Zaloguj się

**tachion** · 06.01.2014, 21:07

Pierwsze Windows 7

Do notatnika wklej i zapisz jako fixlist.txt

Kod:
(337 Technology Limited.) C:\Program Files (x86)\Desk 365\deskSvc.exe

(337 Technology Limited.) C:\Program Files (x86)\Desk 365\desk365.exe

(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe

(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe

AppInit_DLLs:[ ] ()

AppInit_DLLs-x32: [ ] ()

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=prs&from=prs&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&ts=1372603380

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=prs&from=prs&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&ts=1372603380

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x316884181375CE01

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1388690559&from=wpm0102&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=prs&from=prs&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&ts=1372603380

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=prs&from=prs&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&ts=1372603380

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1388690559&from=wpm0102&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1388690559&from=wpm0102&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=prs&from=prs&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&ts=1372603380

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=prs&from=prs&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&ts=1372603380

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1388690559&from=wpm0102&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&q={searchTerms}

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&ts=1372931167

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1388690559&from=wpm0102&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&q={searchTerms}

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1388690559&from=wpm0102&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1388690559&from=wpm0102&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&q={searchTerms}

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1388690559&from=wpm0102&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&q={searchTerms}

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1388690559&from=wpm0102&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&q={searchTerms}

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1388690559&from=wpm0102&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH&q={searchTerms}

HKCU\...\Run: [Desk 365] - C:\Program Files (x86)\Desk 365\desk365.exe [1011792 2013-09-09] (337 Technology Limited.)

BHO: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho64.dll (Plus HD)

BHO-x32: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll (Plus HD)

FF Homepage: user_pref("browser.startup.homepage", "");

FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");

FF Extension: Plus-HD-4.9 - C:\Users\Sanae\AppData\Roaming\Mozilla\Firefox\Profiles\hom8ogv2.default\Extensions\d019febe-eb2b-4057-a3f2-7def88f2c9cd@1cced8ec-0ffe-43ea-b4b2-fbce5de8e9a4.com

CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Sanae\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx

CHR HKLM-x32\...\Chrome\Extension: [kckgnnipheglejoddfhekdjpbdbinhmb] - C:\Users\Sanae\AppData\Roaming\SpeedTestAnalysis\speedtestanalysis.crx

CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?type=sc&ts=1388690559&from=wpm0102&uid=ST9160301AS_5XT01TNHXXXX5XT01TNH

R2 desksvc; C:\Program Files (x86)\Desk 365\deskSvc.exe [424016 2013-09-09] (337 Technology Limited.)

R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [499856 2014-01-02] (Cherished Technololgy LIMITED)

R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [305784 2013-08-16] (Wsys Co., Ltd.)

S2 BBSvc; "C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE" [x]

S2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [x]

S2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [x]

S2 mdvrmng; \??\C:\Windows\system32\drivers\mdvrmng.sys [x]

U3 tmlwf; 

U3 tmwfp; 

C:\ProgramData\eSafe

C:\Windows\Tasks\Plus-HD-4.9-firefoxinstaller.job

C:\Windows\Tasks\Plus-HD-4.9-updater.job

C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job

C:\Windows\Tasks\Plus-HD-4.9-enabler.job

C:\Windows\System32\Tasks\Plus-HD-4.9-updater

C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader

C:\Windows\System32\Tasks\Plus-HD-4.9-enabler

C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job

C:\Users\Sanae\AppData\Local\Temp\plus-hd-v2-4-9UK.exe

C:\Users\Sanae\AppData\Local\Temp\SkypeSetup.exe

Task: {06FE477F-7EAC-45D5-A7CB-22808C3DE7C8} - System32\Tasks\Plus-HD-4.9-updater => C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-updater.exe [2013-12-11] (Plus HD)

Task: {08CA18A4-9070-43E0-8FFC-A2225DA423CC} - System32\Tasks\Plus-HD-4.9-enabler => C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-enabler.exe [2013-12-11] (Plus HD)

Task: {25FE6C23-57C0-44CB-8301-5CF4C60BDCCC} - System32\Tasks\Plus-HD-4.9-codedownloader => C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-codedownloader.exe [2013-12-11] (Plus HD)

Task: {33283C18-CAC6-4F5B-890C-3DB8826A441D} - System32\Tasks\Plus-HD-4.9-chromeinstaller => C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-chromeinstaller.exe [2013-12-11] (Plus HD)

Task: {886D7A92-F7EB-4C8C-BFCA-650AE270112D} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe [2013-09-09] (337 Technology Limited.)

Task: {F711CA29-4B6B-4EE5-83ED-97EB936CA0EC} - System32\Tasks\Plus-HD-4.9-firefoxinstaller => C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-firefoxinstaller.exe [2013-12-11] (Plus HD)

Task: {FA2DEACB-D849-4A80-85BB-61ADBBE8A4A0} - System32\Tasks\DealPly => C:\Users\Sanae\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE

Task: C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-chromeinstaller.exe

Task: C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job => C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-codedownloader.exe

Task: C:\Windows\Tasks\Plus-HD-4.9-enabler.job => C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-enabler.exe

Task: C:\Windows\Tasks\Plus-HD-4.9-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-firefoxinstaller.exe

Task: C:\Windows\Tasks\Plus-HD-4.9-updater.job => C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-updater.exe

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Fix ,po wykonaniu pokaż raport z tego działania.

Następnie odinstaluj:

Desk 365
Plus-HD-4.9
Speed Test Analysis
WPM17.8.0.3297

Ściągnij program

[Aby zobaczyć linki, zarejestruj się tutaj]

kliknij Szukaji następnie Usuń
pokaż raport

Dodano: 06 sty 2014, 21:56

W google chrome jeszcze przejdź do ustawień > na dole rozwiń pokaż ustawienia zaawansowane i na dole zresetuj ustawienia przeglądarki.

Dodano: 06 sty 2014, 22:07

Windows 8

Do notatnika wklej i zapisz jako fixlist.txt

Kod:
(Conduit) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe

(Conduit) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe

(Conduit) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe

(Updater) C:\ProgramData\Updater\updater.exe

HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)

HKCU\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)

AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1317152 2013-12-16] (Conduit)

AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll[1009440 2013-12-16] (Conduit)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPC479F10F-9E5A-45C0-90DA-57D0D5691242&SSPV=

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC479F10F-9E5A-45C0-90DA-57D0D5691242&q={searchTerms}&SSPV=

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPC479F10F-9E5A-45C0-90DA-57D0D5691242&q={searchTerms}&SSPV=

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2251552 2013-12-16] (Conduit)

C:\Users\Patricia\AppData\Local\Temp\nse1A6F.exe

C:\Users\Patricia\AppData\Local\Temp\nsg1388.exe

C:\Users\Patricia\AppData\Local\Temp\nsiFF53.exe

C:\Users\Patricia\AppData\Local\Temp\nsqB55E.exe

C:\Users\Patricia\AppData\Local\Temp\nss484B.exe

C:\Users\Patricia\AppData\Local\Temp\nsvC146.exe

C:\Users\Patricia\AppData\Local\Temp\nsvEC95.exe

C:\Users\Patricia\AppData\Local\Temp\nsy3D8C.exe

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Fix ,po wykonaniu pokaż raport z tego działania.

Odinstaluj:

Search Protect
Updater
Websteroids

Google Chrome
Ustawienia > karta Ustawienia > Po uruchomieniu > usuń adresy tam otwierane, przestaw na "Otwórz stronę nowej karty"
Ustawienia > karta Historia > wyczyść

Ściągnij program

[Aby zobaczyć linki, zarejestruj się tutaj]

kliknij Szukaji następnie Usuń
pokaż raport

Zaloguj się
Login:
Hasło:	Nie pamiętam hasła
	Zapamiętaj mnie