Problem MYSEARCH!

Dla specjalistów Bezpieczeństwo
#1

Witam, zwracam się z prośbą o pomoc w usunięciu mystartsearch oraz reklam który wyskakują mi w ogromnych ilościach.

 

FRST:

http://wklej.org/id/1602120/

 

Addition:

http://wklej.org/id/1602122/

 

Próbowałem już zalecanych programów, ale nic nie pomaga, bardzo proszę o pomoc.

 

Pozdrawiam.

 

#2

Otwórz notatnik systemowy i wklej:

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3976734561-3395651566-1454279155-1002Core1d00cd4b62e9f04.job = C:\Users\Martyna\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-3976734561-3395651566-1454279155-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3976734561-3395651566-1454279155-1001 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR StartupUrls: Default - "hxxp://www.mystartsearch.com/?type=hpppts=1420459002from=smtuid=TOSHIBAXMQ01ABF050_14JKCCP4TXX14JKCCP4T"
S2 0116211421180095mcinstcleanup; C:\Users\Martyna\AppData\Local\Temp\011621~1.EXE -cleanup -nolog [X]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
2015-01-20 18:04 - 2015-01-20 18:04 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Martyna\Downloads\sh-remover (1).exe
2015-01-20 17:42 - 2015-01-20 18:12 - 00000000 ____ D () C:\Users\Martyna\AppData\Roaming\Enigma Software Group
2015-01-20 17:41 - 2015-01-20 17:41 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Martyna\Downloads\SpyHunter-Installer.exe
2015-01-20 17:39 - 2015-01-20 17:39 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Martyna\Downloads\sh-remover.exe
2015-01-20 17:21 - 2015-01-20 17:27 - 00000000 ____ D () C:\AdwCleaner
2015-01-18 12:59 - 2015-01-18 12:59 - 00000000 __SHD () C:\found.000
2015-01-13 21:20 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-13 21:20 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-13 21:20 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-13 21:20 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-13 21:20 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-13 21:20 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2015-01-13 21:20 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-13 21:20 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-13 21:20 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-13 21:19 - 2015-01-13 21:37 - 00000000 ____ D () C:\Qoobox
2015-01-13 21:19 - 2015-01-13 21:37 - 00000000 ____ D () C:\ComboFix
C:\ProgramData\uninstall442755.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.