Problem z MyStartSearch

MiniMarta · 24 Listopad 2014 18:30

Spotkała mnie dzisiaj nieprzyjemna sprawa związana z tytułowym “robaczkiem”, który coś mi robi z Chromem.

Logi:

FRST: http://wklej.org/id/1536687/

Addition: http://wklej.org/id/1536688/

Po użyciu AdwCleaner:

FRST: http://wklej.org/id/1536714

Addition: http://wklej.org/id/1536715/

Acorus · 24 Listopad 2014 18:51

Odinstaluj WindowsMangerProtect20.0.0.1270.Otwórz Notatnik i wklej:

HKLM-x32\...\RunOnce: [downloadnetpl] = [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1416851596from=smtuid=HitachiXHTS547575A9E384_J2590020CP0YNGCP0YNGXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1416851596from=smtuid=HitachiXHTS547575A9E384_J2590020CP0YNGCP0YNGX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1416851596from=smtuid=HitachiXHTS547575A9E384_J2590020CP0YNGCP0YNGX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1416851596from=smtuid=HitachiXHTS547575A9E384_J2590020CP0YNGCP0YNGXq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=scts=1416847921from=smtuid=HitachiXHTS547575A9E384_J2590020CP0YNGCP0YNGX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1416851596from=smtuid=HitachiXHTS547575A9E384_J2590020CP0YNGCP0YNGXq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1416851596from=smtuid=HitachiXHTS547575A9E384_J2590020CP0YNGCP0YNGXq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1416851596from=smtuid=HitachiXHTS547575A9E384_J2590020CP0YNGCP0YNGXq={searchTerms}
SearchScopes: HKU\S-1-5-21-17723192-2672941806-458485130-1001 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1416851596from=smtuid=HitachiXHTS547575A9E384_J2590020CP0YNGCP0YNGXq={searchTerms}
SearchScopes: HKU\S-1-5-21-17723192-2672941806-458485130-1001 - {B45353B5-00A9-4679-895C-0C2B40727635} URL = http://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=888596p={searchTerms}
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF SearchPlugin: C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\kxao3vu3.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\SONY\AppData\Roaming\Mozilla\Firefox\Profiles\kxao3vu3.default\extensions\faststartff@gmail.com
CHR HomePage: Default - hxxp://www.mystartsearch.com/?type=hpts=1416851596from=smtuid=HitachiXHTS547575A9E384_J2590020CP0YNGCP0YNGX
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx [2013-04-26]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=scts=1416851596from=smtuid=HitachiXHTS547575A9E384_J2590020CP0YNGCP0YNGX
R4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [490640 2014-11-24] (Fuyu LIMITED)
S2 51cdb72; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.11\OptProCrash.dll",ENT
S2 Update FindRight; "C:\Program Files (x86)\FindRight\updateFindRight.exe" [X]
2014-11-24 19:04 - 2014-11-24 19:08 - 00000000 ____ D () C:\AdwCleaner
2014-11-24 18:53 - 2014-11-24 18:53 - 00000000 ____ D () C:\Users\SONY\AppData\Roaming\mystartsearch
2014-11-24 17:55 - 2014-11-24 17:55 - 00003134 _____ () C:\WINDOWS\System32\Tasks\{EAD25155-8BE6-4CE2-82FF-27522B81C0D5}
2014-11-24 17:52 - 2014-11-24 17:52 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

MiniMarta · 24 Listopad 2014 19:09

Nie mogę znaleźć tego WindowsMangerProtect (czuję się, jak głupia blondynka) - jakieś wskazówki?

Acorus · 24 Listopad 2014 19:14

Pomiń to.Wykonaj resztę.

MiniMarta · 24 Listopad 2014 19:29

Śmiga! Dziękuję baaaaaaaaaardzo!

Acorus · 24 Listopad 2014 19:32

Skasuj folder C:\FRST