Pomoc w usunięciu reklam

magda1ms · 22 Marzec 2015 11:07

Od jakiegoś czasu mimo adblocka wyskakują i przekierowują mnie ze stron reklamy Primary Result. Zmieniła mi się także strona startowa. Bardzo proszę o pomoc.

FRST http://wklej.org/id/1668459/

Addition http://wklej.org/id/1668461/

Z góry wielkie dzięki

Acorus · 22 Marzec 2015 11:22

Odinstaluj do-search uninstall.Otwórz notatnik systemowy i wklej:

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpts=1426690434from=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1426690434from=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpts=1426690434from=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1426690434from=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809q={searchTerms}
HKU\S-1-5-21-989553567-770415665-3617369592-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpts=1426690434from=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809
HKU\S-1-5-21-989553567-770415665-3617369592-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpts=1426690434from=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1426690434from=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsts=1426690434from=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809q={searchTerms}
SearchScopes: HKU\S-1-5-21-989553567-770415665-3617369592-1000 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809ts=1426690485type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-989553567-770415665-3617369592-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809ts=1426690485type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-989553567-770415665-3617369592-1000 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809ts=1426690485type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-989553567-770415665-3617369592-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809ts=1426690485type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-989553567-770415665-3617369592-1000 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809ts=1426690485type=defaultq={searchTerms}
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\XTab\SupTab.dll [2015-03-10] (Thinknice Co. Limited)
BHO: Primary Result 1.0.0.7 - {f33907ff-929f-41c2-a11a-ec84fe4e37f4} - C:\Program Files\Primary Result\PrimaryResultbho.dll [2015-03-18] (Primary Result)
FF DefaultSearchEngine: do-search
FF SelectedSearchEngine: do-search
FF Homepage: hxxp://do-search.com/?type=hpts=1426690434from=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\l3qoatp7.default\searchplugins\do-search.xml [2015-03-22]
FF Extension: Fast Start - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\l3qoatp7.default\Extensions\istart_ffnt@gmail.com [2015-03-18]
FF Extension: Search Enginer - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\l3qoatp7.default\Extensions\searchengine@gmail.com [2015-03-18]
FF Extension: Primary Result 1.0.1 - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\l3qoatp7.default\Extensions\{1601c372-fdd4-4d07-81cb-8d80cd533a89}.xpi [2015-03-18]
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\l3qoatp7.default\extensions\searchengine@gmail.com
FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\l3qoatp7.default\extensions\istart_ffnt@gmail.com
CHR HomePage: Default - hxxp://do-search.com/?type=hpts=1426690434from=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809
CHR StartupUrls: Default - "hxxp://do-search.com/?type=hpts=1426690434from=coruid=WDCXWD4000AAKB-00UKA0_WD-WCAPW221580915809"
CHR DefaultSearchKeyword: Default - do-search
CHR Extension: (Primary Result) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjfpbccjhecogpihpgkgioflnhbemgf [2015-03-19]
CHR Extension: (No Name) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-03-13]
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158816 2015-03-10] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-18] (SysTool PasSame LIMITED)
R1 {1601c372-fdd4-4d07-81cb-8d80cd533a89}Gw; C:\Windows\System32\drivers\{1601c372-fdd4-4d07-81cb-8d80cd533a89}Gw.sys [43160 2015-03-18] (StdLib)
R1 {fb7f80a9-0102-4cff-bdb6-f3761a4dd2df}Gw; C:\Windows\System32\drivers\{fb7f80a9-0102-4cff-bdb6-f3761a4dd2df}Gw.sys [43160 2015-03-21] (StdLib)
S3 MBAMSwissArmy; \\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-03-20 15:39 - 2015-03-20 15:39 - 00002116 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-03-20 15:39 - 2015-03-20 15:39 - 00000000 ____ D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-03-20 15:39 - 2015-03-20 15:39 - 00000000 ____ D () C:\ProgramData\McAfee Security Scan
2015-03-20 15:39 - 2015-03-20 15:39 - 00000000 ____ D () C:\ProgramData\McAfee
2015-03-20 15:38 - 2015-03-20 15:38 - 00000000 ____ D () C:\Program Files\McAfee Security Scan
2015-03-18 20:46 - 2015-03-18 20:47 - 01139232 _____ () C:\Users\pc\Downloads\yet_another_cleaner_gam_setup_18184.exe
2015-03-18 15:54 - 2015-03-22 10:10 - 00000000 ____ D () C:\Program Files\Primary Result
2015-03-18 15:54 - 2015-03-18 15:54 - 00000000 ____ D () C:\Users\pc\AppData\Roaming\do-search
2015-03-18 15:54 - 2015-03-18 15:54 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-03-18 15:54 - 2015-03-18 15:54 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
2015-03-18 15:54 - 2015-03-18 15:54 - 00000000 ____ D () C:\Program Files\XTab
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.