Rosyjski wirus. Go Mail Ru itp


(bart_grono) #1

Jak w temacie. Brak skrótu do IE. Po reinstalacji chrom'a nadal w OMNIBOX mam wyszukiwanie w dziwnych stronach. 


(Atis) #2

Pobierz i uruchom AdwCleaner Kliknij Skanuj i później Usuń.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-3653347608-1810640084-2342873903-1000\...\Run: [Currency] => C:\Users\Bartez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vernaja Alternativa\CurrencyShow.appref-ms
HKU\S-1-5-21-3653347608-1810640084-2342873903-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Currency] => C:\Users\Bartez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vernaja Alternativa\CurrencyShow.appref-ms
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicy-x32: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyScripts\User: Group Policy detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
URLSearchHook: [S-1-5-21-3653347608-1810640084-2342873903-1000] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-3653347608-1810640084-2342873903-1000 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
URLSearchHook: [S-1-5-21-3653347608-1810640084-2342873903-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] ATTENTION ==> Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-3653347608-1810640084-2342873903-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3653347608-1810640084-2342873903-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=c9a485412ed2eb45e9011c070a433c17&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3653347608-1810640084-2342873903-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=c9a485412ed2eb45e9011c070a433c17&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3653347608-1810640084-2342873903-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=c9a485412ed2eb45e9011c070a433c17&text=
SearchScopes: HKU\S-1-5-21-3653347608-1810640084-2342873903-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=c9a485412ed2eb45e9011c070a433c17&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3653347608-1810640084-2342873903-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=c9a485412ed2eb45e9011c070a433c17&text={searchTerms}
SearchScopes: HKU\S-1-5-21-3653347608-1810640084-2342873903-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = http://yamdex.net/?searchid=1&l10n=ru&fromsearch=1&imsid=c9a485412ed2eb45e9011c070a433c17&text=
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bartez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-07]
S2 HuaweiHiSuiteService64.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
S3 ALSysIO; \??\C:\Users\Bartez\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz138; \??\C:\Users\Bartez\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 MSICDSetup; \??\I:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\I:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {27AAC773-4F4A-40C6-B112-A131CA68973A} - \Update Service for Torrent Search No Task File <==== ATTENTION
Task: {9FFEB32B-B02C-4A9E-B528-08CBA9E9CA40} - \WordShark Auto Updater 1.10.0.20 Pending Update No Task File <==== ATTENTION
Task: {A1C6FEB5-6444-4E09-8416-0B384B1FF310} - \Update Service for Torrent Search2 No Task File <==== ATTENTION
Task: {AF047565-FB03-4C11-96CB-35CB89F1437F} - \WordShark Auto Updater 1.10.0.20 Core No Task File <==== ATTENTION
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(bart_grono) #3

http://wklej.org/id/1762013/


(Atis) #4

Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK

Odinstaluj:

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Java 8 Update 45

Zainstaluj:

Flash Player 18.0.0.209 NPAPI

Flash Player 18.0.0.209 ActiveX

Java 8 Update 51


(bart_grono) #5

Dzięki :slight_smile: Jak instalować wiem. Z własnej woli zainstalowałem przypadkiem to ustrojstwo:) Już tak je ukrywają, że szkoda gadać. Dzięki wielkie. Pozdrawiam