Do notatnika wklej i zapisz jako
fixlist.txt
Kod:
() C:\Program Files (x86)\LPT\srpts.exe
HKLM-x32\...\Run: [DATAMNGR] => C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3147329327-1183664364-287875317-1001\...\Run: [PriceMeterW] => "C:\Users\Samsung\AppData\Local\PriceMeter\pricemeterw.exe"
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-02-07] ()
AppInit_DLLs:C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs:C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll => c:\ProgramData\Wincert\win32cert.dll [7168 2013-02-07] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmcY6qraQiIVKY2jijC_vI8Ic3mdw1Y8Cb8XEOxJ6DHov4CkttJJIGVMm1BbpA8xkLiVqaYFtmM8yqIXeBGslLz4y5D7YSmCLX4Ux2G_UBwRLHxqUwgQF-zXmQOtMcF5l2Z6sHLRK3WGot&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AzytCyDzzyB0A0EtCyDtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCzzyCyCzz0CtDtGtCtCyE0EtG0E0A0EzytGyDyE0EtDtGtA0E0FtD0DtByEyCyD0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0CyDtCtBzztG0D0AtC0CtG0EyBtDyCtG0EyBtC0FtGyEtDtD0A0AtCyCyC0F0DyE0B2Q&cr=916728497&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://mixidj.delta-search.com/?affID=121136&babsrc=HP_ss&mntrId=28CBB8030520B5C1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmcY6qraQiIVKY2jijC_vI8Ic3mdw1Y8Cb8XEOxJ6DHov4CkttJJIGVMm1BbpA8xkLiVqaYFtmM8yqIXeBGslLz4y5D7YSmCLX4Ux2G_UBwRLHxqUwgQF-zXmQOtMcF5l2Z6sHLRK3WGot&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AzytCyDzzyB0A0EtCyDtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCzzyCyCzz0CtDtGtCtCyE0EtG0E0A0EzytGyDyE0EtDtGtA0E0FtD0DtByEyCyD0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0CyDtCtBzztG0D0AtC0CtG0EyBtDyCtG0EyBtC0FtGyEtDtD0A0AtCyCyC0F0DyE0B2Q&cr=916728497&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AzytCyDzzyB0A0EtCyDtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCzzyCyCzz0CtDtGtCtCyE0EtG0E0A0EzytGyDyE0EtDtGtA0E0FtD0DtByEyCyD0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0CyDtCtBzztG0D0AtC0CtG0EyBtDyCtG0EyBtC0FtGyEtDtD0A0AtCyCyC0F0DyE0B2Q&cr=916728497&ir=
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_16_ie&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AzytCyDzzyB0A0EtCyDtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StB0D0EtD0DzyyEyBtG0B0FyDzytG0FyE0AzztGyByB0D0AtGtAyD0BtAtByDtCyDzzzzzy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0CyDtCtBzztG0D0AtC0CtG0EyBtDyCtG0EyBtC0FtGyEtDtD0A0AtCyCyC0F0DyE0B2Q&cr=1615093707&ir=
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AzytCyDzzyB0A0EtCyDtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCzzyCyCzz0CtDtGtCtCyE0EtG0E0A0EzytGyDyE0EtDtGtA0E0FtD0DtByEyCyD0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0CyDtCtBzztG0D0AtC0CtG0EyBtDyCtG0EyBtC0FtGyEtDtD0A0AtCyCyC0F0DyE0B2Q&cr=916728497&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=362&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=7252422865554533&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_16_ie&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AzytCyDzzyB0A0EtCyDtDtN0D0Tzu0SzzyEtCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StB0D0EtD0DzyyEyBtG0B0FyDzytG0FyE0AzztGyByB0D0AtGtAyD0BtAtByDtCyDzzzzzy0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0CyDtCtBzztG0D0AtC0CtG0EyBtDyCtG0EyBtC0FtGyEtDtD0A0AtCyCyC0F0DyE0B2Q&cr=1615093707&ir=
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmcY6qraQiIVKY2jijC_vI8Ic3mdw1Y8Cb8XEOxJ6DHov4CkttJJIGVMm1BbpA8xkLiVqaYFtmM8yqIXeBGslLz4y5D7YSmCLX4Ux2G_UBwRLHxqUwgQF-zXmQOtMcF5l2Z6sHLRK3WGot&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmcY6qraQiIVKY2jijC_vI8Ic3mdw1Y8Cb8XEOxJ6DHov4CkttJJIGVMm1BbpA8xkLiVqaYFtmM8yqIXeBGslLz4y5D7YSmCLX4Ux2G_UBwRLHxqUwgQF-zXmQOtMcF5l2Z6sHLRK3WGot&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmcY6qraQiIVKY2jijC_vI8Ic3mdw1Y8Cb8XEOxJ6DHov4CkttJJIGVMm1BbpA8xkLiVqaYFtmM8yqIXeBGslLz4y5D7YSmCLX4Ux2G_UBwRLHxqUwgQF-zXmQOtMcF5l2Z6sHLRK3WGot&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fQbYPFkTjj8jzRyB0rQvzyej3yvtCjyXXnQmcY6qraQiIVKY2jijC_vI8Ic3mdw1Y8Cb8XEOxJ6DHov4CkttJJIGVMm1BbpA8xkLiVqaYFtmM8yqIXeBGslLz4y5D7YSmCLX4Ux2G_UBwRLHxqUwgQF-zXmQOtMcF5l2Z6sHLRK3WGot&q={searchTerms}
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0EzztDtAzy0AzytCyDzzyB0A0EtCyDtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCyCzzyCyCzz0CtDtGtCtCyE0EtG0E0A0EzytGyDyE0EtDtGtA0E0FtD0DtByEyCyD0A0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzy0F0CyDtCtBzztG0D0AtC0CtG0EyBtDyCtG0EyBtC0FtGyEtDtD0A0AtCyCyC0F0DyE0B2Q&cr=916728497&ir=
BHO: DataMngr - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~1\Datamngr\x64\BROWSE~1.DLL No File
BHO-x32: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
BHO-x32: SelectionLinks - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks)
BHO-x32: BrowseMark - {aeac172e-2e4b-4b92-9af6-b0cdb1acecdb} - C:\Program Files (x86)\BrowseMark\BrowseMarkbho.dll No File
BHO-x32: DataMngr - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\PROGRA~2\SEARCH~1\Datamngr\BROWSE~1.DLL No File
BHO-x32: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
Toolbar: HKLM-x32 - Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
Toolbar: HKLM-x32 - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Samsung\AppData\Local\speedial.crx [2014-04-20]
CHR HKCU\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Samsung\AppData\Local\speedial.crx [2014-04-20]
CHR HKLM-x32\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Samsung\AppData\Local\speedial.crx [2014-04-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 LPTSystemUpdater; C:\Program Files (x86)\LPT\srpts.exe [37920 2014-03-30] ()
S2 Update BrowseMark; "C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe" [X]
S2 Util BrowseMark; "C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe" [X]
R1 {b99c8534-7800-48fa-bd71-519a46cdc7e1}w64; C:\Windows\System32\drivers\{b99c8534-7800-48fa-bd71-519a46cdc7e1}w64.sys [61120 2014-05-22] (StdLib)
C:\Users\Samsung\AppData\Roaming\.NANotifyHere
C:\Users\Samsung\AppData\Local\Temp\AVG.exe
C:\Users\Samsung\AppData\Local\Temp\bstrapInstall.exe
C:\Users\Samsung\AppData\Local\Temp\GenericWndApi.dll
C:\Users\Samsung\AppData\Local\Temp\installhelper.dll
C:\Users\Samsung\AppData\Local\Temp\MixiDJToolbar_yh.exe
C:\Users\Samsung\AppData\Local\Temp\NL-Package.exe
C:\Users\Samsung\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Samsung\AppData\Local\Temp\uninst1.exe
C:\Users\Samsung\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Samsung\AppData\Local\Temp\wajam_install.exe
C:\Users\Samsung\AppData\Local\Temp\wget.exe
C:\Users\Samsung\AppData\Local\Temp\{4F978A82-328C-46CE-89A9-779DA273FA83}-30.0.1599.101_30.0.1599.69_chrome_updater.exe
C:\Users\Samsung\AppData\Local\Temp\{88CD8058-72C7-4567-91EA-9FF0234CB6A6}-GoogleUpdateSetup.exe
Task: {59C980B9-D5B2-4E87-B7E7-D8F77694CD10} - System32\Tasks\Speedial => C:\Users\Samsung\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {787C6F8F-FC81-4A3F-8648-9CB76BEF4619} - System32\Tasks\Price Meter Updater => C:\Users\Samsung\AppData\Roaming\PriceMeterUpdater\UpdateProc\UpdateTask.exe [2013-04-12] ()
Task: {9FA6B1FD-632B-4740-BA20-5C35C5A03D66} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2014-03-22] (AVG)
Task: {E7A6E472-D04F-4120-A8D7-7C707EC36085} - System32\Tasks\pricemeterdownloader => C:\Users\Samsung\AppData\Local\PriceMeter\pricemeterd.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Price Meter Updater.job => C:\Users\Samsung\AppData\Roaming\PRICEM~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\Speedial.job => C:\Users\Samsung\AppData\Roaming\Speedial\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Reboot:
Zapisany skrypt umieść obok ściągniętego programu
FRST
Następnie w programie kliknij
Fix,po wykonaniu pokaż raport z tego działania.
Odinstaluj:
AVG PC TuneUp 2014
LPT System Updater Service
Mysearchdial
Search-Results Toolbar
SelectionLinks
Snap.Do
Snap.Do Engine
Update for PriceMeter
Google Chrome
Ustawienia > karta Rozszerzenia > odinstaluj MySearchDial,Speedial.
Ustawienia > karta Ustawienia > Po uruchomieniu > Otwórz konkretną stronę lub zestaw stron i z listy usuń adres speedial.com,następnie przestaw na "Otwórz stronę nowej karty"
Ustawienia > karta Ustawienia > Wygląd i zaznacz "Pokaż przycisk strony startowej" > klik w Zmień i usuń adres feed.snapdo.com
Ustawienia > karta Ustawienia > Wyszukiwanie przestaw na Google > Zarządzanie wyszukiwarkami,usuń jeśli widoczne Speedial
Zresetuj cache wtyczek. W pasku adresów wpisz chrome://plugins i ENTER. Na liście wtyczek wybierz dowolną i kliknij Wyłącz. Następnie wtyczkę ponownie włącz.
Ustawienia > karta Historia > wyczyść
Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję "Zresetuj ustawienia przeglądarki".
Ściągnij program
[Aby zobaczyć linki, zarejestruj się tutaj]
kliknij
Szukaj i następnie
Usuń
pokaż raport
Ściągnij
[Aby zobaczyć linki, zarejestruj się tutaj]
i kliknij Start.
Wklej na stronę raport z
SecurityCheck
[Aby zobaczyć linki, zarejestruj się tutaj]
Uruchom kliknij w dowolny klawisz,poczekaj aż program zakończy działanie.
Zrób nowe logi i przedstaw z FRST.txt > Addition.txt,Shortcut.txt+ OTL ale bez extras