Zarażenie url: Mal Prosze pomóżcie?!


(Mateusz5589) #1

avast wykrywa mi cały czas zarażenie url:Mal Jak to zlikwidować?

 


(Acorus) #2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Mateusz5589) #3

addition : http://wklej.org/id/1596361/

FRST : http://wklej.org/id/1596362/


(Acorus) #4

Otwórz notatnik systemowy i wklej:

HKU\S-1-5-21-3099691929-597136357-677967994-1002\...\Run: [ALLUpdate] = D:\Programy\ALLPlayer\ALLUpdate.exe [2991616 2012-10-08] (ALLCinema)
HKU\S-1-5-21-3099691929-597136357-677967994-1002\...\Run: [Windows Host Process (RunDll)] = rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\Software\\Microsoft\\Active%20Setup\\Installed%20Components\\{72507C54-3577-4830-815 (the data entry has 39 more characters).
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3099691929-597136357-677967994-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR StartupUrls: Default - "https://de.yahoo.com?fr=hp-avasttype=avastbcl"
U3 afcsinym; C:\Windows\System32\Drivers\afcsinym.sys [0] (Microsoft Corporation) ==== ATTENTION (zero size file/folder)
2015-01-04 11:47 - 2015-01-04 11:47 - 00066695 _____ (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) C:\Users\Mateusz\AppData\Local\157660710.exe
2015-01-04 03:25 - 2015-01-04 03:25 - 00066671 _____ (Microsoft Corporation) C:\Users\Mateusz\AppData\Local\127516652.exe
2014-12-27 13:00 - 2014-12-27 13:00 - 00169680 _____ () C:\Users\Mateusz\AppData\Local\448629422.exe
2015-01-14 15:25 - 2014-12-13 21:48 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.