Mystartsearch.com oraz lekkie przymulenie kompa

Maey · 10 Kwiecień 2015 17:34

Ostatnio coś mam pecha z sprzętem i łapaniem robali ;<

Acorus · 10 Kwiecień 2015 17:54

Otwórz notatnik systemowy i wklej:

IFEO\allplayer.exe: [Debugger] "G:\AVGTuneUP\TUAutoReactivator64.exe"
IFEO\hpsf.exe: [Debugger] "G:\AVGTuneUP\TUAutoReactivator64.exe"
IFEO\isctmodernui.exe: [Debugger] "G:\AVGTuneUP\TUAutoReactivator64.exe"
IFEO\isctsystray8.exe: [Debugger] "G:\AVGTuneUP\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "G:\AVGTuneUP\TUAutoReactivator64.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXq={searchTerms}
HKU\S-1-5-21-3650141985-1852492499-3176716318-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMX
HKU\S-1-5-21-3650141985-1852492499-3176716318-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-3650141985-1852492499-3176716318-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXq={searchTerms}
SearchScopes: HKU\S-1-5-21-3650141985-1852492499-3176716318-1001 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=wpcutm_campaign=install_ieutm_content=dsfrom=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXts=1428664348type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3650141985-1852492499-3176716318-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=wpcutm_campaign=install_ieutm_content=dsfrom=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXts=1428664348type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3650141985-1852492499-3176716318-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=wpcutm_campaign=install_ieutm_content=dsfrom=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXts=1428664348type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3650141985-1852492499-3176716318-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=wpcutm_campaign=install_ieutm_content=dsfrom=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXts=1428664348type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-3650141985-1852492499-3176716318-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=butm_medium=wpcutm_campaign=install_ieutm_content=dsfrom=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMXts=1428664348type=defaultq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMX
FF SelectedSearchEngine: mystartsearch
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Slawomir\AppData\Roaming\Mozilla\Firefox\Profiles\313fkbmb.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Slawomir\AppData\Roaming\Mozilla\Firefox\Profiles\313fkbmb.default\extensions\istart_ffnt@gmail.com
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=scts=1428664324from=wpcuid=HGSTXHTS541010A9E680_JA1000CRHM1VTMHM1VTMX
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-04-02] (XTab system)
2015-04-10 17:54 - 2015-04-10 17:54 - 00003038 _____ () C:\Windows\System32\Tasks\{3FA830E9-B8ED-4967-A9B3-B9785D314F53}
2015-04-10 13:12 - 2015-04-10 14:05 - 00000000 ____ D () C:\Program Files (x86)\XTab
2015-04-10 13:12 - 2015-04-10 13:12 - 00003986 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-04-10 13:12 - 2015-04-10 13:12 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-04-10 13:11 - 2015-04-10 17:49 - 00000000 ____ D () C:\Program Files (x86)\Redirect Path
2015-04-10 13:10 - 2015-04-10 17:48 - 00000000 ____ D () C:\Program Files (x86)\SaLePlus
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.

Maey · 10 Kwiecień 2015 19:22

Odinstalować chyba Firefox ? (chrome nie ma, nie widzę) Dać po tym wszystkim jeszcze raz logi ?

Atis · 10 Kwiecień 2015 19:39

Chodzi o pozostałość po Chrome.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

Reg: reg delete HKCU\Software\Google /f
Reg: reg delete HKLM\SOFTWARE\Google /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

Maey · 10 Kwiecień 2015 20:12

Fixlog

Atis · 10 Kwiecień 2015 20:41

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
2015-04-10 21:16 - 2015-04-10 21:17 - 00000000 ____ D () C:\AdwCleaner
2015-04-10 13:10 - 2015-04-10 17:46 - 00000000 ____ D () C:\ProgramData\{291f9f39-e6c0-61d5-291f-f9f39e6c7ce7}
2015-04-10 13:10 - 2015-04-10 13:10 - 00000000 ____ D () C:\ProgramData\4893237216613397952
2015-04-10 13:13 - 2015-04-10 13:13 - 0011808 _____ () C:\Users\Slawomir\AppData\Local\Temp-log.txt
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Przywracanie systemu i kopie w tle

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Maey · 10 Kwiecień 2015 22:08

Fixlog

Atis · 10 Kwiecień 2015 23:21

W programie Malwarebytes.