Witam,
Po czyszczeniu komputera ADW Cleanerem wyświetla mi się takie okienko:
Niby w niczym to nie wadzi, jednak chciałbym mieć to zrobione “na czysto”. Poniżej załączam logi z FRST:
FRST
Pozdrawiam
Jeszcze Addition.txt i cały FRST.txt
Odinstaluj StormFall.Otwórz notatnik systemowy i wklej:
Task: {754BB81A-4805-44CC-ABC2-18916CBFD156} - System32\Tasks{3D49520E-6A81-4A41-8677-C8799AEA0D2B} => pcalua.exe -a C:\Users\User\AppData\Local\Temp\Temp1_brw_v.2.0.0.47.zip\brw_v.2.0.0.47.exe <==== UWAGA
Task: {75A9F370-DA89-4146-A0F5-106FC7E13796} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== UWAGA
Task: {8D6450B5-E786-477A-B033-2632EE7D7257} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== UWAGA
Task: {98D54CA5-6A3B-463D-BFDD-2FFD28529902} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe “C:\Users\User\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll”,DllRun <==== UWAGA
Task: {CE252E71-B51C-4D0F-B288-AF49749FBBA9} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== UWAGA
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall\StormFall.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://plarium.com/play/en/stormfall/top/?adCampaign=31081&clickID=yEzzyD0BtAzyyB0CyCyByCyDzyzz0EtA&publisherID=1_72 --app-window-size=1600,900
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.delta-homes.com/?type=sc&ts=1402643424&from=wpm0612&uid=3219913727_67194_903F98E3
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\StormFall.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://plarium.com/play/en/stormfall/top/?adCampaign=31081&clickID=yEzzyD0BtAzyyB0CyCyByCyDzyzz0EtA&publisherID=1_72 --app-window-size=1600,900
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.delta-homes.com/?type=sc&ts=1402643424&from=wpm0612&uid=3219913727_67194_903F98E3
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.delta-homes.com/?type=sc&ts=1402643424&from=wpm0612&uid=3219913727_67194_903F98E3
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.delta-homes.com/?type=sc&ts=1402643424&from=wpm0612&uid=3219913727_67194_903F98E3
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-2890902694-1900711003-2313252598-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1402405834&from=cor&uid=3219913727_67194_903F98E3&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1402643424&from=wpm0612&uid=3219913727_67194_903F98E3
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402405834&from=cor&uid=3219913727_67194_903F98E3&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1402405834&from=cor&uid=3219913727_67194_903F98E3&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1402643424&from=wpm0612&uid=3219913727_67194_903F98E3
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1402405834&from=cor&uid=3219913727_67194_903F98E3&q={searchTerms}
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.delta-homes.com/?type=sc&ts=1402643424&from=wpm0612&uid=3219913727_67194_903F98E3
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.delta-homes.com/?type=sc&ts=1402643424&from=wpm0612&uid=3219913727_67194_903F98E3
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [X]
R1 {5eeb83d0-96ea-4249-942c-beead6847053}w64; C:\Windows\System32\drivers{5eeb83d0-96ea-4249-942c-beead6847053}w64.sys [61080 2014-08-26] (StdLib)
R1 {8e282837-b584-46f4-a220-bfdd4678d061}Gw64; C:\Windows\System32\drivers{8e282837-b584-46f4-a220-bfdd4678d061}Gw64.sys [48736 2017-03-21] (StdLib)
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64; C:\Windows\System32\drivers{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys [61120 2014-05-22] (StdLib)
S3 catchme; ??\C:\ComboFix\catchme.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]
2017-03-22 10:13 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2017-03-22 10:13 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2017-03-22 10:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-03-22 10:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-03-22 10:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-03-22 10:13 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2017-03-22 10:13 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2017-03-22 10:13 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Uruchom jako administrator FRST i kliknij w Fix/Napraw.
Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan(Skanuj) i później Cleaning(Oczyść).