Jak usunąć uninstaller master


(Cris Lachowicz) #1

Witam!!,

 Po jakimś czasie znowu się dziadostwo jakieś przypałętało- scany :

1/ http://wklej.org/hash/239115758a2/

2/ http://wklej.org/id/1760743/

Proszę  o pomoc jak to usunąć. Będę bardzo wdzięczny :wink:


(Acorus) #2

Otwórz notatnik systemowy i wklej:

Task: {A47935AE-C5C8-41E8-B46E-AD0460D20CEC} - System32\Tasks\{62547525-08A0-47D5-A8DC-B199775635CB} = pcalua.exe -a C:\Users\Owner\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {D3F773D2-65C4-42BC-8B69-C9C5FD2EFC22} - System32\Tasks\{76337F26-2D19-4A1B-9198-4589901952C1} = pcalua.exe -a C:\Users\Owner\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor ==== ATTENTION
Task: {EDD68A2F-F2D4-4388-911C-F698C14D3946} - System32\Tasks\{902F31A0-0199-4E4D-AEA6-65FC4E390AEA} = pcalua.exe -a C:\Users\Owner\Downloads\The_Toolbar_Uninstaller_Sciagnij.pl.exe -d C:\Users\Owner\Downloads
Task: {FA224192-D199-4EF4-863D-C43836AC9A82} - System32\Tasks\{C1F2BCD1-EAA0-44E4-BC6A-CD0F84FFAFAC} = Firefox.exe http://ui.skype.com/ui/0/6.22.81.105/pl/abandoninstall?source=lightinstalleramp;page=tsBing
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-342689045-3728792695-3470379085-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp120150407
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF DefaultSearchEngine: do-search
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aa5fu5if.default\searchplugins\do-search.xml [2015-05-01]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\aa5fu5if.default\searchplugins\search-provided-by-yahoo.xml [2015-05-01]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-08]
R3 catchme; \\C:\Users\Owner\AppData\Local\Temp\catchme.sys [X]
S3 cleanhlp; No ImagePath
S0 kpms; System32\drivers\saqyvnh.sys [X]
U3 mbr; \\C:\ComboFix\mbr.sys [X]
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.