Infekcja webssearches -em


(Mtkozyra) #1

Cześć. Sciągając Irfanview przykleiło się to do mnie, skanowałem antimalvarem ,adwarem no i kicha. Raporty:

 

FRST : http://wklej.org/hash/1d8f5b58c41/

Addition: http://wklej.org/hash/4901841477b/

 

Win 8

 

Z góry dziękuję za pomoc.


(jakubgross) #2

Trzeba uważać przy instalacji softu. Możesz niepotrzebnie zaśmiecić sobie komputer.

 

Spróbuj odinstalować Infranview programem Revo Uninstaller. Następnie pobierz program Odkurzacz , którym przeczyścisz system.


(Acorus) #3

Odinstaluj ASUS WebStorage Sync Agent.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSWebStorage] = C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] = C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
ShellIconOverlayIdentifiers: [SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} = No File
ShellIconOverlayIdentifiers: [SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} = No File
ShellIconOverlayIdentifiers: [SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} = No File
ShellIconOverlayIdentifiers-x32: [SkyDrive1] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} = No File
ShellIconOverlayIdentifiers-x32: [SkyDrive2] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} = No File
ShellIconOverlayIdentifiers-x32: [SkyDrive3] - {BBACC218-34EA-4666-9D7A-C78F2274A524} = No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2776277838-196534743-33874977-1002 - DefaultScope {58B0CE3D-B087-447D-BD02-F40B5309E172} URL = https://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=888596p={searchTerms}
SearchScopes: HKU\S-1-5-21-2776277838-196534743-33874977-1002 - {58B0CE3D-B087-447D-BD02-F40B5309E172} URL = https://search.yahoo.com/search?fr=chr-greentree_ieei=utf-8ilc=12type=888596p={searchTerms}
FF SelectedSearchEngine: webssearches
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1ei=utf-8ilc=12type=888596p=
FF SearchPlugin: C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\searchplugins\webssearches.xml
FF Extension: FF Toolbar - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\Extensions\fftoolbar2014@etech.com [2015-01-06]
FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\Extensions\{CA8C84C6-3918-41b1-BE77-049B2BDD887C} [2014-10-23]
FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\Extensions\{DE1C78C1-2762-47f6-A1D9-1B7866FE7EB4} [2014-10-23]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Maciej\AppData\Roaming\Mozilla\Firefox\Profiles\3aur73jr.default\extensions\fftoolbar2014@etech.com
CHR HomePage: Default - hxxp://isearch.omiga-plus.com/?type=hpts=1420561077from=coruid=HGSTXHTS545050A7E680_TEK55D4F01LX0V01LX0VX
CHR StartupUrls: Default - "hxxp://isearch.omiga-plus.com/?type=hpts=1420561077from=coruid=HGSTXHTS545050A7E680_TEK55D4F01LX0V01LX0VX"
CHR DefaultSearchKeyword: Default - omiga-plus
CHR DefaultSearchURL: Default - http://isearch.omiga-plus.com/web/?type=dsts=1420561077from=coruid=HGSTXHTS545050A7E680_TEK55D4F01LX0V01LX0VXq={searchTerms}
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
S2 0115551413373342mcinstcleanup; C:\WINDOWS\TEMP\011555~1.EXE -cleanup -nolog [X]
S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
U4 BthAvrcpTg; No ImagePath
U4 BthHFEnum; No ImagePath
U4 bthhfhid; No ImagePath
2015-01-07 17:47 - 2014-10-25 16:39 - 00000000 ____ D () C:\AdwCleaner
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Mtkozyra) #4

zapisałem obok folderów Hives, Logs, Quarantine w folderze FRST on twierdzi, że nie może naprawić bo to zła lokalizacja


(jakubgross) #5

Masz zapisać tam, gdzie masz plik FRST.EXE


(Acorus) #6

Tam masz zapisać-C:\Users\Maciej\Downloads


(Mtkozyra) #7

zrobiłem. naprawiłem.

fixlog: http://wklej.org/hash/b0bf0bc4fa7/

 

problem zniknął z listy wyszukiwarek. Podziękowania dla całego stuffu.


(Acorus) #8

Skasuj folder C:\FRST