Oto Nowy log z raportami
W panelu sterowania odinstaluj:
Mysearchdial
SaveSense
Search Protection
SmarterPower
Snap.Do Engine
Update for Zip Extractor
Wajam
WSE_Astromenda
Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
Przestań pobierać szkodliwe programy typu Yet Another Cleaner, Flash Player Pro.
Odinstaluj StormAlerts.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKLM\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\RAFAL767\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
Startup: C:\Users\RAFAL767\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {A751242E-56DB-46C1-BA9F-C9986C2E3A35} URL = https://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=599486&p={searchTerms}
FF Extension: Cockpit Home Page - C:\Users\RAFAL767\AppData\Roaming\Mozilla\Firefox\Profiles\0fqsvpdl.default\Extensions\cockpit@mozilla.org.xpi [2014-09-13]
FF Extension: Astromenda NT - C:\Users\RAFAL767\AppData\Roaming\Mozilla\Firefox\Profiles\0fqsvpdl.default\Extensions\{424b0d11-e7fe-4a04-b7df-8f2c77f58aaf}.xpi [2014-09-13]
CHR Extension: (No Name) - C:\Users\RAFAL767\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2014-07-06]
CHR Extension: (No Name) - C:\Users\RAFAL767\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-09-14]
C:\AdwCleaner
C:\Users\RAFAL767\Downloads\yet_another_cleaner_cdla.exe
C:\Users\RAFAL767\AppData\Local\StormAlerts
C:\Users\RAFAL767\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts
C:\Users\RAFAL767\AppData\Local\Weather_Warnings_LLC
C:\ProgramData\McAfee Security Scan
C:\ProgramData\boost_interprocess
C:\Users\RAFAL767\Downloads\flashplayerpro_Setup.exe
C:\Users\RAFAL767\Downloads\adobe_flash*.exe
C:\ProgramData\McAfee
Task: {252DF87F-987C-45DB-9FB0-9F794B24ACEA} - System32\Tasks\SaveSense => C:\Users\RAFAL767\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {39987F21-7B04-46C6-AEC8-B2082A71EC86} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {4436E080-9C83-473C-A22B-57B86D454F1F} - System32\Tasks\WSE_Astromenda => C:\Users\RAFAL767\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-09-13] ()
Task: {DA82C085-3A0D-43EE-8B45-266F7C9E72E1} - System32\Tasks\Digital Sites => C:\Users\RAFAL767\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\RAFAL767\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\SaveSense.job => C:\Users\RAFAL767\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\WSE_Astromenda.job => C:\Users\RAFAL767\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKU\S-1-5-21-1392168375-1102069041-1904528324-1001\...\RunOnce: [Application Restart #0] => C:\Users\RAFAL767\AppData\Local\Pokki\Engine\HostAppService.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable- (the data entry has 555 more characters).
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
CHR DefaultSearchProvider: Default -> Yahoo! (Avast)
CHR DefaultSearchURL: Default -> http://uk.yhs4.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultSuggestURL: Default -> http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
C:\ProgramData\AVAST Software
DeleteQuarantine:
Uruchom FRST i kliknij Fix. Później skasuj folder C:\FRST
Usuń stare punkty przywracania: Przywracanie systemu i kopie w tle
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
http://wstaw.org/m/2014/03/25/2014-03-25_123039.png
Język PL > Settings > General Settings > Language > Polish
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK
Odinstaluj Adobe Flash Player 14 Plugin i zainstaluj Flash Player 15.0.0.152 Plugin