Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

PriceFountain pomóżcie usunąć

mnich1230 14 Kwi 2016 18:03 501 2
  • Pomocny post
    #2 14 Kwi 2016 18:31
    Acorus 20
    Spec od komputerów

    Odinstaluj PriceFountain, Qtrax Player. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {214C3965-5A00-4B88-BDB7-D1C48573ABF9} - System32\Tasks\PiotrekSnookerScroogeV2 => Rundll32.exe KoranBacchanal.dll,main 7 1 <==== UWAGA
    Task: {3C62982E-E4DF-4B8B-9A1A-886F15FCD192} - System32\Tasks\{4CEEF0CB-3E70-6F50-0015-62BAB79109C2} => C:\Users\Piotrek\AppData\Roaming\PriceFountainUpdateVer\PriceFountainUpdateVer.exe [2013-04-30] () <==== UWAGA
    Task: C:\Windows\Tasks\{4CEEF0CB-3E70-6F50-0015-62BAB79109C2}.job => C:\Users\Piotrek\AppData\Roaming\PRICEF~1\PRICEF~1.EXE
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\Software\Classes\.exe: exefile => <===== UWAGA
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: G - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {0898e5ef-b825-11de-87ae-ca4b6463f3ed} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {12f886d2-2ccb-11e2-84d9-b549539981d6} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {230a155b-1285-11e0-93d9-c23f16842c0a} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {230a1573-1285-11e0-93d9-c23f16842c0a} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {2b66131a-3489-11e0-9788-ad680fb9a161} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {38038e1b-ae30-11df-ac07-e6acf4d2ab51} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {38038e1d-ae30-11df-ac07-e6acf4d2ab51} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {3c0e47f4-a926-11df-88b1-ee77de2cd5f7} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {3c13e6a1-9d43-11de-ac05-b67c5063a5e9} - I:\LaunchU3.exe -a
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {4f315e0c-40c8-11df-a56b-c31bb1b775f1} - G:\LaunchU3.exe -a
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {593fb53d-bd9a-11e2-87e5-8ffcc40af0f9} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {593fb55a-bd9a-11e2-87e5-ca70a9b8eb70} - I:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {78fe50b1-cfe6-11df-bac6-8c3c6426ae40} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {85a9ab51-e17f-11dd-bf8c-001f1643da23} - H:\Autorun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {948e51c5-a929-11df-9703-e0e9f9fbae01} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {948e51dd-a929-11df-9703-e0e9f9fbae01} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {9a84951c-a925-11df-be08-ea60f8118b07} - G:\AutoRun.exe




    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {9e9df26f-ae31-11e0-b16e-c27010d52330} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {aa2564e8-ffa1-11de-b419-85e8bc382ec4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL aNna mInKiNA.EXE
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {c49187f6-2922-11de-a477-001f1643da23} - I:\je26200.com
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {cca14059-248b-11e3-b219-ba8f8ed63c44} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {cca1405a-248b-11e3-b219-ba8f8ed63c44} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {cca1405b-248b-11e3-b219-ba8f8ed63c44} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {d33d670e-b823-11de-91a3-9e97bbeae816} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {d33d6742-b823-11de-91a3-9e97bbeae816} - G:\AutoRun.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {d3e6ff74-2710-11e1-a592-958b3e1a9a05} - I:\Startme.exe
    HKU\S-1-5-21-3895341435-3986161710-3979497623-1000\...\MountPoints2: {d61ca18a-a86a-11df-a0b8-86b3776b5ce9} - G:\AutoRun.exe
    R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-05-02] (Samsung Electronics) [Brak podpisu cyfrowego]
    U3 a3zrntqr; C:\Windows\system32\Drivers\a3zrntqr.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
    S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
    2016-04-13 20:08 - 2016-04-14 17:08 - 00000282 _____ C:\Windows\Tasks\{4CEEF0CB-3E70-6F50-0015-62BAB79109C2}.job
    2016-04-13 20:08 - 2016-04-13 20:08 - 00000000 ____D C:\Users\Piotrek\AppData\Roaming\PriceFountainUpdateVer
    2016-04-13 20:07 - 2016-04-13 20:08 - 00000000 ____D C:\Users\Piotrek\AppData\Local\SnookerScrooge
    C:\Windows\Tasks\{4CEEF0CB-3E70-6F50-0015-62BAB79109C2}.job
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • #3 14 Kwi 2016 21:10
    mnich1230
    Poziom 2  

    Dziękuję za pomoc. Zastosowałem się do wszystkich wskazówek i poleceń i udało się usunąć to dziadostwo. Jeszcze raz dziękuję.

    0