Wirus,mp3.exe


(D@wid) #1

FRST www.wklej.org/id/1620992/

Addition http://wklej.org/id/1620993/

OTL http://wklej.org/id/1621005/

Extras http://wklej.org/id/1621006/

 

 

 


(Acorus) #2

Brak loga Addition.txt


(D@wid) #3

Proszę Addition.txt http://wklej.org/id/1621024/

 

 

 


(Acorus) #4

Odinstaluj Minecraft 2.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1421057408from=wpcuid=WDCXWD10JPVX-22JC3T0_WD-WX71EA3NXF70NXF70
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1421057408from=wpcuid=WDCXWD10JPVX-22JC3T0_WD-WX71EA3NXF70NXF70q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1421057408from=wpcuid=WDCXWD10JPVX-22JC3T0_WD-WX71EA3NXF70NXF70
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1421057408from=wpcuid=WDCXWD10JPVX-22JC3T0_WD-WX71EA3NXF70NXF70q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1030996327-2942364442-3026964311-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com?cid={0E900573-E6D0-4245-AEF8-8CC9A8565264}mid=70c6fc179cf947cda1d2f1534038f876-004b878e45266fee339499ae5cfc45e28445a24alang=plds=AVGcoid=avgtbavgcmpid=pr=frd=2015-02-02 15:59:21v=4.0.6.10pid=wtusg=sap=hp
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1421057408from=wpcuid=WDCXWD10JPVX-22JC3T0_WD-WX71EA3NXF70NXF70q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1421057408from=wpcuid=WDCXWD10JPVX-22JC3T0_WD-WX71EA3NXF70NXF70q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1421057408from=wpcuid=WDCXWD10JPVX-22JC3T0_WD-WX71EA3NXF70NXF70q={searchTerms}
SearchScopes: HKU\S-1-5-21-1030996327-2942364442-3026964311-1001 - {1A6C6BDB-5DBF-4592-BE86-61031554F6E6} URL =
SearchScopes: HKU\S-1-5-21-1030996327-2942364442-3026964311-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1421057408from=wpcuid=WDCXWD10JPVX-22JC3T0_WD-WX71EA3NXF70NXF70q={searchTerms}
SearchScopes: HKU\S-1-5-21-1030996327-2942364442-3026964311-1001 - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={0E900573-E6D0-4245-AEF8-8CC9A8565264}mid=70c6fc179cf947cda1d2f1534038f876-004b878e45266fee339499ae5cfc45e28445a24alang=plds=AVGcoid=avgtbavgcmpid=pr=frd=2015-02-02 15:59:21v=4.0.6.10pid=wtusg=sap=dspq={searchTerms}
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: https://mysearch.avg.com?cid={0E900573-E6D0-4245-AEF8-8CC9A8565264}mid=70c6fc179cf947cda1d2f1534038f876-004b878e45266fee339499ae5cfc45e28445a24alang=plds=AVGcoid=avgtbavgcmpid=pr=frd=2015-02-02 15:59:21v=4.0.6.10pid=wtusg=sap=hp
FF SearchPlugin: C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\rm051dug.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\rm051dug.default\searchplugins\mystartsearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: AVG Web TuneUp - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\rm051dug.default\Extensions\avg@toolbar [2015-02-02]
FF Extension: RaunddooMPriice - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\rm051dug.default\Extensions\Fme@C.com [2015-02-02]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\rm051dug.default\extensions\fftoolbar2014@etech.com
R2 fc67e7a0; c:\Program Files (x86)\DeltaFix\DeltaFix.dll [4182016 2015-01-12] () [File not signed] ==== ATTENTION
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1826328 2015-02-02] (AVG Secure Search)
2015-02-02 15:59 - 2015-02-02 15:59 - 00000000 ____ D () C:\ProgramData\AVG Security Toolbar
2015-02-02 15:59 - 2015-02-02 15:59 - 00000000 ____ D () C:\ProgramData\AVG Secure Search
2015-02-02 15:41 - 2015-02-02 15:42 - 00000000 ____ D () C:\Program Files (x86)\RaunddooMPriice
2015-01-27 22:11 - 2015-01-27 22:11 - 00000000 ____ D () C:\Program Files (x86)\SSaveruExtensIon
2015-01-27 22:10 - 2015-01-27 22:10 - 00000000 ____ D () C:\Program Files (x86)\Minecraft 2
2015-01-27 22:10 - 2015-01-27 22:10 - 00000000 ____ D () C:\Program Files (x86)\Funn2oSavee
2015-01-20 18:56 - 2015-02-02 16:18 - 00000000 ____ D () C:\ProgramData\NewSAver
2015-01-19 14:37 - 2015-02-02 16:18 - 00000000 ____ D () C:\ProgramData\FIndBeestDeaal
2015-01-19 14:36 - 2015-02-02 16:17 - 00000000 ____ D () C:\ProgramData\AlLCCheapPreice
2015-01-19 06:16 - 2015-01-20 18:58 - 00000000 ____ D () C:\ProgramData\6085fdf17fcef2c4
2015-01-12 11:09 - 2015-01-12 11:09 - 00000000 ____ D () C:\Program Files (x86)\DeltaFix
2015-01-12 11:08 - 2015-02-02 16:17 - 00000000 ____ D () C:\Program Files (x86)\youtubeadblocker
2015-01-12 11:07 - 2015-02-02 15:42 - 00000000 ____ D () C:\ProgramData\6955244413216813764
2015-01-12 11:07 - 2015-01-12 11:07 - 00000000 ____ D () C:\Program Files (x86)\uNisAleiss
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(D@wid) #5

Dziękuję za pomoc!


(Acorus) #6

Skasuj folder C:\FRST