rudaewa
19 Grudzień 2014 17:46
#1
Witam, wczoraj nic nie instalując zawitał do mnie PennyBee gdzie Kaspersky go usunął lecz nie do końca, bo sama dziś “z palca” usunełam C:/Program Files - oczywiście nie wiedząc czy dobrze postępuje.
Oprócz tego nie mogę sie pozbyć delta holmes bo w usuń programy nie moge zindentyfikować.
Poproszę o pomoc tylko z tym, że wiedzę komputerową mam na średnim poziomie to poproszę pisać co mam zrobić jak do blondynki choć nią nie jestem.
http://wklej.to/y4EwG - FRST
http://wklej.to/MkzJx - addition
http://wklej.to/j5ryy - OLT
http://wklej.to/baToT - Extras
Acorus
19 Grudzień 2014 19:01
#2
Odinstaluj Adobe Reader 8 - Polish,Adobe Reader 8.1.2 Security Update 1,FindRight,FLV Player Packages.Otwórz Notatnik i wklej:
Task: C:\WINDOWS\Tasks\EPUpdater.job = C:\DOCUME~1\EWA\DANEAP~1\BABSOL~1\Shared\BabMaint.exe ==== ATTENTION
HKLM\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] = C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [UserFaultCheck] = %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1639373565-2522386157-2237491120-1007\...\Run: [MSMSGS] = C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hpts=1418902662from=wpm12173uid=FUJITSUXMHY2200BH_K42WT8228MP7T8228MP7X
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1411566731from=coruid=FUJITSUXMHY2200BH_K42WT8228MP7T8228MP7Xq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1411566731from=coruid=FUJITSUXMHY2200BH_K42WT8228MP7T8228MP7Xq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=scts=1411566731from=coruid=FUJITSUXMHY2200BH_K42WT8228MP7T8228MP7X
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1418902662from=wpm12173uid=FUJITSUXMHY2200BH_K42WT8228MP7T8228MP7Xq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1418902662from=wpm12173uid=FUJITSUXMHY2200BH_K42WT8228MP7T8228MP7Xq={searchTerms}
SearchScopes: HKU\S-1-5-21-1639373565-2522386157-2237491120-1007 - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}affID=121845babsrc=SP_ssmntrId=608E00027877A896
SearchScopes: HKU\S-1-5-21-1639373565-2522386157-2237491120-1007 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.delta-search.com/?q={searchTerms}affID=121845babsrc=SP_ssmntrId=608E00027877A896
SearchScopes: HKU\S-1-5-21-1639373565-2522386157-2237491120-1007 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=dsts=1418902662from=wpm12173uid=FUJITSUXMHY2200BH_K42WT8228MP7T8228MP7Xq={searchTerms}
SearchScopes: HKU\S-1-5-21-1639373565-2522386157-2237491120-1007 - {436033EB-9CCB-42EE-91AB-FF5757E700F5} URL = http://websearch.ask.com/redirect?client=ietb=ORJo=100000027src=crmq={searchTerms}locale=en_USapn_ptnrs=U3apn_dtid=OSJ000YYPLapn_uid=C0891684-EC46-4EF0-88FE-72C62BE3E034apn_sauid=C01B853D-D5A0-4353-8D3E-B22734D66259
SearchScopes: HKU\S-1-5-21-1639373565-2522386157-2237491120-1007 - {97EBC423-FA15-4690-B8A2-4B7162E737FF} URL = http://searchou.com/?q={searchTerms}id=608e955f00000000000000027877a896r=421
SearchScopes: HKU\S-1-5-21-1639373565-2522386157-2237491120-1007 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://search.bearshare.com//web?src=iebappid=20systemid=2sr=0q={searchTerms}
SearchScopes: HKU\S-1-5-21-1639373565-2522386157-2237491120-1007 - {ADFE7BB2-E2EF-42D5-85A6-41314C343CD1} URL = http://search.targeo.pl/?query={searchTerms}encoding=utf-8os=1
BHO: No Name - {2c774641-5504-46a8-b63f-6715ae3fe376} - No File
BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll No File
Toolbar: HKLM - MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll No File
Toolbar: HKU\S-1-5-21-1639373565-2522386157-2237491120-1007 - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1639373565-2522386157-2237491120-1007 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Documents and Settings\EWA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx [2014-12-18]
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe [485376 2014-12-16] (Fuyu LIMITED) [File not signed]
S2 PennyBee; C:\Program Files\PennyBee\PennyBee.exe [X]
S3 ADDMEM; \\C:\DOCUME~1\EWA\USTAWI~1\Temp\__Samsung_Update\ADDMEM.SYS [X]
S2 ADILOADER; System32\Drivers\adildr.sys [X]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [X]
U2 CertPropSvc; No ImagePath
S3 esgiguard; \\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 nmwcdnsuc; system32\drivers\nmwcdnsuc.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 VMC302; System32\Drivers\VMC302.sys [X]
U1 WS2IFSL; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2014-12-18 16:21 - 2014-12-18 16:23 - 00000000 ___DC () C:\AdwCleaner
2014-12-18 12:39 - 2014-12-18 12:45 - 00000000 ____ D () C:\Program Files\WinZipper
2014-12-18 12:39 - 2014-12-18 12:39 - 00000000 ____ D () C:\Documents and Settings\EWA\Dane aplikacji\WinZipper
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Zainstaluj Adobe Reader XI 11.0.10 http://download.adobe.com/pub/adobe/reader/win/11.x/11.0.00/pl_PL/AdbeRdr11000_pl_PL.exe
rudaewa
19 Grudzień 2014 20:41
#3
tego nie mogłam znaleść - w dodaj usuń porogramy ani w CCleaner - Adobe Reader 8.1.2 Security Update 1
a to dziadostwo dalej siedzi Delta Homes jak otwieram Chrome
http://wklej.to/o6skI - OTL
http://wklej.to/OSs9J - FRST
Atis
19 Grudzień 2014 20:58
#4
rudaewa
20 Grudzień 2014 11:44
#5
To pomogło, a jak poradzić sobie z IExplorer ? bo dalej tam też siedzi
Atis
20 Grudzień 2014 14:21
#6