Problem z "MyStart" search


(Kynio150) #1

Witam,

Proszę o pomoc w usunięciu "MyStart" search.

Z góry dziękuję.

Pozdrawiam.

FRST:[](http://www.wklej.org/hash/3fd284d99bc/)http://www.wklej.org/hash/3fd284d99bc/

ADDITION: http://www.wklej.org/id/1837792/

SHORTCUTE: http://www.wklej.org/id/1837803/

 

 


(Atis) #2

W panelu sterowania odinstaluj:


(Kynio150) #3

Witam,

Zrobiłem wszystko według wskazówek i przesyłam scan.

http://wklej.org/id/1838829/


(Atis) #4

Dlaczego pobierasz i samodzielnie instalujesz adware?

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
AppInit_DLLs: C:\ProgramData\Zitenop\Tresdex.dll = C:\ProgramData\Zitenop\Tresdex.dll [518656 2015-11-10] ()
AppInit_DLLs-x32: C:\ProgramData\Zitenop\Truedox.dll = C:\ProgramData\Zitenop\Truedox.dll [320512 2015-11-10] ()
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\S-1-5-21-825742627-665569584-3225954721-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdQKXdP2Oz3PAeKHQHYAinnc6i0AMhBDpiOoZa-lO8MqVvtLrOwgjMwZclPqgRMfKyHOpRfAaXiyddp5nNUOOqAClAKjXxVMavg_O0_eARit9zcjtW4DqFWJVU0LUK0bzkrKaeOs2c0hD0G7q={searchTerms}
HKU\S-1-5-21-825742627-665569584-3225954721-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdQKXdP2Oz3PAeKHQHYAinnc6i0AMhBDpiOoZa-lO8MqVvtLrOwgjMwZclPqgRMfKy2y-y4QJxh2BAJZtKWIqtwntTxDZY5mKgUdtZjaTmDoI149OEEl9hc-QrFCCBwf7rwRugq4bOuazMjg
HKU\S-1-5-21-825742627-665569584-3225954721-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdQKXdP2Oz3PAeKHQHYAinnc6i0AMhBDpiOoZa-lO8MqVvtLrOwgjMwZclPqgRMfKyHOpRfAaXiyddp5nNUOOqAClAKjXxVMavg_O0_eARit9zcjtW4DqFWJVU0LUK0bzkrKaeOs2c0hD0G7q={searchTerms}
HKU\S-1-5-21-825742627-665569584-3225954721-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdQKXdP2Oz3PAeKHQHYAinnc6i0AMhBDpiOoZa-lO8MqVvtLrOwgjMwZclPqgRMfKyHOpRfAaXiyddp5nNUOOqAClAKjXxVMavg_O0_eARit9zcjtW4DqFWJVU0LUK0bzkrKaeOs2c0hD0G7q={searchTerms}
SearchScopes: HKLM - DefaultScope - brak wartości
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-825742627-665569584-3225954721-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Brak pliku
FF NewTab: C:\\ProgramData\\Zitenops\\ff.NT
FF Homepage: C:\\ProgramData\\Zitenops\\ff.HP
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
R2 Dripkix; C:\Program Files\Dripkix\Dripkix.exe [379904 2015-11-05] () [Brak podpisu cyfrowego]
R2 webdobnloaproduco; C:\Users\Paweł\AppData\Local\dontouch.exe [46592 2015-11-09] () [Brak podpisu cyfrowego]
R2 Zitenop; C:\ProgramData\\Zitenop\\Zitenop.exe [807936 2015-10-25] () [Brak podpisu cyfrowego]
2015-11-10 19:48 - 2015-11-10 19:51 - 00000000 ____ D C:\AdwCleaner
2015-11-10 19:45 - 2015-11-10 19:45 - 00001296 _____ C:\Users\Paweł\Desktop\Continue GUPlayer.lnk
2015-11-10 19:41 - 2015-11-10 19:41 - 04810368 _____ ( ) C:\Users\Paweł\Desktop\setup_gmsd_en.exe
2015-11-10 19:38 - 2015-11-10 19:54 - 00000000 ____ D C:\ProgramData\Zitenop
2015-11-10 19:38 - 2015-11-10 19:38 - 00000000 ____ D C:\ProgramData\Zitenops
2015-11-09 20:24 - 2015-11-09 21:27 - 00000000 ____ D C:\Program Files\Dripkix
2015-11-09 20:21 - 2015-11-09 20:49 - 00000098 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-11-09 20:16 - 2009-06-10 22:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-04-14 17:28 - 2015-04-14 17:28 - 0004387 _____ () C:\Users\Paweł\AppData\Roaming\3gqFW79XpOx38TnAtRjML
C:\Users\Paweł\AppData\Local\*.exe
C:\Users\Paweł\AppData\Roaming\*.exe
2015-11-09 20:24 - 2015-11-09 20:24 - 0000187 _____ () C:\Users\Paweł\AppData\Local\dontouch.exe.config
Task: {1229766A-B70B-4F06-862E-58AF7367FF6E} - System32\Tasks\SmartWeb Upgrade Trigger Task = C:\Users\Paweł\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) ==== UWAGA
Task: {A06498C9-BEE9-486F-84A3-33FF08BA761E} - System32\Tasks\{476485F3-28CC-4EAC-91EF-AD68E9654A06} = pcalua.exe -a C:\Users\Paweł\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=tt4u
Task: C:\Windows\Tasks\3gqFW79XpOx38TnAtRjML.job = C:\Users\Paweł\AppData\Roaming\3gqFW79XpOx38TnAtRjML.exe ==== UWAGA
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job = C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe ==== UWAGA
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job = C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe ==== UWAGA
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

 

 


(Kynio150) #5

FRST: http://wklej.org/id/1838870/

ADDITION: http://wklej.org/id/1838873/

FIXLOG: http://wklej.org/id/1838875/


(Atis) #6

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM-x32 - Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Brak pliku
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden ==== UWAGA
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Skasuj folder C:\FRST