Witam po zainstalowaniu Daemoon tools lite mam wielki problem, ponieważ dodatkowo pojawiły się jakieś syfowe programy.
Niektórych nie mogę usunąć ręcznie a po ponownym uruchumieniu komputera znów się pojawiają.
Prosze niech ktoś pomoże już 2 dni z tym walcze.
zrób raporty jak tutaj
http://forum.dobreprogramy.pl/nowy-log-obowiązkowy-farbar-recovery-scan-tool-t478727/
i zaczekaj na analizę
Odinstaluj iWebar.Otwórz notatnik systemowy i wklej:
Task: {060D7EA2-8AF7-47EE-8847-78746B944622} - System32\Tasks\globalUpdateUpdateTaskMachineCore = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-21] (globalUpdate) ==== ATTENTION
Task: {1A64F9B3-A8D1-4E52-81A1-147BE5216E12} - System32\Tasks\74c973de-e3f3-46a4-87d0-1f1825e53dd7-1-7 = C:\Program Files (x86)\iWebar\74c973de-e3f3-46a4-87d0-1f1825e53dd7-1-7.exe [2015-02-21] (Webby) ==== ATTENTION
Task: {1C27E432-8374-46AB-B6E9-05F1CF08475A} - System32\Tasks\74c973de-e3f3-46a4-87d0-1f1825e53dd7-5 = C:\Program Files (x86)\iWebar\74c973de-e3f3-46a4-87d0-1f1825e53dd7-5.exe [2015-02-21] (Webby) ==== ATTENTION
Task: {1F59A3BF-8727-47AF-A419-B2843A9C73EE} - System32\Tasks\PRRYIQ = C:\Users\Bator i Monika\AppData\Roaming\PRRYIQ.exe [2015-02-21] (Sense+) ==== ATTENTION
Task: {2860E808-E28C-42A0-8F50-6ED141C3862E} - System32\Tasks\{F4133615-A59D-4BC6-801C-2044D912EA9F} = pcalua.exe -a "C:\Program Files (x86)\YouTube Accelerator\YTAUninstall.exe"
Task: {648D25CA-918A-4B51-8CE5-875BA7D5A403} - System32\Tasks\globalUpdateUpdateTaskMachineUA = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-21] (globalUpdate) ==== ATTENTION
Task: {792DB9E8-BA89-418F-AF26-9C511B4034D4} - System32\Tasks\74c973de-e3f3-46a4-87d0-1f1825e53dd7-1-6 = C:\Program Files (x86)\iWebar\74c973de-e3f3-46a4-87d0-1f1825e53dd7-1-6.exe [2015-02-21] (Webby) ==== ATTENTION
Task: {8357EC6D-00E3-41E2-90D0-76C44B295066} - \YTAHelper No Task File ==== ATTENTION
Task: {8B11A4BE-E6A6-4F05-B315-5D4FD640C503} - System32\Tasks\NAW = C:\Users\Bator i Monika\AppData\Roaming\NAW.exe [2015-02-21] (Sense+) ==== ATTENTION
Task: {95CD1A42-C45B-4918-A1DD-3839D41BFAE5} - System32\Tasks\{F496DDDC-7097-4C76-95D9-3F0B4E43DE32} = pcalua.exe -a "C:\Users\Bator i Monika\AppData\Roaming\mystartsearch\UninstallManager.exe" -c -ptid=smt
Task: {99A88522-93B8-4B01-A9CF-2597A8B9A82F} - System32\Tasks\74c973de-e3f3-46a4-87d0-1f1825e53dd7-5_user = C:\Program Files (x86)\iWebar\74c973de-e3f3-46a4-87d0-1f1825e53dd7-5.exe [2015-02-21] (Webby) ==== ATTENTION
Task: {D4591275-1154-49F9-832F-FF6224A4DEBD} - System32\Tasks\74c973de-e3f3-46a4-87d0-1f1825e53dd7-4 = C:\Program Files (x86)\iWebar\74c973de-e3f3-46a4-87d0-1f1825e53dd7-4.exe [2015-02-21] (Webby) ==== ATTENTION
Task: C:\Windows\Tasks\74c973de-e3f3-46a4-87d0-1f1825e53dd7-1-6.job = C:\Program Files (x86)\iWebar\74c973de-e3f3-46a4-87d0-1f1825e53dd7-1-6.exe ==== ATTENTION
Task: C:\Windows\Tasks\74c973de-e3f3-46a4-87d0-1f1825e53dd7-1-7.job = C:\Program Files (x86)\iWebar\74c973de-e3f3-46a4-87d0-1f1825e53dd7-1-7.exe ==== ATTENTION
Task: C:\Windows\Tasks\74c973de-e3f3-46a4-87d0-1f1825e53dd7-4.job = C:\Program Files (x86)\iWebar\74c973de-e3f3-46a4-87d0-1f1825e53dd7-4.exe ==== ATTENTION
Task: C:\Windows\Tasks\74c973de-e3f3-46a4-87d0-1f1825e53dd7-5.job = C:\Program Files (x86)\iWebar\74c973de-e3f3-46a4-87d0-1f1825e53dd7-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\74c973de-e3f3-46a4-87d0-1f1825e53dd7-5_user.job = C:\Program Files (x86)\iWebar\74c973de-e3f3-46a4-87d0-1f1825e53dd7-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\Windows\Tasks\NAW.job = C:\Users\Bator i Monika\AppData\Roaming\NAW.exe ==== ATTENTION
Task: C:\Windows\Tasks\PRRYIQ.job = C:\Users\Bator i Monika\AppData\Roaming\PRRYIQ.exe ==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsppts=1424549524from=smtuid=395049983_266034_00908340q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsppts=1424549524from=smtuid=395049983_266034_00908340q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsppts=1424549524from=smtuid=395049983_266034_00908340q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsppts=1424549524from=smtuid=395049983_266034_00908340q={searchTerms}
HKU\S-1-5-21-3495781423-4095351715-2427097237-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsppts=1424546628from=smtuid=395049983_266034_00908340q={searchTerms}
HKU\S-1-5-21-3495781423-4095351715-2427097237-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3495781423-4095351715-2427097237-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsppts=1424546628from=smtuid=395049983_266034_00908340q={searchTerms}
SearchScopes: HKU\S-1-5-21-3495781423-4095351715-2427097237-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=395049983_266034_00908340ts=1424549581type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3495781423-4095351715-2427097237-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=395049983_266034_00908340ts=1424549581type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3495781423-4095351715-2427097237-1000 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=395049983_266034_00908340ts=1424549581type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3495781423-4095351715-2427097237-1000 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=smtutm_campaign=install_ieutm_content=dsfrom=smtuid=395049983_266034_00908340ts=1424549581type=defaultq={searchTerms}
BHO: No Name - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - No File
BHO: YTAHelper - {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} - C:\ProgramData\YTAHelper\YTAHelper64.dll (Goobzo Ltd.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: YTAHelper - {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} - C:\ProgramData\YTAHelper\YTAHelper.dll (Goobzo Ltd.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1424546601from=smtuid=395049983_266034_00908340
FF DefaultSearchEngine: mystartsearch
FF SelectedSearchEngine: mystartsearch
FF SearchPlugin: C:\Users\Bator i Monika\AppData\Roaming\Mozilla\Firefox\Profiles\62j83da4.default\searchplugins\mystartsearch.xml
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Bator i Monika\AppData\Roaming\Mozilla\Firefox\Profiles\62j83da4.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Bator i Monika\AppData\Roaming\Mozilla\Firefox\Profiles\62j83da4.default\extensions\faststartff@gmail.com
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-21] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-21] (globalUpdate) [File not signed]
S2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Bator i Monika\AppData\Roaming\NAW
2015-02-21 20:33 - 2015-02-21 23:46 - 1325008 _____ (Sense+) C:\Users\Bator i Monika\AppData\Roaming\NAW.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Bator i Monika\AppData\Roaming\PRRYIQ
2015-02-21 20:33 - 2015-02-21 23:46 - 1802192 _____ (Sense+) C:\Users\Bator i Monika\AppData\Roaming\PRRYIQ.exe
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Właśnie największy problem jest w tym, że nie mogę tego odinstalować
Pomiń to i wykonaj resztę.
Otwórz notatnik systemowy i wklej:
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-02-22 14:44 - 2015-02-22 15:14 - 00000000 ____ D () C:\AdwCleaner
2015-02-21 20:24 - 2015-02-22 11:30 - 00000000 ____ D () C:\Users\Public\Documents\GOOBZO
2015-02-21 20:24 - 2015-02-21 20:24 - 00000000 ____ D () C:\Users\Public\Documents\YTAHelper
2015-02-21 20:24 - 2015-02-21 20:24 - 00000000 ____ D () C:\Users\Public\Documents\ShopperPro
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Zrobiłem wszystko tak jak radziłeś 