MyStart Search

Witam, mam problem a mianowicie razem z jakimś programem zainstalował mi się MyStart search, wyskakują denerwujące reklamy i inne tego typu rzeczy, ponadto zmieniła się strona główna przeglądarki, proszę o pomoc. Poniżej FRST i Addition

 

FRST : http://wklej.org/id/1595507/

 

Addition : http://wklej.org/id/1595508/

Masa odpadków Adware.

 

Uzyłeś/aś programu Spyhunter - zdala od niego, program niby wykrywa infekcję “A” lub “B” ale usunięcie jej jest już płatne. 

 

Wstepne działania:

 

1.   Do notatnika wklej i zapisz jako  fixlist.txt i  kliknij  Fix  w Interfejsie  FRST

Plik  fixlist.txt  umieść  obok  programu  FRST

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3458515138-4131406461-1510917979-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4&q={searchTerms}
HKU\S-1-5-21-3458515138-4131406461-1510917979-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
HKU\S-1-5-21-3458515138-4131406461-1510917979-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-3458515138-4131406461-1510917979-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3458515138-4131406461-1510917979-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4
HKU\S-1-5-21-3458515138-4131406461-1510917979-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hp&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchbomb.info/?l=1&q={searchTerms}&pid=377&r=2013/11/30&hid=6629138046056154187&lg=EN&cc=PL&unqvl=42
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1000 -> DefaultScope {8D3A201D-2990-4b71-A5F3-C5A52389DAEC} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1000 -> {42168F92-DA71-42E6-BC7F-132EAC1F1899} URL = http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q={searchTerms}&sa=Search&siteurl=qooqlle.com%2F <===== ATTENTION
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1000 -> {78AA502F-AD3D-4b70-BEDE-627CA21D2239} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1000 -> {8D3A201D-2990-4b71-A5F3-C5A52389DAEC} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={88473464-5F55-4349-A8F1-844D5E3C8666}&mid=2b58e6411a5c453aa159bb2c1f9c2fcd-a1b3488e6e3a29cd44a2609343b53f035c13bcff&lang=pl&ds=ik011&pr=&d=2012-12-01 11:50:16&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = http://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1003 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1003 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3325388&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP9B1FAD12-25C0-4744-85F8-86AB19877125&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1003 -> {34504900-830F-40b3-AEA0-007271925F96} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={88473464-5F55-4349-A8F1-844D5E3C8666}&mid=2b58e6411a5c453aa159bb2c1f9c2fcd-a1b3488e6e3a29cd44a2609343b53f035c13bcff&lang=pl&ds=ik011&pr=&d=2012-12-01 11:50:16&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1003 -> {ADEFBDB8-0DEB-4AFF-8CD1-C477370C321D} URL = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102876&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=6G&apn_dtid=YYYYYYYYPL&apn_uid=adfefde9-98b9-4aae-bb3a-bfea461d3138&apn_sauid=42ED8B58-E22A-4A5E-ADBD-2EB18C4345B5
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1003 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchbomb.info/?l=1&q={searchTerms}&pid=377&r=2013/11/30&hid=6629138046056154187&lg=EN&cc=PL&unqvl=42
SearchScopes: HKU\S-1-5-21-3458515138-4131406461-1510917979-1003 -> {F2F05BE7-7AA8-4baa-8C26-9F9CCD4A0031} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pl&q={searchTerms}
CHR Extension: (SearchNewTab) - C:\Users\Wiktor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdjofokjincmdkmbkghojghmhfiegban [2013-11-30]
S2 servervo; C:\Users\Wiktor\AppData\Roaming\VOPackage\VOsrv.exe [133120 2015-01-14] () [File not signed] <==== ATTENTION
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2015-01-14] (Fuyu LIMITED) [File not signed]
Task: {94BA5D64-ACFE-4385-97EB-8E68CBBB92FA} - System32\Tasks\SmartPCFix Task => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
Task: {D12DAEEF-C9F9-4B97-BB9E-CF6888EB5DE0} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\SmartPCFix Task.job => C:\Program Files (x86)\SmartPCFix\SmartPCFix.exe <==== ATTENTION
HKU\S-1-5-21-3458515138-4131406461-1510917979-1003\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\S-1-5-21-3458515138-4131406461-1510917979-1003\Software\Classes\exefile: <===== ATTENTION!
EmptyTemp:
DeleteQuarantine:
  1. Przez Panel Sterowania odinstaluj:

Browser Configuration Utility

FoxTab FLV Player

MediaBar

Remote Desktop Access

YourFileDownloader

YTD Video Downloader 4.5

Java 6 Update 30

AVG Security Toolbar

SpyHunter

 

  1. Te Programy zaktualizuj:

Java 7 Update 25

 

  1. W Google Chrome zmień stronę startową z  mystartsearch na google.pl

    Chrome:

    CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4
    CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4"
    CHR DefaultSearchKeyword: Default -> mystartsearch
    CHR DefaultSearchURL: Default -> http://www.mystartsearch.com/web/?type=ds&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4&q={searchTerms}

5. Pobierz  AdwClaner  uruchom go i kliknij  szukaj  a gdy ukatywni się przycisk  usuń  kliknij go.

 

Adwclaner:  http://www.bleepingcomputer.com/download/adwcleaner/

 

  1. Wrzuć raport ze skryptu i z  Adwclaner  (Raport z Adwclaner znajduję sięw tym folderze: C:\AdwCleaner) + zrób nowe logi z FRST (Zaznacz też: Addition i ShortCup )

Gdzie zmienić te ustawienia w Chrome ? Korzystam z Firefoxa więc obeznany nie jestem. O jaki skrypt chodzi? Mam taką sytuację pierwszy raz, więc jestem całkowicie zielony :slight_smile:

 

Tu są z Adw, były 2, jeden [R0] drugi [s0] więc wrzucam oba :

 

[R0] - http://wklej.org/id/1596005/

 

[s0] - http://wklej.org/id/1596007/

 

FRST - http://wklej.org/id/1596059/

 

Addition - http://wklej.org/id/1596060/

 

Adw - http://wklej.org/id/1596517/

Jeżeli wykonałeś punkt 1 to dostarcz raport (Fixlog.txt) 

 

Menu > Ustawienia > Szukaj > Zarządzaj Wyszukiwarkami > usuń  mystartsearch  (O ile jeszcze tam jest)

 

Wklej jeszcze raz log Addition Bo jest niekompletny

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2015 01
Ran by Wiktor at 2015-01-14 22:09:05
Running from C:\Users\Wiktor\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Addition - http://wklej.org/id/1596747/

 

Chodzi o ten skrypt ? - http://wklej.org/id/1596751/

Tak chodzi o ten skrypt - wykonałeś go? 

 

Poprawkowe Działania: 

 

1.   Do notatnika wklej i zapisz jako  fixlist.txt i  kliknij  Fix  w Interfejsie  FRST

Plik  fixlist.txt  umieść  obok  programu  FRST

CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3458515138-4131406461-1510917979-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1421246684&from=amt&uid=ST3500418AS_9VMVBXX4XXXX9VMVBXX4"
EmptyTemp:
DeleteQuarantine:
  1. Przez panel sterowania Odinstaluj: 

Akamai NetSession Interface - Zbędnik

 

  1. Te Programy Zaktualizuj:

Java  7  Update 25

 

  1. Wrzuć raport ze skryptu (Fixlog)    + zrób nowe logi z  FRST  (Zaznacz też:  Addition  i  ShortCup ) + Napisz czy problem nadal wsytępuje.