Problem z usunięciem SpyHunter 4 oraz reklamy - poproszę o sprawdzenie logów


(zbyszek@1974) #1

http://wklej.org/id/1794572/

http://wklej.org/id/1794574/


(Acorus) #2

http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowiązkowy-t478727/


(zbyszek@1974) #3

http://wklej.org/id/1794609/

http://wklej.org/id/1794612/

http://wklej.org/id/1794613/


(Acorus) #4

Odinstaluj Spybot - Search & Destroy,SpyHunter 4,sweet-page uninstall.Otwórz notatnik systemowy i wklej:

Hosts:
Task: {360D1C53-A844-4DDD-AA31-7245C20391D5} - System32\Tasks\{E489D3F4-2767-46AB-A781-18FA7973B6A8} = pcalua.exe -a c:\users\zbyszek\appdata\local\lollipop\lollipop.bat
Task: {9FDB108D-82D7-4EEC-BFA7-5ACF5AAFE2E1} - System32\Tasks\SpyHunter4Startup = C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-09-10] (Enigma Software Group USA, LLC.)
Task: C:\Windows\Tasks\Install_NSS.job = C:\Program Files\DivX\Symantec\scstubinstaller.exe
HKLM\...\Run: [] = [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
BootExecute: autocheck autochk * Ɯň؀ňថ
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
CHR HomePage: Default - hxxp://www.sweet-page.com/?type=hpts=1441979859z=a16cdbfc794a134b0317919g4zazfg3tam5t5b4w6mfrom=coruid=FUJITSUXMHY2200BH_K41KT862WYWUT862WYWUX
CHR StartupUrls: Default - "hxxp://www.sweet-page.com/?type=hpts=1441979859z=a16cdbfc794a134b0317919g4zazfg3tam5t5b4w6mfrom=coruid=FUJITSUXMHY2200BH_K41KT862WYWUT862WYWUX"
CHR HKLM\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files\StartSearch plugin\startsplg.crx not found
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [771968 2015-09-10] (Enigma Software Group USA, LLC.)
R2 WdsManPro; C:\ProgramData\BWdsManProB\WdsManPro.exe [451720 2015-09-11] (DTools LIMITED)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-09-10] (Enigma Software Group USA, LLC.)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 igfx; system32\DRIVERS\igdkmd32.sys [X]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
2015-09-11 15:58 - 2015-09-11 15:59 - 00000000 ___DC C:\ProgramData\BWdsManProB
2015-09-10 14:15 - 2015-09-11 08:05 - 00000000 ___DC C:\AdwCleaner
2015-09-10 14:15 - 2015-09-10 14:15 - 00000000 ___DC C:\Users\ZBYSZEK\AppData\Roaming\Enigma Software Group
2015-09-10 14:14 - 2015-09-10 14:15 - 00000000 ___DC C:\sh4ldr
2015-09-10 14:11 - 2015-09-10 14:12 - 03237248 ____ C (Enigma Software Group USA, LLC.) C:\Users\ZBYSZEK\Downloads\SpyHunter-Installer (1).exe
2011-02-03 15:04 - 2015-04-17 13:14 - 0000220 ____ C () C:\Users\ZBYSZEK\AppData\Roaming\wklnhst.dat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(zbyszek@1974) #5

przy odinstalowaniu SpyHunter 4 informuje o błędzie deinstalacji :3 i nie usuwa programu , sweet-page nie odnajduje :frowning:  co teraz ??


(Acorus) #6

Pomiń to i wykonaj resztę.


(zbyszek@1974) #7

udało się dwukrotny restart komputera i poszło wielkie dzięki  :slight_smile:


(Acorus) #8

Skasuj folder C:\FRST