wojtas169
(W Klemczyk)
3 Kwiecień 2015 19:03
#1
Witam mam ten sam problem,zrobiłem wklejki prosze o pomoc
FRST:
http://www.wklej.org/id/1679207/
Addition
http://www.wklej.org/id/1679215/
Pobierz na pulpit Adwcleaner - https://toolslib.net/downloads/viewdownload/1-adwcleaner/
Po uruchomieniu wykonaj polenia szukaj i usuń
Wygeneruj nowe raporty FRST i Addition
Zapisz raporty na http://www.wklej.org - oddzielnie.
wojtas169
(W Klemczyk)
4 Kwiecień 2015 07:24
#3
Miszel03
(Michal Glaba)
4 Kwiecień 2015 08:05
#4
Nie wiem, czy użyłaś/eś AdwCleaner - nie dostraczyłaś/eś raportu.
Zaczynamy:
Do notatnika wklej i zapisz jako fixlist.txt i kliknij Fix w Interfejsie FRST
Plik fixlist.txt umieść obok programu FRST
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO-x32: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll No File
BHO-x32: No Name -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Extension: Shopping App by Ask - C:\Users\Bambo\AppData\Roaming\Mozilla\Firefox\Profiles\edvox9hp.default\Extensions\toolbar_ORJ-ST-SPE@apn.ask.com.xpi [2014-12-23]
FF Extension: Strong Signal - C:\Users\Bambo\AppData\Roaming\Mozilla\Firefox\Profiles\edvox9hp.default\Extensions\{b0831b08-26e0-4e79-be2c-d45ab7387aaf}.xpi [2015-02-21]
CHR Extension: (Strong Signal) - C:\Users\Bambo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdidplnlbafiijjfbomlfokdppebnhpc [2015-02-22]
CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=&cd=&cr=&ir=
CHR DefaultSearchKeyword: Default -> 3F566BFA903EF0FCBC34ED62EDE597C0788DC82B216127CD7B92E9E0B89FB298
CHR DefaultSearchURL: Default -> 748DB05FD187F5105565C6931FB55E950A2715B6C6C249F41374E319C5964318
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
Task: {55A7EA04-CB68-49E5-8C37-74629E260BF0} - System32\Tasks\avayvxvaxc => C:\Users\Bambo\AppData\Local\avayvxvaxc\avayvxvaxc.exe <==== ATTENTION
Task: {FF344E4D-689B-4DAA-83F3-51351470C5AF} - System32\Tasks\Binkiland foti => C:\ProgramData\{0B3FE3FC-5BBD-327A-EA3B-42F83AB99176}\1.9.1.1\f <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{EA401114-50B1-47A1-A0FD-0CAA52D7A1B5}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{C400BFE3-4DC1-42AA-9B79-1F1687A5CA17}.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-21\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:
DeleteQuarantine:
Przez Panel Sterowania Odinstaluj:
Akamai NetSession Interface
Pobierz AdwClaner uruchom go i kliknij szukaj a gdy ukatywni się przycisk usuń kliknij go.
AdwClaner: http://www.bleepingcomputer.com/download/adwcleaner/
3. Wstaw raport ze skryptu (Fixlog) i z Adwclaner (Raport z Adwclaner znajduję się w tym folderze: C:\AdwCleaner ) + zrób nowe logi z FRST (Zaznacz też: Addition i ShortCup )
wojtas169
(W Klemczyk)
4 Kwiecień 2015 12:05
#5
te raaporty mam poprostu ich zawartość skopiowac i wkleić jako post?
Odinstaluj wbudowanym de-instalatorem - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
Wklej do systemowego notatnika i zapisz jako fixlist:
CloseProcesses: (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe HKLM-x32…\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [39424 2009-12-18] (Nullsoft) HKU\S-1-5-21-2248364036-3102330913-461261924-1000…\Run: [Facebook Update] => C:\Users\Bambo\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-12-08] (Facebook Inc.) HKU\S-1-5-21-2248364036-3102330913-461261924-1000…\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2015-01-24] (ALLPlayer Group Ltd.) HKU\S-1-5-21-2248364036-3102330913-461261924-1000…\Run: [Napisy24Update] => C:\Program Files (x86)\Napisy24\Napisy24Update.exe [2790856 2015-01-26] (Napisy24.pl ) HKU\S-1-5-21-2248364036-3102330913-461261924-1000…\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [5182896 2014-07-23] (ALLPlayer Group Ltd.) HKU\S-1-5-21-2248364036-3102330913-461261924-1000…\Run: [steam] => D:\Steam\steam.exe [2888896 2015-03-24] (Valve Corporation) HKU\S-1-5-21-2248364036-3102330913-461261924-1000…\Run: [AvgUpdater0814tb] => C:\ProgramData\Avg_Update_0814tb\0814tb_{E48FD71C-0B6A-425B-82F5-31C21E7B19B8}.exe [2782744 2014-09-08] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1392061674&from=cor&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A99S1347S1347&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1392061674&from=cor&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A99S1347S1347&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1392061674&from=cor&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A99S1347S1347&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1392061674&from=cor&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A99S1347S1347&q={searchTerms} SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1392061674&from=cor&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A99S1347S1347&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=ds&ts=1392061674&from=cor&uid=WDCXWD3200BEVT-22ZCT0_WD-WX50A99S1347S1347&q={searchTerms} SearchScopes: HKU.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FF NetworkProxy: “type”, 0 FF Plugin-x32: @adobe.com /ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF HKU\S-1-5-21-2248364036-3102330913-461261924-1000…\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=&cd=&cr=&ir= CHR DefaultSearchKeyword: Default -> 3F566BFA903EF0FCBC34ED62EDE597C0788DC82B216127CD7B92E9E0B89FB298 CHR DefaultSearchURL: Default -> 748DB05FD187F5105565C6931FB55E950A2715B6C6C249F41374E319C5964318 S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) 2015-04-04 09:13 - 2015-04-04 09:13 - 00000000 ____D () C:\Users\Bambo\AppData\Local{3388B530-01CD-49AC-BBC0-373858A01F9A} 2015-04-04 09:02 - 2015-04-04 11:28 - 00000000 ____D () C:\AdwCleaner 2015-04-03 11:50 - 2015-04-03 11:50 - 00000000 ____D () C:\Users\Bambo\AppData\Local{8095F0A7-B52F-490B-8DAC-AAE47A676229} 2015-04-02 13:16 - 2015-04-02 13:16 - 00000000 ____D () C:\Users\Bambo\AppData\Local{4F167FA7-E31C-4D30-B053-33307EA35734} 2015-04-01 08:34 - 2015-04-01 08:34 - 00000000 ____D () C:\Users\Bambo\AppData\Local{49EC5288-3AB3-4698-92E3-8DF626DCA5E6} 2015-03-31 17:47 - 2015-03-31 17:47 - 00000000 ____D () C:\Users\Bambo\AppData\Local{D455AB61-020C-4CD5-8EA3-7529584CFA1A} 2015-03-30 21:08 - 2015-03-30 21:09 - 00000000 ____D () C:\Users\Bambo\AppData\Local{B7EDF5B7-4380-488D-97A4-792EFB929985} 2015-03-27 20:48 - 2015-03-27 20:48 - 00000000 ____D () C:\Users\Bambo\AppData\Local{D1811FED-2C91-4949-A51E-4B63731FEDAA} 2015-03-25 20:29 - 2015-03-25 20:30 - 00000000 ____D () C:\Users\Bambo\AppData\Local{352F1E65-6465-40DF-9E2F-2C2F79772194} 2015-03-23 19:52 - 2015-03-23 19:53 - 00000000 ____D () C:\Users\Bambo\AppData\Local{44017D3C-E0AC-43D8-81C4-EC101364449F} 2015-03-22 21:33 - 2015-03-22 21:33 - 00000000 ____D () C:\Users\Bambo\AppData\Local{0445B5BF-FDA2-45F2-BD3C-4606F843B103} 2015-03-22 16:13 - 2015-03-22 16:13 - 00000000 ____D () C:\Users\Bambo\AppData\Local{269F2BAB-7AAA-4DB3-9D46-E0649E0AA7EA} 2015-03-22 00:19 - 2015-03-22 00:20 - 00000000 ____D () C:\Users\Bambo\AppData\Local{9D895759-26B9-4CBD-A13C-2002F6D56DFF} 2015-03-21 20:41 - 2015-03-21 20:42 - 00000000 ____D () C:\Users\Bambo\AppData\Local{D7DE2D74-A6D2-47B9-AC91-35302A7DF821} 2015-03-20 13:25 - 2015-03-20 13:25 - 00000000 ____D () C:\Users\Bambo\AppData\Local{B77BE9C9-D082-4CEE-9E3D-A1687D0AF8E2} 2015-03-19 15:09 - 2015-03-19 15:09 - 00000000 ____D () C:\Users\Bambo\AppData\Local{58D64B0D-5280-4EBC-A5E7-5ED95C7C9A58} 2015-03-19 14:53 - 2015-03-19 14:53 - 00000000 ____D () C:\Users\Bambo\AppData\Local{6B7A2D77-E14D-462C-90F5-7A0D4831DF97} 2015-03-16 15:19 - 2015-03-16 15:19 - 00000000 ____D () C:\Users\Bambo\AppData\Local{0433D7CC-E396-4312-B5F3-8C28F71C6CE5} 2015-03-15 10:16 - 2015-03-15 10:16 - 00000000 ____D () C:\Users\Bambo\AppData\Local{F4548676-F726-44BA-91B8-670AA5A592A2} 2015-03-14 18:25 - 2015-03-14 18:26 - 00000000 ____D () C:\Users\Bambo\AppData\Local{328532B0-8EAA-421A-BA8D-FEE9AEE6C195} 2015-03-13 20:50 - 2015-03-13 20:51 - 00000000 ____D () C:\Users\Bambo\AppData\Local{13B899B0-160A-45B2-A015-0C3BF1C401DD} 2015-03-12 20:03 - 2015-03-12 20:03 - 00000000 ____D () C:\Users\Bambo\AppData\Local{45DD236F-98A0-4159-A3E0-50E1862AE576} 2015-03-10 19:03 - 2015-03-10 19:03 - 00000000 ____D () C:\Users\Bambo\AppData\Local{D1CACA00-0CB5-4A7C-9CCA-143065496F89} 2015-03-09 21:41 - 2015-03-09 21:41 - 00000000 ____D () C:\Users\Bambo\AppData\Local{D51FF6BB-CBFF-4C3A-B73C-623B170A4C03} 2015-03-08 21:27 - 2015-03-08 21:27 - 00000000 ____D () C:\Users\Bambo\AppData\Local{250CE34B-DCD4-495C-8440-F4F62DBF5153} 2015-03-08 14:45 - 2015-03-08 14:46 - 00000000 ____D () C:\Users\Bambo\AppData\Local{DA612A17-78E6-4AB6-8B37-398C25563E32} 2015-03-07 18:36 - 2015-03-07 18:36 - 00000000 ____D () C:\Users\Bambo\AppData\Local{FE52529D-0C0B-4212-968E-B6ADB22A3945} 2015-04-04 11:44 - 2010-01-15 02:38 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-04 11:29 - 2014-09-08 08:40 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job 2015-04-04 11:29 - 2014-09-08 08:40 - 00000376 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job 2015-04-04 11:29 - 2010-01-15 02:38 - 00001044 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-04 11:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-04 09:27 - 2013-12-08 22:22 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2248364036-3102330913-461261924-1000UA.job 2015-04-03 21:27 - 2013-12-08 22:22 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2248364036-3102330913-461261924-1000Core.job 2015-03-08 18:00 - 2015-02-22 19:41 - 00000000 ____D () C:\Users\Bambo\AppData\Local\avayvxvaxc 2015-03-08 18:00 - 2014-11-05 12:55 - 00000000 ____D () C:\ProgramData\ce49ecae-5093-4cf0-9fba-68a2fc985aab 2013-06-28 20:02 - 2014-06-22 14:11 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml 2011-10-25 20:04 - 2011-10-25 20:04 - 0000000 _____ () C:\Users\Bambo\AppData\Local{0408ACDA-1381-404E-B8AA-169E02168B4B} McAfee Security Scan Plus (HKLM…\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Hosts: Task: {37E47762-FFB7-4A0A-AF8C-2DF4B3D038BA} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rel => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe Task: {4801047B-04A6-429D-A82D-F7C590FACB62} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP{C400BFE3-4DC1-42AA-9B79-1F1687A5CA17}.exe Task: {893AFEC7-08A9-46A8-B551-F18833FAE575} - System32\Tasks\AVG-Secure-Search-Update_0814tb_rmv => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe Task: {A9A79CD4-C26D-4F42-9DBB-4553E050D8DE} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP{EA401114-50B1-47A1-A0FD-0CAA52D7A1B5}.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rel.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0814tb_rmv.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_0814tb.exe 2014-09-08 08:37 - 2014-09-08 08:37 - 02782744 _____ () C:\ProgramData\Avg_Update_0814tb\0814tb_{E48FD71C-0B6A-425B-82F5-31C21E7B19B8}.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => “”=“Service” HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => “”=“Service” HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => “”=“Service” HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => “”=“Service” HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => “”=“Service” EmptyTemp: Plik fixlist umieść razem z FRST. Uruchom FRST i wykonaj polecenie FIX. Po restarcie usuń fixlog, C:\FRST, pozostałe raporty. Przywróć firefox do ustawień domyślnych - https://support.mozilla.org/pl/kb/przywracanie-domyślnych-ustawień Przywróć chrome do ustawień domyślnych - https://support.google.com/chrome/answer/3296214?hl=pl