Infekcja do-search

[miki12]

Cześć Mam problem z do-search. Zmieniłam domyślną wyszukiwarkę w mozilli w about:config, pousuwałem ostatnio instalowane programy jednak problem wraca z każdym restartem. Będę wdzięczny za pomoc. W załącznik dodaje logi FRST i OTL

Addition.txt

Extras.Txt

FRST.txt

OTL.Txt

Shortcut.txt

[jessica]

Otwórz Notatnik i wklej w nim:

 

Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Service Mgr StrongSignal" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Update Mgr StrongSignal" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WindowsMangerProtect" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SpyHunter 4 Service" /f
Task: {A49B4FCA-B368-4A04-9DA3-08C64084A8BA} - System32\Tasks\{9C861266-D862-4855-801B-8B4D90C3842D} => pcalua.exe -a C:\Users\Asus\AppData\Roaming\do-search\UninstallManager.exe -c  -ptid=cor
C:\Users\Asus\AppData\Roaming\do-search
C:\Program Files (x86)\XTab
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2514297185-695947203-224707951-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hppp&ts=1426454337&from=cor&uid=3219913727_67194_0044D7FB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hppp&ts=1426454337&from=cor&uid=3219913727_67194_0044D7FB
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1426454266&from=cor&uid=3219913727_67194_0044D7FB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1426454266&from=cor&uid=3219913727_67194_0044D7FB&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hppp&ts=1426454337&from=cor&uid=3219913727_67194_0044D7FB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hppp&ts=1426454337&from=cor&uid=3219913727_67194_0044D7FB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1426454266&from=cor&uid=3219913727_67194_0044D7FB&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1426454266&from=cor&uid=3219913727_67194_0044D7FB&q={searchTerms}
HKU\S-1-5-21-2514297185-695947203-224707951-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dspp&ts=1426454337&from=cor&uid=3219913727_67194_0044D7FB&q={searchTerms}
HKU\S-1-5-21-2514297185-695947203-224707951-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hppp&ts=1426454337&from=cor&uid=3219913727_67194_0044D7FB
HKU\S-1-5-21-2514297185-695947203-224707951-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dspp&ts=1426454337&from=cor&uid=3219913727_67194_0044D7FB&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1426454337&from=cor&uid=3219913727_67194_0044D7FB&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1426454337&from=cor&uid=3219913727_67194_0044D7FB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2514297185-695947203-224707951-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_67194_0044D7FB&ts=1426454354&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2514297185-695947203-224707951-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dspp&ts=1426454337&from=cor&uid=3219913727_67194_0044D7FB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2514297185-695947203-224707951-1000 -> {7378FD6F-E357-4D2A-8FBF-27BBBACC2449} URL = http://www.search.ask.com/web?tpid=SGT1-SP&o=APN11004&pf=V7&p2=^B3Q^YYYYYY^YY^PL&gct=&itbv=12.25.0.244&apn_uid=8A7B36AF-E747-4923-9070-50AB49B22EFC&apn_ptnrs=^B3Q&apn_dtid=^YYYYYY^YY^PL&apn_dbr=ff_36.0&doi=2015-03-15&trgb=FF&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-2514297185-695947203-224707951-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_67194_0044D7FB&ts=1426454354&type=default&q={searchTerms}
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-03-10] (Thinknice Co. Limited)
BHO-x32: Strong Signal -> {c723a437-2eaf-466d-a95b-3fa0966bf88c} -> C:\Program Files (x86)\Strong Signal\Extensions\c723a437-2eaf-466d-a95b-3fa0966bf88c.dll [2015-03-15] ()
C:\Program Files (x86)\Strong Signal
Toolbar: HKU\S-1-5-21-2514297185-695947203-224707951-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\skuv2ji8.default\searchplugins\do-search.xml [2015-03-30]
FF SearchPlugin: C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\skuv2ji8.default\searchplugins\webssearches.xml [2015-03-31]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\.xml [2015-03-22]
FF Extension: Search Enginer - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\skuv2ji8.default\Extensions\searchengine@gmail.com [2015-03-15]
FF Extension: Zoom It - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\skuv2ji8.default\Extensions\zzoomit@zoom.com [2015-03-15]
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\skuv2ji8.default\extensions\searchengine@gmail.com
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158816 2015-03-10] (XTab system)
S4 Service Mgr StrongSignal; C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce\plugincontainer.exe [639224 2015-03-24] ()
S4 Update Mgr StrongSignal; C:\Program Files (x86)\Common Files\0780f478-67ce-4ec3-98db-39a65f4618ce\updater.exe [559864 2015-03-24] ()
S4 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-15] (SysTool PasSame LIMITED)
C:\Program Files\Enigma Software Group
C:\Users\Asus\Downloads\SpyHunter-installer.exe
C:\Windows\System32\Tasks\{9C861266-D862-4855-801B-8B4D90C3842D}
C:\Users\Asus\Downloads\YTD-Video-Downloader(27896)-dp.exe
C:\ProgramData\WindowsMangerProtect
C:\ProgramData\IHProtectUpDate
 C:\ProgramData\0780f478-67ce-4ec3-98db-39a65f4618ce
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

 

Zrób log z Adw-Cleaner https://www.fixitpc.pl/topic/8-dezynfekcja-zbi%C3%B3r-narz%C4%99dzi-usuwaj%C4%85cych/?do=findComment&comment=118323

 

Zrób nowe logi FRST.

 

jessi