Wirus "My Start Search"

Karos64 · 30 Grudzień 2014 18:00

Witam, witam. Jestem nowym użytkownikiem tego forum. Zmierzam się z wirusem My Start Search już dobre godziny i nic Postanowiłem poradzić się was - może wy mi pomożecie w usunięciu tego dziadostwa? Próbowałem odszukać go ale nie dałem rady Czerpałem pomysły z innych for, poradniki na YouTube i nic Liczę na waszą pomoc Poniżej wstawiam logi:

Acorus · 30 Grudzień 2014 19:19

Odinstaluj Akamai NetSession Interface.Otwórz notatnik systemowy i wklej:

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT
AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\Seweryn\Dane aplikacji:NT
AlternateDataStreams: C:\Users\Seweryn\Dane aplikacji:NT2
AlternateDataStreams: C:\Users\Seweryn\AppData\Roaming:NT
AlternateDataStreams: C:\Users\Seweryn\AppData\Roaming:NT2
HKU\S-1-5-21-1264899644-1329492482-3852663583-1000\Software\Classes\.exe: exefile = ===== ATTENTION!
HKU\S-1-5-21-1264899644-1329492482-3852663583-1000\Software\Classes\exefile: ===== ATTENTION!
HKLM\...\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1264899644-1329492482-3852663583-1000\...\RunOnce: [Adobe Speed Launcher] = 1419961146
HKU\S-1-5-21-1264899644-1329492482-3852663583-1001\...\MountPoints2: {51a75d66-e741-11e3-b8c2-806e6f6e6963} - E:\Run.exe
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-1264899644-1329492482-3852663583-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590q={searchTerms}
HKU\S-1-5-21-1264899644-1329492482-3852663583-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hpts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590
HKU\S-1-5-21-1264899644-1329492482-3852663583-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mystartsearch.com/?type=hpts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=scts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590q={searchTerms}
SearchScopes: HKU\S-1-5-21-1264899644-1329492482-3852663583-1000 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590q={searchTerms}
SearchScopes: HKU\S-1-5-21-1264899644-1329492482-3852663583-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=dsts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590q={searchTerms}
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Seweryn\AppData\Roaming\Mozilla\Firefox\Profiles\j4yxehsu.default\extensions\faststartff@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.mystartsearch.com/?type=scts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590
CHR HomePage: Default - hxxp://www.mystartsearch.com/?type=hpts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590
CHR StartupUrls: Default - "hxxp://www.mystartsearch.com/?type=hpts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590"
CHR DefaultSearchKeyword: Default - mystartsearch
CHR DefaultSearchURL: Default - http://www.mystartsearch.com/web/?type=dsts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590q={searchTerms}
CHR Extension: (SourceApp) - C:\Users\Seweryn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gblicenfccbbfbbckpniokgiocepiada [2014-12-30]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.mystartsearch.com/?type=scts=1419946145from=smtuid=WDCXWD10EZEX-00RKKA0_WD-WMC1S062059020590
S2 Update SourceApp; "C:\Program Files (x86)\SourceApp\updateSourceApp.exe" [X]
S2 Update trolatunt; "C:\Program Files (x86)\trolatunt\updatetrolatunt.exe" [X]
S2 Util SourceApp; "C:\Program Files (x86)\SourceApp\bin\utilSourceApp.exe" [X]
R1 {02fbc4ae-66cc-4219-94c9-1ee6e15d3402}w64; C:\Windows\System32\drivers\{02fbc4ae-66cc-4219-94c9-1ee6e15d3402}w64.sys [48784 2014-12-29] (StdLib)
R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w64; C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}w64.sys [61112 2014-07-21] (StdLib)
S3 FairplayKD; \\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
R2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
2014-12-30 14:38 - 2014-12-29 16:33 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{02fbc4ae-66cc-4219-94c9-1ee6e15d3402}w64.sys
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Karos64 · 30 Grudzień 2014 19:30

Zrobiłem tak jak pisałeś, zresetowałem komputer ale wciąż po włączeniu przeglądarki wyskakuje mi jako storna startowa My Start Search Używam Mozilli Firefox, w opcjach mam jako stronę startową google.pl

Acorus · 30 Grudzień 2014 19:39

Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

Reset Firefoxa: Pomoc-Informacje dla pomocy technicznej-Zresetuj program Firefox

Karos64 · 30 Grudzień 2014 19:55

Jest ok Użyłem tego programu, zresetowałem kompa i wszystko działa W ogóle komputer szybciej chodzi Dzięki wielkie. Można zamknąć.