Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

PC - Proszę o sprawdzenie raportów FRST

korky 10 Lut 2017 02:29 261 2
  • Pomocny post
    #2 10 Lut 2017 08:40
    Domino_2
    Pomocny dla użytkowników

    Cytat:

    ShortcutWithArgument: C:\Users\byq\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"
    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== UWAGA
    HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== UWAGA
    HKU\S-1-5-21-3314132182-44220214-3742746438-1001\Software\Classes\exefile: "%1" %* <===== UWAGA
    HKU\S-1-5-21-3314132182-44220214-3742746438-1001\Software\Classes\.exe: exefile => "%1" %* <===== UWAGA
    HKU\S-1-5-21-3314132182-44220214-3742746438-1001\...\Run: [mailruhomesearch] => C:\Users\byq\AppData\Local\Mail.Ru\Sputnik\ptls\mailruhomesearch.exe [0 2017-02-09] ()
    GroupPolicy: Ograniczenia <======= UWAGA
    GroupPolicy\User: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3314132182-44220214-3742746438-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811040
    SearchScopes: HKU\S-1-5-21-3314132182-44220214-3742746438-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BF643F79C-B551-4302-98A8-BFB02CBEA148%7D&gp=811041
    SearchScopes: HKU\S-1-5-21-3314132182-44220214-3742746438-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BF643F79C-B551-4302-98A8-BFB02CBEA148%7D&gp=811041
    CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
    U0 SR; Brak ImagePath
    U2 srservice; Brak ImagePath
    2017-02-09 17:53 - 2017-02-09 18:07 - 00000000 ____D C:\Users\byq\Doctor Web
    2017-02-09 13:05 - 2017-02-09 13:05 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign94f6b602522ddca6
    2017-02-09 13:05 - 2017-02-09 13:05 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign5b1b79737b50038d
    2017-02-09 13:05 - 2017-02-09 13:05 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign1accc16f0e032ce6
    2017-02-09 12:32 - 2017-02-09 12:32 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign3465d728c1e06979
    2017-02-09 12:31 - 2017-02-09 12:31 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsignee1687f47cbd33fb
    2017-02-09 12:31 - 2017-02-09 12:31 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign6d9a860776d9e494
    2017-02-09 00:45 - 2017-02-09 00:46 - 00000000 ____D C:\Users\byq\AppData\Local\Mail.Ru
    2017-02-09 00:45 - 2017-02-09 00:46 - 00000000 ____D C:\Program Files (x86)\Mail.Ru
    2017-02-09 00:45 - 2017-02-09 00:45 - 00000000 ____D C:\ProgramData\Mail.Ru
    2017-02-08 22:15 - 2017-02-08 22:15 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign28b34cf467acd30c
    2017-02-08 22:14 - 2017-02-08 22:14 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign701a0cebc50cdf66
    2017-02-08 22:14 - 2017-02-08 22:14 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign62579940d2be0596
    2017-02-08 18:40 - 2017-02-08 18:40 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign2178601bd82278f6
    2017-02-08 18:39 - 2017-02-08 18:39 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign3f49fc31844ac4c1
    2017-02-08 18:39 - 2017-02-08 18:39 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign36af2a8a16e05362
    2017-02-08 18:39 - 2017-02-08 18:39 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign09fb55d26c803a6e
    2017-02-07 22:11 - 2017-02-07 22:11 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign2221cc8e86aa3a75
    2017-02-07 22:10 - 2017-02-07 22:10 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsignab6ce27fe2fa8181
    2017-02-07 22:09 - 2017-02-07 22:09 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsigne0567a26d1ac78dd
    2017-02-07 22:09 - 2017-02-07 22:09 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsignd774a7665def8a39
    2017-02-07 22:09 - 2017-02-07 22:09 - 00000000 ____D C:\Users\byq\AppData\Local\Tempzxpsign3407c039b03a39e1
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, uruchom go i kliknij Fix/Napraw.

    Zainstaluj sobie dodatek do przeglądarki uBlock Origin.

    0
  • #3 10 Lut 2017 16:25
    korky
    Poziom 13  

    dzięki !
    Zrobiłem jak kazałeś.

    0