Mystart search - pomoc

patlemur · 31 Sierpień 2015 10:16

Witam, proszę o pomoc w usunięciu tego wstrętnego wirusa…

FRST

http://www.wklej.org/id/1787161/

ADDITION

http://www.wklej.org/id/1787162/

SHORTCUT

http://www.wklej.org/id/1787164/

Atis · 31 Sierpień 2015 10:27

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

patlemur · 31 Sierpień 2015 11:38

Podczas czyszczenia wyskakuje mi okienko z info. :

LINE 17131 ( File "c:\users\asus\downloads\adwcleaner_5.004.exe’):

error: variable used without being declared

i wyłącza mi się program …

Atis · 31 Sierpień 2015 12:39

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

GroupPolicy: Zasady grupy Chrome wykryto <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439808136&z=c80b0379fdbc5b121c5ae6bgcz3c4t9bae5bdebz9g&from=cornl&uid=ST9640320AS_5WX2449JXXXX5WX2449J&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1439808136&z=c80b0379fdbc5b121c5ae6bgcz3c4t9bae5bdebz9g&from=cornl&uid=ST9640320AS_5WX2449JXXXX5WX2449J&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439808136&z=c80b0379fdbc5b121c5ae6bgcz3c4t9bae5bdebz9g&from=cornl&uid=ST9640320AS_5WX2449JXXXX5WX2449J&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1439808136&z=c80b0379fdbc5b121c5ae6bgcz3c4t9bae5bdebz9g&from=cornl&uid=ST9640320AS_5WX2449JXXXX5WX2449J&q={searchTerms}
HKU\S-1-5-21-1420411819-1999552527-218117422-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csMTkaZlh6EIWy_HneNQ2LqdWlIXk6lhR9shs9EhXodJBGPt8LHkYKDpqKPIqpn3tpmwo997Pu1wQ1zfCRIgrN0X6xSS7XRWyG4Ii5LTQI-uBvCLrNsyKjjIbG3jfpIGWkQNZm5zMLM5Yg,,&q={searchTerms}
HKU\S-1-5-21-1420411819-1999552527-218117422-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csMTkaZlh6EIWy_HneNQ2LqdWlIXk6lhR9shs9EhXodJBGPt8LHkYKDpqKPIqpn3tpmwo997Pu1wQ1zfCRIgrN0X6xSS7XRWyG4Ii5LTQI-uBvCLrNsyKjjIbG3jfpIGWkQNZm5zMLM5Yg,,&q={searchTerms}
HKU\S-1-5-21-1420411819-1999552527-218117422-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csMTkaZlh6EIWy_HneNQ2LqdWlIXk6lhR9shs9EhXodJBGPt8LHkYKDpqKPIqpn3tpmwo997Pu1wQ1zfCRIgrN0X6xSS7XRWyG4Ii5LTQI-uBvCLrNsyKjjIbG3jfpIGWkQNZm5zMLM5Yg,,&q={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://do-search.com/web/?type=ds&ts=1431430923&z=b784aedbd7c5e393652571egazdcag3z9cde0t5o2c&from=cor&uid=ST9640320AS_5WX2449JXXXX5WX2449J&q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csMTkaZlh6EIWy_HneNQ2LqdWlIXk6lhR9shs9EhXodJBGPt8LHkYKDpqKPIqpn3tpmwo997Pu1wQ1zfCRIgrN0X6xSS7XRWyG4Ii5LTQI-uBvCLrNsyKjjIbG3jfpIGWkQNZm5zMLM5Yg,,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1420411819-1999552527-218117422-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://do-search.com/web/?type=ds&ts=1431430923&z=b784aedbd7c5e393652571egazdcag3z9cde0t5o2c&from=cor&uid=ST9640320AS_5WX2449JXXXX5WX2449J&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1420411819-1999552527-218117422-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csMTkaZlh6EIWy_HneNQ2LqdWlIXk6lhR9shs9EhXodJBGPt8LHkYKDpqKPIqpn3tpmwo997Pu1wQ1zfCRIgrN0X6xSS7XRWyG4Ii5LTQI-uBvCLrNsyKjjIbG3jfpIGWkQNZm5zMLM5Yg,,&q={searchTerms}
BHO-x32: High Stairs -> {45e60e41-85ee-4c01-9dac-1ecb9bf64179} -> C:\Program Files (x86)\High Stairs\Extensions\45e60e41-85ee-4c01-9dac-1ecb9bf64179.dll Brak pliku
BHO-x32: Sale Charger -> {7a38e53c-e000-41e4-9b5a-47447db81c2b} -> C:\Program Files (x86)\Sale Charger\Extensions\7a38e53c-e000-41e4-9b5a-47447db81c2b.dll Brak pliku
BHO-x32: Jungle Net -> {dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36} -> C:\Program Files (x86)\Jungle Net\Extensions\dcfb5bfe-1f58-4b1d-96a7-3c7bbae51b36.dll Brak pliku
FF Homepage: C:\ProgramData\Tristips\ff.HP
FF NewTab: C:\ProgramData\Tristips\ff.NT
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\cukivfoz.default\searchplugins\findit.xml [2015-08-17]
CHR Extension: (Jungle Net) - C:\Users\Asus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pajlpahdaliammhacpdhhhkfnjijmmnk [2015-08-29]
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=sc&ts=1440855853&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cornl&uid=ST9640320AS_5WX2449JXXXX5WX2449J
S1 fbemlskj; \??\C:\Windows\system32\drivers\fbemlskj.sys [X]
2015-08-29 16:09 - 2015-08-29 16:09 - 00000000 ____ D C:\Temp
2015-08-29 15:56 - 2015-08-29 15:56 - 00000000 ___HD C:\Users\Asus\AppData\Roaming\GoldenGate
2015-08-29 15:56 - 2015-08-29 15:56 - 00000000 ____ D C:\ProgramData\8WdsManPro8
2015-08-29 15:55 - 2015-08-31 11:04 - 00000000 ____ D C:\Users\Asus\AppData\Local\Gameo
2015-08-29 15:44 - 2015-08-29 15:56 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-08-29 15:44 - 2015-08-29 15:45 - 00000000 ____ D C:\ProgramData\WWdsManProW
2015-08-17 12:22 - 2015-08-17 13:05 - 00000000 ____ D C:\ProgramData\Tristip
2015-08-17 12:22 - 2015-08-17 12:22 - 00002377 _____ C:\Windows\SysWOW64\findit.xml
2015-08-17 12:22 - 2015-08-17 12:22 - 00000000 ____ D C:\ProgramData\Tristips
2015-08-17 12:20 - 2015-08-17 12:20 - 01286048 _____ C:\Users\Asus\Downloads\ReNamer-12729-dp.cpl
2015-08-16 20:41 - 2015-08-16 20:41 - 00000000 _____ C:\Windows\SysWOW64\sho80AF.tmp
C:\ProgramData\*.log
Task: {2BE8312B-8B1B-4CFB-9CC8-6BC0837CB596} - System32\Tasks\Chromium => C:\Users\Asus\AppData\Local\Chromium\APPLIC~1\440238~1.0\INSTAL~1\UNINST~1.EXE
Task: {474F42AD-2073-4566-8094-D733598A07ED} - System32\Tasks\{C25FA06C-E07F-4286-AC73-9F076AA5F6DD} => pcalua.exe -a C:\Users\Asus\Downloads\epson375890eu.exe -d C:\Users\Asus\Downloads
Task: {5D3F843E-217E-4DD3-B5D8-DEE3E1E34F96} - System32\Tasks\{FD67716B-6834-41AF-BD96-629959C056FC} => pcalua.exe -a C:\Users\Asus\Downloads\epson375890eu(1).exe -d C:\Users\Asus\Downloads
Task: {8256E7A2-6E9C-417A-95DD-B51F27B5FE13} - System32\Tasks\snf => C:\ProgramData\Tristip\1gfvh3c1.exe
Task: {DB142626-7C6F-44AE-817E-673A394A453E} - System32\Tasks\snp => C:\ProgramData\Tristip\1gfvh3c1.exe
Task: C:\Windows\Tasks\Chromium.job => C:\Users\Asus\AppData\Local\Chromium\APPLIC~1\440238~1.0\INSTAL~1\UNINST~1.EXE
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1440855853&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cornl&uid=ST9640320AS_5WX2449JXXXX5WX2449J
ShortcutWithArgument: C:\Users\Asus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1440855853&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cornl&uid=ST9640320AS_5WX2449JXXXX5WX2449J
ShortcutWithArgument: C:\Users\Asus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1440855853&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cornl&uid=ST9640320AS_5WX2449JXXXX5WX2449J
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.mystartsearch.com/?type=sc&ts=1440855853&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cornl&uid=ST9640320AS_5WX2449JXXXX5WX2449J
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.