S.Coldsearch - jak usunąć?

Cirilla_66 · 5 Grudzień 2015 23:13

Cześć

Próbowałam usunąć to cholerstwo wielokrotnie jednak już nie mam siły a wiem że tu uzyskać mogę pomoc

http://www.wklej.org/id/1868231/ - Shortcut

http://www.wklej.org/id/1868234/ - FRST

http://www.wklej.org/id/1868237/ - Addition

Z góry dzięki

Atis · 5 Grudzień 2015 23:34

W panelu sterowania odinstaluj SpyHunter.

Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Usuń (Cleaning).

Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

Cirilla_66 · 6 Grudzień 2015 10:56

http://www.wklej.org/id/1868469/

Atis · 6 Grudzień 2015 13:33

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-501668656-2522960225-322135355-1000\...\Run: [RMFon] = [X]
HKU\S-1-5-21-501668656-2522960225-322135355-1000\...\RunOnce: [Application Restart #1] = C:\Users\anka\AppData\Local\Google\Chrome\Application\chrome.exe  --flag-switches-begin --disable-accelerated-video-decode --flag-switches-end --flag-switches-begin --disable-accelerated-video-decode  (dane wartości zawierają 225 znaków więcej).
HKLM-x32\...\Run: [DivXMediaServer] = C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] = C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
GroupPolicy: Ograniczenia - Chrome ======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia ======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM - DefaultScope - brak wartości
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope - brak wartości
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Brak nazwy - {8984B388-A5BB-4DF7-B274-77B879E179DB} - Brak pliku
StartMenuInternet: Google Chrome.agula - C:\Users\agula\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.piesearch.com/?type=scts=1447584895pid=etc1115uid=8328a5b4-abb5-4e9a-8dae-495e944869f7
StartMenuInternet: Google Chrome.ZSBDYLESLBQCOLTM2LXV3BJNWI - C:\Users\agula\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://www.piesearch.com/?type=scts=1447584895pid=etc1115uid=8328a5b4-abb5-4e9a-8dae-495e944869f7
S2 PLAY ONLINE. RunOuc; C:\Program Files (x86)\PLAY ONLINE\UpdateDog\ouc.exe [X]
S2 Util WiseEnhance; "C:\Program Files (x86)\WiseEnhance\bin\utilWiseEnhance.exe" [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]
2015-12-06 11:36 - 2015-12-06 11:40 - 00000000 ____ D C:\AdwCleaner
2015-12-05 15:01 - 2015-12-05 15:01 - 00000000 ____ D C:\ProgramData\Emsisoft
2015-12-05 14:37 - 2015-12-05 22:05 - 00000000 ____ D C:\Program Files\Emsisoft Anti-Malware
2015-12-05 13:08 - 2015-12-05 13:08 - 00000000 _____ C:\autoexec.bat
2015-11-27 09:46 - 2015-11-27 09:46 - 00000000 _____ C:\Windows\SysWOW64\sho7A10.tmp
2015-11-25 06:16 - 2015-11-25 06:16 - 00000000 _____ C:\Windows\SysWOW64\sho453B.tmp
2015-11-20 16:51 - 2015-11-20 16:53 - 00000000 ____ D C:\Program Files (x86)\GUM445F.tmp
2015-11-11 23:14 - 2015-11-11 23:14 - 00000000 _____ C:\Windows\SysWOW64\sho37DC.tmp
2015-12-05 15:12 - 2012-01-06 15:47 - 00000000 ____ D C:\ProgramData\TEMP
CustomCLSID: HKU\S-1-5-21-501668656-2522960225-322135355-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 - C:\Users\anka\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-501668656-2522960225-322135355-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 - C:\Users\anka\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-501668656-2522960225-322135355-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 - C:\Users\anka\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-501668656-2522960225-322135355-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 - C:\Users\anka\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-501668656-2522960225-322135355-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 - C:\Users\anka\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-501668656-2522960225-322135355-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 - C:\Users\anka\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-501668656-2522960225-322135355-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 - C:\Users\anka\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-501668656-2522960225-322135355-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 - C:\Users\anka\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-501668656-2522960225-322135355-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 - C:\Users\anka\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll = Brak pliku
CustomCLSID: HKU\S-1-5-21-501668656-2522960225-322135355-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 - C:\Users\anka\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll = Brak pliku
Task: {2F2E2C68-64C8-4AAA-82E6-AF2E0724D20A} - System32\Tasks\Adobe Acrobat Update Task = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5F783DA7-EC99-4D3F-9E9E-DB6B50A26D3B} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan = C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {9343EA74-B35A-4F01-8626-04E5A4A68572} - System32\Tasks\{7FDC6304-E3FC-4C4E-8BDC-8ADFBBF81540} = C:\Users\agula\Downloads\IMG_882362316.JPG.www.facebook.com (4).exe
Task: {A3B19708-93AA-4F78-9897-4DAC2BD69A2A} - System32\Tasks\{357CB7B6-0C18-4627-9865-463A668C8AC6} = pcalua.exe -a C:\Users\anka\AppData\Roaming\do-search\UninstallManager.exe -c  -ptid=cor
Task: {B39A0010-F3E2-4634-89B7-CC22F86F92B2} - System32\Tasks\Apple\AppleSoftwareUpdate = C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {C883454D-A0E4-4DFC-9917-F02DC9655137} - System32\Tasks\{82E2DBAB-6DD9-483C-B1D1-3C95B3F9207F} = pcalua.exe -a C:\Users\anka\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=cornl
Task: {D74AFDA5-A6B3-4D71-816B-4D7634DEEF1C} - System32\Tasks\SpyHunter4Startup = C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-12-05] (Enigma Software Group USA, LLC.)
Task: {EEE2A89D-AB19-49A8-9542-EB7695BD0A8E} - System32\Tasks\Nero\Nero Info = C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2014-12-11] (Nero AG)
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

Cirilla_66 · 6 Grudzień 2015 18:58

fixlog - http://www.wklej.org/id/1869067/

FRST - http://www.wklej.org/id/1869073/

Atis · 6 Grudzień 2015 19:34

Skasuj folder C:\FRST

Cirilla_66 · 6 Grudzień 2015 19:54

OK działa, Dzięki

darek719 · 28 Kwiecień 2017 08:19

Wydzielono 2 posty tworząc nowy wątek: S.Coldsearch - jak to usunąć?