Nie sciagaj programow ze stron oferujacych wlasne menadzery pobierania instalujace szkodliwe oprogramowanie (np. dobreprogramy).
Odinstaluj:
Update_for_BonanzaDeals
YAC(Yet Another Cleaner!)
Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun:
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
Obok frst.exe utworz plik fixlist.txt z zawartoscia:
CloseProcesses:
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
GroupPolicy: Zasady grupy Chrome wykryto <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437049170&z=fd5e7d17a91cd2f35264160gazfcembe7z2tfg3w6e&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437049170&z=fd5e7d17a91cd2f35264160gazfcembe7z2tfg3w6e&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437049170&z=fd5e7d17a91cd2f35264160gazfcembe7z2tfg3w6e&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437049170&z=fd5e7d17a91cd2f35264160gazfcembe7z2tfg3w6e&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1435051017&from=mych123&uid=toshibaxmk6475gsx_225csqyxsxx225csqyxs&z=fcbc1a6c7bcf120ecc014b8g2zec9w5e5wbgee9g3b
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1435051017&from=mych123&uid=toshibaxmk6475gsx_225csqyxsxx225csqyxs&z=fcbc1a6c7bcf120ecc014b8g2zec9w5e5wbgee9g3b
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1435051017&from=mych123&uid=toshibaxmk6475gsx_225csqyxsxx225csqyxs&z=fcbc1a6c7bcf120ecc014b8g2zec9w5e5wbgee9g3b
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1435051017&from=mych123&uid=toshibaxmk6475gsx_225csqyxsxx225csqyxs&z=fcbc1a6c7bcf120ecc014b8g2zec9w5e5wbgee9g3b
HKU\S-1-5-21-978982397-3988520073-953085111-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1437049170&z=fd5e7d17a91cd2f35264160gazfcembe7z2tfg3w6e&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS
HKU\S-1-5-21-978982397-3988520073-953085111-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437049170&z=fd5e7d17a91cd2f35264160gazfcembe7z2tfg3w6e&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS
SearchScopes: HKLM -> DefaultScope - brak wartości
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437049125&z=63420ccbee63be98be5d857g8z1c2meeezdt3g4e4m&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437049170&z=fd5e7d17a91cd2f35264160gazfcembe7z2tfg3w6e&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS&q={searchTerms}
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1030000.103000&st=12&q={searchTerms}&barid={21A078FF-5A9B-4EB6-B093-36E891CD9FA8}
SearchScopes: HKU\S-1-5-21-978982397-3988520073-953085111-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS&ts=1437049207&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-978982397-3988520073-953085111-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS&ts=1437049207&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-978982397-3988520073-953085111-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS&ts=1437049207&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-978982397-3988520073-953085111-1000 -> {333832A4-DCEF-4AD4-B663-271811CB4D5C} URL =
SearchScopes: HKU\S-1-5-21-978982397-3988520073-953085111-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1437049170&z=fd5e7d17a91cd2f35264160gazfcembe7z2tfg3w6e&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS&q={searchTerms}
SearchScopes: HKU\S-1-5-21-978982397-3988520073-953085111-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS&ts=1437049207&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-978982397-3988520073-953085111-1000 -> {8AE5A917-58C1-484D-B02A-C7BD7890650B} URL =
SearchScopes: HKU\S-1-5-21-978982397-3988520073-953085111-1000 -> {9E5C9A9F-D09C-4BD5-9D9C-B2B6D9B0D047} URL =
SearchScopes: HKU\S-1-5-21-978982397-3988520073-953085111-1000 -> {D218A829-0680-49B9-AA23-ECAAB79F12D9} URL =
SearchScopes: HKU\S-1-5-21-978982397-3988520073-953085111-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS&ts=1437049207&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-978982397-3988520073-953085111-1000 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=TOSHIBAXMK6475GSX_225CSQYXSXX225CSQYXS&ts=1437049207&type=default&q={searchTerms}
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
Toolbar: HKLM - Brak nazwy - {00011268-E188-40DF-A514-835FCD78B1BF} - Brak pliku
Toolbar: HKLM-x32 - Brak nazwy - {00011268-E188-40DF-A514-835FCD78B1BF} - Brak pliku
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchUrl:
FF SelectedSearchEngine: istartsurf
FF SearchPlugin: C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\pe84sjcs.default\searchplugins\delta-homes.xml [2015-07-01]
FF SearchPlugin: C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\pe84sjcs.default\searchplugins\istartsurf.xml [2015-07-18]
FF SearchPlugin: C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\pe84sjcs.default\searchplugins\omiga-plus.xml [2015-02-12]
FF SearchPlugin: C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\pe84sjcs.default\searchplugins\sweetim.xml [2014-04-14]
FF Extension: Widget context - C:\Users\Marta\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-01-01]
FF Extension: Jungle Net - C:\Users\Marta\AppData\Roaming\Mozilla\Firefox\Profiles\pe84sjcs.default\Extensions\{e35103b5-8fc0-419c-817d-036581b58dcd}.xpi [2015-09-02]
CHR HKLM-x32\...\Chrome\Extension: [jhjjdgbhohaallcimgcmakfiobacimkm] - C:\Program Files (x86)\BuzzSearch\jhjjdgbhohaallcimgcmakfiobacimkm.crx <nie znaleziono>
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-06-10] (Elex do Brasil Participações Ltda)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-06-10] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [108616 2015-06-10] (Elex do Brasil Participações Ltda)
S1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [50944 2015-06-10] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [102416 2015-06-10] (Elex do Brasil Participações Ltda)
U3 a42ar1es; C:\Windows\System32\Drivers\a42ar1es.sys [0 ] (Microsoft Corporation) <==== UWAGA (zerobajtowy plik/folder)
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 massfilter; system32\DRIVERS\massfilter.sys [X]
S3 PCAMp50a64; System32\Drivers\PCAMp50a64.sys [X]
S3 PCASp50a64; System32\Drivers\PCASp50a64.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RTSUVSTOR.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [X]
2015-09-06 14:38 - 2015-04-17 04:43 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-09-06 11:56 - 2015-09-06 14:37 - 00000000 ____D C:\Users\Marta\AppData\Roaming\Elex-tech
2015-09-04 08:54 - 2015-09-06 14:31 - 00000000 ____D C:\AdwCleaner
2015-09-02 11:30 - 2015-09-02 11:30 - 00866744 _____ (Web Installer generic ) C:\Users\Marta\Downloads\CCleaner-13061-dp.exe
EmptyTemp:
W FRST wybierz Fix.
