Pierwsze co usuniemy śmieci i nabyte adware.
Do notatnika wklej i zapisz jako
fixlist.txt
Kod:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [tuto4pc_pl_17] => [X]
HKLM-x32\...\RunOnce: [] => [X]
HKU\S-1-5-21-3629195082-2593785830-3165799832-1000\...\Run: [Google Update] => "C:\Users\Michał Grum\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=150
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5740&r=27360510h606l04e8z135t54m1d364
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_plPL378PL379
SearchScopes: HKCU - {67EB2EA8-FA0B-4A8D-B7AA-9342A25FD442} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms}
Toolbar: HKU\S-1-5-21-3629195082-2593785830-3165799832-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -No File
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -No File
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\ABBYY FineReader 9.0\NetworkLicenseServer.exe [566560 2007-09-24] (ABBYY (BIT Software))
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
C:\Program Files (x86)\PANDORA.TV
Task: {601106EA-C7A0-4CE2-981F-3BEC8CA46540} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{D4965E48-F7A9-45A9-9C41-E666B09E683B}.exe
Task: {8E79B301-31B3-48E1-89FA-DF7B5880E620} - \Program aktualizacji online firmy Adobe. No Task File <==== ATTENTION
Task: {9F33F306-2C88-46E8-B7C1-0A25B9289C42} - System32\Tasks\{A473BCB2-E7FC-4FC4-970D-626C6A891E09} => Chrome.exe http://ui.skype.com/ui/0/6.3.0.105/pl/abandoninstall?page=tsProgressBar
Task: {D4D264FF-4F9A-4907-B10F-EB8D728CF3FF} - \Program aktualizacji online firmy Egis technology. No Task File <==== ATTENTION
Task: {E36D1147-1C24-4EC0-A14A-3EAA8FCE33D4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {E7FA1609-76E8-489B-B011-04203800A6FD} - System32\Tasks\Program aktualizacji online firmy HP => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {65EFF8A2-9370-4B82-B0C8-F25CBE6F0B0F} - System32\Tasks\hpwebreg_CN24533G2H05M9 => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\hpwebreg.exe [2010-11-16] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{D4965E48-F7A9-45A9-9C41-E666B09E683B}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\hpwebreg_CN24533G2H05M9.job => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HpWebReg.exe
Task: {A89204F3-6727-43FD-8FC2-024EB33305BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3629195082-2593785830-3165799832-1000UA => C:\Users\Michał Grum\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {AF99446B-7339-4ACB-B3DE-FF5C550FDA74} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3629195082-2593785830-3165799832-1000Core => C:\Users\Michał Grum\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3629195082-2593785830-3165799832-1000Core.job => C:\Users\MichaB Grum\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3629195082-2593785830-3165799832-1000UA.job => C:\Users\MichaB Grum\AppData\Local\Google\Update\GoogleUpdate.exe
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
CMD: netsh advfirewall reset
EmptyTemp:
Zapisany skrypt umieść obok ściągniętego programu
FRST
Następnie w programie kliknij
Fix,po wykonaniu pokaż raport z tego działania.
Odinstaluj:
KMP Service
W przeglądarce
Firefox
Otwórz menu w górnym rogu po prawej stronie > otwórz menu pomoc oznaczone czerwoną ramką.
[Aby zobaczyć linki, zarejestruj się tutaj]
Informacje dla pomocy technicznej > Zresetuj program Firefox. Reset nie naruszy zakładek i haseł.
Ściągnij program
[Aby zobaczyć linki, zarejestruj się tutaj]
kliknij
Szukaj i następnie
Usuń
Pokaż raport z niego.
Rozumiem że nośnik wymienny jest pod literą
H:\jeśli tak to tylko widoczne są tu foldery i pliki:
[13/11/2014 - 18:30:34 | A | 43 Ko] - H:\FRST.txt
[13/11/2014 - 18:20:36 | A | 2067 Ko] - H:\FRST64.exe
[14/10/2014 - 12:34:08 | D] - H:\V_rok
[07/11/2014 - 09:02:16 | D] - H:\aw_obiekt_wyp
[10/11/2014 - 10:36:20 | D] - H:\Buraczynski_Grum_ostatnie
