Elektroda.pl
Elektroda.pl
X

Search our partners

Find the latest content on electronic components. Datasheets.com
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Windows 7 - Automatycznie włączająca się rosyjska strona przy startcie systemu

13 May 2015 17:16 690 2
  • Helpful post
    Level 43  
    Otwórz notatnik systemowy i wklej:

    Quote:
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-3785211113-1495808028-1638902609-1000\...\Run: [yljdwfdzkd] => explorer "http://pexmeby.ru/?utm_source=uoua03&utm_content=358ec8da5dba511232a7a6352b5b128c"
    HKU\S-1-5-21-3785211113-1495808028-1638902609-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
    HKU\S-1-5-21-3785211113-1495808028-1638902609-1000\...\MountPoints2: {a55a1a7a-9bbc-11e4-ae01-2c27d7a7859c} - G:\LaunchU3.exe -a
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    HKU\S-1-5-21-3785211113-1495808028-1638902609-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=blackbear2
    SearchScopes: HKU\S-1-5-21-3785211113-1495808028-1638902609-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg
    SearchScopes: HKU\S-1-5-21-3785211113-1495808028-1638902609-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3785211113-1495808028-1638902609-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = http://go.mail.ru/search?q={SearchTerms}&fr=ntg
    CHR Extension: (Bookmark Manager) - C:\Users\anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-13]
    CHR HKLM-x32\...\Chrome\Extension: [pfjgibhmcgncmjhdodpaolfbjpjjajal] - https://clients2.google.com/service/update2/crx
    S4 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158864 2014-12-29] (XTab system)
    S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-15] (SysTool PasSame LIMITED) [File not signed] <==== ATTENTION
    R1 {4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64; C:\Windows\System32\drivers\{4cff408a-d9e7-47c3-a711-95133fcf7f45}Gw64.sys [48792 2015-01-19] (StdLib)
    R1 {693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64; C:\Windows\System32\drivers\{693a0a5b-aa08-4a3c-b7e8-398a93e02cf2}Gw64.sys [48792 2015-01-14] (StdLib)
    R1 {6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64; C:\Windows\System32\drivers\{6e9af5d3-a8f9-4461-ad38-1433888f55dc}Gw64.sys [48792 2015-01-16] (StdLib)
    2015-05-04 17:03 - 2015-05-04 17:03 - 00741672 _____ (Web software ) C:\Users\anna\Downloads\Free-Video-Editor(33621)-dp.exe
    2015-04-23 10:04 - 2015-04-23 10:04 - 00741672 _____ (Web software ) C:\Users\anna\Downloads\WinRAR(12398)-dp.exe
    2015-05-13 16:44 - 2015-01-15 20:56 - 00000000 ____D () C:\Program Files (x86)\XTab
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
  • Level 8  
    Dzięki wielkie. ;)
    Windows 7 - Automatycznie włączająca się rosyjska strona przy startcie systemu