Skocz do zawartości
WAŻNE - Użytkownicy uprawnieni do pomocy
WAŻNE - Zakładanie tematu: obowiązkowe logi
Nadchodzące zmiany w logowaniu

Wszystko po trochu

GoodinBed

Przez GoodinBed
w Dział pomocy doraźnej

Rekomendowane odpowiedzi

Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.
jessica

jessica

Opublikowano
Opublikowano

1) Odinstaluj te programy:

WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.132 - Taiwan Shui Mu Chih Ching Technology Limited.) <==== UWAGA
YAC(Yet Another Cleaner!) (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA) <==== UWAGA

 

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego "C"

 

3)
Otwórz Notatnik i wklej w nim:

 

DeleteKey: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
CHR HomePage: Default -> hxxp://www.v9.com?type=hp&ts=1433413913&from=mych123&uid=samsungxhm321hi_s25wj9bba28536&z=6869331cf3963308747cae2g2z2c7c4zfg8c6tde3t
CHR DefaultSearchURL: Default -> hxxp://v9.com/web?type=ds&ts=1450705445&from=zzgbkk123&uid=samsungxhm321hi_s25wj9bba28536&z=9900843396cac732bed9a54g2zcwcedm4ebwcz8z5z&q={searchTerms}&ref=e2dvb2dsZTpiYXNlVVJMfXNlYXJjaD9xPXtzZWFyY2hUZXJtc30me2dvb2dsZTpSTFp9e2dvb2dsZTpvcmlnaW5hbFF1ZXJ5Rm9yU3VnZ2VzdGlvbn17Z29vZ2xlOmFzc2lzdGVkUXVlcnlTdGF0c317Z29vZ2xlOnNlYXJjaEZpZWxkdHJpYWxQYXJhbWV0ZXJ9e2dvb2dsZTpib29rbWFya0JhclBpbm5lZH17Z29vZ2xlOnNlYXJjaENsaWVudH17Z29vZ2xlOnNvdXJjZUlkfXtnb29nbGU6aW5zdGFudEV4dGVuZGVkRW5hYmxlZFBhcmFtZXRlcn17Z29vZ2xlOm9tbmlib3hTdGFydE1hcmdpblBhcmFtZXRlcn17Z29vZ2xlOmNvbnRleHR1YWxTZWFyY2hWZXJzaW9ufWllPXtpbnB1dEVuY29kaW5nfQ==
CHR DefaultSearchKeyword: Default -> v9
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => Brak pliku
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [brak pliku]
Task: {40CE99A0-B0C3-4090-8E0B-00E07C29BAEB} - System32\Tasks\{F27985C7-9C32-4FA6-A9FB-E1F0CBAA07C1} => pcalua.exe -a C:\Users\pc\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=smt
Task: {67025F02-2F5E-45AA-B339-201CA968DF95} - System32\Tasks\crxbroBrowserUpdateCore => C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe [2015-12-22] ()
Task: {DC95C7C4-C686-4D08-AD64-D7045791979B} - System32\Tasks\crxbroCheckTask => C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe [2015-12-22] ()
Task: {DC856B8D-7516-4EDC-B48B-F1E2BB6E8F4F} - System32\Tasks\crxbroBrowserUpdateUA => C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe [2015-12-22] ()
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260344 2015-05-04] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [53568 2015-05-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [108616 2015-05-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [50944 2015-05-04] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [102416 2015-05-04] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-17] (Elex do Brasil Participações Ltda)
R1 {00c97d86-accb-4288-9972-6d929c1fe93a}Gw64; C:\Windows\System32\drivers\{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64.sys [61008 2014-08-25] (StdLib)
C:\Windows\System32\drivers\{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64.sys
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=1418808459&from=wpm12173&uid=SAMSUNGXHM321HI_S25WJ9BBA28536
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.delta-homes.com/?type=sc&ts=1418808459&from=wpm12173&uid=SAMSUNGXHM321HI_S25WJ9BBA28536
C:\Program Files (x86)\Elex-tech
C:\Program Files (x86)\WinZipper
C:\Program Files (x86)\crxbro Browser
FirewallRules: [{D2FA655C-350F-43CA-A346-75D3D7592674}] => (Allow) C:\Program Files (x86)\crxbro Browser\crxbro\chrome.exe
FirewallRules: [{36AF8F4B-9B51-4857-BFB0-F00091C49E1C}] => (Allow) C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe
C:\ProgramData\boost_interprocess
C:\Users\Public\Documents\crxbro
C:\Users\pc\AppData\Local\crxbro
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [711344 2015-12-30] (Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
S2 WSModules; C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe [494976 2015-12-22] () [brak podpisu cyfrowego]
S2 Util PodoWeb; "C:\Program Files (x86)\PodoWeb\bin\utilPodoWeb.exe" [X]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-05-04] (Elex do Brasil Participações Ltda)
Toolbar: HKU\S-1-5-21-3823913081-2609085584-2459951151-1000 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Brak pliku
Toolbar: HKLM - Brak nazwy - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  Brak pliku
BHO-x32: Brak nazwy -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Brak pliku
SearchScopes: HKU\S-1-5-21-3823913081-2609085584-2459951151-1000 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450271683&from=zzgbkk123&uid=samsungxhm321hi_s25wj9bba28536&z=7edfebf6f52b78945bd5946gazaw3eeo0m9gcqbbbe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3823913081-2609085584-2459951151-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3823913081-2609085584-2459951151-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3823913081-2609085584-2459951151-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3823913081-2609085584-2459951151-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450271683&from=zzgbkk123&uid=samsungxhm321hi_s25wj9bba28536&z=7edfebf6f52b78945bd5946gazaw3eeo0m9gcqbbbe&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3823913081-2609085584-2459951151-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3823913081-2609085584-2459951151-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3823913081-2609085584-2459951151-1000 -> {D6523AD3-6238-41FA-8C76-EFD64D53A97B} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3823913081-2609085584-2459951151-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=&utm_campaign=install_ie&utm_content=ds&from=&uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6A&ts=1420373293&type=default&q={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450271683&from=zzgbkk123&uid=samsungxhm321hi_s25wj9bba28536&z=7edfebf6f52b78945bd5946gazaw3eeo0m9gcqbbbe&q={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://v9.com/web?type=ds&ts=1450271683&from=zzgbkk123&uid=samsungxhm321hi_s25wj9bba28536&z=7edfebf6f52b78945bd5946gazaw3eeo0m9gcqbbbe&q={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://pl.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
HKU\S-1-5-21-3823913081-2609085584-2459951151-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418808459&from=wpm12173&uid=SAMSUNGXHM321HI_S25WJ9BBA28536
HKU\S-1-5-21-3823913081-2609085584-2459951151-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418808459&from=wpm12173&uid=SAMSUNGXHM321HI_S25WJ9BBA28536
HKU\S-1-5-21-3823913081-2609085584-2459951151-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&ts=1418808459&from=wpm12173&uid=SAMSUNGXHM321HI_S25WJ9BBA28536&q={searchTerms}
HKU\S-1-5-21-3823913081-2609085584-2459951151-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&ts=1418808459&from=wpm12173&uid=SAMSUNGXHM321HI_S25WJ9BBA28536&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418808459&from=wpm12173&uid=SAMSUNGXHM321HI_S25WJ9BBA28536
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1418808459&from=wpm12173&uid=SAMSUNGXHM321HI_S25WJ9BBA28536
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418808459&from=wpm12173&uid=SAMSUNGXHM321HI_S25WJ9BBA28536
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1418808459&from=wpm12173&uid=SAMSUNGXHM321HI_S25WJ9BBA28536
HKU\S-1-5-21-3823913081-2609085584-2459951151-1000\...\Run: [GoogleChromeAutoLaunch_17E89F440D584F67E92EAD2E51C3A3A4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-11] (Google Inc.)
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Powstanie plik fixlog.txt.
Daj ten log.

 

4) Zrób nowe logi FRST.

 

jessi

Odnośnik do komentarza
jessica

jessica

Opublikowano
Opublikowano

Jeszcze drobna kosmetyka:

Otwórz Notatnik i wklej w nim:

 

FirewallRules: [{A722A7C7-340B-4AD2-9C23-13124815A091}] => (Allow) C:\Program Files (x86)\crxbro Browser\crxbro\chrome.exe
FirewallRules: [{32812356-439D-45AC-AB40-8C766CC4C026}] => (Allow) C:\Program Files (x86)\crxbro Browser\crxbro\bin\browserServer.exe
C:\Users\pc\Links\KX_610826_UPD_Signed.lnk
C:\Users\pc\Desktop\Kyocera.lnk
C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

 

Potem chyba możemy kończyć:

Otwórz Notatnik i wklej w nim:

 

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

 

jessi

Odnośnik do komentarza

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się
Tematy

  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...