Problem z piesearch i yoursites123

[Bojan17]

Proszę o pomoc mam oba te syfy w przeglądarce 

Addition.txt

FRST.txt

[picasso]

Brakuje trzeciego obowiązkowego pliku FRST Shortcut. Na razie więc tylko to:

 

1. Deinstalacje:

- Klawisz z flagą Windows + X > Programy i funkcje > odinstaluj stare wersje Adobe Flash Player 10 Plugin, Adobe Shockwave Player 11.6, Surfing Protection oraz adware Picexa.

- Uruchom narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście wpis Google Update Helper (to fałszywka od adware BonanzaDeals) > Dalej.

- Są tu obiekty niepoprawnie odinstalowanego Kasperskiego. Wejdź w Tryb awaryjny i zastosuj specjalizowany usuwacz Kaspersky Remover. Po jego użyciu opuść Tryb awaryjny.

 

2. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CreateRestorePoint:
R2 IhPul; C:\Users\hp-pc\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: )
R2 WdMan; C:\ProgramData\BWdMB\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [brak podpisu cyfrowego]
S3 USBPNPA; \SystemRoot\system32\drivers\CM10864.sys [X]
S3 xhunter1; \??\C:\WINDOWS\xhunter1.sys [X]
ShortcutWithArgument: C:\Users\hp-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069 
ShortcutWithArgument: C:\Users\hp-pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\hp-pc\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069 
ShortcutWithArgument: C:\Users\hp-pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Users\hp-pc\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069 
ShortcutWithArgument: C:\Users\hp-pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069 
GroupPolicy: Ograniczenia - Chrome 
CHR HomePage: Default -> hxxp://s.piesearch.com/?type=chhp
CHR StartupUrls: Default -> "hxxp://www.yoursites123.com/?type=hp&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069"
CHR HKLM\...\Chrome\Extension: [ljnfelhdldlokjkohcmjpogkdjgbgjpj] - C:\Users\hp-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj.crx [2015-09-23]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-20]
CHR HKLM-x32\...\Chrome\Extension: [ljnfelhdldlokjkohcmjpogkdjgbgjpj] - C:\Users\hp-pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljnfelhdldlokjkohcmjpogkdjgbgjpj.crx [2015-09-23]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420130684&from=cor&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420130684&from=cor&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420130684&from=cor&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1420130684&from=cor&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069&q={searchTerms}
HKU\S-1-5-21-992244858-3240562333-631018476-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069
HKU\S-1-5-21-992244858-3240562333-631018476-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1430997646&from=wpm05073&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069&q={searchTerms}
HKU\S-1-5-21-992244858-3240562333-631018476-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069
SearchScopes: HKLM -> {FDFEEB45-4A6B-4A30-8B24-494E19ECF4A8} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {FDFEEB45-4A6B-4A30-8B24-494E19ECF4A8} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-992244858-3240562333-631018476-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069&q={searchTerms}
SearchScopes: HKU\S-1-5-21-992244858-3240562333-631018476-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449852615&z=683df37ab262c4681593bbag3z2z7t2baweoaq3wem&from=ient07021&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069&q={searchTerms}
SearchScopes: HKU\S-1-5-21-992244858-3240562333-631018476-1001 -> {FDFEEB45-4A6B-4A30-8B24-494E19ECF4A8} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1420130684&from=cor&uid=ST750LM022XHN-M750MBB_S2SUJ9KCB21069
BHO-x32: Maximum Maker -> {9a8e897c-6cf8-4049-b901-7fc2137c4d4f} -> C:\Program Files (x86)\Maximum Maker\Extensions\9a8e897c-6cf8-4049-b901-7fc2137c4d4f.dll => Brak pliku
BHO-x32: Sale Clipper -> {b18906df-1dfa-4d50-8a1f-7d076a8c87b7} -> C:\Program Files (x86)\Sale Clipper\Extensions\b18906df-1dfa-4d50-8a1f-7d076a8c87b7.dll => Brak pliku
BHO-x32: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Users\hp-pc\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll => Brak pliku
BHO-x32: BonanzaDeals -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll => Brak pliku
Toolbar: HKU\S-1-5-21-992244858-3240562333-631018476-1001 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku
CustomCLSID: HKU\S-1-5-21-992244858-3240562333-631018476-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\hp-pc\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-992244858-3240562333-631018476-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\hp-pc\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-992244858-3240562333-631018476-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\hp-pc\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-992244858-3240562333-631018476-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\hp-pc\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-992244858-3240562333-631018476-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\hp-pc\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-992244858-3240562333-631018476-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\hp-pc\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-992244858-3240562333-631018476-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\hp-pc\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-992244858-3240562333-631018476-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\hp-pc\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-992244858-3240562333-631018476-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\hp-pc\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-992244858-3240562333-631018476-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\hp-pc\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
CustomCLSID: HKU\S-1-5-21-992244858-3240562333-631018476-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\hp-pc\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Brak pliku
Task: {1DF239C4-F7F4-4380-B9BA-A136E789529C} - System32\Tasks\{CB8413F8-8656-44F0-984E-C8AAAEB5CCD3} => pcalua.exe -a E:\driver.exe -d E:\
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKU\S-1-5-21-992244858-3240562333-631018476-1001\...\MountPoints2: {9e2a0642-ff32-11e4-bf07-9c2a703a5584} - "F:\LGAutoRun.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Brak pliku
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Brak pliku
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll Brak pliku
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Brak pliku
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Brak pliku
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => Brak pliku
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKCU\Software\Mozilla
DeleteKey: HKCU\Software\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Mozilla
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla
DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org
DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\yoursites123Software
RemoveDirectory: C:\Users\hp-pc\AppData\Roaming\TSv
RemoveDirectory: C:\Program Files (x86)\Picexa
RemoveDirectory: C:\Program Files (x86)\SFK
RemoveDirectory: C:\ProgramData\BWdMB
RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
RemoveDirectory: C:\Users\hp-pc\AppData\Roaming\eCyber
RemoveDirectory: C:\Users\hp-pc\AppData\Roaming\Picexa Viewer
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
C:\WINDOWS\SysWOW64\pl.html
C:\WINDOWS\SysWOW64\pl2.exe
CMD: netsh advfirewall reset
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. Wyczyść Google Chrome:

• Zresetuj synchronizację (o ile włączona): KLIK.
• Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone.

4. Zrób nowy log FRST z opcji Skanuj (Scan), z Addition i Shortcut. Dołącz też plik fixlog.txt.

[Bojan17]

Wykonałem wszystko wygląda to dobrze 

Shortcut.txt

FRST.txt

Fixlog.txt

Addition.txt

[picasso]

Wszystko pomyślnie wykonane. Teraz uruchom AdwCleaner. Wybierz opcję Skanuj i dostarcz log wynikowy z folderu C:\AdwCleaner.

[Bojan17]

Proszę bardzo

AdwCleanerS1.txt

[picasso]

Drobne poprawki. Otwórz Notatnik i wklej w nim:

 

DeleteKey: HKCU\Software\BonanzaDealsLive
DeleteKey: HKCU\Software\InstallCore
DeleteKey: HKCU\Software\Softonic
DeleteKey: HKCU\Software\PRODUCTSETUP
DeleteKey: HKCU\Software\OB
DeleteKey: HKCU\Software\WEBAPP
DeleteKey: HKCU\Software\Reg\Clean
DeleteKey: HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B18906DF-1DFA-4D50-8A1F-7D076A8C87B7}
DeleteKey: HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{14E81E45-9C4E-4C43-8C97-BCD59266556E}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExd
DeleteKey: HKLM\SOFTWARE\Wow6432Node\BonanzaDealsLive
DeleteKey: HKLM\SOFTWARE\Wow6432Node\delta-homesSoftware
DeleteKey: HKLM\SOFTWARE\Wow6432Node\hdcode
DeleteKey: HKLM\SOFTWARE\Wow6432Node\omiga-plusSoftware
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Reg\Clean
DeleteKey: HKLM\SOFTWARE\Wow6432Node\TSv
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{14E81E45-9C4E-4C43-8C97-BCD59266556E}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{213AC9B7-0374-4899-B2C1-19DAF6FDA27A}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{6F4BCE24-003F-40F1-BBD7-D46663BF95FC}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID /v {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} /f
RemoveDirectory: C:\FRST\Quarantine
RemoveDirectory: C:\MATS
RemoveDirectory: C:\ProgramData\BonanzaDealsLive
RemoveDirectory: C:\Users\hp-pc\SupTab
RemoveDirectory: C:\Users\hp-pc\AppData\Local\BonanzaDealsLive
CMD: del /q C:\Users\hp-pc\*.exe
CMD: del /q C:\WINDOWS\system32\roboot64.exe

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Tym razem nie będzie restartu. Przedstaw wynikowy fixlog.txt.

[Bojan17]

Zrobione.

Fixlog.txt

[picasso]

Zrobione. Kończymy:

 

1. Przez SHIFT+DEL (omija Kosz) usuń pobrane skanery i ich logi z folderu C:\Moje pliki + C:\Moje pliki\Program do przegladarki. Następnie popraw jeszcze za pomocą DelFix oraz wyczyść foldery Przywracania systemu: KLIK.

 

2. Do czytania czego unikać: KLIK.

[Bojan17]

Dobrze rozumiem że mam usunąć cały folder z FRST?

[picasso]

Masz ręcznie usunąć FRST i jego logi oraz co tam jeszcze pobierałeś do usuwania z folderów które wymieniłam, bo DelFix nie działa w określonych ścieżkach. Natomiast DelFix dokasuje folder C:\FRST i inne rzeczy.

[Bojan17]

Wszystko wykonałem dziękuje za pomoc