Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

adwcleaner nie chce się uruchamiać.

eryk.tomaszewski 29 Sty 2017 21:24 456 8
  • #1 29 Sty 2017 21:24
    eryk.tomaszewski
    Poziom 8  

    Cześć, mam problem, chodzi o to że ściągnąłem adwcleaner w celu oczyszczenia przeglądarki, ale nie chcę się włączyć, zupełnie żadnej rekacji nawet po restarcie komputera. o co kaman?

    dodam że używam też opcji uruchom jako administrator i nic.

    0 8
  • CControls
  • CControls
  • #4 29 Sty 2017 22:24
    Kolobos
    Spec od komputerów

    Chyba nie myslales, ze adwc usunie te wszystkie infekcje? Powinienes sie wziac za nauke korzystania z internetu, inaczej zaraz znowu zainfekujesz system!

    Odinstaluj:
    amuleC
    WinSnare
    YAC(Yet Another Cleaner!)

    Zgraj zakladki z Chrome, skrypt usunie profil utworzony przez infekcje.

    Skrypt zresetuje rowniez plik hosts, masz w nim rowniez:
    0.0.0.0 apps.corel.com
    0.0.0.0 mc.corel.com
    0.0.0.0 origin-mc.corel.com
    0.0.0.0 iws.corel.com

    Jezeli Ci to nadal potrzebne to dodaj ponownie.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-2950149319-2717487261-2535428601-1001_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Eryk\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe => B (dane wartości zawierają 9 znaków więcej).
    Task: {0D093C52-F5D5-454C-9F0B-957A1BBDA7DC} - System32\Tasks\{81B5D4D0-4960-4DAD-A16C-5DFCA597FE43} => pcalua.exe -a C:\Users\Eryk\Downloads\AMD_RS780_WIN7_32_WIN7_64_863400\Setup.exe -d C:\Users\Eryk\Downloads\AMD_RS780_WIN7_32_WIN7_64_863400
    Task: {261F791A-473C-4886-9384-431278351E84} - System32\Tasks\2e7ca50926ef48ff171432427d5bb458 => Rundll32.exe "C:\Program Files\Elantech\ekx298.dll",e62dc6c6547f46bda862da2d05af6862 <==== UWAGA
    C:\Program Files\Fibitplajuch\
    Task: {CE39F688-B4DA-495A-99FA-BB3BD891766A} - System32\Tasks\{2A025818-E293-49F1-8C31-4E962DAFE126} => pcalua.exe -a C:\Users\Eryk\Downloads\VirtualBox-5.1.8-111374-Win.exe -d C:\Users\Eryk\Downloads
    Task: {CF0DA561-2CBB-4928-AC68-59837FC1C97F} - System32\Tasks\WinTOOL => C:\ProgramData\wintools\WintoolUprI.exe [2017-01-18] ()
    Task: {F0228AD4-DED0-4902-BD83-13D8C0462521} - System32\Tasks\Driver Booster SkipUAC (Eryk) => C:\Program Files\IObit\Driver Booster\4.1.0\DriverBooster.exe
    Task: {F53F11EE-10B0-4164-8862-F643E1D35E1C} - System32\Tasks\Ckoduclacaght Center => C:\Program Files\Fibitplajuch\tocather.exe [2016-11-03] (Glarysoft Ltd)
    ShortcutWithArgument: C:\Users\Eryk\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    ShortcutWithArgument: C:\Users\Eryk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX




    ShortcutWithArgument: C:\Users\Eryk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Pulpit zdalny Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    ShortcutWithArgument: C:\Users\Eryk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    ShortcutWithArgument: C:\Users\Eryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    ShortcutWithArgument: C:\Users\Eryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    ShortcutWithArgument: C:\Users\Eryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    ShortcutWithArgument: C:\Users\Eryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    ShortcutWithArgument: C:\Users\Eryk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    2017-01-12 20:18 - 2016-05-23 03:37 - 00065696 _____ () C:\Program Files\Elex-tech\YAC\zlib1.dll
    2016-11-22 18:00 - 2017-01-11 11:48 - 00519680 _____ () C:\Program Files\Common Files\Services\iThemes.dll
    C:\local32spl.dll
    C:\_\local32spl.dll
    C:\AdwCleaner\local32spl.dll
    C:\AdwCleaner_\local32spl.dll
    C:\Brother\local32spl.dll
    C:\Brother_\local32spl.dll
    C:\PerfLogs\local32spl.dll
    C:\PerfLogs_\local32spl.dll
    C:\Users\local32spl.dll
    C:\Users_\local32spl.dll
    2017-01-12 20:18 - 2016-05-23 03:37 - 00179200 _____ () C:\Program Files\Elex-tech\YAC\libpng.dll
    Hosts:
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
    (Elex do Brasil Participações Ltda) C:\Program Files\Elex-tech\YAC\iSafeTray.exe
    () C:\Program Files\Firefox\bin\FirefoxUpdate.exe
    HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKU\S-1-5-21-2950149319-2717487261-2535428601-1001\...\MountPoints2: {6f2b49e6-9080-11e6-b603-02006dc9fa26} - G:\start.exe
    HKLM\...\Providers\0yoygg5u: C:\Brother_\local32spl.dll [145408 2016-11-04] ()
    HKLM\...\Providers\3tvm0x75: C:\Users\\local32spl.dll [145408 2016-11-04] ()
    HKLM\...\Providers\5lv2tpiu: C:\Brother\\local32spl.dll [145408 2016-11-04] ()
    HKLM\...\Providers\6hryr852: C:\PerfLogs_\local32spl.dll [145408 2016-11-04] ()
    HKLM\...\Providers\atdajkhb: D:\Program Files\UDPdp\UDPnp4\\local32spl.dll
    HKLM\...\Providers\hlydagbe: C:\AdwCleaner\\local32spl.dll [145408 2016-11-04] ()
    HKLM\...\Providers\jazcoz6x: C:\PerfLogs\\local32spl.dll [145408 2016-11-04] ()
    HKLM\...\Providers\lu5o64os: C:\_\local32spl.dll [145408 2016-11-04] ()
    HKLM\...\Providers\p0a3ybgc: C:\AdwCleaner_\local32spl.dll [145408 2016-11-04] ()
    HKLM\...\Providers\qxnd2dgi: D:\Program Files\UDPdp\UDPnp4_\local32spl.dll
    HKLM\...\Providers\rayjdbb2: C:\\local32spl.dll [145408 2016-11-04] ()
    HKLM\...\Providers\z3ry4x38: C:\Users_\local32spl.dll [145408 2016-11-04] ()
    IFEO\MRT.exe: [Debugger] C:\Windows\TEMP\nsi192B.tmp\Gubed.exe -Yrrehs
    ShellExecuteHooks: Brak nazwy - {7BCBF2F8-9E93-11E6-BA23-64006A5CFC23} - -> Brak pliku
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&t...XHTS543225L9A300_090630FB2F06YLHKRUSCX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&t...XHTS543225L9A300_090630FB2F06YLHKRUSCX&q={searchTerms}
    HKU\S-1-5-21-2950149319-2717487261-2535428601-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&t...XHTS543225L9A300_090630FB2F06YLHKRUSCX&q={searchTerms}
    HKU\S-1-5-21-2950149319-2717487261-2535428601-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    HKU\S-1-5-21-2950149319-2717487261-2535428601-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&t...XHTS543225L9A300_090630FB2F06YLHKRUSCX&q={searchTerms}
    HKU\S-1-5-21-2950149319-2717487261-2535428601-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=14842...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-2950149319-2717487261-2535428601-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    Toolbar: HKU\S-1-5-21-2950149319-2717487261-2535428601-1001 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    FF user.js: detected! => C:\Users\Eryk\AppData\Roaming\Mozilla\Firefox\Profiles\ir99p4rs.default-1480614367864\user.js [2017-01-17]
    FF Homepage: Mozilla\Firefox\Profiles\ir99p4rs.default-1480614367864 -> hxxp://www.luckysearch123.com?type=hp&ts=...;z=18bb132bdb2337a5314cd43g7z3b9zfq7z4z7cct2e
    FF NewTab: Mozilla\Firefox\Profiles\ir99p4rs.default-1480614367864 -> hxxp://www.luckysearch123.com?type=hp&ts=...;z=18bb132bdb2337a5314cd43g7z3b9zfq7z4z7cct2e
    FF Extension: (xRocket Toolbar) - C:\Users\Eryk\AppData\Roaming\Mozilla\Firefox\Profiles\ir99p4rs.default-1480614367864\Extensions\arthurj8283@gmail.com [2017-01-17] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\Eryk\AppData\Roaming\Mozilla\Firefox\Profiles\ir99p4rs.default-1480614367864\searchplugins\amisites.xml [2017-01-12]
    FF SearchPlugin: C:\Users\Eryk\AppData\Roaming\Mozilla\Firefox\Profiles\ir99p4rs.default-1480614367864\searchplugins\luck.xml [2017-01-17]
    FF Extension: (SimilarWeb) - C:\Users\Eryk\AppData\Roaming\Firefox\Firefox\Profiles\ir99p4rs.default-1480614367864\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-01-12] [Brak podpisu cyfrowego]
    FF Extension: (FF Adr) - C:\Users\Eryk\AppData\Roaming\Firefox\Firefox\Profiles\ir99p4rs.default-1480614367864\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-01-12] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\Eryk\AppData\Roaming\Firefox\Firefox\Profiles\ir99p4rs.default-1480614367864\searchplugins\amisites.xml [2017-01-12]
    FF SearchPlugin: C:\Users\Eryk\AppData\Roaming\Firefox\Firefox\Profiles\ir99p4rs.default-1480614367864\searchplugins\searchinme.xml [2017-01-12]
    CHR DefaultProfile: ChromeDefaultData
    CHR HomePage: ChromeDefaultData -> hxxp://www.amisites.com/?type=hp&ts=14847...HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.amisites.com/?type=hp&ts=1484773116&z=fbb86911aea774f0942f527gfz1baz0m5meocb0mdo&from=che0812&uid=HitachiXHTS543225L9A300_090630FB2F06YLHKRUSCX"
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.amisites.com/search/?type=ds&t...XHTS543225L9A300_090630FB2F06YLHKRUSCX&q={searchTerms}
    CHR DefaultSearchKeyword: ChromeDefaultData -> amisites
    CHR Profile: C:\Users\Eryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-29] <==== UWAGA
    C:\Users\Eryk\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2950149319-2717487261-2535428601-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    R2 FirefoxU; C:\Program Files\Firefox\bin\FirefoxUpdate.exe [106160 2017-01-09] ()
    R2 GubedZL; C:\Program Files\Gubed\GubedZL.dll [133632 2017-01-05] () [Brak podpisu cyfrowego]
    R2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [131024 2016-08-19] (Elex do Brasil Participações Ltda)
    R3 iThemes5; C:\Program Files\Common Files\Services\iThemes.dll [519680 2017-01-11] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 Praguspplirok; C:\Program Files\Fibitplajuch\Prnmpp.dll [275456 2016-11-03] () [Brak podpisu cyfrowego]
    R2 Themes; C:\Windows\system32\themeservice.dll [37376 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
    R2 WinSnare; C:\Users\Eryk\AppData\Roaming\WinSnare\WinSnare.dll [647680 2017-01-18] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    S2 ed2kidle; "C:\Program Files\amuleC2\ed2k.exe" -downloadwhenidle [X]
    R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [227776 2016-05-23] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [50280 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [97912 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [45032 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [73232 2016-05-23] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [59152 2016-05-19] (Elex do Brasil Participações Ltda)
    S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
    S1 p1481559557am; \??\C:\Users\Eryk\AppData\Local\Temp\bk3034.tmp\p1481559557am.sys [X]
    2017-01-29 20:24 - 2017-01-29 20:24 - 00000000 ____H C:\Users\Eryk\AppData\Local\BITAD13.tmp
    2017-01-18 21:58 - 2017-01-18 21:58 - 00000000 ____D C:\Program Files\WinSnare(4.0.6)
    2017-01-18 21:11 - 2017-01-18 21:11 - 00000000 ____D C:\Program Files\ii4zpftp
    2017-01-12 20:18 - 2017-01-12 20:18 - 00000000 ____D C:\Users\Eryk\AppData\Roaming\Elex-tech
    2017-01-12 20:18 - 2017-01-12 20:18 - 00000000 ____D C:\Program Files\Elex-tech
    2017-01-12 20:18 - 2016-05-23 03:41 - 00050280 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2017-01-12 20:18 - 2016-05-19 07:42 - 00059152 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2017-01-12 20:07 - 2017-01-12 20:07 - 00000000 ____D C:\Program Files\Firefox
    2017-01-12 20:06 - 2017-01-18 21:18 - 00000000 ____D C:\ProgramData\wintools
    2017-01-11 11:48 - 2017-01-29 20:43 - 00000000 ____D C:\ProgramData\WinSAPSvc
    2017-01-11 11:48 - 2017-01-21 14:58 - 00000000 ____D C:\Program Files\WinArcher
    2017-01-11 11:48 - 2017-01-18 21:58 - 00000000 ____D C:\Users\Eryk\AppData\Roaming\WinSnare
    2017-01-11 11:48 - 2017-01-11 11:48 - 00000000 ____D C:\Program Files\Gubed
    2017-01-11 11:42 - 2017-01-11 11:42 - 00000000 ____D C:\Program Files\3xau16p2
    2017-01-29 20:40 - 2016-10-13 11:34 - 00000000 ____D C:\AdwCleaner
    2016-10-13 09:04 - 2016-10-13 09:04 - 7203328 _____ () C:\Users\Eryk\AppData\Roaming\agent.dat
    2016-10-13 09:04 - 2016-10-13 09:04 - 0070704 _____ () C:\Users\Eryk\AppData\Roaming\Config.xml
    2016-10-13 09:03 - 2016-10-13 09:04 - 0015792 _____ () C:\Users\Eryk\AppData\Roaming\InstallationConfiguration.xml
    2016-10-13 09:03 - 2016-10-13 09:03 - 0140288 _____ () C:\Users\Eryk\AppData\Roaming\Installer.dat
    2016-10-13 09:04 - 2016-10-13 09:04 - 0018432 _____ () C:\Users\Eryk\AppData\Roaming\Main.dat
    2016-10-13 09:04 - 2016-10-13 09:04 - 0005568 _____ () C:\Users\Eryk\AppData\Roaming\md.xml
    2016-10-13 09:04 - 2016-10-13 09:04 - 0126464 _____ () C:\Users\Eryk\AppData\Roaming\noah.dat
    2016-10-13 09:04 - 2016-10-13 09:04 - 1907519 _____ () C:\Users\Eryk\AppData\Roaming\Sololight.tst
    2016-10-13 09:04 - 2016-10-13 09:04 - 0032038 _____ () C:\Users\Eryk\AppData\Roaming\uninstall_temp.ico
    2017-01-29 20:24 - 2017-01-29 20:24 - 0000000 ____H () C:\Users\Eryk\AppData\Local\BITAD13.tmp
    2017-01-29 20:17 - 2017-01-29 20:23 - 0000000 _____ () C:\Users\Eryk\AppData\Local\{4C216260-5F83-46F1-8F7A-FD58073B996C}
    2017-01-20 17:32 - 2017-01-20 17:32 - 0000000 _____ () C:\Users\Eryk\AppData\Local\{E2A0DDC3-7E2B-4ABC-82D2-8953A2F3F6AF}
    2016-10-31 15:52 - 2016-10-31 15:52 - 0000057 _____ () C:\ProgramData\Ament.ini
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 30 Sty 2017 00:28
    Kolobos
    Spec od komputerów

    W FF ustaw google jako wyszukiwarke o ile skrypt nie usunie "lucky" automatycznie.

    Nowy Fixlist.txt dla FRST:
    SearchScopes: HKLM -> DefaultScope - brak wartości
    FF NewTab: Mozilla\Firefox\Profiles\ir99p4rs.default-1480614367864 -> hxxp://www.luckysearch123.com?type=hp&ts=1484...&z=18bb132bdb2337a5314cd43g7z3b9zfq7z4z7cct2e
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ir99p4rs.default-1480614367864 -> luck
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\ir99p4rs.default-1480614367864 -> luck
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ir99p4rs.default-1480614367864 -> luck
    FF Homepage: Mozilla\Firefox\Profiles\ir99p4rs.default-1480614367864 -> hxxp://www.luckysearch123.com?type=hp&ts=1484...&z=18bb132bdb2337a5314cd43g7z3b9zfq7z4z7cct2e
    2017-01-29 23:19 - 2017-01-29 23:25 - 00000000 ____D C:\AdwCleaner

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #7 30 Sty 2017 00:36
    eryk.tomaszewski
    Poziom 8  

    Dzięki :-) juz patrze :-)

    A czy ten amisites tez się usunął?

    0
  • #8 30 Sty 2017 09:23
    Kolobos
    Spec od komputerów

    Widzisz, zeby sie nadal otwierl jako strona glowna?

    0
  • #9 30 Sty 2017 12:02
    eryk.tomaszewski
    Poziom 8  

    Nie, i lucky search123 też zniknąŁ

    0