Jak się pozbyć "syfu" z asystenta pobieranie db.pl?


(Korzik Allegro) #1

Cześć, mam pytanie.

Jak sprawdzić czy key-find.com został w całości usunięty z mojego komputera? Mimo, że usunąłem go przez menadżera programów i osobno z każdej przeglądarki czasami potrafi mi wyskoczyć w przeglądarce wyszukiwarka key-find. 


(Giiixxxx6) #2

Logi FRST.


(meiden77) #3

Użyj AdwCleaner powinno pomóc :slight_smile:


(Acorus) #4

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Korzik Allegro) #5

Skany:

 

http://wklej.org/id/1644386/

 

http://wklej.org/id/1644387/

 

Dzięki za pomoc :) 


(Acorus) #6

Otwórz notatnik systemowy i wklej:

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hpppts=1424427076from=coruid=WDCXWD7500BPVT-80HXZT1_WD-WX91A613370033700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hpppts=1424427076from=coruid=WDCXWD7500BPVT-80HXZT1_WD-WX91A613370033700
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dsts=1424427040from=coruid=WDCXWD7500BPVT-80HXZT1_WD-WX91A613370033700q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dsts=1424427040from=coruid=WDCXWD7500BPVT-80HXZT1_WD-WX91A613370033700q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hpppts=1424427076from=coruid=WDCXWD7500BPVT-80HXZT1_WD-WX91A613370033700
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hpppts=1424427076from=coruid=WDCXWD7500BPVT-80HXZT1_WD-WX91A613370033700
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=dsts=1424427040from=coruid=WDCXWD7500BPVT-80HXZT1_WD-WX91A613370033700q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=dsts=1424427040from=coruid=WDCXWD7500BPVT-80HXZT1_WD-WX91A613370033700q={searchTerms}
HKU\S-1-5-21-2317531837-2949808108-152517983-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dsppts=1424427076from=coruid=WDCXWD7500BPVT-80HXZT1_WD-WX91A613370033700q={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\d5n63kyi.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Piotrek\AppData\Roaming\Mozilla\Firefox\Profiles\5r4d0bmd.default-1424428923692\extensions\fftoolbar2014@etech.com
CHR StartupUrls: Default - "hxxp://www.key-find.com/?type=hpts=1424427040from=coruid=WDCXWD7500BPVT-80HXZT1_WD-WX91A613370033700", "hxxp://www.key-find.com/?type=hpppts=1424427076from=coruid=WDCXWD7500BPVT-80HXZT1_WD-WX91A613370033700"
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-20] (SysTool PasSame LIMITED)
S2 Update Solution Real; "C:\Program Files (x86)\Solution Real\updateSolutionReal.exe" [X]
R1 {edf2e803-e64b-4078-9a9f-33672590ad18}Gw64; C:\Windows\System32\drivers\{edf2e803-e64b-4078-9a9f-33672590ad18}Gw64.sys [48792 2015-01-03] (StdLib)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X
2015-02-20 11:12 - 2015-02-20 11:12 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-02-20 11:11 - 2015-02-20 11:12 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-02-20 11:11 - 2015-02-20 11:11 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-02-11 17:46 - 2013-12-09 17:24 - 00000000 ____ D () C:\Program Files (x86)\Spybot - Search Destroy 2
2015-02-11 17:44 - 2013-12-09 17:25 - 00000000 ____ D () C:\ProgramData\Spybot - Search Destroy
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.