Akazu
21 Luty 2016 13:29
#1
Od wczoraj zmagam się z wirusem, który instaluje niechciane programy na moim komputerze oraz blokuje możliwość zmiany strony startowej na Chrome (O tym ustawieniu decyduje administrator - pojawia się taka informacja przy próbie zmiany). Proszę o pomoc.
FRST http://wklej.org/id/1982847/
Shortcut http://wklej.org/id/1982846/
Przez Panel sterowania aplet Dodaj Usuń Programy odinstaluj
SpyHunter 4 (HKLM…\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)Java™ 6 Update 2 (HKLM…{3248F0A8-6813-11D6-A77B-00B0D0160020}) (Version: 1.6.0.20 - Sun Microsystems, Inc.) Wklej do notatnika:CloseProcesses: HKU\S-1-5-21-2000478354-484061587-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://smartsputnik.ru/?ri=1uid=b34bc3a44321a6a8b50668ed1bdf4a79q={searchTerms} HKU\S-1-5-21-2000478354-484061587-682003330-1004\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://smartsputnik.ru/?ri=1uid=b34bc3a44321a6a8b50668ed1bdf4a79q={searchTerms} URLSearchHook: [S-1-5-21-2000478354-484061587-682003330-1004] ATTENTION = Default URLSearchHook is missing HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: “” ======= ATTENTION SearchScopes: HKLM - DefaultScope value is missing SearchScopes: HKU\S-1-5-21-2000478354-484061587-682003330-1004 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = HKLM…\Run: [SpyHunter Security Suite] = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [7175552 2015-12-17] (Enigma Software Group USA, LLC.) HKLM…\Run: [SunJavaUpdateSched] = C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [132496 2007-07-12] (Sun Microsystems, Inc.) GroupPolicy: Restriction - Chrome ======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction ======= ATTENTION FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [not found] FF Extension: No Name - C:\Documents and Settings\Basara\Application Data\Mozilla\Firefox\Profiles\eyie7fmi.default\extensions\deskCutv2@gmail.com [not found] S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [784256 2016-02-21] (Enigma Software Group USA, LLC.) S2 tojimuwuzbt; C:\Program Files\Win32_ComputerSystemProduct-1456005937—\knsz35.tmp [X] S4 wucotusy; C:\Program Files\Win32_ComputerSystemProduct-1456005937—\hnso2530.tmp [X] S4 zutuzuni; C:\Program Files\Win32_ComputerSystemProduct-1456005937—\jnsj2529.tmp [X] R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-02-21] (Enigma Software Group USA, LLC.) 2016-02-21 12:29 - 2016-02-21 12:29 - 00000935 _____ C:\Documents and Settings\Basara\Desktop\SpyHunter.lnk 2016-02-21 12:29 - 2016-02-21 12:29 - 00000000 ____D C:\Documents and Settings\Basara\Start Menu\Programs\SpyHunter 2016-02-21 12:29 - 2016-02-21 12:29 - 00000000 ____D C:\Documents and Settings\Basara\Application Data\Enigma Software Group 2016-02-21 12:26 - 2016-02-21 12:26 - 00019984 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys 2016-02-21 12:25 - 2016-02-21 12:25 - 00000000 ____D C:\Program Files\Enigma Software Group EmptyTemp:Plik zapisz jako fixlist.txt i umieść w tym samym katalogu co FRST Uruchom FRST klikasz Napraw Raport z usuwania pokaż na forum. Następnie ponownie uruchom FRST klikasz Skanuj pokaż nowy raport FRST.txt na forum