Niechciany toolbar w przeglądarce


(Nefarem) #1

On jakiegoś moją przeglądarce nawiedza Bing Toolbar. Usunięcie za pomocą programu Dodaj lub Usuń programu nic nie dało. Skanowalem cały komputer ale nic nie wykryło.

Przeglądarka: Google Chrome System: Windows 7

 

post-203748-65_thumb.png


(tosiekbu) #2

Witam.

 

Skorzystaj z programu

 

http://www.dobreprogramy.pl/AdwCleaner,Program,Windows,38865.html

 

1 szukaj

2 usuń

3 odinstaluj


(Acorus) #3

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Nefarem) #4

http://pastebin.com/d9AhUGGb - FRST.txt

http://pastebin.com/GDF4sxqp - Addition.txt


(Acorus) #5

Odinstaluj Network System Driver,Unity Web Player.Otwórz Notatnik i wklej:

Task: {804CE752-C3AC-4C6E-A836-033D22A0278B} - \AmiUpdXp No Task File ==== ATTENTION
Task: {FC4DCD3A-1CEC-4B8D-9904-E56CA481EFB5} - System32\Tasks\WS.Booster-S-5195167130 = c:\programdata\greatsoft\ws.booster\WS.Booster.exe [2014-02-13] () ==== ATTENTION
Task: C:\Windows\Tasks\WS.Booster-S-5195167130.job = c:\programdata\greatsoft\ws.booster\WS.Booster.exe ==== ATTENTION
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\Run: [AdobeBridge] = [X]
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {07e4b61d-a2e3-11e3-8eec-902b341a06bf} - F:\AutoRun.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {133c5567-5e81-11e3-a9ce-005056c00008} - F:\AutoRun.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {17e7dd92-672c-11e3-9e57-902b341a06bf} - F:\Launcher.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {2ecd52a1-52cd-11e3-979a-902b341a06bf} - F:\Launcher.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {37bdea60-5069-11e3-b4c1-902b341a06bf} - H:\autorun.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {37bdea8c-5069-11e3-b4c1-902b341a06bf} - F:\Launcher.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {40fde06c-55dd-11e3-9647-902b341a06bf} - F:\AutoRun.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {47188f31-e975-11e3-a0f0-902b341a06bf} - F:\Launcher.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {5405f841-505e-11e3-9b6f-902b341a06bf} - H:\vs_ultimate.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {9d42b8d7-4fb1-11e3-9f99-902b341a06bf} - F:\Launcher.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {9d42b8db-4fb1-11e3-9f99-902b341a06bf} - F:\Launcher.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {9e64a4ed-4c96-11e3-bd98-8120a4d63d30} - F:\windows\Install\Install.exe
HKU\S-1-5-21-3938834174-844829088-910240940-1000\...\MountPoints2: {e021dbbd-4c95-11e3-8f39-806e6f6e6963} - E:\Autorun.exe
ShellIconOverlayIdentifiers: DropboxExt1 - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: DropboxExt2 - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: DropboxExt3 - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers: DropboxExt4 - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - 34C9552A74A348E5BFCCCA1E98778BC0 URL = http://uk.search.yahoo.com/search?p={searchTerms}fr=chr-devicevmtype=IEBDSV
BHO-x32: No Name - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - No File
BHO-x32: Download! keepEEr - {BCFCB52B-A665-B61C-612A-A5687EE73E82} - C:\Program Files (x86)\Download! keepEEr\zSQKmt5.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [ext@RichMediaViewV1release325.net] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release325\ff
CHR HKLM-x32\...\Chrome\Extension: [dojidpijbobbhbhiekhjkopddfiilebf] - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release325\ch\RichMediaViewV1release325.crx [2014-06-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S3 gdrv; \\C:\Windows\gdrv.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
2014-06-27 13:37 - 2014-06-29 18:58 - 00000000 ____ D () C:\AdwCleaner

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Nefarem) #6

Zrobiłem tak i nadal się wyświetla, w dodatku przy starcie systemu pojawił mi się błąd dotyczący rejestru.  

RegisterDLL: Error - Nieprawidłowy poziom główny w kluczu rejestru “HKCU\Software\Classes\CLSID{f8d6c273-4772-4ee8-9d4f-adcb0a7e5c50}”.


(Acorus) #7

Pokaż nowe logi z FRST.


(Nefarem) #8

http://pastebin.com/pfNYtjqB - FRST.txt


(Acorus) #9

Reset Chrome: https://support.google.com/chrome/answer/3296214?hl=pl

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.2.1012.exe

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

Język PL > Settings > General Settings > Language > Polish


(Nefarem) #10

Po zresetowaniu już nie pojawia się ten [CIACH] toolbar. Bardzo dziękuje za pomoc :slight_smile:

 

Przestrzegam przed stosowaniem takiego słownictwa na forum.

rgabrysiak