Jak usunąć "MyStart" search?


(Kindzio 17) #1

Witam, nie mogę sobie poradzić z wirusem MyStart. Sugerując się podobnymi tematami poczyniłem takie kroki:


(Acorus) #2

Odinstaluj /BFlix,Adobe Download Assistant,Adobe Reader 9.5.5 - Polish.Otwórz notatnik systemowy i wklej:

Hosts:
Task: {EDD98E80-7E45-448C-8817-10E7C52DC137} - System32\Tasks\ZoomExUpdaterTask{771DB4C0-4865-439E-B56D-BFCDF0869FA2} = C:\ProgramData\Premium\ZoomEx\ZoomEx.exe ==== ATTENTION
Task: C:\Windows\Tasks\ZoomExUpdaterTask{771DB4C0-4865-439E-B56D-BFCDF0869FA2}.job = C:\ProgramData\Premium\ZoomEx\ZoomEx.exe ==== ATTENTION
AlternateDataStreams: C:\Users\TOSHIBA\Cookies:2ZOWflLApHmtklG5rTTsz
AlternateDataStreams: C:\Users\TOSHIBA\AppData\Local\Temp:D55tJtiFnfG3N04k4hU91CABJBKXb
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4051007103-1665340506-3140448881-1000 - {08EAE22D-D4E8-43D0-A983-F03BFFDBAEC1} URL = http://www.amazon.co.uk/gp/search?ie=UTF8keywords={searchTerms}tag=tochibauk-win7-ie-search-21index=blendedlinkCode=ur2
SearchScopes: HKU\S-1-5-21-4051007103-1665340506-3140448881-1000 - {56F18DBE-8F80-413C-B487-68E06C892CF3} URL = http://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-4051007103-1665340506-3140448881-1000 - {D6D63B8B-6E62-4F32-A242-F2AC4E14E6ED} URL =
SearchScopes: HKU\S-1-5-21-4051007103-1665340506-3140448881-1000 - {E4E53350-BDA7-4EAD-8534-530CDD0B024C} URL =
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO-x32: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll No File
FF Extension: Zoomex - C:\Users\TOSHIBA\AppData\Roaming\Mozilla\Firefox\Profiles\0r7d0ebu.default\Extensions\50dbde02c31ec@50dbde02c3226.com [2012-12-27]
FF HKLM-x32\...\Firefox\Extensions: [ext@TrustMediaViewerV1alpha4454.net] - C:\Program Files (x86)\TrustMediaViewerV1\TrustMediaViewerV1alpha4454\ff
CHR StartupUrls: Default - "hxxp://mystart.incredibar.com/?a=6OzaXvatwKi=26loc=skw"
CHR DefaultSearchKeyword: Default - mystart.incredibar.com/
CHR DefaultSearchURL: Default - http://mystart.incredibar.com/?a=6OzaXvatwKi=26loc=skwsearch={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [mpefdnmniaajgcndfdalpcakpdblfebf] - C:\ProgramData\ADDICT-THING\mpefdnmniaajgcndfdalpcakpdblfebf.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndamphfjlggpdokdgmmldiopeiacbabo] - C:\ProgramData\Zoomex\ndamphfjlggpdokdgmmldiopeiacbabo.crx [Not Found]
S3 ATP; system32\DRIVERS\cmdatp.sys [X]
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 gdrv; \\C:\Windows\gdrv.sys [X]
2015-02-07 11:33 - 2015-02-07 11:50 - 00000000 ____ D () C:\AdwCleaner
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Kindzio 17) #3

Działa, dzięki wielkie ;]


(Acorus) #4

Skasuj folder C:\FRST