Problem z http://hi.ru/?10

[klawisz73]

witam
mam problem przy uruchomieniu przeglądarki firefox lub chrome pojawia się strona http://hi.ru/?10
proszę o pomoc
http://www.wklej.org/id/2433564/ frst.txt
http://www.wklej.org/id/2433566/ Addition.txt
http://www.wklej.org/id/2433567/ Shortcut.txt

[ordynat]

1) SPYHUNTER - od dawna jest na czarnej liście.
Spróbuj odinstalować w ten sposób:
kliknij na tę ikonkę C:\Users\nazwa Użytkownika\Start Menu\Programs\SpyHunter\Uninstall.lnk (czyli >>START >>Programy>>SpyHunter>>Uninstall)
wyskoczy okienko, ale zamiast klikać wielki zielony guzik "continue" kliknij "no, thanks". To drugie odinstalowuje.

2) Spróbuj odinstalować te programy:

Update for PriceFountain (HKU\S-1-5-21-2255555805-2939568889-2691082882-1001\...\Price Fountain) (Version: - Update for PriceFountain) <==== UWAGA
Protected Search 1.1 (HKLM-x32\...\Protected Search_is1) (Version: - Protected Search) <==== UWAGA

3) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SKANUJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.

4) Otwórz Notatnik i wklej w nim:

AlternateDataStreams: C:\Windows:1ADE9CDDF817A485 [50]
ShortcutWithArgument: C:\Users\piotrek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://hi.ru/?10
ShortcutWithArgument: C:\Users\piotrek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hi.ru/?10
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://hi.ru/?10
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://hi.ru/?10
Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\piotrek\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
Task: {DDAF2D88-2FCA-4D44-915E-821F645B7B82} - System32\Tasks\{268E7734-8054-4AE9-A8E5-06BBDCA09939} => pcalua.exe -a "C:\Users\piotrek\Desktop\Nowy folder\EclCCE.exe" -d "C:\Users\piotrek\Desktop\Nowy folder"
Task: {D0C73889-4F1C-4945-825C-2C89EA093D62} - System32\Tasks\{9C134FB7-F73E-403F-9048-6D0DA91FE4D5} => pcalua.exe -a K:\Setup.exe -d K:\
Task: {D2DA389C-8418-457F-919B-B60C0652318C} - System32\Tasks\{FD5527BE-E165-4EE1-8BEE-B8C7C2DB9333} => pcalua.exe -a "C:\Program Files (x86)\Boardmaker with SD Pro\BM_SDP Demo.exe"
Task: {7F2C375A-A045-40D0-8838-72078447910A} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe [2012-11-26] (Simplygen) <==== UWAGA
Task: {8EA8EED4-4806-4E63-AF16-6FDA815FBB82} - System32\Tasks\{2C63851D-E2B2-4756-B135-AE5A5F6AF64D} => pcalua.exe -a K:\Setup.exe -d K:\
Task: {692D1CC3-E7F0-40AC-AFD3-1283C6202D92} - System32\Tasks\{23B26CE9-6DF9-48EF-A532-5AB6C224262E} => pcalua.exe -a C:\Users\piotrek\Downloads\DVD-RB_v1.282Pro.exe -d C:\Users\piotrek\Downloads
Task: {6C8ACEC6-16BB-4E51-979F-1577BB07B588} - System32\Tasks\{737ED2E6-4A8F-4F6E-B9C5-C5FEE67A1A89} => pcalua.exe -a C:\Users\piotrek\Desktop\Borderlands.Update.1.41.READNFO.PL-PROPHET\PROPHET\SetupHelper.exe -d C:\Users\piotrek\Desktop\Borderlands.Update.1.41.READNFO.PL-PROPHET\PROPHET
Task: {29B9DE1B-4ABC-459F-AF92-D05C5A4D2B67} - System32\Tasks\{274CB54D-48CF-4B0E-AF29-D901080DD144} => pcalua.exe -a C:\Users\piotrek\Downloads\vkaraokeFR(1).exe -d C:\Users\piotrek\Downloads
Task: {41FB7EDD-BE5E-4FF6-804A-BAFEEB943BDB} - System32\Tasks\piotrekTrustierMatchersV2 => Rundll32.exe CyanTenaciously.dll,main 7 1 <==== UWAGA
Task: {43A3504C-9B65-46D6-801F-AAF263F65729} - System32\Tasks\{5767C854-EB98-4BDC-A698-4290DE9B8699} => pcalua.exe -a C:\Users\piotrek\Desktop\Flash_Utility.exe -d C:\Users\piotrek\Desktop
Task: {4FC5C247-A88D-4685-8EDA-4B0F1E0447C0} - System32\Tasks\Price Fountain => C:\Users\piotrek\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
Task: {53145960-5D32-481F-ADA2-4439FA477561} - System32\Tasks\{CC5DD606-5964-46FB-B8D9-C0722C3DF06F} => pcalua.exe -a C:\Windows\System32\haspdinst.exe -d C:\Windows\System32
Task: {5AA6453D-944D-4E32-A746-534EBC40B808} - System32\Tasks\{3169FF0B-0915-4C3D-8434-5DBFA4DFB895} => pcalua.exe -a "C:\Users\piotrek\Desktop\Nowy folder\ul_install.exe" -d "C:\Users\piotrek\Desktop\Nowy folder"
Task: {1DD27C58-F075-4F0E-A2E8-949B6FE6557B} - System32\Tasks\{C5F59BF6-6A38-416C-8B54-AAF970CDE564} => pcalua.exe -a C:\Users\piotrek\Downloads\wmp11-windowsxp-x86-PL-PL.exe -d C:\Users\piotrek\Downloads
Task: {110A5FC7-EA51-49C3-9BE7-FB8B09E75B8B} - System32\Tasks\{D0AFB76E-5A58-4207-8CEE-6362F4B7D8B3} => pcalua.exe -a C:\Users\piotrek\Desktop\MinecraftZyczu.exe -d C:\Users\piotrek\Desktop
Task: {14573BE6-E7B7-4F21-8DD0-5FB6E8AE963E} - System32\Tasks\{41E78458-3983-40E7-BD4E-F9A64AD88FE5} => pcalua.exe -a "C:\Program Files (x86)\gfds\Photodex\ProShow Producer\pxsetup.exe" -d "C:\Program Files (x86)\gfds\Photodex\ProShow Producer"
FirewallRules: [{63058729-FFAB-42B9-BBF2-17173E167FAA}] => (Allow) C:\Program Files (x86)\Prezi\Prezi.exe
FirewallRules: [{765D06CC-3D5D-4ACF-A8F4-849930F4A7B3}] => (Allow) C:\Program Files (x86)\Prezi\Prezi.exe
FirewallRules: [{41A0C676-4A80-46E8-AFDE-BA0301D99123}] => (Allow) C:\Program Files (x86)\Prezi\Prezi.exe
FirewallRules: [{390B35B5-1105-49AB-8554-5F72DB4A44A0}] => (Allow) C:\Program Files (x86)\Prezi\Prezi.exe
C:\Program Files (x86)\Protected Search
C:\Users\piotrek\AppData\Roaming\PRICEF~1
2016-05-23 23:26 - 2016-05-23 23:38 - 00319222 _____ C:\spyhunter.fix
2016-05-23 23:26 - 2010-05-13 18:34 - 00014232 _____ C:\Windows\SysWOW64\sh4native.exe
2016-05-23 23:14 - 2016-05-23 23:14 - 00002252 _____ C:\Users\piotrek\Desktop\SpyHunter.lnk
2016-05-23 23:14 - 2016-05-23 23:14 - 00000000 ____D C:\Users\piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-05-23 23:14 - 2016-05-23 23:14 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2016-05-23 23:11 - 2016-05-23 23:21 - 00000000 ____D C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2016-05-23 23:10 - 2014-05-28 19:11 - 00000000 ____D C:\Users\piotrek\Desktop\SpyHunter 4.15.1.4270
2016-05-23 22:47 - 2016-05-23 22:47 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-05-23 22:46 - 2016-05-23 22:46 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\piotrek\Downloads\SpyHunter-Installer.exe
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X]
S3 vdrive; system32\DRIVERS\vdrive.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [Brak pliku]
FF Keyword.URL: hxxp://search.certified-toolbar.com?si=39033&tid=114&bs=true&q=
FF SearchEngineOrder.1: Web Search
FF SelectedSearchEngine: Web Search
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=39033&bs=true&tid=114&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=39033&bs=true&tid=114&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2255555805-2939568889-2691082882-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=39033&bs=true&tid=114&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2255555805-2939568889-2691082882-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=39033&bs=true&tid=114&q={searchTerms}
HKU\S-1-5-21-2255555805-2939568889-2691082882-1001\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=39033&home=true&tid=114
HKU\S-1-5-21-2255555805-2939568889-2691082882-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=39033&tid=114&bs=true&q=
HKU\S-1-5-21-2255555805-2939568889-2691082882-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=39033&tid=114&bs=true&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.certified-toolbar.com?si=39033&home=true&tid=114
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=39033&tid=114&bs=true&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=39033&tid=114&bs=true&q=
HKU\S-1-5-21-2255555805-2939568889-2691082882-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=39033&tid=114&bs=true&q=
BootExecute: autocheck autochk * sh4native Sh4Removal
HKU\S-1-5-21-2255555805-2939568889-2691082882-1001\...\Run: [CW] => [X]
HKU\S-1-5-21-2255555805-2939568889-2691082882-1001\...\Run: [AdobeBridge] => [X]
HKLM-x32\...\Run: [] => [X]
HOSTS:
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix (NAPRAW).
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
.

[klawisz73]

pomogło
wielkie dzięki