nie mogę usunąć programu spyhunter

kolobos Re: nie mogę usunąć programu spyhunter 29.08.15, 10:18

Odinstaluj:
Adobe Reader 9.4.0 - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
eBay (HKLM-x32\...\{FDE58148-57E7-43BF-879A-29CCE818C078}) (Version: 1.1.9 - eBay Inc.)
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)

Zainstaluj ninite.com/java-foxit/

Nie pobieraj programow ze strony oferujacych menadzery pobierania instalujace szkodliwe oprogramownie!
Taka strona jest np. dobreprogramy.

Obok frst.exe utworz plik fixlist.txt z zawartoscia:
Task: {B7A8DCDD-151B-46CA-B533-21E967DBD7CB} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-08-16] (Enigma Software Group USA, LLC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-08-16]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-08-16]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicy: Zasady grupy Chrome wykryto <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439721706&z=b95514f87c7c0fd16643e4ag3z4cft3mdo7gdqeg4c&from=cor&uid=HitachiXHTS545032B9A300_101009PBN310GTK3EUYRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439721706&z=b95514f87c7c0fd16643e4ag3z4cft3mdo7gdqeg4c&from=cor&uid=HitachiXHTS545032B9A300_101009PBN310GTK3EUYRX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439721706&z=b95514f87c7c0fd16643e4ag3z4cft3mdo7gdqeg4c&from=cor&uid=HitachiXHTS545032B9A300_101009PBN310GTK3EUYRX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439721706&z=b95514f87c7c0fd16643e4ag3z4cft3mdo7gdqeg4c&from=cor&uid=HitachiXHTS545032B9A300_101009PBN310GTK3EUYRX&q={searchTerms}
HKU\S-1-5-21-3437986071-2192667530-2205083868-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki
SearchScopes: HKU\S-1-5-21-3437986071-2192667530-2205083868-1000 -> {37EC7309-1865-46C5-88F6-B72DC188F500} URL = hxxp://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-3437986071-2192667530-2205083868-1000 -> {A21453F0-42DB-4CE5-9DC8-1CE769498A3D} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
BHO-x32: Jungle Net -> {dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36} -> C:\Program Files (x86)\Jungle Net\Extensions\dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36.dll Brak pliku
BHO-x32: Filter Results -> {dd4c66b8-f943-4b10-8053-7e9ee39bba4a} -> C:\Program Files (x86)\Filter Results\Extensions\dd4c66b8-f943-4b10-8053-7e9ee39bba4a.dll Brak pliku
FF Extension: Jungle Net - C:\Users\kubusc\AppData\Roaming\Mozilla\Firefox\Profiles\3tt3v3tz.default\Extensions\{8f2a3863-c201-4a50-8c51-c3f9da1feea6}.xpi [2015-08-23]
FF Extension: Filter Results - C:\Users\kubusc\AppData\Roaming\Mozilla\Firefox\Profiles\3tt3v3tz.default\Extensions\{e8f8da3a-99a8-45cd-a6e0-fc7d6d49412a}.xpi [2015-08-28]
OPR Extension: (Filter Results) - C:\Users\kubusc\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdeefpheeeabokjolkocfdahllodhkic [2015-08-28]
OPR Extension: (Jungle Net) - C:\Users\kubusc\AppData\Roaming\Opera Software\Opera Stable\Extensions\mlbphbgembijaealceidcddcgnokdojm [2015-08-23]
S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-08-16] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-08-16] ()
2015-08-28 21:05 - 2015-08-28 21:23 - 00000000 ____D C:\AdwCleaner
2015-08-28 17:23 - 2015-08-28 17:23 - 00867648 _____ (Internet program ) C:\Users\kubusc\Downloads\HijackThis-12030-dp(2).exe
2015-08-28 17:18 - 2015-08-28 17:18 - 00867648 _____ (Internet program ) C:\Users\kubusc\Downloads\HijackThis-12030-dp(1).exe
2015-08-23 10:10 - 2015-08-23 10:10 - 00865000 _____ (Application Installer generic ) C:\Users\kubusc\Downloads\Adobe-Flash-Player-13091-dp.exe
2015-08-23 10:01 - 2015-08-23 10:01 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-08-23 09:59 - 2015-08-23 09:59 - 05012928 _____ (Adobe Systems Inc.) C:\Users\kubusc\Downloads\Shockwave_Installer_Slim.exe
2015-08-23 09:59 - 2015-08-23 09:59 - 00865000 _____ (Application Installer generic ) C:\Users\kubusc\Downloads\Silverlight-17716-dp.exe
2015-08-23 09:55 - 2015-08-23 09:56 - 13081608 _____ (Microsoft Corporation) C:\Users\kubusc\Downloads\Silverlight_x64.exe.part
2015-08-22 14:45 - 2015-08-22 14:45 - 00000000 ____D C:\Users\kubusc\Documents\Waterpark Tycoon
2015-08-22 14:42 - 2015-08-28 20:47 - 00000000 ____D C:\Users\kubusc\Downloads\backups
2015-08-22 14:40 - 2015-08-22 14:40 - 00014490 _____ C:\Users\kubusc\Downloads\hijackthis.log
2015-08-22 14:39 - 2015-08-22 14:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\kubusc\Downloads\HijackThis_2.0.4.exe
2015-08-22 14:36 - 2015-08-22 14:36 - 00036734 _____ C:\Windows\SysWOW64\OggDSuninst.exe
2015-08-22 14:35 - 2015-08-22 14:35 - 00865000 _____ (Application Installer generic ) C:\Users\kubusc\Downloads\HijackThis-12030-dp.exe
2015-08-16 22:10 - 2015-08-16 22:10 - 00003336 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-08-16 22:10 - 2015-08-16 22:10 - 00000937 _____ C:\Users\kubusc\Desktop\SpyHunter.lnk
2015-08-16 22:10 - 2015-08-16 22:10 - 00000000 ____D C:\Users\kubusc\AppData\Roaming\Enigma Software Group
2015-08-16 22:10 - 2015-08-16 22:10 - 00000000 ____D C:\sh4ldr
2015-08-16 22:07 - 2015-08-16 22:07 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-08-16 22:07 - 2015-08-16 22:07 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-08-16 22:06 - 2015-08-16 22:06 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\kubusc\Downloads\sh-remover.exe
2015-08-16 12:43 - 2015-08-16 12:44 - 00000000 ____D C:\ProgramData\pWinManProp
2015-08-16 12:39 - 2015-08-16 12:39 - 00865000 _____ (Application Installer generic ) C:\Users\kubusc\Downloads\7Zip-12559-dp.exe
EmptyTemp:

W FRST wybierz Fix.

Drzewko
Od najstarszego
Od najnowszego

kolobos Re: nie mogę usunąć programu spyhunter 28.08.15, 22:27

Dales tylko addition.txt, jeszcze frst.txt.
szczepcio30 Re: nie mogę usunąć programu spyhunter 28.08.15, 22:47

wklej.org/id/1785597/ Additional
wklej.org/id/1785599/ FRST
wklej.org/id/1785601/ shortcut
- kolobos Re: nie mogę usunąć programu spyhunter 29.08.15, 10:18
  
  Odinstaluj:
  Adobe Reader 9.4.0 - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
  Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
  eBay (HKLM-x32\...\{FDE58148-57E7-43BF-879A-29CCE818C078}) (Version: 1.1.9 - eBay Inc.)
  Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
  
  Zainstaluj ninite.com/java-foxit/
  
  Nie pobieraj programow ze strony oferujacych menadzery pobierania instalujace szkodliwe oprogramownie!
  Taka strona jest np. dobreprogramy.
  
  Obok frst.exe utworz plik fixlist.txt z zawartoscia:
  Task: {B7A8DCDD-151B-46CA-B533-21E967DBD7CB} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-08-16] (Enigma Software Group USA, LLC.)
  Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-08-16]
  ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
  Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-08-16]
  ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
  GroupPolicy: Zasady grupy Chrome wykryto <======= UWAGA
  CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
  HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439721706&z=b95514f87c7c0fd16643e4ag3z4cft3mdo7gdqeg4c&from=cor&uid=HitachiXHTS545032B9A300_101009PBN310GTK3EUYRX&q={searchTerms}
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439721706&z=b95514f87c7c0fd16643e4ag3z4cft3mdo7gdqeg4c&from=cor&uid=HitachiXHTS545032B9A300_101009PBN310GTK3EUYRX&q={searchTerms}
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439721706&z=b95514f87c7c0fd16643e4ag3z4cft3mdo7gdqeg4c&from=cor&uid=HitachiXHTS545032B9A300_101009PBN310GTK3EUYRX&q={searchTerms}
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439721706&z=b95514f87c7c0fd16643e4ag3z4cft3mdo7gdqeg4c&from=cor&uid=HitachiXHTS545032B9A300_101009PBN310GTK3EUYRX&q={searchTerms}
  HKU\S-1-5-21-3437986071-2192667530-2205083868-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki
  SearchScopes: HKU\S-1-5-21-3437986071-2192667530-2205083868-1000 -> {37EC7309-1865-46C5-88F6-B72DC188F500} URL = hxxp://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
  SearchScopes: HKU\S-1-5-21-3437986071-2192667530-2205083868-1000 -> {A21453F0-42DB-4CE5-9DC8-1CE769498A3D} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
  BHO-x32: Jungle Net -> {dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36} -> C:\Program Files (x86)\Jungle Net\Extensions\dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36.dll Brak pliku
  BHO-x32: Filter Results -> {dd4c66b8-f943-4b10-8053-7e9ee39bba4a} -> C:\Program Files (x86)\Filter Results\Extensions\dd4c66b8-f943-4b10-8053-7e9ee39bba4a.dll Brak pliku
  FF Extension: Jungle Net - C:\Users\kubusc\AppData\Roaming\Mozilla\Firefox\Profiles\3tt3v3tz.default\Extensions\{8f2a3863-c201-4a50-8c51-c3f9da1feea6}.xpi [2015-08-23]
  FF Extension: Filter Results - C:\Users\kubusc\AppData\Roaming\Mozilla\Firefox\Profiles\3tt3v3tz.default\Extensions\{e8f8da3a-99a8-45cd-a6e0-fc7d6d49412a}.xpi [2015-08-28]
  OPR Extension: (Filter Results) - C:\Users\kubusc\AppData\Roaming\Opera Software\Opera Stable\Extensions\kdeefpheeeabokjolkocfdahllodhkic [2015-08-28]
  OPR Extension: (Jungle Net) - C:\Users\kubusc\AppData\Roaming\Opera Software\Opera Stable\Extensions\mlbphbgembijaealceidcddcgnokdojm [2015-08-23]
  S4 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026944 2015-08-16] (Enigma Software Group USA, LLC.)
  S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-08-16] ()
  2015-08-28 21:05 - 2015-08-28 21:23 - 00000000 ____D C:\AdwCleaner
  2015-08-28 17:23 - 2015-08-28 17:23 - 00867648 _____ (Internet program ) C:\Users\kubusc\Downloads\HijackThis-12030-dp(2).exe
  2015-08-28 17:18 - 2015-08-28 17:18 - 00867648 _____ (Internet program ) C:\Users\kubusc\Downloads\HijackThis-12030-dp(1).exe
  2015-08-23 10:10 - 2015-08-23 10:10 - 00865000 _____ (Application Installer generic ) C:\Users\kubusc\Downloads\Adobe-Flash-Player-13091-dp.exe
  2015-08-23 10:01 - 2015-08-23 10:01 - 00000000 ____D C:\Windows\SysWOW64\Adobe
  2015-08-23 09:59 - 2015-08-23 09:59 - 05012928 _____ (Adobe Systems Inc.) C:\Users\kubusc\Downloads\Shockwave_Installer_Slim.exe
  2015-08-23 09:59 - 2015-08-23 09:59 - 00865000 _____ (Application Installer generic ) C:\Users\kubusc\Downloads\Silverlight-17716-dp.exe
  2015-08-23 09:55 - 2015-08-23 09:56 - 13081608 _____ (Microsoft Corporation) C:\Users\kubusc\Downloads\Silverlight_x64.exe.part
  2015-08-22 14:45 - 2015-08-22 14:45 - 00000000 ____D C:\Users\kubusc\Documents\Waterpark Tycoon
  2015-08-22 14:42 - 2015-08-28 20:47 - 00000000 ____D C:\Users\kubusc\Downloads\backups
  2015-08-22 14:40 - 2015-08-22 14:40 - 00014490 _____ C:\Users\kubusc\Downloads\hijackthis.log
  2015-08-22 14:39 - 2015-08-22 14:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\kubusc\Downloads\HijackThis_2.0.4.exe
  2015-08-22 14:36 - 2015-08-22 14:36 - 00036734 _____ C:\Windows\SysWOW64\OggDSuninst.exe
  2015-08-22 14:35 - 2015-08-22 14:35 - 00865000 _____ (Application Installer generic ) C:\Users\kubusc\Downloads\HijackThis-12030-dp.exe
  2015-08-16 22:10 - 2015-08-16 22:10 - 00003336 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
  2015-08-16 22:10 - 2015-08-16 22:10 - 00000937 _____ C:\Users\kubusc\Desktop\SpyHunter.lnk
  2015-08-16 22:10 - 2015-08-16 22:10 - 00000000 ____D C:\Users\kubusc\AppData\Roaming\Enigma Software Group
  2015-08-16 22:10 - 2015-08-16 22:10 - 00000000 ____D C:\sh4ldr
  2015-08-16 22:07 - 2015-08-16 22:07 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
  2015-08-16 22:07 - 2015-08-16 22:07 - 00000000 ____D C:\Program Files\Enigma Software Group
  2015-08-16 22:06 - 2015-08-16 22:06 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\kubusc\Downloads\sh-remover.exe
  2015-08-16 12:43 - 2015-08-16 12:44 - 00000000 ____D C:\ProgramData\pWinManProp
  2015-08-16 12:39 - 2015-08-16 12:39 - 00865000 _____ (Application Installer generic ) C:\Users\kubusc\Downloads\7Zip-12559-dp.exe
  EmptyTemp:
  
  W FRST wybierz Fix.

Najnowsze z forum Wirusy, trojany, spyware

Zaloguj się