unIsalEs - jak to usunąć?


(Norbert Koczara) #1

Mam straszny problem z tym dodatkiem próbowałem AdwCleaner, Malwarebytes, ComboFix, ale niestety nie pomogło... co proponujecie??

 

FRST --> http://www.wklej.org/id/1579091/

Addition --> http://www.wklej.org/id/1579092/

OTL --> http://www.wklej.org/id/1579094/

Extras -- > http://www.wklej.org/id/1579099/


(Acorus) #2

Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-982006768-4067701353-894857813-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (unIsalEs) - C:\ProgramData\ndoplomhpeeooonhgnfailhlikdhljli\ [2014-12-24]
S3 catchme; \\C:\ComboFix\catchme.sys [X]
2014-12-29 15:34 - 2014-12-29 15:54 - 00000000 ____ D () C:\Qoobox
2014-12-29 15:34 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-29 15:34 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-29 15:34 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-29 15:34 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-29 15:34 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-29 15:34 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-29 15:34 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-29 15:34 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-27 14:53 - 2014-12-29 15:11 - 00000000 ____ D () C:\Program Files (x86)\unIsalEs
2014-12-27 14:53 - 2014-12-27 14:57 - 00000000 ____ D () C:\Program Files (x86)\uunisAAlees
2014-12-27 14:52 - 2014-12-27 14:52 - 00000000 ____ D () C:\ProgramData\ndoplomhpeeooonhgnfailhlikdhljli
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.