So my Google doesnt work

[zyl]

Hello people,

so recently I removed some Malware since then most of the Google-Realated websited wont work (Gmail/Google.com) the strange thing is google.de (Germany where I live) is still working all fine also, YouTube is just a mess with only text (looks like some removed all the textures and it always says video not available). Dont know if thats realated to that but I recently installed Java. I tried disabling my browser saftey for Avast and Malwarebytes and reseting my browser files reinstalling chrome and did all the stuff with MiniToolBox *ugh* still nothing working I will provide screenshots of all the shit that wont work (sorry but the screenshots will be german). Also when I open a new tab in chrome it says connect to network and redicts me to http://www.gstatic.com/generate_204 and ther is nothing but the Text: function httpGetAsync(theUrl, callback) { var xmlHttp = new XMLHttpRequest(); xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4 && xmlHttp.status == 200) callback(xmlHttp.responseText); } xmlHttp.open("GET", theUrl, true); // true for asynchronous xmlHttp.send(null); } document.onclick = function() { window.open("http://creativesrv.com/apu.php?n=&zoneid=17513&cb=INSERT_RANDOM_NUMBER_HERE&direct=1") document.onclick = null; httpGetAsync("http://sstatic1.histats.com/0.gif?3685753&101", null); }

Hope you'll be able to help me out. Thx in advanced from a German tech n00b 

 

[zyl]

Update: I still wanna KMS nothing working

And also i deinstalled Java

[Creed1]

Try clearing Chrome Cache and if that doesn't work reinstall chrome. 

[zyl]

1 minute ago, CmzPlusHardware said:

Try clearing Chrome Cache and if that doesn't work reinstall chrome. 

Done both already

[zyl]

1 minute ago, Fooshi said:

Is your PC's clock and timezone correct?

 

It's a certificate error, which is quite commonly caused by an incorrect clock or timezone.

Time is right, but where do I look up timezone?

Update: Timezone is also the right one

[losBaumos]

When you are visiting an HTTPS website like YouTube does it still uses HTTPS or tries it to access the website over HTTP?

[zyl]

1 minute ago, losBaumos said:

When you are visiting an HTTPS website like YouTube does it still uses HTTPS or tries it to access the website over HTTP?

Where can I see that?

[zyl]

2 minutes ago, Fooshi said:

 

Assuming you're using Windows 10: Settings > Time and language > Timezone

 

Pre 10: Control Panel > Clock, language and location > Change timezone.

Timezone is right Win7 here

[losBaumos]

1 minute ago, zyl said:

Where can I see that?

In the URL bar.

[zyl]

1 minute ago, losBaumos said:

In the URL bar.

It just says insecure connection

[zyl]

5 minutes ago, losBaumos said:

When you are visiting an HTTPS website like YouTube does it still uses HTTPS or tries it to access the website over HTTP?

Dont think so

[losBaumos]

Okay. Maybe this tool helps you.

http://anleitung.trojaner-board.de/adwcleaner-anleitung-browser-viren-entfernen_24

[zyl]

3 minutes ago, losBaumos said:

Okay. Maybe this tool helps you.

http://anleitung.trojaner-board.de/adwcleaner-anleitung-browser-viren-entfernen_24

Do you think AdwCleaner will work I didnt hear too much good stuff about that

[losBaumos]

So I personally made good experiences with it in an a bit similar problem so I would give it a try.

[zyl]

Hello, here are some AdwCleaner logs: (also i removed all my usernames dont wonder)

# AdwCleaner v6.041 - Bericht erstellt am 06/01/2017 um 01:53:56
# Aktualisiert am 16/12/2016 von Malwarebytes
# Datenbank : 2017-01-05.2 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (X64)
# Benutzername :
# Gestartet von : E:\Users\Downloads\adwcleaner_6.041.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support

***** [ Dienste ] *****

Dienst Gefunden: 2d3af77a81896a6b712bb3095e1c22c0

***** [ Ordner ] *****

Ordner Gefunden: C:\Users\AppData\Roaming\Note-up
Ordner Gefunden: C:\Users\AppData\Roaming\VDI
Ordner Gefunden: C:\Users\AppData\Roaming\Microleaves
Ordner Gefunden: C:\Users\AppData\Roaming\VDI\Shared\Product Updater
Ordner Gefunden: C:\ProgramData\Microleaves
Ordner Gefunden: C:\ProgramData\Application Data\Microleaves
Ordner Gefunden: C:\Users\AppData\Local\app
Ordner Gefunden: C:\Users\AppData\Roaming\Mozilla\Firefox\naweriweentcofise

***** [ Dateien ] *****

Datei Gefunden: C:\Windows\SysNative\drivers\2d3af77a81896a6b712bb3095e1c22c0.sys
Datei Gefunden: C:\END
Datei Gefunden: C:\Users\THELEG~1\AppData\Local\Temp\Utils.dll

***** [ DLL ] *****

Keine infizierten DLLs gefunden.

***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.

***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.

***** [ Aufgabenplanung ] *****

Keine schädlichen Aufgaben gefunden.

***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden: HKU\.DEFAULT\Software\b`nl{y
Schlüssel Gefunden: HKU\S-1-5-21-3668454624-1557000380-2346813753-1000\Software\MICROSOFT\OTUT
Schlüssel Gefunden: HKU\S-1-5-21-3668454624-1557000380-2346813753-1000\Software\VDI
Schlüssel Gefunden: HKU\S-1-5-18\Software\b`nl{y
Schlüssel Gefunden: HKCU\Software\MICROSOFT\OTUT
Schlüssel Gefunden: HKCU\Software\VDI
Schlüssel Gefunden: HKLM\SOFTWARE\SearchModule
Schlüssel Gefunden: HKLM\SOFTWARE\Microleaves
Schlüssel Gefunden: [x64] HKCU\Software\MICROSOFT\OTUT
Schlüssel Gefunden: [x64] HKCU\Software\VDI
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\SearchModule
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\b`nl{y
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microleaves
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3668454624-1557000380-2346813753-1000\Products\a06d923af9bcb0447f9841aa089a9d58
Daten Gefunden: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPl4avjwkCJLSoZupy7Vug_2ldG9JO5lPq
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\*\shell\Add event reminder

***** [ Internetbrowser ] *****

Firefox pref Gefunden: [C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\ecjzucpj.default\prefs.js] - "browser.search.defaultenginename" -  "youndoo"
Firefox pref Gefunden: [C:\Users\AppData\Roaming\Mozilla\Firefox\Profiles\ecjzucpj.default\prefs.js] - "browser.search.selectedEngine" -  "youndoo"
Chrome pref Gefunden: [C:\Users\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxp://www.youndoo.com/?z=6f1ec3a141bfd15fe0a224egdz5m6qcz2m9m6c6b5z&from=wak&uid=SamsungXSSDX850XEVOX250GB_S21

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3637 Bytes] - [06/01/2017 01:53:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3710 Bytes] ##########
 

[zyl]

Still not working. Maybe reinstall Java?

[zyl]

27 minutes ago, losBaumos said:

So I personally made good experiences with it in an a bit similar problem so I would give it a try.

Any more ideas, sorry for being annoying but im kinda desperate

[zyl]

Anyways thanks to everyone who helped, good day/night

[Val3nt1n]

Nooo Zyl, pls don't go! I have the same problem as you for 3 days already! Exactly the same, but I deinstalled everything of Google and now can't even access Google's official Chrome page to download it.

[Val3nt1n]

10 hours ago, zyl said:

Anyways thanks to everyone who helped, good day/night

Maybe we can help eachother

[Val3nt1n]

I found out that it has nothing to do with just one browser; problems persist on all browsers: Opera, Chrome, Chrome Dev, Chrome Canary and Edge. In my case, if I want to go to the download page of any Chrome Channel I get a security stop from Edge that suggests me not to forward to the site. If I do I get the responses:

 

function httpGetAsync(theUrl, callback) { var xmlHttp = new XMLHttpRequest(); xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4 && xmlHttp.status == 200) callback(xmlHttp.responseText); } xmlHttp.open("GET", theUrl, true); // true for asynchronous xmlHttp.send(null); } document.onclick = function() { window.open("http://www1.xmediaserve.com/apu.php?n=&zoneid=17529&cb=INSERT_RANDOM_NUMBER_HERE&direct=1") document.onclick = null; httpGetAsync("http://sstatic1.histats.com/0.gif?3685753&101", null); }

 

and

 

function httpGetAsync(theUrl, callback) { var xmlHttp = new XMLHttpRequest(); xmlHttp.onreadystatechange = function() { if (xmlHttp.readyState == 4 && xmlHttp.status == 200) callback(xmlHttp.responseText); } xmlHttp.open("GET", theUrl, true); // true for asynchronous xmlHttp.send(null); } document.onclick = function() { window.open("http://creativesrv.com/apu.php?n=&zoneid=17513&cb=INSERT_RANDOM_NUMBER_HERE&direct=1") document.onclick = null; httpGetAsync("http://sstatic1.histats.com/0.gif?3685753&101", null); }

 

with above in the url-bar: Certificaatfout (or certificate error)

[Val3nt1n]

Even tried to delete all malware, files and restoring some reg's in safe mode. But without succes..

[Val3nt1n]

I also get this message error stating that "it can't get a connection with internet" and that i "should check the settings for the internet-connection en try again"

[Val3nt1n]

Finally after searching for hours I have found a solution for the access to the download page for Chrome Canary. I went up to the download page of Realtek PCIe Ethernet and downloaded the complete setup for my OS (Windows 10, but there are a lot of packs for different OS too). After running the Autoinst. and finalazing the setup I could now install Chrome Canary.

EDIT: Gets better but still isn't fixed. Chrome works except for the Google searching and the YouTube ugly af layout is still there. All the rest works.

[Val3nt1n]

The only thing that gets to help the ugly af Youtube layout is a proxy / dns extension like Tunnelbear