Wyskakujące rekalmy assist points


(A Suda) #1

Witam,

 

Zawsze jak mam problem piszę tutaj, bo wiem, że zawsze jesteście w stanei pomóc :wink: 

wyskakują mi teraz tak reklamy, że nie mogę nawet ich wyłączyć w 100% ;o. 

 

Raporty:

 

addition: http://wklej.org/id/1716667/

frst:  http://wklej.org/id/1716668/

 

dziękuję za pomoc


(Acorus) #2

Odinstaluj,Ace Stream Media 3.0.11,Assist Point,do-search uninstall.Otwórz notatnik systemowy i wklej:

Task: {7BD676DC-DBB2-4A6C-9C91-CD0402CC5969} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 = Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js" ==== ATTENTION
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLXq={searchTerms}
HKU\S-1-5-21-1692670648-2778665928-3730148944-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLX
HKU\S-1-5-21-1692670648-2778665928-3730148944-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLX
URLSearchHook: HKLM-x32 - WebProtector - {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files (x86)\WebProtector\WebProtector.dll No File
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLXq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLXq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLXq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLXq={searchTerms}
SearchScopes: HKU\S-1-5-21-1692670648-2778665928-3730148944-1000 - DefaultScope {6A1806CD-94D4-4689 URL =
SearchScopes: HKU\S-1-5-21-1692670648-2778665928-3730148944-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1428004922from=coruid=HitachiXHTS545032B9A300_100801PBP306160P5HKLXq={searchTerms}
BHO-x32: Assist Point - {dc727a8c-7582-483c-a1c2-2b885f099bb5} - C:\Program Files (x86)\Assist Point\Extensions\dc727a8c-7582-483c-a1c2-2b885f099bb5.dll [2015-04-02] ()
CHR Extension: (Bookmark Manager) - C:\Users\Adrian Suda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-19]
CHR HKU\S-1-5-21-1692670648-2778665928-3730148944-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
R2 Service Mgr AssistPoint; C:\ProgramData\c716fd70-872c-4aaa-a07f-e248365d7f56\PluginContainer.exe [556304 2015-05-19] ()
R2 Update Mgr AssistPoint; C:\Program Files (x86)\Common Files\c716fd70-872c-4aaa-a07f-e248365d7f56\updater.exe [478992 2015-05-20] ()
U0 msahci; No ImagePath
R1 {20da0614-35ac-464d-8200-eee5dbb17760}Gw64; C:\Windows\System32\drivers\{20da0614-35ac-464d-8200-eee5dbb17760}Gw64.sys [48784 2015-03-24] (StdLib)
R1 {26f60700-6b86-45b9-a360-45e9a70cd908}Gw64; C:\Windows\System32\drivers\{26f60700-6b86-45b9-a360-45e9a70cd908}Gw64.sys [48784 2015-03-21] (StdLib)
S3 Baidu PC Faster FileShredder; \\C:\Program Files (x86)\PC Faster\5.1.0.0\FileKill_x64.sys [X]
S3 BprotectEx; \\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 PCFApiUtil; \\C:\Program Files (x86)\PC Faster\5.1.0.0\PCFApiUtil64.sys [X]
2015-05-19 21:07 - 2015-05-19 21:07 - 00000000 ____ D () C:\Program Files (x86)\GUMD0A.tmp
2015-05-02 12:40 - 2015-05-02 12:41 - 00741672 _____ (Web software ) C:\Users\Adrian Suda\Downloads\KLite-Codec-Pack(13137)-dp.exe
2015-05-02 12:38 - 2015-05-02 12:38 - 00741672 _____ (Web software ) C:\Users\Adrian Suda\Downloads\KLite-Codec-Pack-64bit(13349)-dp.exe
2015-05-02 11:29 - 2015-05-02 11:33 - 00000000 ____ D () C:\Users\Adrian Suda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PriceFountain
2015-05-02 11:29 - 2015-05-02 11:33 - 00000000 ____ D () C:\Users\Adrian Suda\AppData\Local\PriceFountain
2015-05-02 11:29 - 2015-05-02 11:29 - 00000000 ____ D () C:\Users\Adrian Suda\AppData\Roaming\PriceFountain
2015-05-02 11:25 - 2015-05-13 14:59 - 00000000 ____ D () C:\Program Files (x86)\WebProtector
2015-05-02 10:33 - 2015-05-02 10:40 - 00000000 ____ D () C:\AdwCleaner
2015-04-30 18:08 - 2015-04-30 18:09 - 00103680 _____ (Web software ) C:\Users\Adrian Suda\Downloads\29E2.tmp
C:\ProgramData\Duplicaterecord.js

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.