Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

chromesearch.win - proszę o analize

barti504 21 Lis 2017 21:36 234 1
  • #2 21 Lis 2017 22:03
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    CustomCLSID: HKU\S-1-5-21-904850359-913346928-279155643-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-FD9A2DF92338}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => Brak pliku
    ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku
    ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Brak pliku
    ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Brak pliku
    ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> Brak pliku
    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Brak pliku
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku
    Task: {D956E4E4-446E-48B6-BCA0-93C07F15B741} - System32\Tasks\{98C31F68-96DD-4946-B6F6-968A0A179A3B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe" -c --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}"
    HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
    HKU\S-1-5-21-904850359-913346928-279155643-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-904850359-913346928-279155643-1001\...\MountPoints2: {25804293-9526-11e5-a275-606c66b69d2d} - "F:\AutoRun.exe"
    HKU\S-1-5-21-904850359-913346928-279155643-1001\...\MountPoints2: {4dc54e2c-9084-11e7-a2e5-0c5b8f279a64} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-904850359-913346928-279155643-1001\...\MountPoints2: {8df35a52-77a2-11e7-a2e0-0c5b8f279a64} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    SearchScopes: HKU\S-1-5-21-904850359-913346928-279155643-1001 -> {317D8655-ABF9-4B46-929B-A09F5FDBF898} URL = hxxps://search.yahoo.com/search?fr=chr-greent...mp;ei=utf-8&ilc=12&type=435371&p={searchTerms}
    FF Homepage: Mozilla\Firefox\Profiles\33726b9w.default -> about:blank
    FF NewTab: Mozilla\Firefox\Profiles\33726b9w.default -> about:blank
    FF Keyword.URL: Mozilla\Firefox\Profiles\33726b9w.default -> hxxps://search.yahoo.com/search?fr=greentree_...mp;ei=utf-8&ilc=12&type=435371&p=
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => nie znaleziono
    CHR DefaultSearchURL: Default -> hxxps://spiralstab.com/search?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> SpiralsTab
    CHR DefaultSuggestURL: Default -> hxxps://spiralstab.com/suggestions.php?q={searchTerms}
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ikaooahnheaoeceaipjcmnamnoleeblk] - hxxps://clients2.google.com/service/update2/crx
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0