Istartsurf.com oraz Search Protect do usunięcia


(Ktomasz777) #1

Wyszukiwarka i program zainstalowały się przy okazji jednego programu. Nie mogę ich usunąć ani przez Panel Sterowania, ani żadnych innym sposobem opisanym znalezionym w internecie. Z góry dziękuję

 

http://www.wklej.org/id/1765233/ (FRST)


(Atis) #2

Pobierz i uruchom AdwCleaner Kliknij Skanuj i później Usuń.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Yahoo Messenger] => [X]
GroupPolicyScripts: Group Policy detected <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1438033613&z=f5871bfc5d3a1ab57850c51gfz7cfbee2c8c1wbqac&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1438033613&z=f5871bfc5d3a1ab57850c51gfz7cfbee2c8c1wbqac&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1438033579&z=3f3e1c3b209bdda25e1356cg4zdcab7e9c3c5wdofb&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1438033579&z=3f3e1c3b209bdda25e1356cg4zdcab7e9c3c5wdofb&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1438033613&z=f5871bfc5d3a1ab57850c51gfz7cfbee2c8c1wbqac&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1438033613&z=f5871bfc5d3a1ab57850c51gfz7cfbee2c8c1wbqac&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1438033579&z=3f3e1c3b209bdda25e1356cg4zdcab7e9c3c5wdofb&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1438033579&z=3f3e1c3b209bdda25e1356cg4zdcab7e9c3c5wdofb&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.5.0.28
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.5.0.28
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.5.0.28
HKU\S-1-5-21-2086158502-3325905098-2847932083-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hppp&ts=1438033613&z=f5871bfc5d3a1ab57850c51gfz7cfbee2c8c1wbqac&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523
HKU\S-1-5-21-2086158502-3325905098-2847932083-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dspp&ts=1438033613&z=f5871bfc5d3a1ab57850c51gfz7cfbee2c8c1wbqac&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523&q={searchTerms}
HKU\S-1-5-21-2086158502-3325905098-2847932083-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hppp&ts=1438033613&z=f5871bfc5d3a1ab57850c51gfz7cfbee2c8c1wbqac&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523
HKU\S-1-5-21-2086158502-3325905098-2847932083-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dspp&ts=1438033613&z=f5871bfc5d3a1ab57850c51gfz7cfbee2c8c1wbqac&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523&q={searchTerms}
HKU\S-1-5-21-2086158502-3325905098-2847932083-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.5.0.28
SearchScopes: HKU\S-1-5-21-2086158502-3325905098-2847932083-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-2086158502-3325905098-2847932083-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523&ts=1438033630&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086158502-3325905098-2847932083-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523&ts=1438033630&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086158502-3325905098-2847932083-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523&ts=1438033630&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086158502-3325905098-2847932083-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523&ts=1438033630&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2086158502-3325905098-2847932083-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=b&utm_medium=obw&utm_campaign=install_ie&utm_content=ds&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523&ts=1438033630&type=default&q={searchTerms}
BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-07-23] (Thinkgood Co. Limited)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1438033579&z=3f3e1c3b209bdda25e1356cg4zdcab7e9c3c5wdofb&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523
FF NewTab: chrome://quick_start/content/index.html
FF SelectedSearchEngine: istartsurf
FF Homepage: hxxp://www.istartsurf.com/?type=hppp&ts=1438033613&z=f5871bfc5d3a1ab57850c51gfz7cfbee2c8c1wbqac&from=obw&uid=WDCXWD7500BPVT-24HXZT1_WD-WXC1A61P9523P9523
FF SearchPlugin: C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\72kyuj04.default-1393272455046\searchplugins\istartsurf.xml [2015-07-29]
FF Extension: Default SearchProtected - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\72kyuj04.default-1393272455046\Extensions\defsearchp@gmail.com [2015-07-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\72kyuj04.default-1393272455046\extensions\deskCutv2@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\72kyuj04.default-1393272455046\extensions\defsearchp@gmail.com
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tomek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-07-23] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\6WinManPro6\ProtectWindowsManager.exe [435880 2015-07-27] (DTools LIMITED) <==== ATTENTION
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerServic; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 SoftwareService; No ImagePath
U2 Stereo Service; No ImagePath
2015-07-29 21:00 - 2015-07-29 21:02 - 00000000 ____ D C:\AdwCleaner
2015-07-27 23:47 - 2015-07-27 23:47 - 00000000 ____ D C:\ProgramData\IHProtectUpDate
2015-07-27 23:47 - 2015-07-27 23:47 - 00000000 ____ D C:\Program Files (x86)\MiuiTab
2015-07-27 23:46 - 2015-07-28 16:40 - 00000000 ____ D C:\ProgramData\6WinManPro6
2015-07-27 23:46 - 2015-07-27 23:46 - 00000000 _____ C:\windows\prleth.sys
2015-07-27 23:46 - 2015-07-27 23:46 - 00000000 _____ C:\windows\hgfs.sys
2013-10-02 23:08 - 2013-10-02 23:08 - 0032556 _____ () C:\ProgramData\1380747476.bdinstall.bin
2013-10-03 14:16 - 2013-10-03 14:16 - 0523257 _____ () C:\ProgramData\1380801312.bdinstall.bin
2014-04-19 07:48 - 2014-04-19 07:48 - 0241112 _____ () C:\ProgramData\1397886359.bdinstall.bin
Task: {0299B32D-E5AE-4F85-8EC6-F6452DA30DFF} - System32\Tasks\{55FAE275-BA91-4388-9876-4D5BA09B9F98} => pcalua.exe -a C:\Users\Tomek\Downloads\VirtualDubMod_1_5_10_2_All_inclusive\AuxSetup.exe -d C:\Users\Tomek\Downloads\VirtualDubMod_1_5_10_2_All_inclusive
Task: {B1A26546-6218-49BA-A635-0FACC9B5DADC} - System32\Tasks\{CE2901DD-AA6C-40E6-A405-4DF9173D0961} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall ENTERPRISE /dll OSETUP.DLL
Task: {B2174AC8-ACB2-42D8-9972-88E3C2EA92A2} - System32\Tasks\{BD6055E8-F7E5-4D45-A8CB-EF02D5534049} => pcalua.exe -a C:\Users\Tomek\Downloads\AutodeskDownloadManagerSetup.exe -d C:\Users\Tomek\Downloads
Task: {DA746083-D747-45DE-86F6-9DA4BD1FE17B} - System32\Tasks\{BE5AB89E-2344-4E98-BDF6-8FA3CCF0DBF0} => pcalua.exe -a D:\Programy\INSTALL_2010_full\INSTALL_2010_full\Windows\Setup\Setup\setup.exe -d D:\Programy\INSTALL_2010_full\INSTALL_2010_full\Windows\Setup\Setup
Task: {DE560AD7-6C36-4294-A28B-A68181504A81} - System32\Tasks\{CD687805-6F68-4150-817C-FEAB984F15F1} => pcalua.exe -a "D:\Programy\_Bentley MicroStation v8i XM v8.11.05.17-SoS\Bentley Prerequisites for Bentley Desktop Applications v08.11.05.05\pbda08110505en.exe" -d "D:\Programy\_Bentley MicroStation v8i XM v8.11.05.17-SoS\Bentley Prerequisites for Bentley Desktop Applications v08.11.05.05"
AlternateDataStreams: C:\Windows:CM_13209477593af77faad676618634c76f589ef71c4b5c0aa84ffd620558ad5af6
AlternateDataStreams: C:\Windows:CM_21bc33e4f9ba94419f6139d216d7e3b90162092588cbd472505f7a7c672c49da
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.


(Ktomasz777) #3

Wygląda jakby to zdało egzamin, ale prześlę jeszcze logi. Dzięki.

 

http://www.wklej.org/id/1765702/ Fixlog


(Atis) #4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-2086158502-3325905098-2847932083-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=20.5.0.28
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK

Odinstaluj:

Java 8 Update 45

Java SE Development Kit 7 Update 45

Microsoft Silverlight

Zainstaluj:

Java 8 Update 51

Silverlight 5.1.40620.0