Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Proszę o sprawdzenie logów FRST-> Jak usunąć PriceFountain?

krauzus1 24 Lut 2016 22:40 561 3
  • #1 24 Lut 2016 22:40
    krauzus1
    Poziom 2  

    Witam serdecznie. Potrzebuję waszej pomocy w przygotowaniu fixlist.txt. Mam problem z wyskakującymi okienkami Price Fountain. Niestety nie pomogło przeskanowanie ADWcleaner i czyszczenie przeglądarki. Załączam logi z FRST.

    Z góry dziękuję za pomoc.

    0 3
  • Pomocny post
    #3 25 Lut 2016 08:52
    Domino_2
    Pomocny dla użytkowników

    Odinstaluj ASUS WebStorage, McAfee Security Scan Plus i SpyHunter 4.

    Cytat:

    Task: {BBE37F00-18E3-4248-8E67-2605F3AE5C84} - System32\Tasks\RyszardUnbosomedNonconnectiveV2 => Rundll32.exe HoniedStalls.dll,main 7 1 <==== UWAGA
    Task: {CBFBD1A1-68F0-4ED6-A449-EC9F333D5B34} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-02-24] (Enigma Software Group USA, LLC.)
    Task: {E5D9AECF-0665-45B3-93E2-76F846788FBE} - System32\Tasks\{844A902E-8E99-4B2E-9B49-CD160D3055F4} => pcalua.exe -a F:\PSPP12_Corel_TBYB_CZ_PL_ESD_(dobreprogramy.pl).exe -d F:\
    () C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
    (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    HKLM\...\Run: [ASUS WebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-16] ()
    HKU\S-1-5-21-2735717190-146945948-1324958529-1000\...\MountPoints2: G - G:\AutoRun.exe
    HKU\S-1-5-21-2735717190-146945948-1324958529-1000\...\MountPoints2: {1c9a2b24-2beb-11e1-acb1-20cf302daa1e} - G:\AutoRun.exe
    HKU\S-1-5-21-2735717190-146945948-1324958529-1000\...\MountPoints2: {20c70588-87e5-11e1-9f1a-20cf302daa1e} - G:\AutoRun.exe
    HKU\S-1-5-21-2735717190-146945948-1324958529-1000\...\MountPoints2: {5587de03-80bc-11e1-b0af-20cf302daa1e} - F:\AutoRun.exe
    HKU\S-1-5-21-2735717190-146945948-1324958529-1000\...\MountPoints2: {68021e75-56ee-11e1-865f-20cf302daa1e} - F:\AutoRun.exe
    HKU\S-1-5-21-2735717190-146945948-1324958529-1000\...\MountPoints2: {68021e8b-56ee-11e1-865f-20cf302daa1e} - F:\AutoRun.exe
    ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll [2009-11-26] (eCareme Technologies, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-12]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
    HKU\S-1-5-21-2735717190-146945948-1324958529-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    HKU\S-1-5-21-2735717190-146945948-1324958529-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com




    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-2735717190-146945948-1324958529-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKU\S-1-5-21-2735717190-146945948-1324958529-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2735717190-146945948-1324958529-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKU\S-1-5-21-2735717190-146945948-1324958529-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR HomePage: Default -> hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => Brak pliku
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => Brak pliku
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => Brak pliku
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => Brak pliku
    CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll => Brak pliku
    CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => Brak pliku
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-02-24] (Enigma Software Group USA, LLC.)
    U3 tmlwf; Brak ImagePath
    U3 tmwfp; Brak ImagePath
    2016-02-24 21:49 - 2016-02-24 21:49 - 00003328 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2016-02-24 21:49 - 2016-02-24 21:49 - 00001089 _____ C:\Users\Ryszard\Desktop\SpyHunter.lnk
    2016-02-24 21:49 - 2016-02-24 21:49 - 00000000 ____D C:\Users\Ryszard\AppData\Roaming\Enigma Software Group
    2016-02-24 21:48 - 2016-02-24 21:48 - 00000000 ____D C:\Program Files\Enigma Software Group
    2016-02-24 21:47 - 2016-02-24 21:47 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Ryszard\Downloads\SpyHunter-Installer.exe
    2016-02-12 16:28 - 2016-02-12 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2016-02-11 21:55 - 2016-02-11 21:55 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ryszard\Downloads\sh-remover.exe
    2016-02-09 21:11 - 2016-02-11 22:41 - 00000000 ____D C:\AdwCleaner
    2016-02-12 16:28 - 2015-11-22 10:01 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-02-12 16:28 - 2015-03-22 14:30 - 00001966 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-02-02 16:06 - 2011-10-12 20:23 - 00000000 ____D C:\Users\Ryszard\AppData\Roaming\Asus WebStorage
    EmptyTemp:


    Wklej to do notatnika i zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się plik FRST.exe/FRST64.exe, odpal go i kliknij Fix/Napraw.

    0
  • #4 26 Lut 2016 17:01
    krauzus1
    Poziom 2  

    Witam, bardzo dziękuję za pomoc -> plik fixlist.txt rozwiązał problem.;-)
    Proszę o sprawdzenie logów FRST-> Jak usunąć PriceFountain?

    0