Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

iStartSurf - istartsurf nie chce się usunąć

xKrisus 05 Lip 2015 22:00 1518 4
  • Pomocny post
    #3 06 Lip 2015 08:05
    jan288
    Poziom 19  

    Odistaluj , Akamai NetSession Interface , GamesDesktop 008.005010022 , istartsurf uninstall , SmartWeb , Użyj AdwCleaner, opcja Scan i Clean ( Szukaj i Usuń):
    https://toolslib.net/downloads/viewdownload/1-adwcleaner/
    Wykonaj pełny skan za pomocą MBAM po aktualizacji bazy wirusów i usuń wykryte zagrożenia:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    Wstaw w załączniku logi z FRST (FRST.txt i Addition.txt):
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool .

    1
  • Pomocny post
    #5 06 Lip 2015 12:20
    Acorus 20
    Spec od komputerów

    Odinstaluj Akamai NetSession Interface, SpyHunter 4. Otwórz notatnik systemowy i wklej:

    Cytat:
    globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
    Task: {07E5C193-1B24-46D8-B6EC-2715E49913B2} - System32\Tasks\3YL0w5sDz => C:\Users\Kris\AppData\Roaming\3YL0w5sDz.exe [2015-04-20] () <==== ATTENTION
    Task: {0F4796DD-ACAD-4EA9-9345-319B6BE6FD5A} - System32\Tasks\{61D90863-659C-4AEB-9ADA-51CA1BA93C1E} => pcalua.exe -a C:\Users\Kris\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=icp
    Task: {1FFE36D5-084E-4716-A693-E75A5C6660DD} - \WordShark Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
    Task: {322C17D7-CE45-4F5F-83AA-DF04877D8CF2} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-07-05] (Enigma Software Group USA, LLC.)
    Task: {801F1C79-88C8-4984-A3DB-ACF6EF78AF19} - \WordShark Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
    Task: {A72F4EFE-2C89-467B-8CD0-86523201B979} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\3YL0w5sDz.job => C:\Users\Kris\AppData\Roaming\3YL0w5sDz.exe <==== ATTENTION
    AlternateDataStreams: C:\ProgramData:NT
    AlternateDataStreams: C:\ProgramData:NT2
    AlternateDataStreams: C:\Users\All Users:NT
    AlternateDataStreams: C:\Users\All Users:NT2
    AlternateDataStreams: C:\ProgramData\Application Data:NT
    AlternateDataStreams: C:\ProgramData\Application Data:NT2
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
    AlternateDataStreams: C:\Users\Kris\Dane aplikacji:NT
    AlternateDataStreams: C:\Users\Kris\Dane aplikacji:NT2
    AlternateDataStreams: C:\Users\Kris\AppData\Roaming:NT
    AlternateDataStreams: C:\Users\Kris\AppData\Roaming:NT2
    HKLM\...\Run: [gpuminer] => C:\Users\Kris\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
    HKLM-x32\...\RunOnce: [sevenzipbmsb] => "C:\Users\Kris\AppData\Local\Temp\\BI_RunOnce.exe" /initurl http://sub.zwickna.com/init/Q9XEIj3Ae/:uid:? /affid "-" /id "0" /name " " /uniqid Q9XEIj3Ae /uuid 00000000-0000-0000-0000-448A5B5E9841 /bios (the data entry has 75 more characters). <===== ATTENTION
    HKU\S-1-5-21-2550353807-3899658920-2143019167-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Kris\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-2550353807-3899658920-2143019167-1000\...\Run: [GalaxyClient] => [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File




    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2550353807-3899658920-2143019167-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
    FF Plugin HKU\S-1-5-21-2550353807-3899658920-2143019167-1000: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll No File
    OPR Extension: (adblockforopera) - C:\Users\Kris\AppData\Roaming\Opera Software\Opera Stable\Extensions\aobdicepooefnbaeokijohmhjlleamfj [2014-04-22]
    OPR Extension: (No Name) - C:\Users\Kris\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-07-05]
    R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-07-05] (Enigma Software Group USA, LLC.)
    S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /svc [X] <==== ATTENTION
    S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe /medsvc [X] <==== ATTENTION
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-07-05] ()
    S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    S3 MBfilt; system32\drivers\MBfilt64.sys [X]
    S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2015-07-05 23:19 - 2015-07-05 23:19 - 00000000 ____D C:\Program Files (x86)\predm
    2015-07-05 23:18 - 2015-07-05 23:22 - 00000000 ____D C:\Program Files (x86)\globalUpdate
    2015-07-05 23:18 - 2015-07-05 23:19 - 00000000 ____D C:\Program Files (x86)\0bfc37ca-0af7-4188-9084-8b74c96ecec6
    2015-07-05 22:37 - 2015-07-05 22:37 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2015-07-05 22:37 - 2015-07-05 22:37 - 00000000 ____D C:\Users\Kris\AppData\Roaming\Enigma Software Group
    2015-07-05 22:37 - 2015-07-05 22:37 - 00000000 ____D C:\sh4ldr
    2015-07-05 22:36 - 2015-07-05 22:36 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2015-07-05 22:36 - 2015-07-05 22:36 - 00000000 ____D C:\Program Files\Enigma Software Group
    2015-07-05 21:55 - 2015-07-05 23:22 - 00000000 ____D C:\Program Files (x86)\8eaf934f-a3a3-4a5c-bd16-610e3f752e77
    2015-07-05 21:20 - 2015-07-05 22:41 - 00000000 ____D C:\AdwCleaner
    2015-07-05 17:55 - 2015-07-05 17:55 - 00003140 _____ C:\Windows\System32\Tasks\{61D90863-659C-4AEB-9ADA-51CA1BA93C1E}
    2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Kris\AppData\Roaming\3YL0w5sDz
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Kris\AppData\Roaming\3YL0w5sDz.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Odinstaluj globalupdate Helper.

    1