Jak usunąć JoniCoupon?

Dla specjalistów Bezpieczeństwo
#1

Witam,

Bardzo proszę o pomoc w usunięciu JoniCoupon.

 

FRST:   http://wklej.org/id/1711974/

 

ADDITION:  http://wklej.org/id/1711976/

 

 

 

#2

Odinstaluj goopad,Mini - Adblocker,WinCheck.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [WinCheck] = C:\Users\Krystian\AppData\Local\ADDB52D6-1425829518-E411-AA1F-F0761C3476B6\bnsq7E21.exe [187904 2015-03-08] ()
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hpppts=1425829882from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hpppts=1425829882from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZS
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dsts=1425829844from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZSq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dsts=1425829844from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZSq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hpppts=1425829882from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hpppts=1425829882from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dsts=1425829844from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZSq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dsts=1425829844from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZSq={searchTerms}
HKU\S-1-5-21-1614349612-4078757669-1210231788-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dsppts=1425825737from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZSq={searchTerms}
HKU\S-1-5-21-1614349612-4078757669-1210231788-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hpppts=1425829882from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZS
HKU\S-1-5-21-1614349612-4078757669-1210231788-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hpppts=1425829882from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZS
HKU\S-1-5-21-1614349612-4078757669-1210231788-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dsppts=1425825737from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZSq={searchTerms}
SearchScopes: HKU\S-1-5-21-1614349612-4078757669-1210231788-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZSts=1425829916type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1614349612-4078757669-1210231788-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZSts=1425829916type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1614349612-4078757669-1210231788-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZSts=1425829916type=defaultq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1425825674from=smtuid=TOSHIBAXMQ01ABF050_74I4SVPZSXX74I4SVPZS
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF SearchPlugin: C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\2ik9htox.default\searchplugins\istartsurf.xml [2015-05-14]
FF SearchPlugin: C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\2ik9htox.default\searchplugins\mystartsearch.xml [2015-03-08]
FF Extension: REgularDeaLSS - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\2ik9htox.default\Extensions\7R@N.edu [2015-05-14]
FF Extension: FF Toolbar - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\2ik9htox.default\Extensions\fftoolbar2014@etech.com [2015-03-08]
FF Extension: Search Enginer - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\2ik9htox.default\Extensions\searchengine@gmail.com [2015-03-08]
FF Extension: Fun2uSeAve - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\2ik9htox.default\Extensions\tk@vp9yN5d.edu [2015-05-13]
FF Extension: JoNiiCouppOinn - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\2ik9htox.default\Extensions\V@OwTi0.com [2015-05-11]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\2ik9htox.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Krystian\AppData\Roaming\Mozilla\Firefox\Profiles\2ik9htox.default\extensions\fftoolbar2014@etech.com
R2 863788fa; c:\Program Files (x86)\goopad\goopad.dll [1967104 2015-03-19] () [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158848 2015-03-06] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-08] (SysTool PasSame LIMITED) ==== ATTENTION
S2 Update Clock Hand; "C:\Program Files (x86)\Clock Hand\updateClockHand.exe" [X]
S2 Update Round World; "C:\Program Files (x86)\Round World\updateRoundWorld.exe" [X]
R1 {237a87b5-881c-4fd8-b80a-c3b471ff75d7}Gw64; C:\Windows\System32\drivers\{237a87b5-881c-4fd8-b80a-c3b471ff75d7}Gw64.sys [48784 2015-03-13] (StdLib)
R1 {4cc550cb-ad95-48a3-ae71-6ab7c8433971}Gw64; C:\Windows\System32\drivers\{4cc550cb-ad95-48a3-ae71-6ab7c8433971}Gw64.sys [48784 2015-03-10] (StdLib)
R1 {8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw64; C:\Windows\System32\drivers\{8f5b8fd1-2f96-4fbf-974b-7f28fa0f93d7}Gw64.sys [48784 2015-03-08] (StdLib)
R1 {d9a4216a-aae1-4d14-ba35-ff234b3b627f}Gw64; C:\Windows\System32\drivers\{d9a4216a-aae1-4d14-ba35-ff234b3b627f}Gw64.sys [48784 2015-03-07] (StdLib)
S1 wpnfd_1_10_0_6; system32\drivers\wpnfd_1_10_0_6.sys [X]
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Dziękuję bardzo za pomoc :slight_smile:

 

Pozdrawiam :slight_smile:

#4

Skasuj folder C:\FRST.