Witam,

Jak w temacie. Czyściłem już adwcleanerem, mbam ale nadal nie można tego usunąć.

Proszę o diagnostykę.

OTL

http://www.wklej.org/id/1513104/

Extras

http://www.wklej.org/id/1513105/

FRST

http://www.wklej.org/id/1513106/

Shortcut

http://www.wklej.org/id/1513107/

Addition

http://www.wklej.org/id/1513108/

I po co tyle tych logów? Odinstaluj Akamai NetSession Interface.Otwórz Notatnik i wklej:

Task: {A8F04348-1103-411F-8542-DF4D6B81FA15} - System32\Tasks\ProtectedSearch\Protected Search = C:\Program Files (x86)\Protected Search\ProtectedSearch.exe ==== ATTENTION
HKU\S-1-5-21-630740549-2962817680-2268578537-1000\...\Policies\Explorer: []
HKU\S-1-5-21-630740549-2962817680-2268578537-1000\...\MountPoints2: {16263424-0de9-11e1-bbf7-0024210cc543} - G:\LaunchU3.exe -a
HKU\S-1-5-21-630740549-2962817680-2268578537-1000\...\MountPoints2: {51ae059b-342c-11df-8267-0024210cc543} - F:\Setup.exe
HKU\S-1-5-21-630740549-2962817680-2268578537-1000\...\MountPoints2: {ae0e095d-d883-11df-8610-0024210cc543} - H:\AutoRunCardDetector.exe
HKU\S-1-5-21-630740549-2962817680-2268578537-1000\...\MountPoints2: {b63350a9-344f-11df-8cfe-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-630740549-2962817680-2268578537-1000\...\MountPoints2: {b8358270-d3af-11df-9c91-0024210cc543} - H:\AutoRunCardDetector.exe
HKU\S-1-5-21-630740549-2962817680-2268578537-1000\...\MountPoints2: {e7ce129f-79ed-11df-8ba5-0024210cc543} - E:\Setup.exe
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] - {36A21736-36C2-4C11-8ACB-D4136F2B57BD} = No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
SearchScopes: HKCU - {04D2D8DD-77FF-49B2-94D4-EF7452CF95E4} URL = http://search.babylon.com/?q={searchTerms}affID=110824tt=4212_4babsrc=SP_ssmntrId=148a3d1e000000000000de5d4c909d51
SearchScopes: HKCU - {BCA9C7EC-1053-4DDB-9D95-808950F3D415} URL = http://websearch.ask.com/redirect?client=ietb=ORJo=src=crmq={searchTerms}locale=apn_ptnrs=U3apn_dtid=OSJ000YYPLapn_uid=F0E4C780-E99F-49F1-B055-1C398BBA7BA4apn_sauid=18D69E1A-D853-4348-BBC3-A0E855EA1FA2
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Homepage: error
FF DefaultSearchEngine: error
FF SearchEngineOrder.1: error
FF Keyword.URL: error
FF SelectedSearchEngine: error
CHR Extension: (Website Blocker ) - C:\Users\Czilaut\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2014-06-04]
CHR HKLM-x32\...\Chrome\Extension: [bildoibdboopgomcbiplincneeicgipj] - C:\Program Files (x86)\StartSearch plugin\startsplg.crx []
CHR HKLM-x32\...\Chrome\Extension: [ejdabpabkmacjiiooccecnpakonoibah] - C:\Program Files (x86)\DownTangoLauncherToolbar\chrome\DownTangoLauncherToolbar.crx []
S3 GMSIPCI; \\D:\INSTALL\GMSIPCI.SYS [X]
S3 NVHDA; system32\drivers\nvhda64v.sys [X]
2014-11-08 08:36 - 2014-11-08 08:37 - 00000000 ____ D () C:\AdwCleaner
2014-11-07 21:44 - 2014-11-07 21:44 - 00000000 __SHD () C:\found.004
2014-11-07 17:31 - 2014-11-07 17:31 - 00000000 __SHD () C:\found.003
C:\ProgramData\1ppt2pdf.dll
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Dzięki.

Skasuj folder C:\FRST