Podmiana wyszukiwarki w chrome na yamdex.net na dokładkę zablokowana możliwość jej usunięcia bez praw administratora pomimo włączenia konta.
Pomoże ktoś ?
Adw cleaner zawiesza się przy próbie usunięcia.
Logi OTL
Logi FRST
Screen
W panelu sterowania odinstaluj:
Loaris Trojan Remover wersja 1.3.7.2
SpyHunter4 wersja 4.13.6.4253
YAC(Yet Another Cleaner!)
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses:
HKLM\...\Policies\Explorer\Run: [65397] => C:\PROGRA~3\LOCALS~1\Temp\msnula.exe
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: PriceMinus -> {1d32ba57-74f3-4445-886b-ca38b8c28940} -> No File
BHO: bestadblocker -> {9e5898cb-b2a5-4fb6-9e89-e5536b2feb33} -> No File
DefaultPrefix-x32: => <==== ATTENTION
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File []
CHR Extension: (Bookmark Manager) - C:\Users\Administrator.Leopard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-06-09]
S3 AsrCDDrv; No ImagePath
S3 catchme; No ImagePath
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-05-27] (Elex do Brasil Participações Ltda)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-01-24] (Enigma Software Group USA, LLC.)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [13904 2011-05-06] ()
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [108616 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [50944 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [102416 2015-05-27] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-04-17] (Elex do Brasil Participações Ltda)
2015-06-09 10:59 - 2015-06-09 11:17 - 00000000 ____ D C:\AdwCleaner
2015-06-09 11:25 - 2015-06-09 11:25 - 00000000 ____ D C:\Users\Administrator.Leopard\AppData\Roaming\Elex-tech
2015-06-09 11:25 - 2015-04-17 04:43 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-06-09 10:59 - 2015-06-09 11:17 - 00000000 ____ D C:\AdwCleaner
2015-06-09 10:04 - 2015-06-09 10:04 - 00000000 ____ D C:\Program Files (x86)\Elex-tech
2015-06-09 10:03 - 2015-06-09 10:03 - 00864648 _____ () C:\Users\Administrator.Leopard\Downloads\yet_another_cleaner_sk_0.exe
2015-06-09 09:58 - 2015-06-09 09:58 - 00864648 _____ () C:\Users\Administrator.Leopard\Downloads\yet_another_cleaner_sk_6723218.exe
2015-06-09 09:16 - 2015-06-09 09:16 - 00001250 _____ C:\Users\Admin\Desktop\SpyHunter4.lnk
2015-06-09 09:16 - 2015-06-09 09:16 - 00000000 ____ D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4
2015-06-09 09:16 - 2015-06-09 09:16 - 00000000 ____ D C:\Program Files (x86)\Enigma Software Group
2015-06-09 09:16 - 2012-06-22 12:01 - 00019984 _____ C:\Windows\SysWOW64\Drivers\EsgScanner.sys
2015-06-09 09:16 - 2012-06-22 12:01 - 00019984 _____ C:\Windows\system32\EsgScanner.sys
2015-06-04 15:53 - 2015-04-28 23:09 - 00376944 ____ H (Mozilla Corporation) C:\firеfох.bаt.exe
2015-06-04 15:53 - 2015-04-22 03:48 - 00815304 ____ H (Microsoft Corporation) C:\iехplоrе.bаt.exe
2015-05-14 08:31 - 2015-05-14 08:31 - 00041433 _____ C:\ComboFix.txt
2015-06-09 09:30 - 2015-01-24 23:40 - 01231058 _____ C:\spyhunter.fix
RemoveDirectory: C:\Qoobox
Task: {027E9FD9-4183-4677-9E0B-1578D6EC1364} - System32\Tasks\{3D989238-D046-4AB5-AD8D-1747F38FE1FE} => pcalua.exe -a C:\Users\Admin\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp <==== ATTENTION
Task: {04CB0AFB-24DC-4511-B7C9-91B7F65FBA6C} - System32\Tasks\{DE197C35-027D-4366-A3EB-A48E28AE94BA} => pcalua.exe -a H:\TS\plugins\ts3overlay\InstallHook.exe -d H:\TS\plugins\ts3overlay\ -c ts3overlay_hook_win32.dll 10000
Task: {12715CDD-7255-4B25-9349-36624949E1CE} - System32\Tasks\{4A517747-CDF9-4951-93F7-822B4374490F} => pcalua.exe -a "C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Task: {1B36A98B-C0CA-459E-9330-EC4F26432721} - System32\Tasks\{CE22430B-DDBF-40F1-93CB-DCD36BC69DC2} => pcalua.exe -a "F:\WindowsPhone (1).exe" -d F:\
Task: {45116775-64E9-4055-9C89-B3B6F77670CC} - System32\Tasks\{49F5EB41-6FE9-4948-A6F1-4C4F24310F69} => msiexec.exe /package "F:\setup (2).msi"
Task: {47D8E80A-737D-483B-8690-2846A83E89E9} - System32\Tasks\{DBCE61E9-D6F5-418F-80E5-787FA4DEC065} => pcalua.exe -a "F:\BS.Player PRO v2.68 Build 1077 Multilingual\bsplayer_pro268.1077.exe" -d "F:\BS.Player PRO v2.68 Build 1077 Multilingual"
Task: {4A4EB4B0-D907-48ED-B3F3-845CC0F0DAF5} - System32\Tasks\{4419D932-EA5B-419B-847D-55A37B1CDA3A} => pcalua.exe -a "F:\setup (1).exe" -d F:\
Task: {AABFB5C2-7C28-4C7C-9EB9-0B9025310FD6} - System32\Tasks\{E634B55B-3BC5-4B1E-8BA1-A882EEFB1D2D} => msiexec.exe /package "F:\setup (2).msi"
Task: {BA16CEBA-1715-406E-BD4A-9DA85365183A} - System32\Tasks\Driver Booster Update => I:\Driver Booster\AutoUpdate.exe
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKU\S-1-5-21-1183382978-3622372495-3185527323-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-1183382978-3622372495-3185527323-1000 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
URLSearchHook: [S-1-5-21-1183382978-3622372495-3185527323-1000] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1183382978-3622372495-3185527323-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL =
SearchScopes: HKU\S-1-5-21-1183382978-3622372495-3185527323-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL =
2015-06-09 15:52 - 2015-06-09 15:52 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2015-06-09 13:03 - 2015-06-09 13:03 - 00000000 ____ D C:\rsit
2015-06-04 15:53 - 2015-04-28 23:09 - 00376944 ____ N (Mozilla Corporation) C:\firеfох.bаt.exe
2015-06-04 15:53 - 2015-04-22 03:48 - 00815304 ____ N (Microsoft Corporation) C:\iехplоrе.bаt.exe
2015-02-03 14:52 - 2015-02-03 14:52 - 0000038 ___SH () C:\Users\Admin\AppData\Local\69ff07055291669bb2b218.72821112
2015-03-10 09:20 - 2015-03-23 22:36 - 0011670 _____ () C:\Users\Admin\AppData\Local\Temp-log.txt
2014-12-10 14:16 - 2014-12-10 15:02 - 0000754 _____ () C:\Users\Admin\AppData\Local\TwitchModCfg.txt
CloseProcesses:
Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST
Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
http://wstaw.org/m/2014/03/25/2014-03-25_123039.png
Język PL > Settings > General Settings > Language > Polish
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK
Odinstaluj:
Adobe Flash Player 17 ActiveX
Adobe Flash Player 17 NPAPI
Adobe Flash Player 17 PPAPI
Java 8 Update 31
Java 8 Update 40
Zainstaluj:
Nie potrzeba nowych logów.
Jeszcze raz dziekuję