Nie wiszę tu żadnej infekcji.
Są tylko sponsorskie, szkodliwe śmieci, ściągnięte razem z programami z DobrychProgramów.
1) Użyj
Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
2) Otwórz Notatnik i wklej w nim:
Task: {A660B678-BE7E-4C45-8B65-7D6581391D4B} - \pricemeterdownloader No Task File <==== ATTENTION
Task: {D3753B7E-1C43-48F1-B215-3C0F2575F3B2} - \pricemeterwatcher No Task File <==== ATTENTION
Task: {564EB65C-AC02-4CD5-B57B-F6DABE54F010} - System32\Tasks\pricemetertask => C:\Users\Bartek\AppData\Local\PriceMeter\TEMP\pricemeter.exe <==== ATTENTION
C:\ProgramData\WindowsMangerProtect
CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1426160639&from=cor&uid=CrucialXCT120M500SSD1_14130C0EA78B0C0EA78B"
FF Extension: No Name - C:\Users\Bartek\AppData\Roaming\Mozilla\Firefox\Profiles\v7ldc3nn.default\extensions\istart_ffnt@gmail.com [Not Found]
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1426160639&from=cor&uid=CrucialXCT120M500SSD1_14130C0EA78B0C0EA78B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1426160639&from=cor&uid=CrucialXCT120M500SSD1_14130C0EA78B0C0EA78B&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1426160639&from=cor&uid=CrucialXCT120M500SSD1_14130C0EA78B0C0EA78B&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1426160639&from=cor&uid=CrucialXCT120M500SSD1_14130C0EA78B0C0EA78B&q={searchTerms}
C:\Users\Bartek\Downloads\mp3DirectCut(22334)-dp.exe
C:\Program Files (x86)\XTab
C:\Users\Bartek\Downloads\Audacity(11826)-dp.exe
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-12] (SysTool PasSame LIMITED)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> No File
SearchScopes: HKU\S-1-5-21-725722643-3999779410-799618441-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_132775_DE1F9F8F&ts=1426160708&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-725722643-3999779410-799618441-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_132775_DE1F9F8F&ts=1426160708&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-725722643-3999779410-799618441-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_132775_DE1F9F8F&ts=1426160708&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-725722643-3999779410-799618441-1000 -> {B3E6D59D-0E54-4d48-AE29-281049A228B9} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_132775_DE1F9F8F&ts=1426160708&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-725722643-3999779410-799618441-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_132775_DE1F9F8F&ts=1426160708&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-725722643-3999779410-799618441-1000 -> {FB7DBF4C-3C78-48aa-B3BC-93219EF8C02B} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=3219913727_132775_DE1F9F8F&ts=1426160708&type=default&q={searchTerms}
EmptyTemp:
Plik zapisz pod nazwą
fixlist.txt i umieść obok FRST.
Uruchom
FRST i kliknij przycisk
Fix.
----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.
W Adw-Cleaner kliknij na przycisk
Odinstaluj (
UNINSTALL).
.