Infekcja webssearches -em

koza11 · 7 Styczeń 2015 17:38

Cześć. Sciągając Irfanview przykleiło się to do mnie, skanowałem antimalvarem ,adwarem no i kicha. Raporty:

FRST : http://wklej.org/hash/1d8f5b58c41/

Addition: http://wklej.org/hash/4901841477b/

Win 8

Z góry dziękuję za pomoc.

jakubgross · 7 Styczeń 2015 18:24

Trzeba uważać przy instalacji softu. Możesz niepotrzebnie zaśmiecić sobie komputer.

Spróbuj odinstalować Infranview programem Revo Uninstaller. Następnie pobierz program Odkurzacz , którym przeczyścisz system.

Acorus · 7 Styczeń 2015 18:28

Odinstaluj ASUS WebStorage Sync Agent.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSWebStorage] = C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
ShellIconOverlayIdentifiers: [SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} = No File
ShellIconOverlayIdentifiers: [SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} = No File
ShellIconOverlayIdentifiers: [SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} = No File
ShellIconOverlayIdentifiers-x32: [SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} = No File
ShellIconOverlayIdentifiers-x32: [SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} = No File
ShellIconOverlayIdentifiers-x32: [SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} = No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2776277838-196534743-33874977-1002 - DefaultScope {58B0CE3D-B087-447D-BD02-F40B5309E172} URL = https://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=888596p={searchTerms}
SearchScopes: HKU\S-1-5-21-2776277838-196534743-33874977-1002 - {58B0CE3D-B087-447D-BD02-F40B5309E172} URL = https://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=888596p={searchTerms}
FF SelectedSearchEngine: webssearches
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1ei=utf-8ilc=12type=888596p=
FF SearchPlugin: C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\searchplugins\webssearches.xml
FF Extension: FF Toolbar - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\Extensions\fftoolbar2014@etech.com [2015-01-06]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\Extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C} [2014-10-23]
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\Extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [2014-10-23]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\extensions\fftoolbar2014@etech.com
CHR HomePage: Default - hxxp://isearch.omiga-plus.com/?type=hpts=1420561077from=coruid=HGSTXHTS545050A7E680_TEK55D4F01LX0V01LX0VX
CHR StartupUrls: Default - "hxxp://isearch.omiga-plus.com/?type=hpts=1420561077from=coruid=HGSTXHTS545050A7E680_TEK55D4F01LX0V01LX0VX"
CHR DefaultSearchKeyword: Default - omiga-plus
CHR DefaultSearchURL: Default - http://isearch.omiga-plus.com/web/?type=dsts=1420561077from=coruid=HGSTXHTS545050A7E680_TEK55D4F01LX0V01LX0VXq={searchTerms}
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
S2 0115551413373342mcinstcleanup; C:\WINDOWS\TEMP\011555~1.EXE -cleanup -nolog [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
2015-01-07 17:47 - 2014-10-25 16:39 - 00000000 ____ D () C:\AdwCleaner
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

koza11 · 7 Styczeń 2015 18:43

Acorus:

Odinstaluj ASUS WebStorage Sync Agent.Otwórz notatnik systemowy i wklej: HKLM…\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor) HKLM…\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor) HKLM-x32…\Run: [Adobe Reader Speed Launcher] => “C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe” HKLM-x32…\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation) HKLM-x32…\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) ShellIconOverlayIdentifiers: [SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKU.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2776277838-196534743-33874977-1002 -> DefaultScope {58B0CE3D-B087-447D-BD02-F40B5309E172} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms} SearchScopes: HKU\S-1-5-21-2776277838-196534743-33874977-1002 -> {58B0CE3D-B087-447D-BD02-F40B5309E172} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms} FF SelectedSearchEngine: webssearches FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=888596&p= FF SearchPlugin: C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\searchplugins\webssearches.xml FF Extension: FF Toolbar - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\Extensions\fftoolbar2014@etech.com [2015-01-06] FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\Extensions{CA8C84C6-3918-41b1-BE77-049B2BDD887C} [2014-10-23] FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\Extensions{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [2014-10-23] FF HKLM-x32…\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\extensions\fftoolbar2014@etech.com CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1420561077&from=cor&uid=HGSTXHTS545050A7E680_TEK55D4F01LX0V01LX0VX CHR StartupUrls: Default -> “hxxp://isearch.omiga-plus.com/?type=hp&ts=1420561077&from=cor&uid=HGSTXHTS545050A7E680_TEK55D4F01LX0V01LX0VX” CHR DefaultSearchKeyword: Default -> omiga-plus CHR DefaultSearchURL: Default -> http://isearch.omiga-plus.com/web/?type=ds&ts=1420561077&from=cor&uid=HGSTXHTS545050A7E680_TEK55D4F01LX0V01LX0VX&q={searchTerms} R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed] S2 0115551413373342mcinstcleanup; C:\WINDOWS\TEMP\011555~1.EXE -cleanup -nolog [X] S4 McMPFSvc; “C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe” /McCoreSvc [X] U4 BthAvrcpTg; No ImagePath U4 BthHFEnum; No ImagePath U4 bthhfhid; No ImagePath 2015-01-07 17:47 - 2014-10-25 16:39 - 00000000 ____D () C:\AdwCleaner C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom FRST i kliknij w Fix.

zapisałem obok folderów Hives, Logs, Quarantine w folderze FRST on twierdzi, że nie może naprawić bo to zła lokalizacja

jakubgross · 7 Styczeń 2015 18:47

Masz zapisać tam, gdzie masz plik FRST.EXE

Acorus · 7 Styczeń 2015 18:55

Tam masz zapisać-C:\Users\Maciej\Downloads

koza11 · 7 Styczeń 2015 19:03

zrobiłem. naprawiłem.

fixlog: http://wklej.org/hash/b0bf0bc4fa7/

problem zniknął z listy wyszukiwarek. Podziękowania dla całego stuffu.

Acorus · 7 Styczeń 2015 19:33

Skasuj folder C:\FRST