Witam!
W panelu sterowania odinstaluj:
bestadblocker
Foxy Secure
Nixxware
PriceMinus
Webutation
Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses:
Startup: C:\Users\Michek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Reign Of Kings Free Download.lnk [2015-05-11]
C:\ProgramData\{a1596432-785d-9659-a159-9643278590c9}
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: bestadblocker -> {66f75b1a-b4e8-4a22-8578-e13d99d1a9fa} -> C:\Program Files (x86)\bestadblocker\cBHpNPynwn9Gh1.x64.dll [2015-05-11] ()
BHO: PriceMinus -> {a520bceb-2e98-4a84-8bee-41c16c738432} -> C:\Program Files (x86)\PriceMinus\QDiRtIAUfRzqv8.x64.dll [2015-05-11] ()
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: mystartsearch
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: mystartsearch
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\.xml [2015-03-29]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-05-11]
FF Extension: bestadblocker - C:\Users\Michek\AppData\Roaming\Mozilla\Firefox\Profiles\61d16r9o.default\Extensions\dgI4X@X.net [2015-05-11]
FF Extension: PPriceMInus - C:\Users\Michek\AppData\Roaming\Mozilla\Firefox\Profiles\61d16r9o.default\Extensions\OEgtX@R2.net [2015-05-11]
FF Extension: Fast Start - C:\Users\Michek\AppData\Roaming\Mozilla\Firefox\Profiles\61d16r9o.default\Extensions\searchffv2@gmail.com [2015-05-11]
FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Michek\AppData\Roaming\Mozilla\Firefox\Profiles\61d16r9o.default\extensions\searchffv2@gmail.com
R2 ba96e052; c:\Program Files (x86)\SystemPlus\SystemPlus.dll [1744384 2015-05-11] () [File not signed]
c:\Program Files (x86)\SystemPlus
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
2015-05-16 17:29 - 2015-05-16 17:29 - 00000222 _____ () C:\Users\Michek\Desktop\Reign Of Kings.url
2015-05-11 18:56 - 2015-05-11 18:57 - 00000000 ____ D () C:\ProgramData\18272030225462479013
2015-05-11 18:56 - 2015-05-11 18:56 - 00000000 ____ D () C:\ProgramData\oehlmcmebojgicagnajcebggpeilmmea
2015-05-11 18:55 - 2015-05-12 08:26 - 00000000 ____ D () C:\ProgramData\{a1596432-785d-9659-a159-9643278590c9}
2015-05-11 18:55 - 2015-05-11 18:55 - 02361032 _____ () C:\Users\Michek\Downloads\Reign Of Kings Free Download.exe
Task: {0B5E4879-9BE4-4EA8-8EF4-6848738CC8F5} - \RocketTab No Task File <==== ATTENTION
Task: {1E48E128-9B43-42F7-8800-B5E45A7FCFB0} - System32\Tasks\{A8774889-A925-4F3D-8A9B-B6D6B915B30A} => pcalua.exe -a C:\Users\Michek\AppData\Roaming\key-find\UninstallManager.exe -c -ptid=cor
Task: {20C3B7A0-C3E1-4616-9FE5-1C985E476D10} - System32\Tasks\{4DAEC869-E4F1-41A3-8786-E5716861F1EE} => pcalua.exe -a "C:\Program Files (x86)\Cat Daddy Games\Renegade Paintball Demo\Paintball.exe" -d "C:\Program Files (x86)\Cat Daddy Games\Renegade Paintball Demo\"
Task: {41A77BE1-840B-4C67-98D2-5EE0CC479855} - System32\Tasks\{FF4B47D5-15E4-4D81-9425-7478F73E5A81} => pcalua.exe -a "C:\Users\Michek\Desktop\Renegade Paintball\Paintball.exe" -d "C:\Users\Michek\Desktop\Renegade Paintball"
Task: {4372D1AD-A867-4113-8E0E-19296F6E3D3B} - \RocketTab Update Task No Task File <==== ATTENTION
Task: {57951E73-43AD-491A-B4FF-65030DDBB594} - System32\Tasks\avastBCLRestartS-1-5-21-2024175896-3539966821-3009749511-1001 => Firefox.exe
Task: {61EF31C9-FB09-425A-A447-B320E734A476} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{a1596432-785d-9659-a159-9643278590c9}\Reign Of Kings Free Download.exe [2014-05-11] () <==== ATTENTION
Task: {A51AB731-2A32-4C57-A711-922AC8F87501} - System32\Tasks\{AC62AF91-5CA1-4167-8402-8188ACF83EF6} => pcalua.exe -a C:\Users\Michek\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=obw <==== ATTENTION
Task: C:\WINDOWS\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{a1596432-785d-9659-a159-9643278590c9}\Reign Of Kings Free Download.exe <==== ATTENTION
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Odinstaluj Chrome zaznaczając usunięcie danych przeglądania za pomocą Geek Uninstaller Free: KLIK
Najpierw możesz wyeksportować zakładki: KLIK
Później zainstaluj stabilną wersję: KLIK
Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKU\S-1-5-21-2024175896-3539966821-3009749511-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2024175896-3539966821-3009749511-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = https://pl.search.yahoo.com/search?fr=vmn&type=vmn __webcompa__ 1_0 __ya__ ch_WCYID10048_swoc_campaign_150328__yaie&p={searchTerms}
S3 EasyAntiCheatSys; \??\C:\WINDOWS\system32\drivers\EasyAntiCheat.sys [X]
2015-05-16 19:49 - 2015-05-16 19:50 - 00000000 ____ D () C:\AdwCleaner
2015-05-16 20:06 - 2015-05-16 20:06 - 00000024 _____ () C:\Users\Michek\AppData\Roaming\appdataFr25.bin
2015-05-11 18:57 - 2015-05-11 18:57 - 00000000 ____ D () C:\Program Files (x86)\Webutation
DeleteQuarantine:
Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST
Usuń stare punkty przywracania: Przywracanie systemu i kopie w tle
Dysk przeskanuj ESET Online Scanner
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK
Odinstaluj:
Adobe Flash Player 17 NPAPI
Java 7 Update 60
Zainstaluj: