Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Price Fundation - Jak to usunąć?!

kondaone 16 Mar 2016 20:24 414 1
  • #2 16 Mar 2016 20:33
    Kolobos
    Spec od komputerów

    Odinstaluj SpyHunter 4

    Fixlist.txt dla FRST:
    Task: {26B4FDB3-7A4A-4750-8B0A-9360C583F8C2} - System32\Tasks\{163FDA81-660D-406C-B194-114B2C94B57A} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Zonezunfresh\uninstall.exe" -c -f "C:\Program Files (x86)\Common Files\Zonezunfresh\uninstall.dat" -a uninstallme 683EF98D-2A5D-4010-91D4-611E98DE9253 DeviceId=c9311a21-4ccb-dbae-deba-d8b1d0627acd BarcodeId=50081003 ChannelId=3 DistributerName=APSFIMonetizer
    Task: {3AFF9BE5-3655-46E6-9992-46C445ACD854} - System32\Tasks\PlumpersInfinitesimalV2 => Rundll32.exe HustlePigmented.dll,main 7 1 <==== UWAGA
    Task: {DB63E536-5D4A-40FD-B73C-EB88EC3AA00F} - System32\Tasks\PFExe => C:\Users\Konda1\AppData\Local\PriceFountain\pricefountain.exe <==== UWAGA
    Task: {EF5D2584-85D8-4598-9DB9-DA074D42A6B8} - System32\Tasks\Price Fountain => C:\Users\Konda1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    Task: {FB0A1C12-A3FA-40A2-A894-1366088ABEAB} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
    Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Konda1\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
    2016-01-14 10:37 - 2016-01-14 10:33 - 00539136 _____ () C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
    2015-12-16 00:15 - 2015-12-16 00:15 - 00349184 _____ () C:\Users\Konda1\AppData\Local\PlumpersInfinitesimal\HustlePigmented.dll
    () C:\ProgramData\ApplicationHosting\ApplicationHosting.exe
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1001\...\Run: [SMSetup] => "C:\Users\Konda1\AppData\Local\Temp\~spE040.tmp" "C:\Users\Konda1\AppData\Local\Temp\~spE040.tmp" /cnid 435371 /hp /ntp_ie /wait /dsie /dsff /dsgc /S /ms /restart <===== UWAGA
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1001\...\MountPoints2: {0988efed-7e22-11e5-be71-208984e1cf81} - "G:\SETUP.EXE"
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1001\...\MountPoints2: {0988ff3c-7e22-11e5-be71-208984e1cf81} - "I:\LG_PC_Programs.exe"
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1001\...\MountPoints2: {204a44b2-6f44-11e5-be6a-208984e1cf81} - "G:\Startme.exe"
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1001\...\MountPoints2: {9349dc79-ba1a-11e5-be7f-208984e1cf81} - "G:\SETUP.EXE"
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eyaSyjX9Vj_Bi4VwZkTu3IczSbvthJKwwB6A,,&q={searchTerms}
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...7UETPdm34snhulWqGHOp1-YmjO7QRR8VrYgsZUI1Xug,,,,




    HKU\S-1-5-21-1011493390-3923988876-2698044159-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eyaSyjX9Vj_Bi4VwZkTu3IczSbvthJKwwB6A,,&q={searchTerms}
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eyaSyjX9Vj_Bi4VwZkTu3IczSbvthJKwwB6A,,&q={searchTerms}
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...7UETPdm34snhulWqGHOp1-YmjO7QRR8VrYgsZUI1Xug,,,,
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eyaSyjX9Vj_Bi4VwZkTu3IczSbvthJKwwB6A,,&q={searchTerms}
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eyaSyjX9Vj_Bi4VwZkTu3IczSbvthJKwwB6A,,&q={searchTerms}
    HKU\S-1-5-21-1011493390-3923988876-2698044159-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eyaSyjX9Vj_Bi4VwZkTu3IczSbvthJKwwB6A,,&q={searchTerms}
    URLSearchHook: [S-1-5-21-1011493390-3923988876-2698044159-1002] UWAGA => Brak domyślnego URLSearchHook
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eyaSyjX9Vj_Bi4VwZkTu3IczSbvthJKwwB6A,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1011493390-3923988876-2698044159-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eyaSyjX9Vj_Bi4VwZkTu3IczSbvthJKwwB6A,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1011493390-3923988876-2698044159-1001 -> {05D759B5-B580-4CC5-8872-CE84BFB1491C} URL = hxxps://search.yahoo.com/search?fr=chr-greent...mp;ei=utf-8&ilc=12&type=435371&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1011493390-3923988876-2698044159-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eyaSyjX9Vj_Bi4VwZkTu3IczSbvthJKwwB6A,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1011493390-3923988876-2698044159-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eyaSyjX9Vj_Bi4VwZkTu3IczSbvthJKwwB6A,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1011493390-3923988876-2698044159-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...eyaSyjX9Vj_Bi4VwZkTu3IczSbvthJKwwB6A,,&q={searchTerms}
    R2 ApplicationHosting; C:\ProgramData\\ApplicationHosting\\ApplicationHosting.exe [539136 2016-01-14] () [Brak podpisu cyfrowego]
    R1 {3abd501b-e29e-45e8-8963-82750c6be472}Gw64; C:\Windows\System32\drivers\{3abd501b-e29e-45e8-8963-82750c6be472}Gw64.sys [48784 2016-01-13] (StdLib)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
    2016-01-14 10:38 - 2016-01-14 10:44 - 00000000 ____D C:\Users\Konda1\AppData\Roaming\systweak
    2016-01-14 10:38 - 2016-01-14 10:38 - 00002401 _____ C:\Windows\SysWOW64\findit.xml
    2016-01-14 10:38 - 2016-01-14 10:38 - 00000000 ____D C:\ProgramData\Solotoughs
    2016-01-14 10:38 - 2016-01-13 19:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{3abd501b-e29e-45e8-8963-82750c6be472}Gw64.sys
    2016-01-14 10:38 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe
    2016-01-14 10:37 - 2016-01-14 10:37 - 00000000 ____D C:\ProgramData\ApplicationHosting
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST

    0