Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Reklamy zblokowały mi przeglądarki

MacSlom 03 Lut 2016 15:26 639 9
  • CControls
  • CControls
  • #3 03 Lut 2016 15:37
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj Call Style, MyPC Backup, Sale Charger, Smileys We Love Toolbar for IE i Winamp Toolbar.

    Cytat:

    CustomCLSID: HKU\S-1-5-21-2760408698-701827848-2932436948-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2760408698-701827848-2932436948-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2760408698-701827848-2932436948-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2760408698-701827848-2932436948-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2760408698-701827848-2932436948-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2760408698-701827848-2932436948-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2760408698-701827848-2932436948-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2760408698-701827848-2932436948-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2760408698-701827848-2932436948-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2760408698-701827848-2932436948-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2760408698-701827848-2932436948-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Maciek\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => Brak pliku
    Task: {C01E434D-86A6-4866-866F-F5CBBD4346A7} - System32\Tasks\Call Style => Rundll32.exe "C:\Users\Maciek\AppData\Local\Call Style\Bin\CallStyle.dll",#3 <==== UWAGA
    Task: {F4A3CA7B-B0CD-442C-B35F-FF784C5DE342} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe [2015-07-15] () <==== UWAGA
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA




    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-2760408698-701827848-2932436948-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0...SQw0FIk0FA1ADB0VXfVBdFElXTwhwIVVdIlEQU1JGMg==
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&...HitachiXHTS545032B9A300_100430PBP30016EESURLX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433...XHTS545032B9A300_100430PBP30016EESURLX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433...XHTS545032B9A300_100430PBP30016EESURLX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=14335033...HitachiXHTS545032B9A300_100430PBP30016EESURLX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=14335033...HitachiXHTS545032B9A300_100430PBP30016EESURLX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433...XHTS545032B9A300_100430PBP30016EESURLX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433...XHTS545032B9A300_100430PBP30016EESURLX&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&...oft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2760408698-701827848-2932436948-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2760408698-701827848-2932436948-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0...SQw0FIk0FA1ADB0VXfVBdFElXTwhwIVVdIlEQU1JGMg==
    HKU\S-1-5-21-2760408698-701827848-2932436948-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://do-search.com/?type=hp&ts=14335033...HitachiXHTS545032B9A300_100430PBP30016EESURLX
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfWpZDVwySVRRJ1xK&q={searchTerms}
    SearchScopes: HKLM -> OldSearch URL = hxxp://do-search.com/web/?type=ds&ts=1433...XHTS545032B9A300_100430PBP30016EESURLX&q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfWpZDVwySVRRJ1xK&q={searchTerms}
    SearchScopes: HKLM -> {B4D27802-61CB-4A6B-863E-DDD6BE3CE144} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> {A7DAC82B-9807-4FDB-B3CB-79E7AD7C7DF7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> DefaultScope {A7DAC82B-9807-4FDB-B3CB-79E7AD7C7DF7} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfWpZDVwySVRRJ1xK&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> OldSearch URL = hxxp://do-search.com/web/?utm_source=b&ut...RLX&ts=1433503413&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&ut...RLX&ts=1433503413&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfWpZDVwySVRRJ1xK&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&ut...RLX&ts=1433503413&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> {4FF53FFE-961A-4A56-9504-FAA77AA1EE02} URL = hxxp://do-search.com/web/?utm_source=b&ut...RLX&ts=1433503413&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> {68AABF04-A9D9-496E-AA05-978A6C38643D} URL = hxxp://do-search.com/web/?utm_source=b&ut...RLX&ts=1433503413&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> {784A9BD4-6135-48C2-BD57-BD5D03693846} URL = hxxp://do-search.com/web/?utm_source=b&ut...RLX&ts=1433503413&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> {9E179D88-C5AB-4720-988E-7E0DB23B9390} URL = hxxp://do-search.com/web/?utm_source=b&ut...RLX&ts=1433503413&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> {A7DAC82B-9807-4FDB-B3CB-79E7AD7C7DF7} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0...9aFQQTSEcFME0FCFwEURNNfWpZDVwySVRRJ1xK&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> {B4D27802-61CB-4A6B-863E-DDD6BE3CE144} URL = hxxp://do-search.com/web/?utm_source=b&ut...RLX&ts=1433503413&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&ut...RLX&ts=1433503413&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = hxxp://do-search.com/web/?utm_source=b&ut...RLX&ts=1433503413&type=default&q={searchTerms}
    BHO: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-03-28] ()
    BHO-x32: Winamp Toolbar Loader -> {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} -> C:\Program Files (x86)\Winamp Toolbar\winamptb.dll [2010-07-28] (AOL LLC.)
    BHO-x32: Sale Charger -> {7a38e53c-e000-41e4-9b5a-47447db81c2b} -> C:\Program Files (x86)\Sale Charger\Extensions\7a38e53c-e000-41e4-9b5a-47447db81c2b.dll [2015-06-05] ()
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
    BHO-x32: SmileysWeLoveToolbar -> {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} -> C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-03-28] ()
    Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll [2014-03-28] ()
    Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll [2014-03-28] ()
    Toolbar: HKU\S-1-5-21-2760408698-701827848-2932436948-1000 -> Brak nazwy - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - Brak pliku
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-13] [Brak podpisu cyfrowego]
    CHR Extension: (Sale Charger) - C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpadeflmcilgocfdbchkabfigijjkejo [2015-06-05] [UpdateUrl: hxxp://cdn.salecharger.net/update] <==== UWAGA
    CHR Extension: (Free Smileys & Emoticons) - C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl [2015-10-08]
    CHR Extension: (kgdcooicefdfjcplcnehfpbngjccncko) - C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kgdcooicefdfjcplcnehfpbngjccncko [2015-07-19]
    CHR HKLM-x32\...\Chrome\Extension: [fjbbjfdilbioabojmcplalojlmdngbjl] - C:\Users\Maciek\AppData\Local\Temp\swlfiles\smileyswelovetoolbar.crx [2014-03-29]
    OPR Extension: (Sale Charger) - C:\Users\Maciek\AppData\Roaming\Opera Software\Opera Stable\Extensions\fpadeflmcilgocfdbchkabfigijjkejo [2015-07-15]
    OPR Extension: (kgdcooicefdfjcplcnehfpbngjccncko) - C:\Users\Maciek\AppData\Roaming\Opera Software\Opera Stable\Extensions\kgdcooicefdfjcplcnehfpbngjccncko [2015-07-19]
    R2 Service Mgr SaleCharger; C:\ProgramData\322cb724-1680-423d-8862-1b52ca5027ad\plugincontainer.exe [802536 2016-02-03] () <==== UWAGA
    R2 Update Mgr SaleCharger; C:\Program Files (x86)\Common Files\322cb724-1680-423d-8862-1b52ca5027ad\updater.exe [642792 2016-02-03] () <==== UWAGA
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    U4 WMCoreService; Brak ImagePath
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    Przeskanuj komputer programem ADWCleaner i usuń wszystko co znalazł.

    0
  • #4 03 Lut 2016 18:11
    MacSlom
    Poziom 4  

    Dziękuję za odpowiedzi i pomoc. Zrobiłem tak jak napisałeś usunąłem te programy zapisałem ten fixlist i wykonałem naprawę a następnie skanowanie adw... Po wszystkim jest lepiej ale został jeszcze gdzieś ten Sale Charger mimo ze został usunięty i strona startowa mi z google.pl przeskakuje na TopArame. Czy mam jeszcze raz wysłać raporty z FRST ? Co dalej ?

    Dodano po 22 [minuty]:

    FRST nowy załącznik

    0
  • #5 03 Lut 2016 18:17
    safbot1st
    Poziom 43  

    W jakiej przeglądarce?
    Proponuję "bonusową" fixlistę:

    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension => nie znaleziono
    CHR Extension: () - C:\Users\Maciek\AppData\Local\Call Style\Component [2016-02-03]
    CHR Extension: (Sale Charger) - C:\Users\Maciek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpadeflmcilgocfdbchkabfigijjkejo [2015-06-05] [UpdateUrl: hxxp://cdn.salecharger.net/update] <==== UWAGA
    OPR StartupUrls: "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghGd1wIVggVGRhHIQxcTA0QQgUOIlheAhRGEAcRcF8KUQASQw0FIk0FA1oDB0VXfV5bFElXTwhwIVVdIlEQU1JGMg=="

    Dodano po 1 [minuty]:

    Zamieść fixlog.txt z obu napraw.

    MacSlom napisał:
    skanowanie adw

    Użyłeś MBAM jak radził ...RADU23? To podaj jeszcze logi z ADWcleaner i MBAM właśnie.

    0
  • #6 03 Lut 2016 18:23
    MacSlom
    Poziom 4  

    korzystam z chroma ale jak sprawdzałem opere i explorera bo tez maam na komputerze to jest to samo

    Dodano po 4 [minuty]:

    to jest fixlog

    0
  • #7 03 Lut 2016 18:30
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0
  • #8 03 Lut 2016 18:30
    Kolobos
    Spec od komputerów

    Jeszcze to:
    Task: {2496CF09-1CC2-4AF3-82F3-2E5FB14A4101} - System32\Tasks\Opera scheduled Autoupdate 1436938201 => C:\Program Files (x86)\Opera\launcher.exe [2016-02-01] (Opera Software)
    Task: {D10544DA-E7FE-4F0C-8D45-A0307A924DCA} - \LaunchPreSignup -> Brak pliku <==== UWAGA
    Task: {ED4EEEC2-B55C-4C9B-8341-949838EFC1A1} - System32\Tasks\{AFD4C469-22FD-4F26-AAA7-8DD8292CFB97} => pcalua.exe -a E:\Drivers\SIEMENS\vista_32\setup.exe -d E:\Drivers\SIEMENS\vista_32
    Task: {F6CA69DB-153C-4867-A376-F17C612822BB} - System32\Tasks\{43A86120-DA48-43EB-AA1A-BD0E63B3CDA1} => pcalua.exe -a E:\Drivers\SIEMENS\generic\setup.exe -d E:\Drivers\SIEMENS\generic
    HKLM-x32\...\Run: [ROC_ROC_NT] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    HKU\S-1-5-21-2760408698-701827848-2932436948-1000\...\RunOnce: [Application Restart #0] => C:\Users\Maciek\AppData\Local\Google\Chrome\Application\chrome.exe [748872 2016-01-27] (Google Inc.)
    Startup: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk [2016-02-03]
    ShortcutTarget: Torpedo.lnk -> C:\Users\Maciek\AppData\Local\Torpedo\Torpedo.exe (Brak pliku)
    2016-02-03 17:34 - 2016-02-03 17:34 - 00000000 ____D C:\AdwCleaner
    2016-02-03 16:56 - 2016-02-03 16:56 - 01508352 _____ C:\Users\Maciek\Downloads\AdwCleaner (1).exe


    Zacznij od Chrome, odinstaluj, usun katalog profilu %LOCALAPPDATA%\Google\Chrome\User Data\ i zainstaluj Chrome ponownie. Wczesniej mozesz zgrac zakladki.

    Zainstaluj tez jave: http://ninite.com/java/

    0
  • #10 03 Lut 2016 18:56
    MacSlom
    Poziom 4  

    Dzięki serdeczne wszystkim za pomoc nareszcie udało się pozbyć tego wszystkiego

    0