Search Protect itp problem


(Chudymaximum) #1

Jak w temacie. Nie mogę usunąć Search Protect i generalnie ostatnio zauważyłem mnóstwo syfu na komputerze, który pojawia się na liście programów znikąd ...

 

LOGI

 

FRST

http://wklej.to/AePl6

 

ADDITION

http://wklej.to/aF6cE

SHORTCUT

http://www.wklej.org/id/1649768/

Pozdrawiam


(Acorus) #2

Odinstaluj Deal Keeper,WindowsMangerProtect20.0.0.502.Otwórz notatnik systemowy i wklej:

Task: {4E46101B-49D6-4092-84CD-CD1A04DE5DD5} - System32\Tasks\{9C64DFF2-443F-4EBA-939F-414CCC488263} = pcalua.exe -a C:
\Users\ASUS\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=smt
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\RunOnce: [fmscout14] = [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hpppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hpppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dsts=1425059952from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dsts=1425059952from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hpppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hpppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dsts=1425059952from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dsts=1425059952from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905q={searchTerms}
HKU\S-1-5-21-1426094806-1751029102-20782886-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dsppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905q={searchTerms}
HKU\S-1-5-21-1426094806-1751029102-20782886-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hpppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905
HKU\S-1-5-21-1426094806-1751029102-20782886-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hpppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905
HKU\S-1-5-21-1426094806-1751029102-20782886-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dsppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905q={searchTerms}
SearchScopes: HKU\.DEFAULT - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-1426094806-1751029102-20782886-1001 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dsppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905q={searchTerms}
SearchScopes: HKU\S-1-5-21-1426094806-1751029102-20782886-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905ts=1425060003type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1426094806-1751029102-20782886-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905ts=1425060003type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1426094806-1751029102-20782886-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dsppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905q={searchTerms}
SearchScopes: HKU\S-1-5-21-1426094806-1751029102-20782886-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905ts=1425060003type=defaultq={searchTerms}
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=scts=1425059952from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905
FF NewTab: hxxp://www.istartsurf.com/newtab/?type=ntts=1425059952from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF SearchPlugin: C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\vu91ekx3.default\searchplugins\istartsurf.xml
FF Extension: FF Toolbar - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\vu91ekx3.default\Extensions\fftoolbar2014@etech.com [2015-02-27]
FF Extension: Search Enginer - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\vu91ekx3.default\Extensions\searchengine@gmail.com [2015-02-27]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\vu91ekx3.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\vu91ekx3.default\extensions\fftoolbar2014@etech.com
CHR HomePage: Default - hxxp://www.istartsurf.com/?type=hpppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905
CHR StartupUrls: Default - "hxxp://www.istartsurf.com/?type=hpppts=1425059986from=smtuid=WDCXWD7500BPVT-80HXZT3_WD-WXJ1A71A3905A3905"
CHR DefaultSearchKeyword: Default - istartsurf
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-27] (SysTool PasSame LIMITED)
2015-02-27 19:01 - 2015-02-27 19:01 - 00003152 _____ () C:\Windows\System32\Tasks\{9C64DFF2-443F-4EBA-939F-414CCC488263}
2015-02-27 19:00 - 2015-02-27 19:00 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-02-27 19:00 - 2015-02-27 19:00 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-02-27 19:00 - 2015-02-27 19:00 - 00000000 ____ D () C:\Program Files (x86)\SourceApp
2015-02-27 18:59 - 2015-02-27 18:59 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Chudymaximum) #3

Acorus jak zwykle niezawodny, skuteczny i bezbłędny ! Kiedyś na serio będę Ci musiał piwko postawić :slight_smile:

Pozdrawiam !


(Acorus) #4

Skasuj folder C:\FRST


(Chudymaximum) #5

Zrobione !

Pozdrawiam