Problem z delta holmes

**Posty:** 2 · przez **mikozxx** 11 Cze 2015, 18:37

Witam, mam problem z delta holmes..
Załączam logi, będe wdzięczny za pomoc

**Posty:** 4765 · przez **ordynat** 11 Cze 2015, 20:55

SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)

Ten program nie zalicza się do zaufanych.
Odinstaluj, ale w ten sposób:
kliknij na tę ikonkę C:\Users\nazwa Użytkownika\Start Menu\Programs\SpyHunter\Uninstall.lnk (czyli >>START >>Programy>>Spy Hunter>>Uninstal)
wyskoczy okienko, ale zamiast klikać wielki zielony guzik "continue" kliknij "no, thanks". To drugie odinstalowuje.

1) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.

2) Otwórz Notatnik i wklej w nim:

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Task: {9545462D-C2C7-4B43-907B-AE8DFE30C45A} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles Updater\GFFUpdater.exe <==== ATTENTION
Task: {F08056E0-1F21-48B4-9A68-31DC6EE754D9} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-06-11] (Enigma Software Group USA, LLC.)
C:\Program Files\Enigma Software Group
C:\Program Files (x86)\Common Files\AVG Secure Search
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-05-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-3701300855-1981037312-4120012457-1000] => http=http://127.0.0.1:9880
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1401619870&from=exp&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1401619870&from=exp&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1401619870&from=exp&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1401619870&from=exp&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
HKU\S-1-5-21-3701300855-1981037312-4120012457-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
HKU\S-1-5-21-3701300855-1981037312-4120012457-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X
HKU\S-1-5-21-3701300855-1981037312-4120012457-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X
HKU\S-1-5-21-3701300855-1981037312-4120012457-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1401619870&from=exp&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1401619870&from=exp&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=132&itype=a&ver=12692&tm=330&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1401619870&from=exp&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1401619870&from=exp&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=132&itype=a&ver=12692&tm=330&src=ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3701300855-1981037312-4120012457-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3701300855-1981037312-4120012457-1000 -> {2E42D290-A747-4e62-AF5F-52FEE8601A98} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKU\S-1-5-21-3701300855-1981037312-4120012457-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3701300855-1981037312-4120012457-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={8FFF487C-A23B-49AA-8B77-1454BCCB2CF5}&mid=ad77399ac8fd47d2aa0581ac0fb1cd03-2d933eaf58a06e3f332e44cb410fab4af1e15c4e&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0215pi&pr=fr&d=2015-05-09 19:58:52&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3701300855-1981037312-4120012457-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=132&itype=a&ver=12692&tm=330&src=ds&p={searchTerms}
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll No File
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1401619870&from=exp&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X
FF DefaultSearchEngine: AVG Secure Search
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X
FF SearchPlugin: C:\Users\mifau\AppData\Roaming\Mozilla\Firefox\Profiles\a6yj6hw3.default\searchplugins\avg-secure-search.xml [2015-05-09]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml [2015-03-18]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-05-09]
FF Extension: AVG Web TuneUp - C:\Users\mifau\AppData\Roaming\Mozilla\Firefox\Profiles\a6yj6hw3.default\Extensions\avg@toolbar [2015-05-09]
FF Extension: QuickSearch - C:\Users\mifau\AppData\Roaming\Mozilla\Firefox\Profiles\a6yj6hw3.default\Extensions\quick_searchff@gmail.com [2015-06-11]
FF Extension: Search Enginer - C:\Users\mifau\AppData\Roaming\Mozilla\Firefox\Profiles\a6yj6hw3.default\Extensions\sweetsearch@gmail.com [2015-06-11]
FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\mifau\AppData\Roaming\Mozilla\Firefox\Profiles\a6yj6hw3.default\extensions\quick_searchff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\mifau\AppData\Roaming\Mozilla\Firefox\Profiles\a6yj6hw3.default\extensions\sweetsearch@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.delta-homes.com/?type=sc&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.delta-homes.com/?type=sc&ts=1434039612&z=c028970ea03b84c29fdfe98gazfc0z4e5cdt5q1obg&from=ient06110&uid=ST3500413AS_Z2A80Z7XXXXXZ2A80Z7X
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-06-11] (Enigma Software Group USA, LLC.)
R2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-05-09] (AVG Secure Search)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-06-11] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
S2 bdfree; \??\C:\Program Files (x86)\BDFree\driver\bdfree_win7_x64.sys [X]
S3 cpuz138; \??\C:\Users\mifau\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S1 lwnfd_1_10_0_14; system32\drivers\lwnfd_1_10_0_14.sys [X]
C:\Windows\System32\Tasks\SpyHunter4Startup
C:\Users\mifau\Desktop\SpyHunter.lnk
C:\Users\mifau\AppData\Roaming\Enigma Software Group
C:\sh4ldr
C:\Users\mifau\Downloads\SpyHunter-Installer.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.

----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
.

=================

Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.

**Posty:** 2 · przez **mikozxx** 11 Cze 2015, 22:09

Komputer sie zrestartowal i nie laduje pulipitu, jest tylko szaryn ekran + myszka.. format?

EDIT: włączył się, natomiast teraz w chrome jest jakieś 'mysearch123' i język zmienił się na niemiecki.. za chwile podam logi

Dodano Dzisiaj, 22:33:
dodaje logi

**Posty:** 4765 · przez **ordynat** 12 Cze 2015, 16:24

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Polski (Polska)

v
język zmienił się na niemiecki
?.?

-------------------------------------------------------------------------------------------------------------------------

natomiast teraz w chrome jest jakieś 'mysearch123'

v

Chrome:
=======
CHR Profile: C:\Users\mifau\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Przelewy24) - C:\Users\mifau\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiicmmpkicnndkhlnnloilpgncbpkbjj [2014-10-09]
CHR Extension: (Google Docs) - C:\Users\mifau\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18]
CHR Extension: (Google Drive) - C:\Users\mifau\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]
CHR Extension: (YouTube) - C:\Users\mifau\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
CHR Extension: (Google Search) - C:\Users\mifau\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
CHR Extension: (AdBlock) - C:\Users\mifau\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-21]
CHR Extension: (Save as PDF) - C:\Users\mifau\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc [2015-03-25]
CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\mifau\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\mifau\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]
CHR Extension: (Gmail) - C:\Users\mifau\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

Ja tego w logach nie widzę.
Przeinstaluj Chrome.
.

---------------------------------------------------------------------------------------------

Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.

v

# Działanie : Skanuj

Brak działania "USUŃ).

Otwórz Notatnik i wklej w nim:

FF Extension: No Name - C:\Users\mifau\AppData\Roaming\Mozilla\Firefox\Profiles\a6yj6hw3.default\extensions\quick_searchff@gmail.com [not found]
FF Extension: No Name - C:\Users\mifau\AppData\Roaming\Mozilla\Firefox\Profiles\a6yj6hw3.default\extensions\sweetsearch@gmail.com [not found]
Task: {85A48769-9DA3-4558-977F-B46D6B6096F0} - System32\Tasks\{DABF9E33-C7EE-4C59-A778-0C3D3C0DDC45} => pcalua.exe -a C:\Users\mifau\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp -simple=0 <==== ATTENTION
C:\Users\mifau\AppData\Roaming\webssearches
C:\Program Files (x86)\MiuiTab
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

Napisz, jaki skutek widzisz?
.