Usunięcie search protect i istartsurf


(B Swiatowski) #1

Witam,

 

Proszę o pomoc w usunięciu programu search protect i toolbar istarsurf, z powodu niefrasobliwej żony :) 

 

Logi z farbar 

 

http://www.wklej.org/id/1667702/

 

http://www.wklej.org/id/1667705/

 

 

Pozdrawiam

Bartek

 


(Acorus) #2

Odinstaluj McAfee Security Scan Plus.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [QuickTime Task] = C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-06] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dsppts=1426159468from=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dsppts=1426159468from=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xq={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hpts=1426159416from=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84X
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hpts=1426159416from=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84X
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dsppts=1426159468from=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dsppts=1426159468from=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xq={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=squadmutm_campaign=install_ieutm_content=dsfrom=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xts=1426159489type=defaultq={searchTerms}
SearchScopes: HKU\.DEFAULT - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=squadmutm_campaign=install_ieutm_content=dsfrom=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xts=1426159489type=defaultq={searchTerms}
SearchScopes: HKU\.DEFAULT - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=squadmutm_campaign=install_ieutm_content=dsfrom=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xts=1426159489type=defaultq={searchTerms}
SearchScopes: HKU\.DEFAULT - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\.DEFAULT - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=squadmutm_campaign=install_ieutm_content=dsfrom=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xts=1426159489type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2454394756-2303697684-602718148-1005 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dsppts=1426159468from=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xq={searchTerms}
SearchScopes: HKU\S-1-5-21-2454394756-2303697684-602718148-1005 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=squadmutm_campaign=install_ieutm_content=dsfrom=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xts=1426159489type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2454394756-2303697684-602718148-1005 - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=squadmutm_campaign=install_ieutm_content=dsfrom=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xts=1426159489type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2454394756-2303697684-602718148-1005 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=squadmutm_campaign=install_ieutm_content=dsfrom=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xts=1426159489type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2454394756-2303697684-602718148-1005 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?type=dsppts=1426159468from=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xq={searchTerms}
SearchScopes: HKU\S-1-5-21-2454394756-2303697684-602718148-1005 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=squadmutm_campaign=install_ieutm_content=dsfrom=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xts=1426159489type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2454394756-2303697684-602718148-1005 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=squadmutm_campaign=install_ieutm_content=dsfrom=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xts=1426159489type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2454394756-2303697684-602718148-1005 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=squadmutm_campaign=install_ieutm_content=dsfrom=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84Xts=1426159489type=defaultq={searchTerms}
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\XTab\SupTab.dll [2015-03-10] (Thinknice Co. Limited)
Toolbar: HKU\S-1-5-21-2454394756-2303697684-602718148-1005 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=scts=1426159416from=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84X
FF DefaultSearchEngine: istartsurf
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: istartsurf
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\istartsurf.xml [2015-03-21]
FF Extension: Fast Start - C:\Documents and Settings\centrum integra\Dane aplikacji\Mozilla\Firefox\Profiles\csnecje9.default\Extensions\istart_ffnt@gmail.com [2015-03-15]
FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Documents and Settings\centrum integra\Dane aplikacji\Mozilla\Firefox\Profiles\csnecje9.default\extensions\istart_ffnt@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe http://www.istartsurf.com/?type=scts=1426159416from=squadmuid=FUJITSUXMHZ2160BHXG2_K62TT982LN84T982LN84X
CHR DefaultSearchKeyword: Default - istartsurf
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158816 2015-03-10] (XTab system)
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-12] (SysTool PasSame LIMITED)
S2 Update Steel Cut; "C:\Program Files\Steel Cut\updateSteelCut.exe" [X]
S3 BTWUSB; System32\Drivers\btwusb.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
2015-03-12 12:24 - 2015-03-12 12:24 - 00000000 ____ D () C:\Program Files\XTab
2015-03-12 12:24 - 2015-03-12 12:24 - 00000000 ____ D () C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect
2015-03-12 12:24 - 2015-03-12 12:24 - 00000000 ____ D () C:\Documents and Settings\All Users\Dane aplikacji\IHProtectUpDate
2015-03-12 12:22 - 2015-03-12 17:01 - 00000000 ____ D () C:\Program Files\Steel Cut
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(B Swiatowski) #3

Witam,

 

Dziękują za pomoc.

 

McAfee odinstalowane, adwcleaner , scan i cleaning zrobione

 

log z adw cleaner

 

http://wklej.org/id/1667742/

 

log z fabar

 

http://wklej.org/id/1667745/

 

Proszę o sprawdzenie czy wszystko ok.

 

Z góry dziękuję 

 

Pozdrawiam

Bartek


(Acorus) #4

Skasuj folder C:\FRST


(B Swiatowski) #5

 

Dziękuję bardzo,

 

Pozdrawiam

Bartek