Cześć, proszę o pomoc w pozbyciu się mysearchstart
FRST: http://www.wklej.org/id/1608968/
Addition: http://www.wklej.org/id/1608970/
Pobierz na pulpit Adwcleaner - https://toolslib.net/downloads/viewdownload/1-adwcleaner/
Po uruchomieniu wykonaj polecenia szukaj i usuń. Po restarcie pokaż aktualne raporty FRST i Addition.
Odinstaluj Ttessab.Otwórz notatnik systemowy i wklej:
Task: {57F36000-1668-41DC-AC35-9FBF682560A4} - System32\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-2 = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-2.exe [2015-01-25] (Speedchecker) ==== ATTENTION
Task: {77A85730-2376-4473-B5B8-9B9DE6908DEF} - System32\Tasks\globalUpdateUpdateTaskMachineCore = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-25] (globalUpdate) ==== ATTENTION
Task: {90E59AFA-3BC5-4E15-B338-AC8BA6168024} - System32\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-7 = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-7.exe [2015-01-25] (Speedchecker) ==== ATTENTION
Task: {AFD2B1C8-F7B1-4478-BFE7-D132231E5555} - System32\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-5 = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-5.exe [2015-01-25] (Speedchecker) ==== ATTENTION
Task: {B9165435-7B06-41A1-A7C5-4E0FC3F41B47} - System32\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-1 = C:\Program Files (x86)\Internet Speed Checker\Internet Speed Checker-codedownloader.exe [2015-01-25] (Speedchecker) ==== ATTENTION
Task: {B9971A73-E6C2-4B38-931E-9B2F9EA1A42C} - System32\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-10_user = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-10.exe [2015-01-25] (Speedchecker) ==== ATTENTION
Task: {C596871D-F244-4C56-B976-54FA1339A384} - System32\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-6 = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-6.exe [2015-01-25] (Speedchecker) ==== ATTENTION
Task: {D0508332-C4FC-4460-92E5-806FED3BAB1A} - System32\Tasks\globalUpdateUpdateTaskMachineUA = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-25] (globalUpdate) ==== ATTENTION
Task: {E0506D1F-5797-4DEC-904F-068E91DE4E23} - System32\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-5_user = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-5.exe [2015-01-25] (Speedchecker) ==== ATTENTION
Task: C:\Windows\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-1.job = C:\Program Files (x86)\Internet Speed Checker\Internet Speed Checker-codedownloader.exe ==== ATTENTION
Task: C:\Windows\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-10_user.job = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-10.exe ==== ATTENTION
Task: C:\Windows\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-2.job = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-2.exe ==== ATTENTION
Task: C:\Windows\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-5.job = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-5_user.job = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-6.job = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-6.exe ==== ATTENTION
Task: C:\Windows\Tasks\22a1347a-bf80-40d5-8e95-4ce76a77122c-7.job = C:\Program Files (x86)\Internet Speed Checker\22a1347a-bf80-40d5-8e95-4ce76a77122c-7.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpppts=1422203786from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpppts=1422203786from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpppts=1422203786from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpppts=1422203786from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261q={searchTerms}
HKU\S-1-5-21-88171341-1901273111-581479797-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261q={searchTerms}
HKU\S-1-5-21-88171341-1901273111-581479797-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpppts=1422203786from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261
HKU\S-1-5-21-88171341-1901273111-581479797-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261q={searchTerms}
HKU\S-1-5-21-88171341-1901273111-581479797-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpppts=1422203786from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261q={searchTerms}
SearchScopes: HKU\S-1-5-21-88171341-1901273111-581479797-1000 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=sienutm_campaign=install_ieutm_content=dsfrom=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261ts=1422203812type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-88171341-1901273111-581479797-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=sienutm_campaign=install_ieutm_content=dsfrom=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261ts=1422203812type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-88171341-1901273111-581479797-1000 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=sienutm_campaign=install_ieutm_content=dsfrom=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261ts=1422203812type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-88171341-1901273111-581479797-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=sienutm_campaign=install_ieutm_content=dsfrom=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261ts=1422203812type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-88171341-1901273111-581479797-1000 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=sienutm_campaign=install_ieutm_content=dsfrom=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261ts=1422203812type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-88171341-1901273111-581479797-1000 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=sienutm_campaign=install_ieutm_content=dsfrom=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261ts=1422203812type=defaultq={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Ttessab 1.0.0.6 - {e3a06b08-18fc-45fd-9922-38b48d04d699} - C:\Program Files (x86)\Ttessab\Ttessabbho.dll (Ttessab)
CHR StartupUrls: Default - "hxxp://www.mystartsearch.com/?type=hpts=1422203772from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261", "hxxp://www.mystartsearch.com/?type=hpppts=1422203786from=sienuid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A100226102261"
CHR Extension: (Ttessab) - C:\Users\gosss\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogihipidfncfdognpanmmlfjjgofpean [2015-01-25]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-25] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-25] (globalUpdate) [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 Update Ttessab; C:\Program Files (x86)\Ttessab\updateTtessab.exe [668952 2015-01-25] ()
R2 Util Ttessab; C:\Program Files (x86)\Ttessab\bin\utilTtessab.exe [668952 2015-01-25] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-25] (SysTool PasSame LIMITED) [File not signed]
R1 {c842983d-e64e-4e67-b410-655ee2fc0912}Gw64; C:\Windows\System32\drivers\{c842983d-e64e-4e67-b410-655ee2fc0912}Gw64.sys [48824 2015-01-25] (StdLib)
2015-01-25 19:16 - 2015-01-25 19:16 - 00000000 ____ D () C:\Users\gosss\AppData\Local\globalUpdate
2015-01-25 19:16 - 2015-01-25 19:16 - 00000000 ____ D () C:\Program Files (x86)\Internet Speed Checker
2015-01-25 19:16 - 2015-01-25 19:16 - 00000000 ____ D () C:\Program Files (x86)\globalUpdate
2015-01-25 19:16 - 2015-01-25 19:16 - 00000000 ____ D () C:\Program Files (x86)\6724de3e-f54d-4851-8c00-d57537d9a890
2015-01-25 17:44 - 2015-01-25 04:28 - 00048824 _____ (StdLib) C:\Windows\system32\Drivers\{c842983d-e64e-4e67-b410-655ee2fc0912}Gw64.sys
2015-01-25 17:37 - 2015-01-25 19:26 - 00000000 ____ D () C:\Program Files (x86)\Ttessab
2015-01-25 17:37 - 2015-01-25 17:37 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-01-25 17:36 - 2015-01-25 19:18 - 00000000 ____ D () C:\Users\gosss\AppData\Roaming\mystartsearch
2015-01-25 17:36 - 2015-01-25 17:37 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-01-25 17:36 - 2015-01-25 17:36 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-01-22 22:07 - 2015-01-22 22:07 - 00000000 __SHD () C:\found.000
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.