Mozesz wylaczyc aktualizacje automatyczne, razem z zatrzymaniem i wylaczeniem uslugi.
Zmien Adobe Reader 9 - Polish na najnowsza wersje lub na foxit:
http://ninite.com
Odinstaluj:
Crazy Score
DeadMouse
Instant Dictionary
WordAnchor 1.10.0.19
YAC(Yet Another Cleaner!)
Usun tez Avast:
https://www.avast.com/pl-pl/uninstall-utility
Obok frst.exe utworz plik fixlist.txt z zawartoscia:
CloseProcesses:
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\PIRAMIDA\DANEAP~1\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1453484966.job => C:\Program Files\Opera\launcher.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
ShortcutWithArgument: C:\Documents and Settings\PIRAMIDA\Menu Start\Programy\Akcesoria\Narzędzia systemowe\Internet Explorer (bez dodatków).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1452241343&z=dc4ce756db2f9679aebad05gfz9w4odocz6g4c1cdb&from=wpm01073&uid=ST3802110A_4LR2PS6JXXXX4LR2PS6J
ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1452241343&z=dc4ce756db2f9679aebad05gfz9w4odocz6g4c1cdb&from=wpm01073&uid=ST3802110A_4LR2PS6JXXXX4LR2PS6J
ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yoursites123.com/?type=sc&ts=1452241343&z=dc4ce756db2f9679aebad05gfz9w4odocz6g4c1cdb&from=wpm01073&uid=ST3802110A_4LR2PS6JXXXX4LR2PS6J
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-515967899-1957994488-725345543-1003\...\Run: [Avast-Browser-Cleanup] => C:\Program Files\AVAST Software\Avast\BrowserCleanup.exe [1530992 2015-04-22] (AVAST Software)
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1452241343&z=dc4ce756db2f9679aebad05gfz9w4odocz6g4c1cdb&from=wpm01073&uid=ST3802110A_4LR2PS6JXXXX4LR2PS6J
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-016&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1452241343&z=dc4ce756db2f9679aebad05gfz9w4odocz6g4c1cdb&from=wpm01073&uid=ST3802110A_4LR2PS6JXXXX4LR2PS6J
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-515967899-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1452241343&z=dc4ce756db2f9679aebad05gfz9w4odocz6g4c1cdb&from=wpm01073&uid=ST3802110A_4LR2PS6JXXXX4LR2PS6J
HKU\S-1-5-21-515967899-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=1452241343&z=dc4ce756db2f9679aebad05gfz9w4odocz6g4c1cdb&from=wpm01073&uid=ST3802110A_4LR2PS6JXXXX4LR2PS6J&q={searchTerms}
HKU\S-1-5-21-515967899-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-016
HKU\S-1-5-21-515967899-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1452241343&z=dc4ce756db2f9679aebad05gfz9w4odocz6g4c1cdb&from=wpm01073&uid=ST3802110A_4LR2PS6JXXXX4LR2PS6J
HKU\S-1-5-21-515967899-1957994488-725345543-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=1452241343&z=dc4ce756db2f9679aebad05gfz9w4odocz6g4c1cdb&from=wpm01073&uid=ST3802110A_4LR2PS6JXXXX4LR2PS6J&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= UWAGA
SearchScopes: HKLM -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-016&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515967899-1957994488-725345543-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://yoursites123.com/web?type=ds&ts=1452241343&z=dc4ce756db2f9679aebad05gfz9w4odocz6g4c1cdb&from=wpm01073&uid=ST3802110A_4LR2PS6JXXXX4LR2PS6J&q={searchTerms}
SearchScopes: HKU\S-1-5-21-515967899-1957994488-725345543-1003 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-016&q={searchTerms}
BHO: Brak nazwy -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Brak pliku
R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-08-19] (Elex do Brasil Participações Ltda)
S4 WdMan; C:\Documents and Settings\All Users\Dane aplikacji\lWdMl\WdMan.exe [326656 2016-01-12] () [Brak podpisu cyfrowego]
R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [225896 2015-05-14] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2015-08-19] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [56232 2015-06-30] (Elex do Brasil Participações Ltda)
R1 wafd_1_10_0_19; C:\WINDOWS\System32\drivers\wafd_1_10_0_19.sys [56448 2015-06-15] (WA)
S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 NTACCESS; \??\I:\NTACCESS.sys [X]
S3 SetupNTGLM7X; \??\I:\NTGLM7X.sys [X]
2016-01-24 14:55 - 2016-01-24 15:03 - 00000000 ____D C:\AdwCleaner
2016-01-22 22:14 - 2016-01-22 22:14 - 00000000 ____D C:\Documents and Settings\Kuba\Dane aplikacji\Elex-tech
2016-01-22 21:55 - 2016-01-22 21:55 - 00000000 ____D C:\Documents and Settings\PIRAMIDA\Dane aplikacji\Elex-tech
2016-01-22 21:55 - 2015-06-30 03:50 - 00056232 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
2016-01-22 21:03 - 2016-01-24 13:53 - 00000480 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1453492980.job
2016-01-22 18:49 - 2016-01-24 21:34 - 00000462 _____ C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1453484966.job
2016-01-12 10:44 - 2016-01-12 10:44 - 00000000 ____D C:\Program Files\Elex-tech
2016-01-08 09:22 - 2016-01-12 16:52 - 00000000 ____D C:\Program Files\SFK
2016-01-08 09:22 - 2016-01-08 09:23 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\lWdMl
2016-01-08 09:22 - 2016-01-08 09:22 - 00000146 _____ C:\Documents and Settings\All Users\Dane aplikacji\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2016-01-24 21:34 - 2014-11-17 17:46 - 00000228 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
2016-01-24 14:14 - 2015-05-06 10:14 - 00000432 _____ C:\WINDOWS\Tasks\At1.job
EmptyTemp:
Reboot:
W FRST wybierz Napraw.
Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
