Zmieniona strona startowa

matkar1 · 23 Marzec 2015 07:21

Proszę o pomoc w zwalczeniu infekcji komputera. Dołączam skan FRST.

Addition: http://www.wklej.org/id/1669287/

Acorus · 23 Marzec 2015 08:17

Otwórz notatnik systemowy i wklej:

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data:NT
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data:NT2
AlternateDataStreams: C:\Documents and Settings\All Users\Dane aplikacji\MTA San Andreas All:NT
AlternateDataStreams: C:\Documents and Settings\All Users\Dane aplikacji\MTA San Andreas All:NT2
HKLM\...\Run: [RTHDCPL] = C:\WINDOWS\RTHDCPL.EXE [16859136 2008-03-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] = C:\WINDOWS\ALCMTR.EXE [69632 2005-05-04] (Realtek Semiconductor Corp.)
Startup: C:\Documents and Settings\Mat\Menu Start\Programy\Autostart\Arma 3 PC full game + DLC ^^nosTEAM^^.lnk
ShortcutTarget: Arma 3 PC full game + DLC ^^nosTEAM^^.lnk - C:\Documents and Settings\All Users\Dane aplikacji\{8f11616e-14da-4b78-8f11-1616e14d85b8}\Arma 3 PC full game + DLC ^^nosTEAM^^.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKU\S-1-5-21-1292428093-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={DF832FEC-2B10-4A0F-A338-EBBDF8349C59}mid=aadb32f69a6047d38e78d15de3d86683-ad1491be2ce6c122f6b66faa90e70c2decf7d34clang=plds=AVGcoid=avgtbavgcmpid=0215avpr=frd=2014-09-01 07:33:52v=4.1.0.411pid=wtusg=sap=hp
HKU\S-1-5-21-1292428093-1844237615-682003330-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.interia.pl/#utm_source=instalkiutm_medium=installerutm_campaign=instalki
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.interia.pl/#utm_source=instalkiutm_medium=installerutm_campaign=instalki" ======= ATTENTION
SearchScopes: HKU\S-1-5-21-1292428093-1844237615-682003330-1003 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-1292428093-1844237615-682003330-1003 - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={DF832FEC-2B10-4A0F-A338-EBBDF8349C59}mid=aadb32f69a6047d38e78d15de3d86683-ad1491be2ce6c122f6b66faa90e70c2decf7d34clang=plds=AVGcoid=avgtbavgcmpid=0215tbpr=frd=2014-09-01 07:33:52v=4.1.0.411pid=wtusg=sap=dspq={searchTerms}
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: https://mysearch.avg.com/?cid={DF832FEC-2B10-4A0F-A338-EBBDF8349C59}mid=aadb32f69a6047d38e78d15de3d86683-ad1491be2ce6c122f6b66faa90e70c2decf7d34clang=plds=AVGcoid=avgtbavgcmpid=0215avpr=frd=2014-09-01 07:33:52v=4.1.0.411pid=wtusg=sap=hp
FF SearchPlugin: C:\Documents and Settings\Mat\Dane aplikacji\Mozilla\Firefox\Profiles\r14gr8xg.default-1419093759812\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: TakeTheCuoUpon - C:\Documents and Settings\Mat\Dane aplikacji\Mozilla\Firefox\Profiles\r14gr8xg.default-1419093759812\Extensions\5i@U.edu [2015-02-22]
FF Extension: RoboSSaverr - C:\Documents and Settings\Mat\Dane aplikacji\Mozilla\Firefox\Profiles\r14gr8xg.default-1419093759812\Extensions\RV@vvbp.com [2015-02-22]
R2 vToolbarUpdater18.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-03] (AVG Secure Search)
S3 EagleXNt; \\C:\WINDOWS\system32\drivers\EagleXNt.sys [X]
S3 WinRing0_1_2_0; \\F:\Infestation Survivor Stories\Game Booster 3\Driver\WinRing0.sys [X]
U1 WS2IFSL; No ImagePath
2015-03-03 09:03 - 2015-03-03 09:03 - 00000000 ____ D () C:\Program Files\Common Files\AVG Secure Search
2015-03-03 09:03 - 2015-03-03 09:03 - 00000000 ____ D () C:\Documents and Settings\All Users\Dane aplikacji\AVG Security Toolbar
2015-03-03 09:03 - 2015-03-03 09:03 - 00000000 ____ D () C:\Documents and Settings\All Users\Dane aplikacji\AVG Secure Search
2015-02-22 19:35 - 2015-02-22 19:35 - 00000000 ____ D () C:\Program Files\RRegularrDeals
2015-02-22 19:35 - 2015-02-22 19:35 - 00000000 ____ D () C:\Program Files\RoboSSaverr
2015-02-22 19:35 - 2015-02-22 19:35 - 00000000 ____ D () C:\Program Files\GreatSoave4uU
2015-02-22 19:34 - 2015-02-22 19:35 - 00000000 ____ D () C:\Program Files\TakeTheCuoUpon
2015-02-22 19:34 - 2015-02-22 19:35 - 00000000 ____ D () C:\Program Files\RobOuSaver
2015-02-22 19:34 - 2015-02-22 19:35 - 00000000 ____ D () C:\Program Files\Chromitude
2015-02-22 19:14 - 2015-02-22 19:35 - 00000000 ____ D () C:\Program Files\ProcessEngine
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.