Wirus w firefox prefs.js
#1
Objawy zainfekowania:
Siostra ściągnęła mi wirusa omiga.plus..
usunąłem go w większości miejsc, jednak pozostał wciąż we wspomnianym pliku.
Jak usunąć go bez usuwania tego pliku i tracenia wszystkich preferencji?
Odpowiedz
#2
Zastosuj się do instrukcji.

[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#3
Nie miałem czasu Sad
Poza tym liczyłem, że jest jakiś prostszy sposób niestety wygląda na to, że wirus zainfekował rejestr, spróbuje zrobić tego skana i zaraz wrzucić wyniki

Mozna uruchomic oba skany jednoczesnie?
Bo nie mam za dużo czasu:/


Podaje link do loga z OTL (choleradalem jako publicznie dostepne :/)

[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#4

[Aby zobaczyć linki, zarejestruj się tutaj]


[Aby zobaczyć linki, zarejestruj się tutaj]


[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#5
Do notatnika wklej i zapisz jako fixlist.txt

Kod:
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2221867206-870365832-3413207140-1001\...0c966feabec1\InprocServer32: [Default-shell32]ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe (Microsoft Corporation)
ProxyServer: [S-1-5-21-2221867206-870365832-3413207140-1001] => 115.108.30.55:81
ProxyServer: [S-1-5-21-2221867206-870365832-3413207140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => 115.108.30.55:81
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE807D4146241462&ts=1422224847&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE807D4146241462&ts=1422224847&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE807D4146241462&ts=1422224847&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE807D4146241462&ts=1422224847&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE807D4146241462&ts=1422224847&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE807D4146241462&ts=1422224847&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE807D4146241462&ts=1422224847&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE807D4146241462&ts=1422224847&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE807D4146241462&ts=1422224847&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=WDCXWD2500BEVS-22UST0_WD-WXE807D4146241462&ts=1422224847&type=default&q={searchTerms}
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
C:\Users\Acer\AppData\Roaming\PUTTY.RND
C:\Users\Acer\AppData\Local\PUTTY.RND
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{056440FD-8568-48E7-A632-72157243B55B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{0E25DC18-9F5E-48B1-80B3-D124E81B773B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{104846AB-42B1-4E38-A80D-136F78C3F258}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{1299CF18-C4F5-4B6A-BB0F-2299F0398E27}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{14074E0B-7216-4862-96E6-53CADA442A56}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{145B4335-FE2A-4927-A040-7C35AD3180EF}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{18907F3B-9AFB-4F87-B764-F9A4E16A21B8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{19352205-42B0-4690-9AA4-D7DB9AE5F259}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{1EEB5B5A-06FB-4732-96B3-975C0194EB39}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{1FDA955B-61FF-11DA-978C-0008744FAAB7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{35B1D3BB-2D4E-4A7C-9AF0-F2F677AF7C30}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{375FF002-DD27-11D9-8F9C-0002B3988E81}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{3ABEAFC4-F48F-4517-A9B0-8AD6A94A99A1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{3CE74DE4-53D3-4D74-8B83-431B3828BA53}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{3D154A2D-D911-437E-A30C-5F56A9B7081D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{41937347-2ABA-4D4C-A4CA-6FE4F11F1BAC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{4955DD33-B159-11D0-8FCF-00AA006BCC59}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{49F371E1-8C5C-4D9C-9A3B-54A6827F513C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{529A9E6B-6587-4F23-AB9E-9C7D683E3C50}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{53BD6B4E-3780-4693-AFC3-7161C2F3EE9C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{5F6C1BA8-5330-422E-A368-572B244D3F87}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{6756A641-DE71-11D0-831B-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{6F13DD2E-EBEE-4DD5-A72E-850B2087F5DD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{71F96385-DDD6-48D3-A0C1-AE06E8B055FB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{725F645B-EAED-4FC5-B1C5-D9AD0ACCBA5E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{72B624DF-AE11-4948-A65C-351EB0829419}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{72EB61E0-8672-4303-9175-F2E4C68B2E7C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{7EFC002A-071F-4CE7-B265-F4B4263D2FD2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{88D96A06-F192-11D4-A65F-0040963251E5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{88D96A0C-F192-11D4-A65F-0040963251E5}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{896664F7-12E1-490F-8782-C0835AFD98FC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{8D80504A-0826-40C5-97E1-EBC68F953792}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{934D4698-6A59-48F8-9F29-9FB30670320E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{97E467B4-98C6-4F19-9588-161B7773D6F6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{9AC9FBE1-E0A2-4AD6-B4EE-E212013EA917}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{A38B883C-1682-497E-97B0-0A3A9E801682}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{A4B544A1-438D-4B41-9325-869523E2D6C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{AF02484C-A0A9-4669-9051-058AB12B9195}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{B5F8350B-0548-48B1-A6EE-88BD00B4A5E7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{B77B1CBF-E827-44A9-A33A-6CCFEEAA142A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{C100BEA3-D33A-4A4B-BF23-BBEF4663D017}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{C120DE80-FDE4-49F5-A713-E902EF062B8A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{C605507B-9613-4756-9C07-E0D74321CB1E}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{C707F6A6-A1F3-45D7-99AA-A2B9491E84AD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{C72BE2EC-8E90-452C-B29A-AB8FF1C071FC}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{D34A6CA6-62C2-4C34-8A7C-14709C1AD938}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{D3DCB472-7261-43CE-924B-0704BD730D5F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{D58960BA-2EF3-4910-9E34-C911B1710180}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{F562A2C8-E850-4F05-8E7A-E7192E4E6C23}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{F61FFEC1-754F-11D0-80CA-00AA005B4383}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2221867206-870365832-3413207140-1001_Classes\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InprocServer32 -> No File Path
Task: {1355D4D7-0340-4C37-A223-376F97798B5C} - System32\Tasks\{A30AC876-EA2A-45EE-9AE4-58806C43EDB8} => pcalua.exe -a "C:\Program Files\Lavalys\EVEREST Home Edition\everest.exe" -d C:\Users\Acer\Desktop
Task: {19243E48-A74D-4F42-82F3-E197A9F4A166} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {250907F9-DD9B-47CA-A356-A3228D15E56C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {82407C9B-1199-47C2-B537-244BE54E4488} - System32\Tasks\e-pity2013_styczen => C:\Program Files\e-file\e-pity2013\Assets\signxml.exe [2014-02-21] (e-file sp. z o.o.)
Task: {9524A69A-77B9-4499-BD45-6F8CE070DAF7} - System32\Tasks\e-pity2013_kwiecien => C:\Program Files\e-file\e-pity2013\Assets\signxml.exe [2014-02-21] (e-file sp. z o.o.)
Task: {CC4471CA-BE1A-4435-9DF5-97470305F4F4} - System32\Tasks\{46D0A4C6-58D4-466C-8A3D-13217956A847} => pcalua.exe -a "D:\Deluxe Ski Jump 4\Setup.exe" -d "D:\Deluxe Ski Jump 4"
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
CMD: netsh advfirewall reset
EmptyTemp:

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Fix,po wykonaniu pokaż raport z tego działania.

W przeglądarce Firefox

Otwórz menu w górnym rogu po prawej stronie > otwórz menu pomoc oznaczone czerwoną ramką.

[Aby zobaczyć linki, zarejestruj się tutaj]


Informacje dla pomocy technicznej > Zresetuj program Firefox. Reset nie naruszy zakładek i haseł.

Ściągnij program

[Aby zobaczyć linki, zarejestruj się tutaj]

kliknij Szukaj i następnie Usuń
Pokaż raport z niego.

Odinstaluj:
Java 7 Update 55

Zrób nowe logi i przedstaw z FRST.txt > Addition.txt,Shortcut.txt
Odpowiedz
#6

[Aby zobaczyć linki, zarejestruj się tutaj]


niestety usunelo mi historie, mam nadzieje ze nie bede niczego z niej potrzebowal chociaz i tak nastreczylo mi to problemow.. no ale.. bezpieczenstwo przede wszystkim Smile
Odpowiedz
#7
Było to potrzebne i zamierzone.

Zrób nowe logi o które pisałem.
Odpowiedz
#8
ale hasla mialy zostać! (tymczasem usunelo mi wszystkie profile autofillforms :/)
frstlog

[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#9
Nie dokonałeś resetu firefoxa jakbyś dokonał to na pewno dodatki zostaną utracone,jest to jakiś problem dla ciebie ?
Po co właściwie stosujesz to proxy które jest widoczne ?

Prosiłem też o raport z adwclenaer.
Hasła zapamiętane przez przeglądarkę nie są tracone ani przez reset przeglądarki ani przez komendę EmptyTemp:

Komenda EmptyTemp: jest stosowana też dla twojego bezp. wykonuje takie o to rzeczy:
Opróżnia następujące katalogi:
Windows Temp
Foldery Temp użytkowników
Cache, Cookies i Historia IE, FF i Chrome
Cache ostatnio otwieranych plików
Cache Flash Player
Cache Java
Cache miniatur Windows Explorer i pliki sieciowe qmgr?.dat
Kosz

W logu był widoczny szczątkowy zeroaccess tak więc zmiana haseł była by tu wymagana.

Poza tym czemu nie używasz do haseł np. lastpass,lub czegoś podobnego. Wystarczy znać jedno hasło główne i problem z głowy.
Odpowiedz
#10
przepraszam, ostatnio nie mam dosc czasu by sie tym wszystkim zajac
raport z adwcleaner mi sie nie pokazal Sad
a ten zeroacces to dawno mogl wejsc? co moglo sie stac przez to?

o jakie proxy chodzi? kiedys probowalem jeden programik do proxy juz nawet nie pamietam po co , ale praktycznie od razu go odinstalowalem
Z dodatkow na pewno potrzebuje GreaseMonkey (bo autofill forms juz jest w tym momencie bezuzyteczny - bede musial go zastapic czyms innym - sprobuje poszukac czegos co zarowno bedzie sluzyc do wypelniania formularzy jak i zarzadzania haslami)

LOg z OTL:

[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#11

[Aby zobaczyć linki, zarejestruj się tutaj]

shortcuts
wklej.org/hash/c666c3c9e7c/ addition

[Aby zobaczyć linki, zarejestruj się tutaj]

frst - swiezy

z Adwcleaner mi sie nie robi log cos

cos tu sie niezle namieszalo, chcialem zaktualizowac ff ale wyskakuje "blad z nieznanych przyczyn" jednak musialem zresetowac bo nic sie nie dalo zrobic.. Oczywiscie wiem ze to w zaden sposob niezamierzone, ale mam wrazenie ze po tych zmianach komputer zaczal dzialac jakby wolniej... Czy ktorys z zabiegow mogl to spowodowac? wylaczyc jakies kodeki, wtyczki itd?
Odpowiedz
#12
Rozumiem że reset został firefoxa wykonany ?
Odpowiedz
#13
tak
Odpowiedz
#14
W takim wypadku zrób nowy log z samego FRST.txt , wcześniejszy był zrobiony i zapodany zanim dokonałeś resetu przeglądarki.
Odpowiedz
#15

[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#16
Nic więcej tu już nie widać.

Do notatnika wklej i zapisz jako fixlist.txt

Kod:
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
SearchScopes: HKU\S-1-5-21-2221867206-870365832-3413207140-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKU\S-1-5-21-2221867206-870365832-3413207140-1001\Software\Classes\.exe:=><===== ATTENTION!
C:\ProgramData\C__Users_Acer_Downloads_STARE_Auto Hide IP 5.3.0.2_AutoHideIP.exe
C:\ProgramData\C__Users_Acer_Downloads_STARE_Auto Hide IP 5.3.0.2_Crack_AutoHideIP.exe
RemoveDirectory: C:\AdwCleaner

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Fix,po wykonaniu pokaż raport z tego działania.

Ściągnij

[Aby zobaczyć linki, zarejestruj się tutaj]

Zapisz na pulpicie,uruchom i zaznacz Remove disinfection tools,następnie kliknij Run
Program do usuwania wszelkich użytych narzędzi typu OTL.ADW.FRST i innych.

Odinstaluj:

Java 8 Update 25

Zainstaluj jre-8u31-windows-i586.exe

[Aby zobaczyć linki, zarejestruj się tutaj]

Odpowiedz
#17
Dzieki Smile
Odpowiedz
#18
A raport z działania ?
Odpowiedz


Skocz do:


Użytkownicy przeglądający ten wątek: 1 gości