Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wyskakujące reklamy Price Fountain - jak usunąć? FRST.

dominikahyhy 27 Mar 2016 14:24 579 1
  • CControls
  • Pomocny post
    #2 27 Mar 2016 14:44
    Acorus 20
    Spec od komputerów

    Odinstaluj Adobe Reader 9.1 MUI. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {0D9EB347-17BA-4837-BC10-4B544D98C916} - System32\Tasks\bench-S-1-5-21-725424209-2603446576-3441433528-1000 => C:\Program Files (x86)\Bench\Updater\updater.exe <==== UWAGA
    Task: {1E4DA8DE-D0A2-4E8D-BEDD-620AB055DBCD} - System32\Tasks\{5F3B52D8-8E86-4347-B4CF-9C61F17F7FA1} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.85.102/pl/abandoninstall?page=tsProgressBar
    Task: {287AD74B-CDD4-45A9-82BE-77B1F147C4A0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== UWAGA
    Task: {38C00CB8-5044-4617-AA33-276D929A7185} - System32\Tasks\{13868BE5-C9F8-4599-8B51-E868B3DBD29A} => pcalua.exe -a C:\Users\d\AppData\Roaming\key-find\UninstallManager.exe -c -ptid=cor
    Task: {9F386B54-8B80-48C5-8460-9A32A5F74A05} - System32\Tasks\{FD81EEE3-5E47-446E-9CC9-3AE893282296} => Chrome.exe hxxp://ui.skype.com/ui/0/6.14.0.104/pl/abandoninstall?page=tsProgressBar
    Task: {A8ADE756-3E87-4C7B-AC96-206A4E486DE6} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
    Task: {B0551A80-A8C6-4865-8213-D03D48644B24} - System32\Tasks\AVG-Secure-Search-Update_1114tb_rel => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_1114tb.exe
    Task: {E415365E-60EC-465D-B0FC-010776458702} - System32\Tasks\AVG-Secure-Search-Update_1114tb_rmv => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_1114tb.exe
    Task: {ECF6A141-0BE0-4304-BA86-9C32AFD35FDB} - System32\Tasks\dMidfieldDramatisV2 => Rundll32.exe UnscrupulouslyExcerpting.dll,main 7 1 <==== UWAGA
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_1114tb_rel.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_1114tb.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_1114tb_rmv.job => C:\Program Files (x86)\AVG Security Toolbar\AVG-Secure-Search-Update_1114tb.exe
    Task: C:\Windows\Tasks\bench-S-1-5-21-725424209-2603446576-3441433528-1000.job => C:\Program Files (x86)\Bench\Updater\updater.exe <==== UWAGA
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    ProxyServer: [S-1-5-21-725424209-2603446576-3441433528-1000] => http=127.0.0.1:3128
    Hosts:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.key-find.com/?type=hppp&ts=142...HitachiXHTS545050B9A300_110124PBN403171NWR8EX




    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.key-find.com/?type=hppp&ts=142...HitachiXHTS545050B9A300_110124PBN403171NWR8EX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.key-find.com/web/?type=ds&ts=1...XHTS545050B9A300_110124PBN403171NWR8EX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.key-find.com/web/?type=ds&ts=1...XHTS545050B9A300_110124PBN403171NWR8EX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.key-find.com/?type=hppp&ts=142...HitachiXHTS545050B9A300_110124PBN403171NWR8EX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.key-find.com/?type=hppp&ts=142...HitachiXHTS545050B9A300_110124PBN403171NWR8EX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1...XHTS545050B9A300_110124PBN403171NWR8EX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.key-find.com/web/?type=ds&ts=1...XHTS545050B9A300_110124PBN403171NWR8EX&q={searchTerms}
    HKU\S-1-5-21-725424209-2603446576-3441433528-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.key-find.com/?type=hppp&ts=142...HitachiXHTS545050B9A300_110124PBN403171NWR8EX
    HKU\S-1-5-21-725424209-2603446576-3441433528-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.key-find.com/web/?type=dspp&ts...XHTS545050B9A300_110124PBN403171NWR8EX&q={searchTerms}
    HKU\S-1-5-21-725424209-2603446576-3441433528-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.key-find.com/web/?type=dspp&ts...XHTS545050B9A300_110124PBN403171NWR8EX&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-725424209-2603446576-3441433528-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-725424209-2603446576-3441433528-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-725424209-2603446576-3441433528-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-725424209-2603446576-3441433528-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-725424209-2603446576-3441433528-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-725424209-2603446576-3441433528-1000 -> {D0BD4BA7-A957-4EDE-829E-8D975D5306C8} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-725424209-2603446576-3441433528-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    BHO: Brak nazwy -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> Brak pliku
    FF DefaultSearchEngine: delta-homes
    FF SelectedSearchEngine: delta-homes
    FF SearchPlugin: C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\gm7eignx.default\searchplugins\delta-homes.xml [2016-02-27]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\key-find.xml [2015-03-29]
    FF Extension: Plus-HD-9.1c - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\gm7eignx.default\extensions\EXONUDC1159428@DGG30572216.com [2016-02-14] [Brak podpisu cyfrowego]
    FF Extension: YahooToolsProtected - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\gm7eignx.default\Extensions\yahooprotected@gmail.com.xpi [2016-02-14] [Brak podpisu cyfrowego]
    FF Extension: Filter Results - C:\Users\d\AppData\Roaming\Mozilla\Firefox\Profiles\gm7eignx.default\Extensions\{29690076-bf0e-4c48-873c-c0813b99959a}.xpi [2015-07-05] [Brak podpisu cyfrowego]
    CHR StartupUrls: Profile 2 -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=360DD50A45EBD5529B4861DF570693C8&v=20160202&ts=AHEpBXItAnEpAU.."
    CHR Extension: (Filter Results) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekdjnngaipjchfbjnmbhdjolbiocpkg [2015-07-06] [UpdateUrl: hxxp://cdn.filterresults.com/update] <==== UWAGA
    CHR Extension: (电脑管家上网防护) - C:\Users\d\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-02-27]
    R2 MaintainerSvc2.48.1114611; C:\ProgramData\86998342-aefb-4bdb-96ce-74be1e808b51\maintainer.exe [128216 2015-11-06] ()
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-19] ()
    R1 {16aeaf7e-8e31-4ae5-a406-23e1011dca16}Gw64; C:\Windows\System32\drivers\{16aeaf7e-8e31-4ae5-a406-23e1011dca16}Gw64.sys [48784 2014-11-08] (StdLib)
    R1 {3788502c-c1e8-40a8-8914-655def81ee5b}Gw64; C:\Windows\System32\drivers\{3788502c-c1e8-40a8-8914-655def81ee5b}Gw64.sys [48784 2015-02-19] (StdLib)
    R1 {b4e11afe-4c35-4044-965f-6641cc18f62e}Gw64; C:\Windows\System32\drivers\{b4e11afe-4c35-4044-965f-6641cc18f62e}Gw64.sys [48784 2015-02-16] (StdLib)
    R1 {c0727293-b4b8-43d3-9bba-ad36542dcd37}Gw64; C:\Windows\System32\drivers\{c0727293-b4b8-43d3-9bba-ad36542dcd37}Gw64.sys [48784 2014-11-13] (StdLib)
    R1 {df3e0b68-bf66-4a38-9dc7-1016227262b0}Gw64; C:\Windows\System32\drivers\{df3e0b68-bf66-4a38-9dc7-1016227262b0}Gw64.sys [48784 2014-11-11] (StdLib)
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    2016-02-27 19:52 - 2016-02-27 19:52 - 00000000 ____D C:\Users\d\AppData\Roaming\systweak
    2016-02-27 19:42 - 2016-02-27 19:42 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-02-27 19:40 - 2016-02-27 19:40 - 00000000 ____D C:\Users\d\AppData\Local\win_en_77
    2016-02-27 19:39 - 2016-02-27 20:01 - 00000000 ____D C:\Users\d\AppData\Roaming\CikbaJiepo
    2016-02-27 19:39 - 2016-02-27 20:01 - 00000000 ____D C:\Program Files (x86)\win_en_77
    2016-02-27 19:39 - 2016-02-27 19:39 - 00000000 ____D C:\Users\d\AppData\LocalLow\Company
    2016-02-27 19:39 - 2016-02-27 19:39 - 00000000 ____D C:\uninst
    2016-02-27 19:38 - 2016-02-27 20:03 - 00000000 ____D C:\Program Files\groover270220161804
    2016-02-27 19:38 - 2016-02-27 19:41 - 00000000 ____D C:\Users\d\AppData\Local\Tempfolder
    2016-02-27 19:37 - 2016-02-27 20:03 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-02-27 19:37 - 2016-02-27 20:01 - 00000000 ____D C:\Users\d\AppData\Local\gmsd_pl_005010251
    2016-02-27 19:37 - 2016-02-27 20:01 - 00000000 ____D C:\Program Files\SpaceSoundPro
    2016-02-27 19:37 - 2016-02-27 20:01 - 00000000 ____D C:\Program Files\Sound+
    2016-02-27 19:37 - 2016-02-27 20:01 - 00000000 ____D C:\Program Files (x86)\gmsd_pl_005010251
    2016-02-27 19:37 - 2016-02-27 19:37 - 00000000 ____D C:\Users\d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-02-27 19:35 - 2016-02-27 19:52 - 00000000 ____D C:\Users\d\AppData\Roaming\Tencent
    2016-02-27 19:35 - 2016-02-27 19:45 - 00000000 ____D C:\ProgramData\Tencent
    2016-02-27 19:35 - 2016-02-27 19:35 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-02-27 19:26 - 2016-02-27 20:01 - 00000000 ____D C:\Users\d\AppData\Local\4096761C-1456597598-E011-AE5D-8C72B8A16F03
    2016-02-27 19:24 - 2016-02-27 20:01 - 00000000 ____D C:\Program Files (x86)\4096761C-1456593864-E011-AE5D-8C72B8A16F03
    2016-02-27 19:21 - 2016-02-27 20:03 - 00000000 ____D C:\Program Files (x86)\thirteen degrees
    2016-02-27 19:20 - 2016-02-27 20:03 - 00000000 ____D C:\Program Files (x86)\winsafe
    2016-02-27 19:18 - 2016-02-27 20:01 - 00000000 ____D C:\Users\d\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-02-27 19:18 - 2016-02-27 20:01 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
    2016-02-27 19:18 - 2016-02-27 20:01 - 00000000 ____D C:\Program Files (x86)\qq
    2013-12-26 23:48 - 2014-06-04 20:49 - 0003799 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    2014-06-20 12:28 - 2014-06-20 12:28 - 0623616 _____ (Click Me In Limited) C:\Users\d\AppData\Local\nsj88C9.tmp
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0