Samoinstalujące się aplikacje

bigos6 · 23 Styczeń 2016 20:07

Witam wszystkich!

Atis · 23 Styczeń 2016 20:38

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [] = [X]
HKU\S-1-5-21-653078377-4020400143-3925372659-1001\...\RunOnce: [Uninstall C:\Users\HP-HP\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\HP-HP\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalkiutm_medium=installerutm_campaign=instalki
HKU\S-1-5-21-653078377-4020400143-3925372659-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpclYa504ZSfPAs-oPkS8gxuXBUQClDXVk2hQoRyjDGY0QdUmiHH4IZ8I-hl2pX-stMaDsaMVE_1zsdOQZGV5yT5rQQN2E6FQ8PjFKlOkEoStJvmoIepym6pbmTOmwg15WCxUL6buHBhzQ,,q={searchTerms}
HKU\S-1-5-21-653078377-4020400143-3925372659-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpclYa504ZSfPAs-oPkS8gxuXBUQClDXVk2hQoRyjDGY0QdUmiHH4IZ8I-hl2pX-stMaDsaMVE_1zsdOQZGV5yT5rQQN2E6FQ8PjFKlOkEoStJvmoIepym6pbmTOmwg15WCxUL6buHBhzQ,,q={searchTerms}
HKU\S-1-5-21-653078377-4020400143-3925372659-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpclYa504ZSfPAs-oPkS8gxuXBUQClDXVk2hQoRyjDGY0QdUmiHH4IZ8I-hl2pX-stMaDsaMVE_1zsdOQZGV5yT5rQQN2E6FQ8PjFKlOkEoStJvmoIepym6pbmTOmwg15WCxUL6buHBhzQ,,q={searchTerms}
SearchScopes: HKLM - {DFE463F6-7086-4CF6-A770-904D74FCEA05} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKLM-x32 - ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpclYa504ZSfPAs-oPkS8gxuXBUQClDXVk2hQoRyjDGY0QdUmiHH4IZ8I-hl2pX-stMaDsaMVE_1zsdOQZGV5yT5rQQN2E6FQ8PjFKlOkEoStJvmoIepym6pbmTOmwg15WCxUL6buHBhzQ,,q={searchTerms}
SearchScopes: HKLM-x32 - {DFE463F6-7086-4CF6-A770-904D74FCEA05} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-653078377-4020400143-3925372659-1001 - {DFE463F6-7086-4CF6-A770-904D74FCEA05} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8tag=hp-uk3-vsb-21link%5Fcode=qsindex=apsfield-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-653078377-4020400143-3925372659-1001 - {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpclYa504ZSfPAs-oPkS8gxuXBUQClDXVk2hQoRyjDGY0QdUmiHH4IZ8I-hl2pX-stMaDsaMVE_1zsdOQZGV5yT5rQQN2E6FQ8PjFKlOkEoStJvmoIepym6pbmTOmwg15WCxUL6buHBhzQ,,q={searchTerms}
Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Brak pliku
2016-01-23 19:44 - 2016-01-23 20:31 - 00000000 ____ D C:\ProgramData\Tmp0x0x
2016-01-23 19:44 - 2016-01-23 19:58 - 00000000 ____ D C:\Users\HP-HP\AppData\Roaming\mysites123
2016-01-23 13:22 - 2016-01-23 13:27 - 00000000 ____ D C:\Users\HP-HP\AppData\Roaming\systweak
2016-01-23 12:45 - 2016-01-23 18:48 - 00000000 ____ D C:\Program Files (x86)\32444335-1453549507-5A33-4D59-8434977C0DD2
2016-01-23 19:57 - 2014-03-05 13:46 - 00000000 ____ D C:\AdwCleaner
2015-01-02 21:35 - 2014-11-10 12:40 - 0004053 _____ () C:\Users\HP-HP\AppData\Roaming\GrandOrgueConfig.last
2014-03-03 21:05 - 2014-11-10 12:40 - 0004053 _____ () C:\Users\HP-HP\AppData\Roaming\GrandOrgueConfig
2014-04-01 08:57 - 2014-04-01 08:57 - 0000037 ___SH () C:\Users\HP-HP\AppData\Local\70149b02515b3bb20dd492.47983420
2015-06-08 19:29 - 2015-06-08 19:29 - 0000000 _____ () C:\Users\HP-HP\AppData\Local\{0C90B898-0C67-424C-84D7-818E937AD37B}
Task: {0974DE43-A499-4214-AA71-94323A81678B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess - Brak pliku ==== UWAGA
Task: {0A3D8412-191C-472F-9471-143C60F50C25} - System32\Tasks\snp = C:\ProgramData\Tristip\rnzsmslp.exe
C:\ProgramData\Tristip
Task: {12FB3FDB-FD58-4FC8-B984-2F468E62E8C1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - Brak pliku ==== UWAGA
Task: {225A08F1-0285-4648-9194-2681AA08F3D1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd - Brak pliku ==== UWAGA
Task: {43F885E2-9E6D-41F8-80D6-D0D51A5F394D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d - Brak pliku ==== UWAGA
Task: {45BDA4C8-4174-45DD-B7C3-8B844C50B189} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d - Brak pliku ==== UWAGA
Task: {4FD9F37D-634B-442F-950D-A63AD0996822} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent - Brak pliku ==== UWAGA
Task: {5A02B07D-1D5E-467D-B1DD-21BF79FDD28B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d - Brak pliku ==== UWAGA
Task: {C7296DA2-F026-444A-A3B4-6C9755F72AD0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d - Brak pliku ==== UWAGA
Task: {EF2D18BF-53CC-43A4-98D7-2DB8D4AC2381} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig - Brak pliku ==== UWAGA
Task: {F2258D9E-1982-4B28-BC62-CAAE0D89E4E8} - System32\Tasks\snf = C:\ProgramData\Tristip\rnzsmslp.exe
Task: {F6C5702B-3B3C-4524-8394-B0B506E889E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent - Brak pliku ==== UWAGA
Task: {FA8D10D9-3D38-4445-9AFF-D5057EC93AF2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d - Brak pliku ==== UWAGA
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

bigos6 · 23 Styczeń 2016 21:06

Fixlog: http://wklej.org/id/1916622/

FRST: http://wklej.org/id/1916634/

Atis · 23 Styczeń 2016 21:36

Skasuj folder C:\FRST

bigos6 · 23 Styczeń 2016 22:03

dzięki wielkie za pomoc!