"Scumware" daje jako stroną główną Googl'a - mystartsearch*

Qfelek · 26 Grudzień 2014 14:36

To samo z resztą przeglądarek, wczoraj przed zamknięciem systemu widziałem dokładną lokalizację programu, dzisiaj zaś go nie widzę…

Logi:

-FRST : http://www.wklej.org/id/1567609/

-Addition : http://www.wklej.org/id/1567611/

Z góry dzięki za pomoc,

Kufel

Acorus · 26 Grudzień 2014 14:50

Otwórz notatnik systemowy i wklej:

Task: {8807810A-9599-4E9A-B54F-E2CD1D216F27} - System32\Tasks\{4ED71A7E-0069-40C0-A2BF-10E1ED4C6EBD} = pcalua.exe -a "C:\Program Files (x86)\SupTab\uninstall.exe" -d "C:\Program Files (x86)\SupTab"
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-12-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-928099929-3843112184-665133106-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] = "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKU\S-1-5-21-928099929-3843112184-665133106-1000\...\Run: [DAEMON Tools Lite] = C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-928099929-3843112184-665133106-1000\...\Run: [AdobeBridge] = [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3M
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3M
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3Mq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3Mq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3M
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3M
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3Mq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3Mq={searchTerms}
HKU\S-1-5-21-928099929-3843112184-665133106-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3M
HKU\S-1-5-21-928099929-3843112184-665133106-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3M
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3M
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3Mq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3Mq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3Mq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3Mq={searchTerms}
SearchScopes: HKU\S-1-5-21-928099929-3843112184-665133106-1000 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3Mq={searchTerms}
SearchScopes: HKU\S-1-5-21-928099929-3843112184-665133106-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3Mq={searchTerms}
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=scts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3M
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=scts=1419562599from=wpcuid=ST3250410AS_6RY7BW3MXXXX6RY7BW3M
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-12-26] (Cherished Technololgy LIMITED)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
2014-12-26 04:27 - 2014-12-26 04:27 - 00002992 _____ () C:\Windows\System32\Tasks\{7FDFA9F4-E98A-4568-81E7-FFE786AB9030}
2014-12-26 04:06 - 2014-12-26 04:06 - 00003162 _____ () C:\Windows\System32\Tasks\{4ED71A7E-0069-40C0-A2BF-10E1ED4C6EBD}
2014-12-26 04:05 - 2014-12-26 04:05 - 00000000 ____ D () C:\ProgramData\3872871776
2014-12-26 03:57 - 2014-12-26 03:57 - 00000000 ____ D () C:\ProgramData\IePluginServices
2014-12-26 03:55 - 2014-12-26 03:55 - 00000000 ____ D () C:\ProgramData\5826503660046950823
2014-12-26 03:54 - 2014-12-26 03:54 - 00000000 ____ D () C:\ProgramData\lolmpoafigpdpcdhcddkkcpomjkojldp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Qfelek · 26 Grudzień 2014 15:35

Wszytko jest już OK

Dzięki za pomoc, ale mam pewien problem, zainstalowałem Google Chrome ponownie i pokazuje mi jakieś osoby i nie chce mi wczytać "www.google.pl’ i ustawień przeglądarki …

Acorus · 26 Grudzień 2014 16:01

Skasuj folder C:\FRST.Możesz usunąć.