Jak usunąć MyStartSearch?

Siema. Razem z tym weszło mi na kompa jakieś cpu minery które już pousuwałem, ale chciałbym całkowicie wyczyścić kompa z tego syfu, razem z MyStartSearchem. Jak to zrobić?

 

FRST:

http://wklej.org/id/1759858/

 

ADDITION:

http://wklej.org/id/1759859/

Otwórz notatnik systemowy i wklej:

Task: {310B1A79-AA6E-4398-B76D-B3990D73FFF2} - System32\Tasks\GyazoUpdateTaskMachineDaily = C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-07-16] ()
Task: {CD67CE41-A45B-4C17-A2C7-DB5FFDB8AC74} - \LightningDisk No Task File ==== ATTENTION
Task: {D27C350E-D1E1-4B60-965E-925F598B9C92} - System32\Tasks\GyazoUpdateTaskMachine = C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-07-16] ()
AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\Microsoft:32iNbD82HvTI43L9o
AlternateDataStreams: C:\ProgramData\Microsoft:BLSstTN5Qj6Vj035FKxUIO
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\fcbcules\Application Data:NT
AlternateDataStreams: C:\Users\fcbcules\Application Data:NT2
AlternateDataStreams: C:\Users\fcbcules\Local Settings:NzuDYP1D7vRtW8f6kk8C8Z8V
AlternateDataStreams: C:\Users\fcbcules\AppData\Local:NzuDYP1D7vRtW8f6kk8C8Z8V
AlternateDataStreams: C:\Users\fcbcules\AppData\Roaming:NT
AlternateDataStreams: C:\Users\fcbcules\AppData\Roaming:NT2
AlternateDataStreams: C:\Users\fcbcules\AppData\Local\Application Data:NzuDYP1D7vRtW8f6kk8C8Z8V
HKLM-x32\...\Run: [gmsd_pl_005010035] = [X]
HKU\S-1-5-21-1858288725-1256720938-756598780-1000\...\Run: [AdobeBridge] = [X]
HKU\S-1-5-21-1858288725-1256720938-756598780-1000\...\Run: [Gyazo] = C:\Program Files (x86)\Gyazo\GyStation.exe [3097912 2015-07-16] (Nota Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-1858288725-1256720938-756598780-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: CinemaPlus-3.2cV19.07 - C:\Users\fcbcules\AppData\Roaming\Mozilla\Firefox\Profiles\h0sfppd5.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-07-20]
FF Extension: Default SearchProtected - C:\Users\fcbcules\AppData\Roaming\Mozilla\Firefox\Profiles\h0sfppd5.default\Extensions\defsearchp@gmail.com [2015-07-20]
FF Extension: deskCut - C:\Users\fcbcules\AppData\Roaming\Mozilla\Firefox\Profiles\h0sfppd5.default\Extensions\deskCutv2@gmail.com [2015-07-20]
S2 zejytose; C:\Program Files (x86)\03AA02FC-1437356448-05B7-EF06-0C0700080009\jnsg3939.tmp [199168 2015-07-20] () [File not signed]
S3 catchme; \\C:\ComboFix\catchme.sys [X]
S3 FairplayKD; \\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WiseHDInfo; \\C:\Windows\WiseHDInfo64.dll [X]
2015-07-20 05:04 - 2015-07-20 05:27 - 00000000 ____ D C:\AdwCleaner
2015-07-20 05:01 - 2015-07-20 05:01 - 00003104 _____ C:\Windows\System32\Tasks\{B86CAFC5-5D73-4815-93D1-FADB5639A8C4}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.

Dzięki za pomoc. Mam jeszcze jedno pytanie, jaki antywirus polecasz? :slight_smile: Próbowałem BitDefendera, ale strasznie mulił mi kompa.