Zainfekowane przeglądarki


(Andrew89) #1

Witam, prosze o pomoc w rozwiązaniu problemu, który pojawił się po zainstalowaniu programu SkechUp. W przegladarkach pojawiły się niechciane różne rzeczy: strony internetowe jako domowe, reklamy, wyszukiwarki, otwierające się linki do reklam (round world). Usuwałem w dodaj/usun program to co wydawało sie mi obce, ale to nie pomogło w bezpiecznym korzystaniu z przegladarek. Korzystam z firefoxa, chroma i jest internet od windowsa 7. Prosze o pomoc.


(Acorus) #2

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Andrew89) #3

FRST

http://www.wklej.org/id/1664832/

 

Addition

http://www.wklej.org/id/1664834/


(Acorus) #4

Odinstaluj Akamai NetSession Interface.Otwórz notatnik systemowy i wklej:

HKLM\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKU\S-1-5-21-2755808942-4062548860-2763727682-1000\...\Run: [Akamai NetSession Interface] = C:\Users\Andrzej\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMA
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2755808942-4062548860-2763727682-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMA
HKU\S-1-5-21-2755808942-4062548860-2763727682-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMA
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=dsppts=1426086701from=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAq={searchTerms}
SearchScopes: HKU\S-1-5-21-2755808942-4062548860-2763727682-1000 - DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAts=1426086708type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2755808942-4062548860-2763727682-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAts=1426086708type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2755808942-4062548860-2763727682-1000 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAts=1426086708type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2755808942-4062548860-2763727682-1000 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAts=1426086708type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2755808942-4062548860-2763727682-1000 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAts=1426086708type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-2755808942-4062548860-2763727682-1000 - {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = http://do-search.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=ST1000DM003-1CH162_Z1D6ABMAXXXXZ1D6ABMAts=1426086708type=defaultq={searchTerms}
BHO-x32: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO-x32: No Name - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\phoqq3xo.default\extensions\searchengine@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\phoqq3xo.default\extensions\fftoolbar2014@etech.com
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-11] (SysTool PasSame LIMITED)
R1 {4cc550cb-ad95-48a3-ae71-6ab7c8433971}Gw64; C:\Windows\System32\drivers\{4cc550cb-ad95-48a3-ae71-6ab7c8433971}Gw64.sys [48784 2015-03-11] (StdLib)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-03-11 16:11 - 2015-03-11 16:11 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2015-03-11 16:11 - 2015-03-11 16:11 - 00000000 ____ D () C:\ProgramData\IHProtectUpDate
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.