Sale charger proszę o pomoc


(Emeskej) #1

mam problem z wyskakującymi reklamami sale charger :frowning: nie zawracałabym Wam gitary ale próbowałam już dosłownie wszystkiego co tylko udało mi się znaleźć w google. Widzę że chyba jedynym rozwiązaniem jest skorzystanie z programu FRST i wklejeniu wyskakujących danych w notatniku żeby ktoś utworzył skrypt. Załączam te pliki licząc na Waszą pomoc, jeśli ktoś mi pomoże proszę o napisanie co powinnam zrobić punkt po punkcie bo już jestem bliska płaczu. Internet praktycznie przestał działać a ja jestem zagranicą i nie mam możliwości oddania laptopa do serwisu.


(Acorus) #2

Odinstaluj YAC(Yet Another Cleaner!).Otwórz notatnik systemowy i wklej:

Task: {4FA242E9-DB53-4BD6-9F7F-4D05D8B99F27} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-257808769-130773602-1925502664-1000Core = C:\Users\win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-02] (Facebook Inc.)
Task: {8E9222C0-78AB-4000-BF42-0B60B845722E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-257808769-130773602-1925502664-1000UA = C:\Users\win7\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-02] (Facebook Inc.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-257808769-130773602-1925502664-1000Core.job = C:\Users\win7\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-257808769-130773602-1925502664-1000UA.job = C:\Users\win7\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKU\S-1-5-21-257808769-130773602-1925502664-1000\...\Run: [AVG-Secure-Search-Update_1213b] = C:\Users\win7\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=d7c4095452f847d38a9bf54322c60d43-91e05bf266890db71ebfe3396908cb45a6fa53b2 /CMPID=1213b
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-03-12]
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
HKU\S-1-5-21-257808769-130773602-1925502664-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
HKU\S-1-5-21-257808769-130773602-1925502664-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
HKU\S-1-5-21-257808769-130773602-1925502664-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
HKU\S-1-5-21-257808769-130773602-1925502664-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
SearchScopes: HKLM - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKLM - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKLM-x32 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKLM-x32 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKU\.DEFAULT - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKU\.DEFAULT - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKU\S-1-5-19 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKU\S-1-5-19 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKU\S-1-5-20 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKU\S-1-5-20 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKU\S-1-5-21-257808769-130773602-1925502664-1000 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKU\S-1-5-21-257808769-130773602-1925502664-1000 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKU\S-1-5-21-257808769-130773602-1925502664-1000 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
SearchScopes: HKU\S-1-5-21-257808769-130773602-1925502664-1001 - DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
SearchScopes: HKU\S-1-5-21-257808769-130773602-1925502664-1001 - {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
FF Homepage: hxxp://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
FF NewTab: hxxp://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3
FF DefaultSearchEngine: YAC Safe Search
FF SearchEngineOrder.1: YAC Safe Search
FF SelectedSearchEngine: YAC Safe Search
FF SearchPlugin: C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\0dxtnpy0.default\searchplugins\YAC Safe Search.xml [2015-05-31]
FF Extension: Sale Charger - C:\Users\win7\AppData\Roaming\Mozilla\Firefox\Profiles\0dxtnpy0.default\Extensions\{91015032-1894-4629-8d9b-c0ab86b04ece}.xpi [2015-05-28]
FF HKU\S-1-5-21-257808769-130773602-1925502664-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
CHR StartupUrls: Default - "hxxp://search.yac.mx/?utm_source=butm_medium=iSafefrom=iSafeuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3"
CHR DefaultSearchKeyword: Default - YAC Safe Search
CHR DefaultSearchURL: Default - http://search.yac.mx/web/?q={searchTerms}type=dsfrom=yacuid=wdcxwd5000lpvx-80v0tt0_wd-wxq1e13phzd3phzd3ts=1433053824
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-12-04] (Elex do Brasil Participaçþes Ltda)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2014-12-04] (Elex do Brasil Participaçþes Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-12-04] (Elex do Brasil Participaçþes Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-12-04] (Elex do Brasil Participaçþes Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-11-03] (Elex do Brasil Participaçþes Ltda)
S3 cpuz134; \\C:\Users\win7\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
2015-05-31 08:30 - 2014-11-03 11:04 - 00049320 _____ (Elex do Brasil Participaçþes Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-05-31 08:29 - 2015-05-31 08:29 - 00000000 ____ D () C:\Users\win7\AppData\Roaming\Elex-tech
2015-05-31 08:24 - 2015-05-31 08:28 - 00000000 ____ D () C:\AdwCleaner
2015-05-31 07:11 - 2015-05-31 07:11 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\win7\Downloads\SpyHunter-Installer (2).exe
2015-05-31 07:11 - 2015-05-31 07:11 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\win7\Downloads\SpyHunter-Installer (1).exe
2015-05-30 22:31 - 2015-05-30 22:31 - 00000000 _____ () C:\autoexec.bat
2015-05-30 22:25 - 2015-05-30 22:25 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\win7\Downloads\SpyHunter-installer.exe
2015-05-30 21:41 - 2015-05-30 21:41 - 00709248 _____ (Installer ) C:\Users\win7\Downloads\QuickTime(12821)-dp.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.


(Emeskej) #3

wpierw chciałam podziękować za pomoc i za zainteresowanie. Zrobiłam wszystko jak zaleciłeś, niestety nie pomogło :frowning: nie sprecyzowałam wcześniej że korzystam z opery, gdy po zainfekowaniu komputera włączyłam chrome tam tego problemu nie było. Na wszelki wypadek odinstalowałam także operę nie usuwając danych użytkownika. Masz jeszcze jakieś pomysły ? Czy powinnam zacząć korzystać z chrome, zależy mi na operze ze względu na hasła itp. , i czy gdy przerzucę się na chrome ten syf po czasie nie zataakuje i tej przeglądarki ? :frowning: Załączam fixlog


(Atis) #4

Usuń szkodliwe rozszerzenie Sale Charger.

W pasek adresu wpisz: opera:extensions


(Emeskej) #5

dziękuje pięknie akcja zakończona sukcesem :slight_smile: pozdrawiam :slight_smile: