Cześć. Raz pobierałem program, do tego wkradł mi się niechciany mystartsearch.
Chrome -> Ustawiennia. W opcji “po uruchomieniu” wybierz “otwórz konkretną strone lub zestaw stron” i przejdz do “wybierz strony”. Skasuj wszystkie z mystarsearch, zatwierdz “ok”
W opcji “szukaj” wybierz google lub inna, przejdz do “zarzadzj wyszukarkami…” i w górnym oknie skasuj wszystkie wpisy z mystarsearch, zatwierdz “gotowe”. zrestartuj chrome.
Dla pewności sprawdz tez rozszerzenia
Odinstaluj SpyHunter4 wersja 4.16.5.4290.Otwórz notatnik systemowy i wklej:
HKU\S-1-5-21-637233061-3395407107-138870415-1000\...\Run: [ASRockXTU] = [X]
HKU\S-1-5-21-637233061-3395407107-138870415-1000\...\Run: [zASRockInstantBoot] = [X]
HKU\S-1-5-21-637233061-3395407107-138870415-1000\...\Run: [Facebook Update] = C:\Users\Tomek\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-08-29] (Facebook Inc.)
HKU\S-1-5-21-637233061-3395407107-138870415-1000\...\Run: [AdobeBridge] = [X]
HKU\S-1-5-21-637233061-3395407107-138870415-1000\...\Winlogon: [Shell] C:\Windows\expstart.exe [925184 2015-01-19] () ==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-637233061-3395407107-138870415-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1417109130from=smtuid=ST500DM002-1BD142_Z3TAMH14XXXXZ3TAMH14q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1417109130from=smtuid=ST500DM002-1BD142_Z3TAMH14XXXXZ3TAMH14q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1417109130from=smtuid=ST500DM002-1BD142_Z3TAMH14XXXXZ3TAMH14q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1417109130from=smtuid=ST500DM002-1BD142_Z3TAMH14XXXXZ3TAMH14q={searchTerms}
BHO: No Name - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - No File
BHO: No Name - {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} - No File
CHR StartupUrls: Default - "hxxp://www.mystartsearch.com/?type=hpts=1417109130from=smtuid=ST500DM002-1BD142_Z3TAMH14XXXXZ3TAMH14", "hxxp://www.mystartsearch.com/?type=hpts=1421782440from=smtuid=ST500DM002-1BD142_Z3TAMH14XXXXZ3TAMH14", "hxxp://www.mystartsearch.com/?type=hpppts=1421782511from=smtuid=ST500DM002-1BD142_Z3TAMH14XXXXZ3TAMH14"
S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
S2 Update Dolphin Deals; "C:\Program Files (x86)\Dolphin Deals\updateDolphinDeals.exe" [X]
S3 cpuz137; \\C:\Users\Tomek\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
2015-01-21 18:10 - 2015-01-21 18:10 - 00003200 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-01-21 18:09 - 2015-01-21 20:19 - 00082972 _____ () C:\spyhunter.fix
2015-01-21 18:09 - 2010-05-13 17:34 - 00014232 _____ () C:\Windows\SysWOW64\sh4native.exe
2015-01-21 17:32 - 2015-01-21 17:32 - 00000559 _____ () C:\Users\Tomek\Desktop\SpyHunter4.lnk
2015-01-21 17:32 - 2015-01-21 17:32 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter4
2015-01-21 17:32 - 2012-06-22 11:01 - 00019984 _____ () C:\Windows\SysWOW64\Drivers\EsgScanner.sys
2015-01-21 17:32 - 2012-06-22 11:01 - 00019984 _____ () C:\Windows\system32\EsgScanner.sys
2015-01-21 17:31 - 2014-01-01 12:43 - 53590538 _____ ( ) C:\Users\Tomek\Desktop\SpyHunter4 4.16.5.4290 ENG -full.exe
2015-01-21 16:57 - 2015-01-21 16:57 - 00000000 ____ D () C:\Program Files (x86)\Enigma Software Group
2015-01-21 16:34 - 2015-01-21 16:34 - 00017025 _____ () C:\Users\Tomek\Desktop\[www.tnt24.info] SpyHunter4 4.16.5.4290 [ENG] [FULL].torrent
C:\ProgramData\fontcacheev1.dat
C:\ProgramData\wget.exe
C:\ProgramData\wmc.exe
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Problem dalej występuje, choć zrobiłem to co Acorus i oggi.