Do-search

anon98067729 · 26 Maj 2015 13:20

Witam

Pomóżcie proszę z na szczęście mało uciążliwym “szkodnikiem”

FRST http://www.wklej.org/id/1721986/

Addition http://www.wklej.org/id/1721990/

Shortcut http://www.wklej.org/id/1721992/

Acorus · 26 Maj 2015 13:43

Odinstaluj do-search uninstall.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-09] (Realtek Semiconductor)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472q={searchTerms}
HKU\S-1-5-21-378805509-2256657495-4036180309-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472
HKU\S-1-5-21-378805509-2256657495-4036180309-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-378805509-2256657495-4036180309-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472q={searchTerms}
SearchScopes: HKU\S-1-5-21-378805509-2256657495-4036180309-1003 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1432565222z=51da58126eddbbcb0cea3b7g0z8cco0w9q8wbobodgfrom=coruid=LITEONITXLCS-128M6S_002452124472q={searchTerms}
BHO-x32: No Name - {7a38e53c-e000-41e4-9b5a-47447db81c2b} - No File
CHR Extension: (Bookmark Manager) - C:\Users\Dom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-24]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKU\S-1-5-21-378805509-2256657495-4036180309-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

anon98067729 · 26 Maj 2015 14:21

Zadziałało, wielkie dzięki

Acorus · 26 Maj 2015 14:58

Skasuj folder C:\FRST.