Do notatnika wklej i zapisz jako
fixlist.txt
Kod:
CloseProcesses:
CreateRestorePoint:
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141110
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220141110
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1414683299&from=cor&uid=WDCXWD10JPVX-22JC3T0_WD-WXH1E93DULF3DULF3&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1414683299&from=cor&uid=WDCXWD10JPVX-22JC3T0_WD-WXH1E93DULF3DULF3&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1414683299&from=cor&uid=WDCXWD10JPVX-22JC3T0_WD-WXH1E93DULF3DULF3&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1414683299&from=cor&uid=WDCXWD10JPVX-22JC3T0_WD-WXH1E93DULF3DULF3&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-586333685-2093093566-117925830-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={969808B4-C6F8-4B8C-B171-2798B1FB26CA}&mid=a94b3c7b5ef747d2a1dae12caad42efd-d236cdf246990d145e0ab94d8d1e62357a7d904b&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-10 21:56:36&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-586333685-2093093566-117925830-1001 -> {szukaj.gazeta.pl} URL = http://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms}
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll [2014-11-10] (AVG)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll [2014-11-10] (AVG)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll [2014-11-10] (AVG Secure Search)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=sc&ts=1414683299&from=cor&uid=WDCXWD10JPVX-22JC3T0_WD-WXH1E93DULF3DULF3
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-10] (AVG Secure Search)
R4 ccSet_NARA; \SystemRoot\system32\drivers\NARAx64\0405000.009\ccSetx64.sys [X]
C:\ProgramData\uninstall2480720.exe
C:\ProgramData\uninstall2004367.exe
C:\Users\Grażyna 1\AppData\Local\Pokki
C:\Program Files (x86)\Opera
C:\Users\Grażyna 1\AppData\Roaming\Opera Software
C:\Users\Grażyna 1\AppData\Local\Opera Software
C:\Users\Grażyna 1\AppData\Roaming\tmp_register.bat
C:\ProgramData\DP45977C.lfl
Task: {4BB711E1-FDC9-4F23-80B9-C63E7C677D10} - System32\Tasks\{625FF917-5451-46F1-9949-5922C01EAB73} => pcalua.exe -a "C:\Users\Grażyna 1\AppData\Roaming\sweet-page\UninstallManager.exe" -c -ptid=cor
Task: {5A603B05-6820-4A5D-BD42-7480C0820DEC} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RCP\RegCleanPro.exe [2015-02-11] () <==== ATTENTION
Task: {62A2F2D4-49C3-4F6A-8C9D-EA7B477CD200} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RCP\RegCleanPro.exe [2015-02-11] () <==== ATTENTION
Task: {D54538A5-9A98-4947-B0EA-CE990A0858A9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E14209FB-9EDC-4674-AA1B-2DA881CD55A6} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RCP\RegCleanPro.exe [2015-02-11] () <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RCP\RegCleanPro.exe <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
EmptyTemp:
Zapisany skrypt umieść obok ściągniętego programu
FRST
Następnie w programie kliknij
Fix,po wykonaniu pokaż raport z tego działania.
Odinstaluj:
Adobe Flash Player 16 NPAPI
AVG Web TuneUp
Foxy Secure
RegClean-Pro
WindowsMangerProtect20.0.0.1064
Przy AVG Web TuneUp zaznacz:
[Aby zobaczyć linki, zarejestruj się tutaj]
W przeglądarce
Firefox
Otwórz menu w górnym rogu po prawej stronie > otwórz menu pomoc oznaczone czerwoną ramką.
[Aby zobaczyć linki, zarejestruj się tutaj]
Informacje dla pomocy technicznej > Zresetuj program Firefox.
Ściągnij program
[Aby zobaczyć linki, zarejestruj się tutaj]
kliknij
Szukaj i następnie
Usuń
Pokaż raport z niego.
Zrób nowe logi i przedstaw z FRST.txt > Addition.txt
