Powered by Framed Display


(Patryk Adamski) #1

Witam,

Mam problem z wyskakującymi oknami Powered by Framed Display.

Nie mam pojęcia jak to usunąć. Próbowałem SpyHunterem 4, ale nic nie daje.

Prosze o pomoc.


(Acorus) #2

Odinstaluj SpyHunter.Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

Raporty umieść na http://wklej.org/ i podaj link.


(Patryk Adamski) #3

Proszę bardzo:

Addition: http://wklej.org/id/1595236/


(Acorus) #4

Otwórz notatnik systemowy i wklej:

Hosts:
Task: {0FE969B2-3109-4E7C-B95B-CE2F25DB082F} - System32\Tasks\globalUpdateUpdateTaskMachineCore = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: {3826471A-9E98-4524-8B7A-B7B4B2E6822E} - System32\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-5 = C:\Program Files (x86)\GoHD\971e033c-001b-4909-b49a-ae309e7658b5-5.exe ==== ATTENTION
Task: {38F99EF5-5ADE-44A9-8081-855FF9FDCC8D} - System32\Tasks\globalUpdateUpdateTaskMachineUA = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: {52E659DB-6EE1-410B-A936-B4A00FF43637} - System32\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-4 = C:\Program Files (x86)\GoHD\971e033c-001b-4909-b49a-ae309e7658b5-4.exe ==== ATTENTION
Task: {69DC605F-AD8D-454C-861F-35A154257BD1} - System32\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-2 = C:\Program Files (x86)\GoHD\971e033c-001b-4909-b49a-ae309e7658b5-2.exe ==== ATTENTION
Task: {A05951FC-0189-45C1-999B-FCD5DDBA0E23} - System32\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-1 = C:\Program Files (x86)\GoHD\GoHD-codedownloader.exe ==== ATTENTION
Task: {A24F7E6A-BCA7-41F5-BD6F-77E36A0F8484} - System32\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-5_user = C:\Program Files (x86)\GoHD\971e033c-001b-4909-b49a-ae309e7658b5-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-1.job = C:\Program Files (x86)\GoHD\GoHD-codedownloader.exe ==== ATTENTION
Task: C:\Windows\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-2.job = C:\Program Files (x86)\GoHD\971e033c-001b-4909-b49a-ae309e7658b5-2.exe ==== ATTENTION
Task: C:\Windows\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-4.job = C:\Program Files (x86)\GoHD\971e033c-001b-4909-b49a-ae309e7658b5-4.exe ==== ATTENTION
Task: C:\Windows\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-5.job = C:\Program Files (x86)\GoHD\971e033c-001b-4909-b49a-ae309e7658b5-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-5_user.job = C:\Program Files (x86)\GoHD\971e033c-001b-4909-b49a-ae309e7658b5-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [gmsd_pl_22] = [X]
HKU\S-1-5-21-4116731408-539669762-1245162024-1000\...\Run: [ALLUpdate] = C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2014-11-03] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-4116731408-539669762-1245162024-1000\...\Run: [ALLPlayer WiFi Remote] = C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [5182896 2014-07-23] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-4116731408-539669762-1245162024-1000\...\Policies\Explorer: [NofolderOptions] 0
HKU\S-1-5-21-4116731408-539669762-1245162024-1001\...\Policies\Explorer: [NofolderOptions] 0
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1410451075from=coruid=TOSHIBAXMK1059GSMP_1231P411TXX1231P411Tq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1410451075from=coruid=TOSHIBAXMK1059GSMP_1231P411TXX1231P411Tq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1410451075from=coruid=TOSHIBAXMK1059GSMP_1231P411TXX1231P411Tq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1410451075from=coruid=TOSHIBAXMK1059GSMP_1231P411TXX1231P411Tq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=scts=1410451075from=coruid=TOSHIBAXMK1059GSMP_1231P411TXX1231P411T
BHO: GoHD - {11111111-1111-1111-1111-110611211180} - C:\Program Files (x86)\GoHD\GoHD-bho64.dll (InstallMoon)
FF Extension: GoHD - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\04qete46.default\Extensions\sonnypenn@aol.com [2015-01-11]
R1 {cd63c300-b231-4a93-a479-5a1e96976d74}Gw64; C:\Windows\System32\drivers\{cd63c300-b231-4a93-a479-5a1e96976d74}Gw64.sys [48784 2014-12-03] (StdLib)
S3 EraserUtilDrv11410; \\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11410.sys [X]
S3 RSPCIESTOR; system32\DRIVERS\RtsPStor.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 {1d2109d8-6714-4ca1-8af8-2ed86cea88e2}Gw64; system32\drivers\{1d2109d8-6714-4ca1-8af8-2ed86cea88e2}Gw64.sys [X]
2015-01-14 12:21 - 2010-05-13 18:34 - 00014232 _____ () C:\Windows\SysWOW64\sh4native.exe
2015-01-14 12:14 - 2015-01-14 12:14 - 00000000 ____ D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-01-14 12:14 - 2015-01-14 12:14 - 00000000 ____ D () C:\sh4ldr
2015-01-14 12:13 - 2015-01-14 13:00 - 00000000 ____ D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-01-11 13:52 - 2015-01-14 12:29 - 00002406 _____ () C:\Windows\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-5_user.job
2015-01-11 13:51 - 2015-01-14 12:29 - 00002406 _____ () C:\Windows\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-5.job
2015-01-11 13:51 - 2015-01-14 12:29 - 00002070 _____ () C:\Windows\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-2.job
2015-01-11 13:51 - 2015-01-14 12:21 - 00005448 _____ () C:\Windows\System32\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-5
2015-01-11 13:51 - 2015-01-14 12:21 - 00005112 _____ () C:\Windows\System32\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-2
2015-01-11 13:50 - 2015-01-14 12:48 - 00000000 ____ D () C:\Program Files (x86)\GoHD
2015-01-11 13:50 - 2015-01-14 12:29 - 00004118 _____ () C:\Windows\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-4.job
2015-01-11 13:50 - 2015-01-14 12:29 - 00003392 _____ () C:\Windows\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-1.job
2015-01-11 13:50 - 2015-01-14 12:21 - 00007160 _____ () C:\Windows\System32\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-4
2015-01-11 13:50 - 2015-01-14 12:21 - 00006434 _____ () C:\Windows\System32\Tasks\971e033c-001b-4909-b49a-ae309e7658b5-1
2015-01-11 13:49 - 2015-01-11 15:04 - 00000000 ____ D () C:\Users\HP\AppData\Roaming\systweak
2015-01-11 13:49 - 2014-12-08 17:01 - 00020216 _____ () C:\Windows\system32\roboot64.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Patryk Adamski) #5

Okienka wyskakiwały dalej, do momentu, aż zorientowałem się żeby ręcznie móc wreszcie wyłączyć to diabelstwo w dodatkach Firefoxa.

Dziękuje serdecznie za pomoc, cholernie utrudiało przeglądanie.


(Acorus) #6

Skasuj folder C:\FRST