Istartsurf i inne syfy

[radzia]

istartsurf i inne syfy (GamesDesktop, WordSurfer, SmartWeb, Frienly Error, CinemaPlus) mimo usilnych starań (odinstalowanie, czyszczenie przeglądarki) wracają


Pozdrawiam,

[ordynat]

1) Jeszcze raz spróbuj odinstalować te programy:

CinemaPlus-3.2cV11.08 (HKLM-x32\...\CinemaPlus-3.2cV11.08) (Version: 1.36.01.22 - Cinema PlusV11.08) <==== ATTENTION
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
WordSurfer 1.10.0.19 (HKLM-x32\...\WordSurfer_1.10.0.19) (Version: 1.10.0.19 - WordSurfer)

2) Otwórz Notatnik i wklej w nim:

Task: {17BB7F5E-024A-4EAD-BB50-C2FA111A931A} - System32\Tasks\b73155d0-a611-4b52-951b-f3089927459d-4 => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-4.exe [2015-08-11] (Cinema PlusV11.08) <==== ATTENTION
C:\Program Files (x86)\CinemaPlus-3.2cV11.08
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-11] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [68608 2015-08-11] (globalUpdate) [File not signed] <==== ATTENTION
Task: {37EC3D0D-0CDF-4FCF-B19D-5421D4DE624F} - System32\Tasks\IQA => cmd.exe /c start chrome.exe
Task: {4F024A25-B1DE-4A0A-83E2-266243617C66} - System32\Tasks\q1naPs26e3iZ3t => C:\Users\Radzia\AppData\Roaming\q1naPs26e3iZ3t.exe [2015-04-20] () <==== ATTENTION
C:\Users\Radzia\AppData\Roaming\q1naPs26e3iZ3t.exe
Task: {55B7BE74-2E94-45ED-B0D5-5C84CA68792E} - System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Pending Update => C:\Program Files (x86)\PhraseProfessor_1.10.0.21\Update\PhraseProfessorAutoUpdateClient.exe
Task: {50B99B96-74D9-419D-A74A-DA0122A96651} - System32\Tasks\b73155d0-a611-4b52-951b-f3089927459d-5_user => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-5.exe [2015-08-11] (Cinema PlusV11.08) <==== ATTENTION
C:\Program Files (x86)\PhraseProfessor_1.10.0.21
Task: {6EEE6381-0E49-4C34-8F6F-8FB366EC76B1} - System32\Tasks\b73155d0-a611-4b52-951b-f3089927459d-10_user => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-10.exe [2015-08-11] (Cinema PlusV11.08) <==== ATTENTION
Task: {823906BB-21DD-4FEC-9B20-DAC9BC1718B7} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-11] (globalUpdate) <==== ATTENTION
C:\Program Files (x86)\globalUpdate
Task: {A25D347D-58B4-4B81-849B-F9257D6FF6FD} - System32\Tasks\b73155d0-a611-4b52-951b-f3089927459d-1-6 => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-1-6.exe [2015-08-11] (Cinema PlusV11.08) <==== ATTENTION
Task: {CD120DD3-C2BB-4BF4-BA40-CCAE5C888B5C} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-11] (globalUpdate) <==== ATTENTION
Task: {D54DC214-0B70-4034-99B6-B3251A8CCD54} - System32\Tasks\b73155d0-a611-4b52-951b-f3089927459d-1-7 => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-1-7.exe [2015-08-11] (Cinema PlusV11.08) <==== ATTENTION
Task: {D69AB4BB-1828-457D-9F34-5D3576897D76} - System32\Tasks\{BAF0DD6C-46AA-4287-9100-B59BC23C6CD0} => pcalua.exe -a C:\Users\Radzia\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
Task: {E1A1625B-95DB-4E51-B1FD-6B11AE36EE86} - System32\Tasks\61392F82-B740-428E-B2D6-511DF5E91F84 => C:\Users\Radzia\AppData\Local\61392F82-B740-428E-B2D6-511DF5E91F84\61392F82-B740-428E-B2D6-511DF5E91F84.exe [2015-08-11] () <==== ATTENTION
C:\Users\Radzia\AppData\Local\61392F82-B740-428E-B2D6-511DF5E91F84
Task: {EEBA7845-786B-4196-8C4F-03B6FC43049A} - System32\Tasks\b73155d0-a611-4b52-951b-f3089927459d-5 => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-5.exe [2015-08-11] (Cinema PlusV11.08) <==== ATTENTION
Task: C:\WINDOWS\Tasks\b73155d0-a611-4b52-951b-f3089927459d-1-6.job => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b73155d0-a611-4b52-951b-f3089927459d-1-7.job => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-1-7.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b73155d0-a611-4b52-951b-f3089927459d-10_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-10.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b73155d0-a611-4b52-951b-f3089927459d-4.job => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b73155d0-a611-4b52-951b-f3089927459d-5.job => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\b73155d0-a611-4b52-951b-f3089927459d-5_user.job => C:\Program Files (x86)\CinemaPlus-3.2cV11.08\b73155d0-a611-4b52-951b-f3089927459d-5.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\q1naPs26e3iZ3t.job => C:\Users\Radzia\AppData\Roaming\q1naPs26e3iZ3t.exe <==== ATTENTION
C:\Program Files (x86)\D9044FC0-1439273757-11E2-AE66-78843C38B736\knsvA598.tmp
C:\Program Files (x86)\D9044FC0-1439273757-11E2-AE66-78843C38B736
C:\Program Files (x86)\WordSurfer_1.10.0.19
HKLM-x32\...\Run: [gmsd_pl_005010057] => [X]
HKLM-x32\...\Run: [rec_pl_61] => [X]
Toolbar: HKU\S-1-5-21-3140324642-322551476-1686766742-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-3140324642-322551476-1686766742-1002 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Tcpip\..\Interfaces\{1A67BC51-5AE9-4B46-B3F1-7578B201B262}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{20479A09-46E6-4AB5-AC30-B33F601495C0}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{4467B214-1E34-4D59-93E2-CDBB3BE2520F}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{4CBAA6AF-D573-4DAE-90D5-F94892ED283E}: [NameServer] 52.17.204.69,8.8.8.8
Tcpip\..\Interfaces\{d7e7bb93-29ba-11e4-824f-806e6f6e6963}: [NameServer] 52.17.204.69,8.8.8.8
FF Extension: CinemaPlus-3.2cV11.08 - C:\Users\Radzia\AppData\Roaming\Mozilla\Firefox\Profiles\9nsltetg.default-1439305845109\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-08-11]
R2 kihiburo; C:\Program Files (x86)\D9044FC0-1439273757-11E2-AE66-78843C38B736\knsvA598.tmp [248832 2015-08-11] () [File not signed]
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-16] (Word Surfer)
S1 ppfd_vw_1_10_0_21; system32\drivers\ppfd_vw_1_10_0_21.sys [X]
S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X]
C:\Users\Radzia\AppData\Local\globalUpdate
C:\ProgramData\eWinManProe
C:\WINDOWS\System32\Tasks\61392F82-B740-428E-B2D6-511DF5E91F84
2015-08-11 16:10 - 2015-08-11 16:10 - 00004210 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Pending Update
2015-08-11 16:10 - 2015-08-11 16:10 - 00004200 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Core
2015-08-11 15:47 - 2015-08-11 15:48 - 00000000 ____D C:\ProgramData\4WinManPro4
C:\ProgramData\HWinManProH
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Radzia\AppData\Roaming\q1naPs26e3iZ3t
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Radzia\AppData\Roaming\q1naPs26e3iZ3t.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Kiosk Reader\e-Kiosk Reader.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Kiosk Reader\Licencja użytkownika.lnk
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

3) Zrób nowe logi FRST - już bez Shortcut

4) Napisz, czy problem znikł?
.

[radzia]

CinemaPlus-3.2cV11.08, WordSurfer 1.10.0.19 odinstalowałem przy użyciu Wise Program Uninstaller, globalupdate Helper nie znalazłem

uruchomiłem FRST Fixa, logi w załączeniu

odinstalowałem (Wise Program Uninstaller) Istasirf, Friendly Error, Games Desktop, zresetowałem Firefoxa i Maxthona Nitro

Jest DUŻO lepiej, wyskoczyło tylko jedno okienko (screen w załączniu), jest jeszcze jakiś dziwny setup, do odinstalowania ?(też na screenie).

Pozdrawiam,

[ordynat]

1) Otwórz Notatnik i wklej w nim:

Task: {2D2AC711-1176-43C7-9162-A3FE9DCB007F} - System32\Tasks\oFpP0GWYrTns4 => C:\Users\Radzia\AppData\Roaming\oFpP0GWYrTns4.exe [2015-04-20] () <==== ATTENTION
C:\Users\Radzia\AppData\Roaming\oFpP0GWYrTns4.exe
Task: {38F66EEF-971E-4AFE-A82C-A9D71DD31FD1} - \PhraseProfessor Auto Updater 1.10.0.21 Core -> No File <==== ATTENTION
Task: {5951EA83-7187-4D42-9A51-98828AEBB02A} - \b73155d0-a611-4b52-951b-f3089927459d-4 -> No File <==== ATTENTION
Task: {B0429AE4-972A-4A08-9E77-CFD8422A1CCF} - \b73155d0-a611-4b52-951b-f3089927459d-1-6 -> No File <==== ATTENTION
Task: {CA2874D9-17A6-47E5-936F-FD43D50B9A65} - System32\Tasks\uiigEAtrBCMeUwTa0lKdfGurb8 => C:\Users\Radzia\AppData\Roaming\uiigEAtrBCMeUwTa0lKdfGurb8.exe [2015-04-20] () <==== ATTENTION
C:\Users\Radzia\AppData\Roaming\uiigEAtrBCMeUwTa0lKdfGurb8.exe
Task: {D1250875-AA92-4BB0-BBB3-2D39F491B705} - \b73155d0-a611-4b52-951b-f3089927459d-1-7 -> No File <==== ATTENTION
Task: {E670B1FF-82A5-4CD8-BA9B-3E06FCD84101} - \b73155d0-a611-4b52-951b-f3089927459d-10_user -> No File <==== ATTENTION
Task: {E85BE187-17D7-4673-882B-EA743E79204C} - System32\Tasks\jyw3aryFqAxKPyE => C:\Users\Radzia\AppData\Roaming\jyw3aryFqAxKPyE.exe [2015-04-20] () <==== ATTENTION
C:\Users\Radzia\AppData\Roaming\jyw3aryFqAxKPyE.exe
Task: {F7F753C0-9518-488B-8A22-19CD8FEFE78C} - \b73155d0-a611-4b52-951b-f3089927459d-5_user -> No File <==== ATTENTION
2015-08-11 20:17 - 2015-08-11 14:47 - 03344528 _____ () C:\Users\Radzia\AppData\Local\gmsd_pl_005010058\upgmsd_pl_005010058.exe
2015-08-11 20:17 - 2015-08-11 14:47 - 03982480 _____ () C:\Program Files (x86)\gmsd_pl_005010058\gmsd_pl_005010058.exe
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FriendlyError" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_pl_005010058_is1" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\globalupdate Helper" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb" /f
C:\Program Files (x86)\MiuiTab
C:\Users\Radzia\AppData\Local\gmsd_pl_005010058
C:\Users\Radzia\AppData\Local\SmartWeb
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Radzia\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM-x32\...\Run: [gmsd_pl_005010058] => C:\Program Files (x86)\gmsd_pl_005010058\gmsd_pl_005010058.exe [3982480 2015-08-11] ()
HKLM-x32\...\RunOnce: [upgmsd_pl_005010058.exe] => C:\Users\Radzia\AppData\Local\gmsd_pl_005010058\upgmsd_pl_005010058.exe [3344528 2015-08-11] ()
Startup: C:\Users\Radzia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-11]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Radzia\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1439316939&z=afdf34a0e71fef03119aeadg0z6cet8c7g7q2b8bag&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1439316939&z=afdf34a0e71fef03119aeadg0z6cet8c7g7q2b8bag&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1439316902&z=274abd93d248c72abcd3182g5z4c4t4c0g7q6bfzbz&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1439316939&z=afdf34a0e71fef03119aeadg0z6cet8c7g7q2b8bag&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1439316939&z=afdf34a0e71fef03119aeadg0z6cet8c7g7q2b8bag&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1439316902&z=274abd93d248c72abcd3182g5z4c4t4c0g7q6bfzbz&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX&q={searchTerms}
HKU\S-1-5-21-3140324642-322551476-1686766742-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1439316902&z=274abd93d248c72abcd3182g5z4c4t4c0g7q6bfzbz&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX&q={searchTerms}
HKU\S-1-5-21-3140324642-322551476-1686766742-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1439316939&z=afdf34a0e71fef03119aeadg0z6cet8c7g7q2b8bag&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX
HKU\S-1-5-21-3140324642-322551476-1686766742-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1439316939&z=afdf34a0e71fef03119aeadg0z6cet8c7g7q2b8bag&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX
HKU\S-1-5-21-3140324642-322551476-1686766742-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1439316902&z=274abd93d248c72abcd3182g5z4c4t4c0g7q6bfzbz&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3140324642-322551476-1686766742-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX&ts=1439316964&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3140324642-322551476-1686766742-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX&ts=1439316964&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3140324642-322551476-1686766742-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX&ts=1439316964&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3140324642-322551476-1686766742-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX&ts=1439316964&type=default&q={searchTerms}
BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-08-07] (Good Co. Limited)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1439316902&z=274abd93d248c72abcd3182g5z4c4t4c0g7q6bfzbz&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: istartsurf
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1439316939&z=afdf34a0e71fef03119aeadg0z6cet8c7g7q2b8bag&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX
FF SearchPlugin: C:\Users\Radzia\AppData\Roaming\Mozilla\Firefox\Profiles\9nsltetg.default-1439305845109\searchplugins\istartsurf.xml [2015-08-12]
FF Extension: Default SearchProtected - C:\Users\Radzia\AppData\Roaming\Mozilla\Firefox\Profiles\9nsltetg.default-1439305845109\Extensions\defsearchp@gmail.com [2015-08-12]
FF Extension: deskCut - C:\Users\Radzia\AppData\Roaming\Mozilla\Firefox\Profiles\9nsltetg.default-1439305845109\Extensions\deskCutv2@gmail.com [2015-08-11]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Radzia\AppData\Roaming\Mozilla\Firefox\Profiles\9nsltetg.default-1439305845109\extensions\defsearchp@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Radzia\AppData\Roaming\Mozilla\Firefox\Profiles\9nsltetg.default-1439305845109\extensions\deskCutv2@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=sc&ts=1439316902&z=274abd93d248c72abcd3182g5z4c4t4c0g7q6bfzbz&from=face&uid=HGSTXHTS545050A7E380_130720TM85134T0AZNAMX
OPR Extension: (CinemaP-1.9cV11.08) - C:\Users\Radzia\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-11]
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-08-07] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\iWinManProi\ProtectWindowsManager.exe [708264 2015-08-11] (DTools LIMITED) <==== ATTENTION
S2 kutuqyse; C:\Program Files (x86)\D9044FC0-1439273757-11E2-AE66-78843C38B736\knsz50D4.tmp [X]
C:\Program Files (x86)\D9044FC0-1439273757-11E2-AE66-78843C38B736
C:\ProgramData\iWinManProi
C:\Program Files (x86)\FriendlyError
C:\Users\Radzia\AppData\Roaming\istartsurf
C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Users\Radzia\AppData\Roaming\uiigEAtrBCMeUwTa0lKdfGurb8
C:\Users\Radzia\AppData\Roaming\oFpP0GWYrTns4
C:\Users\Radzia\AppData\Roaming\jyw3aryFqAxKPyE
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

2) Zrób nowe logi FRST.
.

[radzia]

Zrobione

z ciekawostek: jeszcze przed wykonaniem fixlista uaktywnił się windows defender i usunął przeglądarkę maxthona nitro.

Pozdrawiam,

[ordynat]

uaktywnił się windows defender i usunął przeglądarkę maxthona nitro

Byłoby lepiej, gdyby zajął się usuwaniem szkodliwych śmieci, zamiast przeglądarek.

Otwórz Notatnik i wklej w nim:

Task: C:\WINDOWS\Tasks\jyw3aryFqAxKPyE.job => C:\Users\Radzia\AppData\Roaming\jyw3aryFqAxKPyE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\oFpP0GWYrTns4.job => C:\Users\Radzia\AppData\Roaming\oFpP0GWYrTns4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\uiigEAtrBCMeUwTa0lKdfGurb8.job => C:\Users\Radzia\AppData\Roaming\uiigEAtrBCMeUwTa0lKdfGurb8.exe <==== ATTENTION
C:\Users\Radzia\AppData\Roaming\*.exe
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\globalupdate Helper" /f
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
C:\Program Files (x86)\globalUpdate
C:\Program Files (x86)\gmsd_pl_005010058
C:\ProgramData\IHProtectUpDate
C:\ProgramData\vWinManProv
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

Zrób nowe logi FRST.
.

[radzia]

Wklejam logi

Pozdrawiam,

[ordynat]

globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION

ten ukryty program dalej jest

Task: C:\WINDOWS\Tasks\jyw3aryFqAxKPyE.job => C:\Users\Radzia\AppData\Roaming\jyw3aryFqAxKPyE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\oFpP0GWYrTns4.job => C:\Users\Radzia\AppData\Roaming\oFpP0GWYrTns4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\uiigEAtrBCMeUwTa0lKdfGurb8.job => C:\Users\Radzia\AppData\Roaming\uiigEAtrBCMeUwTa0lKdfGurb8.exe <==== ATTENTION

są też dalej te Zaplanowane Zadania, ściagajace infekcje.


1) Otwórz Notatnik i wklej w nim:

globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Task: C:\WINDOWS\Tasks\jyw3aryFqAxKPyE.job => C:\Users\Radzia\AppData\Roaming\jyw3aryFqAxKPyE.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\oFpP0GWYrTns4.job => C:\Users\Radzia\AppData\Roaming\oFpP0GWYrTns4.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\uiigEAtrBCMeUwTa0lKdfGurb8.job => C:\Users\Radzia\AppData\Roaming\uiigEAtrBCMeUwTa0lKdfGurb8.exe <==== ATTENTION
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\globalupdate Helper" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\globalupdate" /f
C:\Users\Radzia\AppData\Roaming\*.exe
C:\Program Files (x86)\gmsd_pl_005010058
C:\ProgramData\IHProtectUpDate
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

2) Uruchom FRST.
W polu SEARCH wklej:

jyw3aryFqAxKPyE*.*;
oFpP0GWYrTns4*.*;
uiigEAtrBCMeUwTa0lKdfGurb8*.*

kliknij na przycisk "Search Files".
Raport z tego będzie tam, gdzie jest FRST.

Uruchom FRST.
W polu SEARCH wklej:

globalupdate;
jyw3aryFqAxKPyE;
oFpP0GWYrTns4;
uiigEAtrBCMeUwTa0lKdfGurb8

kliknij na przycisk "Search Registry".
Raport z tego będzie tam, gdzie jest FRST.
.

[radzia]

Zrobione,

wklejam logi:

[ordynat]

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\globalupdate Helper" /f =========

ERROR: The system was unable to find the specified registry key or value.

a więc System nie ma żadnego dostępu do tego ukrytego programu - więc usunięcie go nie wchodzi nawet w rachubę, program da się usunąć tylko poprzez sformatowanie partycji Systemowej.

Do Notatnika wklej:

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\globalupdate.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.Update3WebControl.4]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass\CurVer]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine\CurVer]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback\CurVer]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher\CurVer]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine\CurVer]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc\CurVer]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\LocalServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\Elevation]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\LocalServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\LocalServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\LocalServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\InprocServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}\InProcServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}\InprocServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\Elevation]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\LocalServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"globalUpdateUpdateTaskMachineCore.job"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"globalUpdateUpdateTaskMachineUA.job"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalUpdate]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalUpdate\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\globalupdate.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\InprocServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\LocalServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\Elevation]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}\InprocHandler32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\LocalServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\Elevation]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\LocalServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\LocalServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}\VersionIndependentProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\Elevation]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}\ProgID]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\globalupdate.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"jyw3aryFqAxKPyE.job"=-

[-HKEY_USERS\S-1-5-21-3140324642-322551476-1686766742-1002\Software\jyw3aryFqAxKPyE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"oFpP0GWYrTns4.job"=-

[-HKEY_USERS\S-1-5-21-3140324642-322551476-1686766742-1002\Software\oFpP0GWYrTns4]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"uiigEAtrBCMeUwTa0lKdfGurb8.job"=-

[-HKEY_USERS\S-1-5-21-3140324642-322551476-1686766742-1002\Software\uiigEAtrBCMeUwTa0lKdfGurb8]



Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).

Autor postu otrzymał pochwałę

[radzia]

Zrobione,

Czyli rozumiem to tak, że globalupdate jest zdezaktywowany a aby go usunąć definitywnie potrzebny będzie format?

Pozdrawiam,

[ordynat]

Na razie zapomnij o "globalupdate" - wg mnie teraz Ci niczym nie zagraża.
A jesli kiedyś w dalekiej przyszłości sformatujesz z jakiegoś innego powodu dysk, to przy okazji "globalupdate" zostanie usunięty całkowicie.

Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).

.
=================

Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.