Przechwycili mi przeglądarke

**Posty:** 1 · przez **rajeev** 27 Maj 2015, 15:30

Komputer zamula, w przeglądarce dzieją się różne cuda.

Strony czasami przekierowuje na strone "powered by glass", "quick down", "play ollando" lub inne. Podmienilo mi w wyszukiwarke na do-search
próbowałem to usuwać jakimis programem spyhunter. Usunałem go ale nie wiem czy po nim coś nie zostało.

**Posty:** 4765 · przez **ordynat** 27 Maj 2015, 15:55

1) Odinstaluj te programy:

do-search uninstall (HKLM-x32\...\do-search uninstall) (Version: - do-search) <==== ATTENTION!
Glass Bottle (HKLM-x32\...\Glass Bottle) (Version: 2.0.5619.4818 - Glass Bottle) <==== ATTENTION

2) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.

3) Otwórz Notatnik i wklej w nim:

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: {FA4FDDF0-1F40-4724-A09A-52392664F232} - System32\Tasks\SpyHunter4Startup => C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: C:\WINDOWS\Tasks\0215piUpdateInfo.job => C:\ProgramData\Avg_Update_0215pi\0215pi_AVG-Secure-Search-Update.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X&q={searchTerms}
HKU\S-1-5-21-1896268926-3966894047-4057437524-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1896268926-3966894047-4057437524-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1429557444&from=cor&uid=ST1000LM014-SSHD-8GB_W381LQ2XXXXXW381LQ2X&q={searchTerms}
BHO-x32: Glass Bottle -> {88803a01-4125-443b-b869-4062a160ceea} -> C:\Program Files (x86)\Glass Bottle\Extensions\88803a01-4125-443b-b869-4062a160ceea.dll [2015-05-21] ()
BHO-x32: browse pulse -> {ed8e593d-1965-4e45-9d55-d56162dcde14} -> C:\Program Files (x86)\browse pulse\Extensions\ed8e593d-1965-4e45-9d55-d56162dcde14.dll No File
CHR Extension: (Glass Bottle) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkbjefmnnmogembpgognfjhbffkfanm [2015-05-22]
OPR Extension: (Glass Bottle) - C:\Users\Dominik\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkkbjefmnnmogembpgognfjhbffkfanm [2015-05-23]
S2 SpyHunter 4 Service; C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [X]
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files (x86)\Enigma Software Group
C:\spyhunter.fix
C:\shldr.mbr
C:\shldr
C:\ProgramData\boost_interprocess
C:\WINDOWS\System32\Tasks\SpyHunter4Startup
C:\Users\Dominik\Desktop\SpyHunter.lnk
C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
C:\sh4ldr
C:\WINDOWS\Minidump\*.dmp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.

----------------------
Jeśli będzie OK, to będziemy kończyć:
Otwórz Notatnik i wklej w nim:

DeleteQuarantine:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.

W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
.

=================

Jeśli natomiast problem nie zniknie, to przeinstalujesz przeglądarkę, na której to jeszcze będzie.
.

Autor postu otrzymał pochwałę