Raporty
FRST: http://www.wklej.org/id/1755279/
Addition: http://www.wklej.org/id/1755280/
Shortcut:http://www.wklej.org/id/1755281/
Odinstaluj Norton Online Backup i Search App by Ask.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3539710452-3005776068-3144886634-1001\...\Run: [RodoQnif] => regsvr32.exe "C:\ProgramData\RodoQnif\RodoQnif.dat"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150309
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.wp.pl/?src01=dp220150309
HKU\S-1-5-21-3539710452-3005776068-3144886634-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?fr=hp-ddc-bd&type=pr __alt__ ddc_dsssyc_bd_com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3539710452-3005776068-3144886634-1001 -> OldSearch URL =
BHO: Search App by Ask -> {42435041-332D-5350-00A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-SP\Passport_x64.dll" No File
BHO-x32: Search App by Ask -> {42435041-332D-5350-00A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-SP\Passport.dll" No File
Toolbar: HKLM - Search App by Ask - {42435041-332D-5350-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-SP\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Search App by Ask - {42435041-332D-5350-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-SP\Passport.dll" No File
Toolbar: HKU\S-1-5-21-3539710452-3005776068-3144886634-1001 -> Search App by Ask - {42435041-332D-5350-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\BCPA3-SP\Passport_x64.dll" No File
FF Homepage: www.wp.pl/?src01=dp220150309
FF Extension: ClearThink 1.0.1 - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\hqwpzeef.default\Extensions\{4da83df8-e986-43b0-959e-179e0ba73dd8}.xpi [2014-11-30]
C:\ProgramData\RodoQnif\RodoQnif.dat
Task: {34E8AD34-BF9B-4124-966F-E17AFDD68008} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {C2954446-04B1-4FC3-A9B1-B20B10FEA498} - System32\Tasks\{078C4AC3-0784-4DEF-B493-4B0FB39CDCCB} => pcalua.exe -a E:\instaluj.exe -d C:\Users\Acer\Desktop
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKU\S-1-5-21-3539710452-3005776068-3144886634-1001\...\Run: [RodoQnif] => regsvr32.exe "C:\ProgramData\RodoQnif\RodoQnif.dat"
2015-07-11 17:24 - 2014-12-01 23:14 - 00000000 ____ D C:\ProgramData\RodoQnif
DeleteQuarantine:
Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST
Usuń stare punkty przywracania: Przywracanie systemu i kopie w tle
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
http://wstaw.org/m/2014/03/25/2014-03-25_123039.png
Język PL > Settings > General Settings > Language > Polish
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK
Odinstaluj:
Adobe Flash Player 17 NPAPI
Microsoft Silverlight
Zainstaluj: