Jak usunąć http://istart.webssearches.com/


(Ro0k) #1

Hej, zagnieździła mi się jako strona startowa ;/


(Acorus) #2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Ro0k) #3

Proszę :slight_smile:

http://www.wklej.org/id/1413134/

http://www.wklej.org/id/1413135/


(Acorus) #4

Odinstaluj PC_Booster.Użyj http://www.bleepingcomputer.com/download/tfc/ (uruchom TFC i kliknij Start).

Pokaż nowe logi z FRST.


(Ro0k) #5

http://www.wklej.org/id/1415927/

http://www.wklej.org/id/1415928/

 

Zrobione. Dalej jest ta stronka przy starcie, poza tym mam w rozszerzeniach do chroma jakieś Priceachop 3.9


(Acorus) #6

Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.Otwórz Notatnik i wklej:

Task: {96BA2E3A-69FB-49CC-BC14-8ACA1D0DABB8} - \{493B9697-A2C5-4238-9A2B-0DCFAC0248C6} No Task File ==== ATTENTION
HKU\S-1-5-21-2488909781-2906767537-2364133810-1000\...\MountPoints2: E - E:\AutoRun.exe /s
HKU\S-1-5-21-2488909781-2906767537-2364133810-1000\...\MountPoints2: F - F:\AutoRun.exe /s
HKU\S-1-5-21-2488909781-2906767537-2364133810-1000\...\MountPoints2: {b06f5d5b-9c94-11e3-a145-c5f9b8dcd908} - H:\setup.exe
HKU\S-1-5-21-2488909781-2906767537-2364133810-1000\...\MountPoints2: {b3177431-97bb-11e3-b2b1-ac4c6c183936} - F:\AutoRun.exe /s
HKU\S-1-5-21-2488909781-2906767537-2364133810-1000\...\MountPoints2: {b3177444-97bb-11e3-b2b1-ac4c6c183936} - F:\AutoRun.exe /s
HKU\S-1-5-21-2488909781-2906767537-2364133810-1000\...\MountPoints2: {c90fe254-7ba0-11e3-977d-806e6f6e6963} - D:\intro.exe
HKU\S-1-5-21-2488909781-2906767537-2364133810-1000\...\MountPoints2: {ce82d696-7baa-11e3-8160-00262d9a131f} - E:\AutoRun.exe /s
HKU\S-1-5-21-2488909781-2906767537-2364133810-1000\...\MountPoints2: {ce82d6a2-7baa-11e3-8160-00262d9a131f} - F:\AutoRun.exe /s
HKU\S-1-5-21-2488909781-2906767537-2364133810-1000\...\MountPoints2: {e29cd5e6-988b-11e3-a430-95233e95364d} - E:\AutoRun.exe /s
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL = C:\Program Files (x86)\SupTab\SearchProtect64.dll [106888 2014-07-08] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL = C:\Program Files (x86)\SupTab\SearchProtect32.dll [94088 2014-07-08] (Skytech Co., Ltd.)
ShellIconOverlayIdentifiers: GGDriveOverlay1 - {E68D0A50-3C40-4712-B90D-DCFA93FF2534} = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll No File
ShellIconOverlayIdentifiers: GGDriveOverlay2 - {E68D0A51-3C40-4712-B90D-DCFA93FF2534} = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll No File
ShellIconOverlayIdentifiers: GGDriveOverlay3 - {E68D0A52-3C40-4712-B90D-DCFA93FF2534} = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll No File
ShellIconOverlayIdentifiers: GGDriveOverlay4 - {E68D0A53-3C40-4712-B90D-DCFA93FF2534} = C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll No File
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hpts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hpts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=dsts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hpts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hpts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=dsts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=dsts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hpts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hpts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=dsts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dsts=1404841433from=wpcuid=WDCXWD6400BEVT-22A0RT0_WD-WX41E501580415804q={searchTerms}
BHO: pricechop - {BB9BD685-22CC-1721-D086-C0C74B7BE813} - C:\Program Files (x86)\pricechop\CybOb.x64.dll ()
BHO-x32: pricechop - {BB9BD685-22CC-1721-D086-C0C74B7BE813} - C:\Program Files (x86)\pricechop\CybOb.dll ()
CHR Extension: (Priceachop) - C:\Users\bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\njdgigdabjkgbgkihoamonkjnidafiea [2014-07-08]
CHR Extension: (Priceachop) - C:\Users\bartek\AppData\Local\Google\Chrome\User Data\Default\Extensions\njdgigdabjkgbgkihoamonkjnidafiea\3.9 [2014-07-08]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [759688 2014-07-08] (Cherished Technololgy LIMITED)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.