Pliki exe otwieraja sie w ie

**Posty:** 2647 · przez **Bambosz** 17 Cze 2015, 15:07

Witam
Dostalem laptopa znajomego i nie moge sobie dac z nim rady - wiekszosc plikow przypisana jest pod IE.
Zalaczam logi z FRST, ktory uruchomil sie po zmianie rozszerzenia na .com:
http://wklej.org/id/1740459/
http://wklej.org/id/1740464/

**Posty:** 4765 · przez **ordynat** 17 Cze 2015, 15:29

1) Odinstaluj te programy:

iWebar (HKLM-x32\...\iWebar) (Version: 1.35.12.18 - iWebar) <==== ATTENTION
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1500}) (Version: 12.21.0.114 - APN, LLC) <==== ATTENTION
Shopper-Pro (HKLM-x32\...\ShopperPro) (Version: - ) <==== ATTENTION
tricomfi (HKLM-x32\...\{74f1e872-8d6f-4cc7-58d6-c60d8dfe43ed}) (Version: 1.0.0 - estdemin) <==== ATTENTION!

2) Otwórz Notatnik i wklej w nim:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-623155437-1036459000-1884081919-1000 -> {3A2BC4D6-9A45-41F1-8C11-B98673AA56AE} URL = http://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11406&pf=V7&p2=^BBE^OSJ000^YY^PL&gct=&itbv=12.17.1.65&apn_uid=E32FD829-A16F-43AD-9636-2BF33E25311E&apn_ptnrs=BBE&apn_dtid=^OSJ000^YY^PL&apn_dbr=Launcher.exe_0_24.0.1558.64&doi=2014-10-11&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll [2014-12-28] (iWebar)
C:\Program Files (x86)\iWebar
BHO-x32: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho.dll [2014-12-28] (iWebar)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
C:\Program Files (x86)\AskPartnerNetwork
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
FF Extension: winter web - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\eg23meeu.default\Extensions\rlHRE@gmail.com [2015-04-01]
FF Extension: iWebar - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\eg23meeu.default\Extensions\ROUAILDE73397174@UXGZI17268980.com [2014-12-28]
OPR Extension: (iWebar) - C:\Users\Kamil\AppData\Roaming\Opera Software\Opera Stable\Extensions\gnjbfdmiommbcdfigaefehgdndnpeech [2014-12-28]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-28] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-12-28] (globalUpdate) [File not signed] <==== ATTENTION
C:\Program Files (x86)\globalUpdate
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Kamil\AppData\Roaming\OpenCandy
C:\Windows\Tasks\winter_web_notification_service.job
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Windows\Tasks\winter_web_updating_service.job
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
C:\Users\Kamil\AppData\Roaming\1Sov8dUAMicQK
C:\Users\Kamil\AppData\Roaming\y5gKlII
CustomCLSID: HKU\S-1-5-21-623155437-1036459000-1884081919-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Kamil\AppData\Roaming\tricomfi\tivesen.dll () <==== ATTENTION
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgua32.exe" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\globalUpdatem" /f
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
C:\Users\Kamil\AppData\Roaming\tricomfi
Task: {7418015F-AD60-485D-BFFA-7EA34ED14198} - System32\Tasks\winter_web_updating_service => C:\Program Files (x86)\winter web\winter_web_updating_service.exe <==== ATTENTION
Task: {9776BC45-4477-4B45-A74B-DA8BAD0CD819} - System32\Tasks\winter_web_notification_service => C:\Program Files (x86)\winter web\winter_web_notification_service.exe [2015-04-01] (FileProperties_CompanyName) <==== ATTENTION
Task: {A0F821DC-28A2-4E37-A65E-CCB8DBE72B6D} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\Program Files\Common Files\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {BBF08575-ACF9-4A50-ACDE-1C0018B97B7B} - System32\Tasks\SPBIW_UpdateTask_Time_3137343138323434332d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {DDE22EAB-FC27-448E-BD0A-D5F5DA1347A7} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\Program Files\Common Files\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {E3F99BEB-FD78-4A9E-846F-83B42AA2724F} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-28] (globalUpdate) <==== ATTENTION
Task: {F064A884-81EF-4FF1-8C6D-AE20C6E5D74A} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-12-28] (globalUpdate) <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\winter_web_notification_service.job => C:\Program Files (x86)\winter web\winter_web_notification_service.exeć/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='winter web' /appid='73143' /srcid='2913' /bic='5b20c230b34ee139cb1c0fd584bce7a6' /verifier='e9ae5681d905efb90490f784b41425ef' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif <==== ATTENTION
Task: C:\Windows\Tasks\winter_web_updating_service.job => C:\Program Files (x86)\winter web\winter_web_updating_service.exe« /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=winter_web_updating_service /funurl=http:/stats.buildomserv.com <==== ATTENTION
C:\Program Files\Common Files\System\SysMenu.dll
C:\ProgramData\ShopperPro
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

3) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt

4) Zrób logi z FRST
Przed skanem zaznacz "Additional" oraz "Shortcut"
.

**Posty:** 2647 · przez **Bambosz** 17 Cze 2015, 16:13

Zalączam logi:
fixlog.txt
http://wklej.org/id/1740526/
AdwCleaner
http://wklej.org/id/1740527/
FRST:
http://wklej.org/id/1740529/
Addition:
http://wklej.org/id/1740530/
Shortcut:
http://wklej.org/id/1740531/

**Posty:** 4765 · przez **ordynat** 17 Cze 2015, 16:25

wiekszosc plikow przypisana jest pod IE

Hmm, ja w logach tego nie widzę.

Drobna kosmetyka:
Otwórz Notatnik i wklej w nim:

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
FF Extension: No Name - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\eg23meeu.default\extensions\rlHRE@gmail.com [not found]
FF Extension: No Name - C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\eg23meeu.default\extensions\ROUAILDE73397174@UXGZI17268980.com [not found]
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
.

Autor postu otrzymał pochwałę

**Posty:** 2647 · przez **Bambosz** 17 Cze 2015, 17:18

Wszystko juz dziala jak nalezy.
Dziekuje.

**Posty:** 4765 · przez **ordynat** 17 Cze 2015, 19:41

W takim razie kończymy:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

.