MyStartSearch i PriceLEes

buruk · 31 Grudzień 2014 10:16

Cześć. Nie widzę nic podejrzanego w programach, rozszerzenie cały czas wraca. Będę wdzięczna za waszą pomoc.

additional: http://www.wklej.org/id/1580476/

Acorus · 31 Grudzień 2014 10:53

Otwórz notatnik systemowy i wklej:

GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307q={searchTerms}
HKU\S-1-5-21-3906108991-2579078616-2179101024-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307
HKU\S-1-5-21-3906108991-2579078616-2179101024-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307q={searchTerms}
SearchScopes: HKU\S-1-5-21-3906108991-2579078616-2179101024-1000 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307q={searchTerms}
SearchScopes: HKU\S-1-5-21-3906108991-2579078616-2179101024-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419969986from=epomuid=ST500LM012XHN-M500MBB_S2U3J9AC369307q={searchTerms}
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Cantataweb 1.0.0.6 - {aab803bd-f01b-423a-a89a-60af476e9f12} - C:\Program Files (x86)\Cantataweb\Cantatawebbho.dll (Cantataweb)
CHR Extension: (Cantataweb) - C:\Users\Ziemniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\epghbendcpmjldedcoeijdpnhelpgfhe [2014-12-31]
CHR Extension: (PriceLEsS) - C:\Users\Ziemniak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijnehagpionjkjlkfbefifcbbcncnngc [2014-12-30]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-12-30] (Cherished Technololgy LIMITED)
R2 Update Cantataweb; C:\Program Files (x86)\Cantataweb\updateCantataweb.exe [524528 2014-12-31] ()
R2 Util Cantataweb; C:\Program Files (x86)\Cantataweb\bin\utilCantataweb.exe [524528 2014-12-31] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [473088 2014-12-30] (Fuyu LIMITED) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R1 {712468b8-4dfb-46c0-98af-bf15febdd97a}Gw64; C:\Windows\System32\drivers\{712468b8-4dfb-46c0-98af-bf15febdd97a}Gw64.sys [48784 2014-12-29] (StdLib)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-12-30 12:17 - 2014-12-30 12:17 - 00000000 ____ D () C:\Users\Ziemniak\Documents\Optimizer Pro
2014-12-30 12:16 - 2014-12-29 15:52 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{712468b8-4dfb-46c0-98af-bf15febdd97a}Gw64.sys
2014-12-30 12:07 - 2014-12-31 10:52 - 00000000 ____ D () C:\Program Files (x86)\Cantataweb
2014-12-30 12:06 - 2014-12-30 23:02 - 00000000 ____ D () C:\ProgramData\PriceLEsS
2014-12-30 12:06 - 2014-12-30 23:02 - 00000000 ____ D () C:\Program Files (x86)\Bench
2014-12-30 12:06 - 2014-12-30 12:13 - 00000000 ____ D () C:\ProgramData\6d5ffd26a5b33a2d
2014-12-30 12:06 - 2014-12-30 12:13 - 00000000 ____ D () C:\Program Files (x86)\PriceLEsS
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Ziemniak\AppData\Local\Torch
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Ziemniak\AppData\Local\pricehorse
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Ziemniak\AppData\Local\Comodo
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Ziemniak\AppData\Local\Chromatic Browser
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Guest\AppData\Local\Torch
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Guest\AppData\Local\Google
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Guest\AppData\Local\Comodo
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Guest
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Torch
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Google
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Comodo
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Users\Administrator
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\ProgramData\IePluginServices
2014-12-30 12:06 - 2014-12-30 12:06 - 00000000 ____ D () C:\Program Files (x86)\SupTab
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

buruk · 31 Grudzień 2014 11:32

Dzięki wielkie, działa:)

Acorus · 31 Grudzień 2014 11:37

Skasuj folder C:\FRST