Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Windows 8 - Kupa wyskakujących reklam

piotrekjuma 06 Wrz 2015 08:05 921 1
  • #2 06 Wrz 2015 09:40
    Acorus 20
    Spec od komputerów

    Odinstaluj High Stairs, istartsurf uninstall, PriceFountain (remove only), Update for PriceFountain. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {94DB5FC7-D4AC-4D49-8DC5-FEA14DB2C515} - System32\Tasks\PFExe => C:\Users\Admin\AppData\Local\PriceFountain\pricefountain.exe [2015-09-05] (PAVVXA)
    Task: {F958946B-6400-4717-BF89-EA63EDC2813F} - System32\Tasks\Price Fountain => C:\Users\Admin\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2015-09-06] () <==== UWAGA
    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Admin\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    HKLM-x32\...\RunOnce: [PriceFountain] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Admin\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat"
    HKU\S-1-5-21-2740593077-2157870891-39499116-1001\...\RunOnce: [PriceFountain] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Admin\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat"
    AppInit_DLLs: C:\ProgramData\Opejob\Unisilstring.dll => C:\ProgramData\Opejob\Unisilstring.dll [883200 2015-09-05] ()
    AppInit_DLLs-x32: C:\ProgramData\Opejob\Andubex.dll => C:\ProgramData\Opejob\Andubex.dll [738816 2015-09-05] ()
    HKU\S-1-5-21-2740593077-2157870891-39499116-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kI6ZhIueLfAwh3FqwYtaUz3xyLJQEi5lNmuQ,,&q={searchTerms}
    HKU\S-1-5-21-2740593077-2157870891-39499116-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-2740593077-2157870891-39499116-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kI6ZhIueLfAwh3FqwYtaUz3xyLJQEi5lNmuQ,,&q={searchTerms}
    HKU\S-1-5-21-2740593077-2157870891-39499116-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kI6ZhIueLfAwh3FqwYtaUz3xyLJQEi5lNmuQ,,&q={searchTerms}




    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kI6ZhIueLfAwh3FqwYtaUz3xyLJQEi5lNmuQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2740593077-2157870891-39499116-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kI6ZhIueLfAwh3FqwYtaUz3xyLJQEi5lNmuQ,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2740593077-2157870891-39499116-1001 -> {0A42DD5C-6831-42BE-BE83-054788C8C101} URL =
    SearchScopes: HKU\S-1-5-21-2740593077-2157870891-39499116-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kI6ZhIueLfAwh3FqwYtaUz3xyLJQEi5lNmuQ,,&q={searchTerms}
    BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\Admin\AppData\Local\PriceFountain\PriceFountainIE.dll [2015-06-18] ()
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=144...p;uid=TOSHIBAXMQ01ABD100_15RQTKLUTXX15RQTKLUT
    FF Homepage: hxxp://www.istartsurf.com/?type=hp&ts=144...p;uid=TOSHIBAXMQ01ABD100_15RQTKLUTXX15RQTKLUT
    FF Extension: deskCut - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qfau27z.default\Extensions\deskCutv2@gmail.com [2015-09-05]
    FF Extension: High Stairs - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qfau27z.default\Extensions\{26ffc745-5464-488c-ad3e-9d463afa16dc}.xpi [2015-09-05]
    FF Extension: PriceFountain - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qfau27z.default\Extensions\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2015-09-06]
    FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qfau27z.default\extensions\defsearchp@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qfau27z.default\extensions\deskCutv2@gmail.com
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.istartsurf.com/?type=sc&ts=144...p;uid=TOSHIBAXMQ01ABD100_15RQTKLUTXX15RQTKLUT
    CHR HKU\S-1-5-21-2740593077-2157870891-39499116-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx
    R2 Opejob; C:\ProgramData\Opejob\Opejob.exe [33280 2015-09-03] () [Brak podpisu cyfrowego]
    R2 Service Mgr HighStairs; C:\ProgramData\b4bc9939-75e9-422b-af5c-653de35c4f4b\plugincontainer.exe [1207520 2015-09-06] ()
    R2 Update Mgr HighStairs; C:\Program Files (x86)\Common Files\b4bc9939-75e9-422b-af5c-653de35c4f4b\updater.exe [709344 2015-09-06] ()
    R2 WdsManPro; C:\ProgramData\7WdsManPro7\WdsManPro.exe [709288 2015-09-05] (DTools LIMITED)
    U3 mfeavfk01; Brak ImagePath
    U3 mfehidk01; Brak ImagePath
    U3 mfencbdc01; Brak ImagePath
    U3 mfencbdc02; Brak ImagePath
    S3 cpuz136; \??\C:\Users\Admin\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
    U3 McMPFSvc; Brak ImagePath
    S0 mfeapfk; system32\drivers\mfeapfk.sys [X]
    2015-09-06 02:36 - 2015-09-06 02:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\PriceFountain
    2015-09-06 02:36 - 2015-09-06 02:36 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain
    2015-09-06 02:36 - 2015-09-06 02:36 - 00000000 ____D C:\Users\Admin\AppData\Local\PriceFountain
    2015-09-05 12:47 - 2015-09-05 12:48 - 00000000 ____D C:\ProgramData\7WdsManPro7
    2015-09-05 12:46 - 2015-09-05 12:47 - 00000000 ____D C:\Users\Admin\AppData\Roaming\istartsurf
    2015-09-05 12:46 - 2015-09-05 12:46 - 00000000 ____D C:\Program Files (x86)\High Stairs
    2015-09-05 11:21 - 2015-09-06 07:32 - 00000000 ____D C:\ProgramData\Opejob
    2015-09-05 11:21 - 2015-09-05 11:21 - 00000000 ____D C:\ProgramData\Opejobs
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0