Wirus do search

Dla specjalistów Bezpieczeństwo
#1

Witam przy instalacji skypa nie zauważyłem i zainstalowałem nieporządane programy tak mi się wydaje prosze o pomoc usunięcia

 

Adidition : http://www.wklej.org/id/1733595/

FRST: http://www.wklej.org/id/1733596/

Shortcut: http://www.wklej.org/id/1733599/

#2

Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDCPL] = C:\WINDOWS.0\RTHDCPL.EXE [16270848 2006-11-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] = C:\WINDOWS.0\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] = C:\WINDOWS.0\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpppts=1433772081z=5336d90ee1de83d6354167cgazdc4cemembodebz5bfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsppts=1433772081z=5336d90ee1de83d6354167cgazdc4cemembodebz5bfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpppts=1433772081z=5336d90ee1de83d6354167cgazdc4cemembodebz5bfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsppts=1433772081z=5336d90ee1de83d6354167cgazdc4cemembodebz5bfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059q={searchTerms}
HKU\S-1-5-21-1292428093-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsppts=1433772081z=5336d90ee1de83d6354167cgazdc4cemembodebz5bfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059q={searchTerms}
HKU\S-1-5-21-1292428093-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpppts=1433772081z=5336d90ee1de83d6354167cgazdc4cemembodebz5bfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059
HKU\S-1-5-21-1292428093-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}ei=utf-8fr=b1ie7
HKU\S-1-5-21-1292428093-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpppts=1433772081z=5336d90ee1de83d6354167cgazdc4cemembodebz5bfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059
HKU\S-1-5-21-1292428093-790525478-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsppts=1433772081z=5336d90ee1de83d6354167cgazdc4cemembodebz5bfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsppts=1433772081z=5336d90ee1de83d6354167cgazdc4cemembodebz5bfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsppts=1433772081z=5336d90ee1de83d6354167cgazdc4cemembodebz5bfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059q={searchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-790525478-1417001333-1003 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059ts=1433772091type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-790525478-1417001333-1003 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059ts=1433772091type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-790525478-1417001333-1003 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059ts=1433772091type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-790525478-1417001333-1003 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059ts=1433772091type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-790525478-1417001333-1003 - {39FCDCCD-2352-475D-B99B-BD636C02EB2D} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059ts=1433772091type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1292428093-790525478-1417001333-1003 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059ts=1433772091type=defaultq={searchTerms}
BHO: LuckyTab Class - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - C:\Program Files\MiuiTab\SupTab.dll [2015-06-03] (Thinknice Co. Limited)
FF Homepage: hxxp://do-search.com/?type=hpppts=1433772081z=5336d90ee1de83d6354167cgazdc4cemembodebz5bfrom=coruid=WDCXWD2500JS-55NCB1_WD-WCANKD40805908059
FF Extension: Search Enginer - C:\Documents and Settings\Bajek\Dane aplikacji\Mozilla\Firefox\Profiles\ybr4f19e.default\Extensions\sweetsearch@gmail.com [2015-06-09]
FF HKLM\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Documents and Settings\Bajek\Dane aplikacji\Mozilla\Firefox\Profiles\ybr4f19e.default\extensions\sweetsearch@gmail.com
CHR HKLM\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1292428093-790525478-1417001333-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125056 2015-06-03] (XTab system)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath
2015-06-08 16:01 - 2015-06-08 16:04 - 00000000 ____ D C:\Program Files\WebProtectorPlus
2015-06-08 16:01 - 2015-06-08 16:01 - 00000000 ____ D C:\Program Files\MiuiTab
2015-06-08 16:01 - 2015-06-08 16:01 - 00000000 ____ D C:\Documents and Settings\All Users\Dane aplikacji\IHProtectUpDate
2015-06-08 16:00 - 2015-06-08 16:00 - 00000000 ____ D C:\Documents and Settings\Bajek\Dane aplikacji\WebExtend
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Dziękuję do search znikł :slight_smile: !

AdwCleaner : http://www.wklej.org/id/1733685/

FixLog: http://www.wklej.org/id/1733687/

#4

Skasuj folder C:\FRST.