W systemie jest aktywny
XTab, po za tym widać jeszcze
Windows Manger Protect i oczywiście resztki po
SpyHunter 4.
Zaczynamy:
1. Do notatnika wklej i zapisz jako
fixlist.txt i kliknij
Fix w Interfejsie
FRSTPlik
fixlist.txt umieść
obok programu
FRSTKod: Zaznacz cały
CloseProcesses:
(SearchProtect) C:\Program Files (x86)\XTab\CmdShell.exe
(XTab system) C:\Program Files (x86)\XTab\HPNotify.exe
HKU\S-1-5-21-648374863-142259109-3277096692-1001\...\Run: [AdobeBridge] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hppp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hppp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hppp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hppp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
HKU\S-1-5-21-648374863-142259109-3277096692-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
HKU\S-1-5-21-648374863-142259109-3277096692-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hppp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100
HKU\S-1-5-21-648374863-142259109-3277096692-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hppp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100
HKU\S-1-5-21-648374863-142259109-3277096692-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
SearchScopes: HKU\S-1-5-21-648374863-142259109-3277096692-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
SearchScopes: HKU\S-1-5-21-648374863-142259109-3277096692-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&ts=1425740588&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-648374863-142259109-3277096692-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&ts=1425740588&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-648374863-142259109-3277096692-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
SearchScopes: HKU\S-1-5-21-648374863-142259109-3277096692-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&ts=1425740588&type=default&q={searchTerms}
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-03-06] (Thinknice Co. Limited)
BHO-x32: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll No File
CHR HomePage: Default -> hxxp://do-search.com/?type=hp&ts=1425740516&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100
CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1425740516&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100", "hxxp://do-search.com/?type=hppp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100"
CHR DefaultSearchURL: Default -> http://do-search.com/web/?type=dspp&ts=1425740536&from=cor&uid=ST1000LM024XHN-M101MBB_S314J90F754100754100&q={searchTerms}
U2 McMPFSvc; No ImagePath
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158848 2015-03-06] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-07] (SysTool PasSame LIMITED)
2015-03-14 10:55 - 2015-03-14 10:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-07 16:01 - 2015-03-14 16:52 - 00000000 ____D () C:\Users\Monika i Wojtek\AppData\Roaming\do-search
2015-03-07 16:03 - 2015-03-07 16:03 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-07 16:03 - 2015-03-07 16:03 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-03-07 16:02 - 2015-03-07 16:02 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
AlternateDataStreams: C:\ProgramData\Temp:58A5270D
AlternateDataStreams: C:\Users\Monika i Wojtek\OneDrive:ms-properties
CMD: dir /a "C:\Program Files (x86)"
CMD: dir /a C:\ProgramData
CMD: dir /a C:\Users\Monika i Wojtek\AppData\Roaming
EmptyTemp:
DeleteQuarantine:
2. Pobierz
AdwCleaner uruchom go i kliknij
szukaj a gdy uaktywni się przycisk
usuń kliknij go.
AdwCleaner: Dostępne tylko dla zarejestrowanych użytkowników3. Wstaw Raport ze skryptu (Fixlog) i raport z
AdwCleaner (Raport z
AdwCleaner znajduję się w tym folderze:
C:\AdwCleaner) i zrób nowy zestaw logów z
FRST.
-- 15 mar 2015, 11:41 --
Ostatnio zmieniony 15 mar 2015, 11:48 przez
djarta, łącznie zmieniany 1 raz.
Powód: Rozwiązany 
Zrobiłam logi: