Witam.
Po awarii dysku i wymianie na nowy podczas instalacji programów ze strony dobreprogramy pojawił się istartsurf. Adwcleaner oraz Malwarebytes niby znajdują infekcję oraz ją usuwają ale problem się powtarza.
FRST:
Addition:
Shortcut:
Odinstaluj istartsurf uninstall.Otwórz notatnik systemowy i wklej:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hpts=1438421705z=05afc07bf4b1b83570f0f54gfz2c5b6zeofgfq0zewfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=dsts=1438421705z=05afc07bf4b1b83570f0f54gfz2c5b6zeofgfq0zewfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hpts=1438421705z=05afc07bf4b1b83570f0f54gfz2c5b6zeofgfq0zewfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=dsts=1438421705z=05afc07bf4b1b83570f0f54gfz2c5b6zeofgfq0zewfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9q={searchTerms}
HKU\S-1-5-21-1482476501-484061587-842925246-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hpts=1438421705z=05afc07bf4b1b83570f0f54gfz2c5b6zeofgfq0zewfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9
HKU\S-1-5-21-1482476501-484061587-842925246-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-1482476501-484061587-842925246-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hpts=1438421705z=05afc07bf4b1b83570f0f54gfz2c5b6zeofgfq0zewfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1482476501-484061587-842925246-1004 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9ts=1438421800type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-484061587-842925246-1004 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9ts=1438421800type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-484061587-842925246-1004 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9ts=1438421800type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-484061587-842925246-1004 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9ts=1438421800type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-484061587-842925246-1004 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.istartsurf.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9ts=1438421800type=defaultq={searchTerms}
BHO: GoodTab Class - {1F91A9A1-01BA-4c81-863D-3BA0751E1419} - C:\Program Files\MiuiTab\SupTab.dll [2015-07-30] (Thinkgood Co. Limited)
BHO: Filter Results - {dd4c66b8-f943-4b10-8053-7e9ee39bba4a} - C:\Program Files\Filter Results\Extensions\dd4c66b8-f943-4b10-8053-7e9ee39bba4a.dll [2015-08-01] ()
OPR StartupUrls: "hxxp://www.istartsurf.com/?type=hpts=1438421705z=05afc07bf4b1b83570f0f54gfz2c5b6zeofgfq0zewfrom=coruid=ST9120822AS_5LZ4R2B9XXXX5LZ4R2B9"
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-07-30] (XTab system)
R2 Service Mgr FilterResults; C:\Documents and Settings\All Users\Dane aplikacji\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe [1138920 2015-08-01] ()
R2 Update Mgr FilterResults; C:\Program Files\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe [1069288 2015-08-01] ()
R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Dane aplikacji\HWinManProH\ProtectWindowsManager.exe [708264 2015-08-01] (DTools LIMITED) ==== ATTENTION
S3 AR5211; system32\DRIVERS\ar5211.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
2015-08-01 11:37 - 2015-08-01 11:37 - 00000000 ____ D C:\Documents and Settings\All Users\Dane aplikacji\IHProtectUpDate
2015-08-01 11:36 - 2015-08-01 11:37 - 00000000 ____ D C:\Program Files\MiuiTab
2015-08-01 11:35 - 2015-08-01 11:35 - 00000000 ____ D C:\Program Files\Filter Results
2015-08-01 11:35 - 2015-08-01 11:35 - 00000000 ____ D C:\Program Files\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3
2015-08-01 11:35 - 2015-08-01 11:35 - 00000000 ____ D C:\Documents and Settings\Piotrek\Dane aplikacji\istartsurf
2015-08-01 10:47 - 2015-08-01 11:30 - 00000000 ____ D C:\AdwCleaner
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Jak wszystko gra to skasuj folder C:\FRST.
Wygląda że jest ok. Dziękuję i pozdrawiam.