Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Run DLL - nietypowy obrazek, brak działania CS:GO ze Steam.

Prorokkkkk 19 Mar 2016 15:06 729 12
  • #1 19 Mar 2016 15:06
    Prorokkkkk
    Poziom 5  

    Witam, gdy tylko uruchomi się mój komputer wyskakuje mi błąd:
    Run DLL - nietypowy obrazek, brak działania CS:GO ze Steam.

    Czy ktoś jest w stanie pomóc? Nie mam zielonego pojęcia o co chodzi - wcześniej nie było tego problemu, coś zostało usunięte przez przypadek przez moją osobę? W dodatku CS:GO przestał działać. Gdy odpalam ze Steama piszę mi, że jestem w grze i po chwili status zmienia się na online, spójność plików robiłem. Ktoś, coś wie?

    Posiadam Windows 7 Home Premium
    Procesor Intel Core i5 4690
    Karta Graficzna NVIDIA GeForce GTX 970
    Płyta Główna Gigabyte Z97X- Gaming 3
    Pamięć RAM Crucial Ballistix 16 GB

    0 12
  • #3 19 Mar 2016 16:38
    Prorokkkkk
    Poziom 5  

    Mógłbyś powiedzieć krok po kroku, bo zielony jestem? :/

    0
  • #4 19 Mar 2016 21:03
    Kolobos
    Spec od komputerów

    Sciagnij FRST, nacisnij Skanuj, zamiesc w zalaczniku addition.txt oraz frst.txt.

    0
  • #5 20 Mar 2016 18:38
    Prorokkkkk
    Poziom 5  

    Zrobiłem tak, jak Pan pisał, a problem się powtarza podczas włączenia komputera.

    0
  • #6 20 Mar 2016 18:41
    Kolobos
    Spec od komputerów

    Co niby zrobiles? Jakos nie widze zebys zamiescil logi z programu w zalaczniku. na forum. Nie pisz wiec, ze zrobiles skoro niczego jeszcze nie wykonales!

    0
  • #7 20 Mar 2016 19:00
    swiercm
    Moderator na urlopie...

    Kolobos napisał:
    Jakos nie widze zebys zamiescil logi z programu w zalaczniku. na forum

    Pobierz FRST zgodny z Twoim Windows (32bit lub 64bit) http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
    Uruchom skanowanie i wygenerowane logi (frst.txt i addition.txt) zamieść jako załączniki.

    Naciśnij Run DLL - nietypowy obrazek, brak działania CS:GO ze Steam. a następnie Run DLL - nietypowy obrazek, brak działania CS:GO ze Steam.

    0
  • #9 20 Mar 2016 19:44
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {18A001D5-A722-47A1-B92E-DDC49E72A836} - System32\Tasks\PawelRodTripartiteV2 => Rundll32.exe MouserWammus.dll,main 7 1 <==== UWAGA
    Task: {35EF5916-74C9-4A8B-8155-B3330D63B0B5} - System32\Tasks\{5BAABDAC-B1D6-49A1-80C6-9057D384806C} => pcalua.exe -a C:\Users\Pawel\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cor
    Task: {4A0075DF-CF0B-457F-952B-C53572D00216} - System32\Tasks\Price Fountain => C:\Users\Pawel\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: {B043B5EF-FD08-4EB9-8CBF-AE15CA6E17E2} - System32\Tasks\{0CF9CA98-2036-4BAA-9D94-42D69A215B7E} => pcalua.exe -a C:\Users\Pawel\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== UWAGA
    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Pawel\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    ShortcutWithArgument: C:\Users\Pawel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/...C0EyEzzzy2RtBtDtCyCtDtCtBtDtCzyyEyDyDzzyCyEtB
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-4021267510-2742193490-1620883297-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank




    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKU\S-1-5-21-4021267510-2742193490-1620883297-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={7020199E-ABB5-4B12-A92F-ADCA71F1B5E4}&mid=39bb146084a747cda5c62de352c16e45-dac63103f3e13745a3faaa2b626f6ec511eca256&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-21 17:00:57&v=4.2.4.155&pid=wtu&sg=&sap=hp
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7020199E-ABB5-4B12-A92F-ADCA71F1B5E4}&mid=39bb146084a747cda5c62de352c16e45-dac63103f3e13745a3faaa2b626f6ec511eca256&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-21 17:00:57&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll => Brak pliku
    FF DefaultSearchEngine: AVG Secure Search
    FF SearchPlugin: C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\xmqtz0tc.default\searchplugins\avg-secure-search.xml [2015-12-21]
    FF SearchPlugin: C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\xmqtz0tc.default\searchplugins\mystartsearch.xml [2015-07-22]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-12-21]
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1437530821&z=796b2181487a0a54c872ed7g0z4cdmcw5cdeamfb6b&from=cor&uid=ST1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX"
    CHR Extension: (BrowseStudio) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\appapdokfcoegimajfikadkgkfpicmdf [2014-11-29] [UpdateUrl: hxxp://wwwbrowsestudioc-a.akamaihd.net/update/chrome] <==== UWAGA
    S2 0c632643; "C:\Windows\system32\rundll32.exe" "c:\programdata\intere~1\InterenetOptimizerSvc.dll",service
    S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
    U3 a8c0cvwa; C:\Windows\System32\Drivers\a8c0cvwa.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S1 wafd_vt_1_10_0_20; system32\drivers\wafd_vt_1_10_0_20.sys [X]
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    1
  • Pomocny post
    #10 20 Mar 2016 19:52
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {18A001D5-A722-47A1-B92E-DDC49E72A836} - System32\Tasks\PawelRodTripartiteV2 => Rundll32.exe MouserWammus.dll,main 7 1 <==== UWAGA
    Task: {35EF5916-74C9-4A8B-8155-B3330D63B0B5} - System32\Tasks\{5BAABDAC-B1D6-49A1-80C6-9057D384806C} => pcalua.exe -a C:\Users\Pawel\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cor
    Task: {403EE284-A28B-4506-88D5-D0B0BB6E2E1D} - System32\Tasks\{1139C6FE-2502-4148-9606-681AA83C82D0} => pcalua.exe -a C:\Users\Pawel\Desktop\RGSC_1_1_3_0.exe -d C:\Users\Pawel\Desktop
    Task: {4A0075DF-CF0B-457F-952B-C53572D00216} - System32\Tasks\Price Fountain => C:\Users\Pawel\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: {B043B5EF-FD08-4EB9-8CBF-AE15CA6E17E2} - System32\Tasks\{0CF9CA98-2036-4BAA-9D94-42D69A215B7E} => pcalua.exe -a C:\Users\Pawel\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== UWAGA
    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Pawel\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    ShortcutWithArgument: C:\Users\Pawel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/...C0EyEzzzy2RtBtDtCyCtDtCtBtDtCzyyEyDyDzzyCyEtB
    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-4021267510-2742193490-1620883297-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-4021267510-2742193490-1620883297-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4021267510-2742193490-1620883297-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={7020199E-ABB5-4B12-A92F-ADCA71F1B5E4}&mid=39bb146084a747cda5c62de352c16e45-dac63103f3e13745a3faaa2b626f6ec511eca256&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-21 17:00:57&v=4.2.4.155&pid=wtu&sg=&sap=hp
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7020199E-ABB5-4B12-A92F-ADCA71F1B5E4}&mid=39bb146084a747cda5c62de352c16e45-dac63103f3e13745a3faaa2b626f6ec511eca256&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-21 17:00:57&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll => Brak pliku
    FF SearchPlugin: C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\xmqtz0tc.default\searchplugins\avg-secure-search.xml [2015-12-21]
    FF SearchPlugin: C:\Users\Pawel\AppData\Roaming\Mozilla\Firefox\Profiles\xmqtz0tc.default\searchplugins\mystartsearch.xml [2015-07-22]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-12-21]
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1437530821&z=796b2181487a0a54c872ed7g0z4cdmcw5cdeamfb6b&from=cor&uid=ST1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX"
    CHR Extension: (BrowseStudio) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\appapdokfcoegimajfikadkgkfpicmdf [2014-11-29] [UpdateUrl: hxxp://wwwbrowsestudioc-a.akamaihd.net/update/chrome] <==== UWAGA
    S2 0c632643; "C:\Windows\system32\rundll32.exe" "c:\programdata\intere~1\InterenetOptimizerSvc.dll",service
    S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
    U3 a8c0cvwa; C:\Windows\System32\Drivers\a8c0cvwa.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S1 wafd_vt_1_10_0_20; system32\drivers\wafd_vt_1_10_0_20.sys [X]
    2016-03-20 18:41 - 2016-01-20 19:41 - 00000292 _____ C:\Windows\Tasks\Price Fountain.job
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    1
  • Pomocny post
    #11 20 Mar 2016 19:53
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    Task: {18A001D5-A722-47A1-B92E-DDC49E72A836} - System32\Tasks\PawelRodTripartiteV2 => Rundll32.exe MouserWammus.dll,main 7 1 <==== UWAGA
    Task: {35EF5916-74C9-4A8B-8155-B3330D63B0B5} - System32\Tasks\{5BAABDAC-B1D6-49A1-80C6-9057D384806C} => pcalua.exe -a C:\Users\Pawel\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cor
    Task: {403EE284-A28B-4506-88D5-D0B0BB6E2E1D} - System32\Tasks\{1139C6FE-2502-4148-9606-681AA83C82D0} => pcalua.exe -a C:\Users\Pawel\Desktop\RGSC_1_1_3_0.exe -d C:\Users\Pawel\Desktop
    Task: {4A0075DF-CF0B-457F-952B-C53572D00216} - System32\Tasks\Price Fountain => C:\Users\Pawel\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Pawel\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-4021267510-2742193490-1620883297-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...T1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-4021267510-2742193490-1620883297-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-4021267510-2742193490-1620883297-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={7020199E-ABB5-4B12-A92F-ADCA71F1B5E4}&mid=39bb146084a747cda5c62de352c16e45-dac63103f3e13745a3faaa2b626f6ec511eca256&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-21 17:00:57&v=4.2.4.155&pid=wtu&sg=&sap=hp
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7020199E-ABB5-4B12-A92F-ADCA71F1B5E4}&mid=39bb146084a747cda5c62de352c16e45-dac63103f3e13745a3faaa2b626f6ec511eca256&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-12-21 17:00:57&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4021267510-2742193490-1620883297-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=...FSX&ts=1437530846&type=default&q={searchTerms}
    BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll => Brak pliku
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1437530821&z=796b2181487a0a54c872ed7g0z4cdmcw5cdeamfb6b&from=cor&uid=ST1000DM003-1ER162_Z4Y28FSXXXXXZ4Y28FSX"
    CHR Extension: (BrowseStudio) - C:\Users\Pawel\AppData\Local\Google\Chrome\User Data\Default\Extensions\appapdokfcoegimajfikadkgkfpicmdf [2014-11-29] [UpdateUrl: hxxp://wwwbrowsestudioc-a.akamaihd.net/update/chrome] <==== UWAGA
    S3 GalaxyClientService; "C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe" [X]
    U3 a8c0cvwa; C:\Windows\System32\Drivers\a8c0cvwa.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S1 wafd_vt_1_10_0_20; system32\drivers\wafd_vt_1_10_0_20.sys [X]
    2016-03-20 18:41 - 2016-01-20 19:41 - 00000292 _____ C:\Windows\Tasks\Price Fountain.job
    2016-02-27 11:19 - 2015-04-14 18:32 - 00000080 _____ C:\Users\Pawel\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\Pawel\Downloads\FRST64.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #12 28 Mar 2016 14:09
    Prorokkkkk
    Poziom 5  

    Do zamknięcia - problem rozwiązany. Dziękuje Ekspertom za pomoc.

    0