008 edukacyjny C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Szkola podstawowa klasa 4-6 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Szkola podstawowa klasa 5 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoMate C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks C:\ProgramData\Orbit C:\Users\Marek\storage.dat C:\Users\Marek\AppData\Local\BvCVTAfEFLcTfo5q2WAdGHVdWD496UF3Ia1 C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Preferences C:\Users\Marek\AppData\Local\setup.txt C:\Users\Marek\AppData\Roaming\bitlord_log.txt C:\Users\Marek\AppData\Roaming\PT C:\Users\Marek\AppData\Roaming\VJ C:\Users\Marek\AppData\Roaming\WUUQGY C:\Users\Marek\AppData\Roaming\ZNJT C:\Users\Marek\AppData\Roaming\Autodesk\AutoCAD 2012 - English C:\Users\Marek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk C:\Users\Marek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk C:\Users\Marek\AppData\Roaming\Microsoft\Office\Niedawny\*.LNK C:\Users\Marek\AppData\Roaming\Microsoft\Windows\SendTo\Dokumenty na Marek Urządzenie.LNK C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft C:\Users\Marek\AppData\Roaming\Microsoft\Word\Dok3304048411848414037\Dok3.docx.lnk C:\Users\Marek\AppData\Roaming\Orbit C:\Users\Marek\AppData\Roaming\Origin\update.vbe C:\Users\Marek\Desktop\Emilka\Muzyka Emilki\Sigma - Nobody To Love.mp3 — skrót.lnk C:\Users\Marek\Desktop\Pulpit\Assassin's Creed IV - Black Flag.lnk C:\Users\Marek\Desktop\Pulpit\Borderlands 2.lnk C:\Users\Marek\Desktop\Pulpit\FlashGet3.lnk C:\Users\Marek\Desktop\Pulpit\Grand Theft Auto IV.lnk C:\Users\Marek\Desktop\Renualda Emilson\stare.lnk C:\Users\Marek\Desktop\Renualda Emilson\taniec.lnk C:\Users\Marek\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - English\Default.ipj.lnk C:\Users\Marek\Graphisoft\BIMx dla ArchiCADa 15.lnk C:\Users\Marek\Saved Games\League of Legends\League of Legends.lnk C:\Users\Marek\tadeusza\Documents\Open_Workbench_tutorial.pdf — skrót.lnk C:\Users\Marek\tadeusza\at nie dotykać\w_prot+koszt_firmy\URB\urb_twarda\CDBurnerXP.lnk C:\Windows\system32\3901.tmp C:\Windows\system32\BasementDusterOff.ini C:\Windows\system32\Drivers\2785510A.sys C:\Windows\system32\Drivers\TrueSight.sys C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 C:\Windows\SysWOW64\BasementDuster.ini C:\Windows\SysWOW64\BasementDusterOff.ini Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. W Google Chrome: Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Zresetuj ustawienia przeglądarki. Zakładki i hasła nie zostaną naruszone. Ustawienia > karta Ustawienia > sekcja Wyszukiwanie > klik w Zarządzanie wyszukiwarkami > skasuj z listy omniboxes oraz inne niedomyślne śmieci (o ile będą). Zresetuj cache wtyczek. W pasku adresów wpisz chrome://plugins i ENTER. Na liście wtyczek wybierz dowolną i kliknij Wyłącz. Następnie wtyczkę ponownie Włącz. 4. Zrób nowy log FRST z opcji Scan, zaznacz ponownie pole Addition. Dołącz też plik fixlog.txt. Odnośnik do komentarza
marekublade Opublikowano 20 Marca 2015 Autor Zgłoś Udostępnij Opublikowano 20 Marca 2015 OK zrobione dziekuję dołaczam ostaeczne logi: FRST.txt Fixlog.txt Addition.txt Odnośnik do komentarza
picasso Opublikowano 20 Marca 2015 Zgłoś Udostępnij Opublikowano 20 Marca 2015 Wszystko zrobione. Drobne poprawki do wdrożenia. Do Notatnika wklej: BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll No File S3 cpuz138; \??\C:\Users\Marek\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\FRST\Quarantine RemoveDirectory: C:\KVRT_Data RemoveDirectory: C:\ProgramData\TEMP Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Akamai NetSession Interface" /f Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Przedstaw wynikowy fixlog.txt. Odnośnik do komentarza
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się