Witam.Posiadam wirusa “Mystartsearch” i nie mogę go usunąć.Zrobiłem logi programem FRST. Bardzo proszę o pomoc w tej sprawie bo nie można normalnie pracować na komputerze.Tutaj podaję uzyskane wyniki :
Bardzo prosze o pomoc
W panelu sterowania odinstaluj:
brainwash
Browsers Protector
CenturyUpgrader
globalupdate Helper
IncludeInstance
LiveVDO plugin 1.3
mystartsearch uninstall
ProcessGeneration
RelayRise
StartSearch Toolbar 1.3
TampaTrim
Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.
Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses:
HKLM-x32\...\Run: [mbot_pl_014010074] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010074] => [X]
HKLM-x32\...\Run: [gmsd_pl_005010075] => [X]
AppInit_DLLs-x32: c:\progra~2\suptab\search~1.dll => Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => Brak pliku
CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
CHR HKU\S-1-5-21-2779775227-1869173736-4078661103-1001\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2779775227-1869173736-4078661103-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL =
FF Extension: PriceFountain - C:\Users\Kondr\AppData\Roaming\Mozilla\Firefox\Profiles\fnrtdpqh.default-1416031270118\extensions\staged\{b6a94784-0ffb-4121-88c6-435139067ee2}.xpi [2015-08-29]
S2 jimocoso; C:\Program Files (x86)\46364331-1440825346-3634-3443-4334FFFFFFFF\jnsi3AEF.tmp [227328 2015-08-29] () [Brak podpisu cyfrowego]
S2 totyseku; C:\Program Files (x86)\46364331-1440825346-3634-3443-4334FFFFFFFF\hnsi57E3.tmp [137728 2015-08-29] () [Brak podpisu cyfrowego]
S2 bymimihu; C:\Program Files (x86)\46364331-1440825346-3634-3443-4334FFFFFFFF\knsxFEF2.tmpfs [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 RTHDMIAzAudService; system32\drivers\RtHDMIVX.sys [X]
R4 SPBIUpdd; \??\C:\Program Files\Common Files\ShopperPro\spbiw.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
R1 {2b4f8230-394e-4951-9495-bafd44d837da}w64; system32\drivers\{2b4f8230-394e-4951-9495-bafd44d837da}w64.sys [X]
R1 {bf5001a3-ae7a-4910-925a-5060ef2c0508}w64; system32\drivers\{bf5001a3-ae7a-4910-925a-5060ef2c0508}w64.sys [X]
2015-08-30 07:02 - 2015-08-30 07:10 - 00000000 ____ D C:\AdwCleaner
2015-08-30 05:37 - 2015-08-30 05:37 - 00000000 ____ D C:\ProgramData\QWdsManProQ
2015-08-29 20:38 - 2015-08-29 20:45 - 00000000 ____ D C:\ProgramData\STOPzilla!
2015-08-29 20:38 - 2015-08-29 20:38 - 00000000 ____ D C:\Program Files (x86)\iS3
2015-08-29 15:54 - 2015-08-30 05:37 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-08-29 15:54 - 2015-08-29 19:48 - 00000000 ____ D C:\ProgramData\4WdsManPro4
2015-08-29 07:51 - 2015-08-29 20:18 - 00000434 _____ C:\task.vbs
2015-08-29 07:29 - 2015-08-29 20:28 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-29 07:29 - 2015-08-29 07:29 - 00000000 ____ D C:\Users\Public\QiYi
2015-08-29 07:27 - 2015-08-29 20:19 - 00000000 ____ D C:\Program Files (x86)\baidu
2015-08-29 07:16 - 2011-11-20 17:03 - 00000098 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-29 07:15 - 2015-08-29 07:29 - 00000000 ____ D C:\Program Files (x86)\46364331-1440825346-3634-3443-4334FFFFFFFF
2015-08-24 07:30 - 2015-08-26 15:29 - 00000000 ____ D C:\Program Files (x86)\ProcessGeneration
2015-08-24 07:30 - 2015-08-26 15:29 - 00000000 ____ D C:\Program Files (x86)\IncludeInstance
2014-10-30 20:42 - 2014-10-30 21:08 - 6000640 _____ () C:\Program Files (x86)\GUTFBCF.tmp
2015-07-21 14:54 - 2015-07-21 14:54 - 0459464 _____ (TODO: <公司名>) C:\Program Files (x86)\SSFK.exe
2014-08-10 06:39 - 2015-06-23 05:53 - 0000020 _____ () C:\Users\Kondr\AppData\Roaming\appdataFr2.bin
C:\Users\Kondr\AppData\Local\*.exe
C:\Users\Kondr\AppData\Local\*.tmp
Task: {1A9000C8-71B7-4BC0-9487-0F8A34B274BE} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe [2015-08-29] () <==== UWAGA
Task: {1CFBD283-E320-4EBE-845B-A24C1025B934} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: {1FFDF296-A2FB-4968-B899-E3FC82577F91} - System32\Tasks\SPBIW_UpdateTask_Time_323735363339373537312d235b783432415b45345a2d6c => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== UWAGA
Task: {236E28DE-DD8F-4CD0-AB38-B1F358730843} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-29] (globalUpdate) <==== UWAGA
Task: {257CBCCB-10CA-4283-90F0-E8BC5D871B65} - System32\Tasks\{1648A798-520E-45EF-87A0-CF137A59BA6F} => Chrome.exe
Task: {48EE285D-D425-4AE8-B8B0-3A5CC0B11F21} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== UWAGA
Task: {4A84A0A9-8756-4F2F-B668-6654E5E4B7A0} - System32\Tasks\{A3F088FF-51EC-4FF6-AE97-E7C683C08A68} => pcalua.exe -a C:\Users\Kondr\Desktop\FreeRapid-0.86\frd.exe -d C:\Users\Kondr\Desktop\FreeRapid-0.86
Task: {4F474A2C-8791-4B4B-88FB-FA935753AF90} - System32\Tasks\Bidaily Synchronize Task[8da6] => c:\programdata\{9337f8bb-36eb-9917-9337-7f8bb36ee2ec}\hqghumeaylnlf.exe <==== UWAGA
Task: {61FE60FD-949C-4C45-9002-1AAF50CB9A7F} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== UWAGA
Task: {5296AA41-D1BF-40B4-915B-FF3AE793B884} - System32\Tasks\e-pity2013_kwiecien => C:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe
Task: {65AA4C32-39AE-4748-91A6-A1F2DE9601BC} - System32\Tasks\e-pity2013_styczen => C:\Program Files (x86)\e-file\e-pity2013\Assets\signxml.exe
Task: {66432594-ECAD-4A53-A59D-1CF1D9978751} - System32\Tasks\{68659E8B-EE67-4ED6-A7FD-33F57E276AC0} => pcalua.exe -a "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Task: {70DDDB84-5A60-43CF-91F2-C3E7A99E7B7B} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== UWAGA
Task: {7B87B7E2-9566-45E6-B99B-33631FA8C7B0} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== UWAGA
Task: {A5E7E087-0D8D-4358-8090-EF6AE6A4D78B} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Kondr\AppData\Local\SmartWeb\SmartWebHelper.exe <==== UWAGA
Task: {B7B5C50E-8131-47E4-ADA6-85E0B52272AA} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: {B90762FE-ABC9-4F71-9916-C9C1FFA51624} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== UWAGA
Task: {CAA5BA97-45AC-46D6-B1C1-71419BB7BC06} - System32\Tasks\Price Fountain => C:\Users\Kondr\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2015-08-29] () <==== UWAGA
Task: {CB29252F-2518-4ABA-B31C-8F0C94D221B3} - System32\Tasks\Crossbrowse => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe <==== UWAGA
Task: {D0320499-7041-47A2-9405-6D926E3C58F1} - System32\Tasks\{3AEE6A32-9B81-4AD8-B4AC-2DCA00D88E48} => pcalua.exe -a F:\nfs_run\DVD1\rld-nfstra\OriginInstaller.exe -d F:\nfs_run\DVD1\rld-nfstra
Task: {DF86B75D-9A4F-419A-A960-0A049202752D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe [2015-08-29] (globalUpdate) <==== UWAGA
Task: {DFE7FFA7-2D0E-4FEF-BE71-BCDE064C595B} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== UWAGA
Task: {E0C96D0D-DC01-4508-8E5A-465D40F7890B} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\Windows\Tasks\Bidaily Synchronize Task[8da6].job => c:\programdata\{9337f8bb-36eb-9917-9337-7f8bb36ee2ec}\hqghumeaylnlf.exe <==== UWAGA
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAGA
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== UWAGA
Task: C:\Windows\Tasks\Price Fountain.job => C:\Users\Kondr\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Odinstaluj Chrome zaznaczając usunięcie danych przeglądania za pomocą Geek Uninstaller Free: KLIK
Najpierw możesz wyeksportować zakładki: KLIK
Później zainstaluj stabilną wersję: KLIK
Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.