gizmaa
(Anewel7)
24 Styczeń 2015 11:24
#1
Czesc
Zauważyłam ze od paru dni nie uruchamia mi się antywirus. Postanowiłam pod namową znajomego zainstalować AntiMalwareByte i przeskanować komputer, a wykryte infekcje dodałam do kwarantanny. Od pewnego czasu ADBLOCKER znikł mi z komputera, a ponowne instalacje zakończyły się fiaskiem. Adwcleaner usunął kilka rzeczy ale to nie pomogło. Proszę o usunięcie tego syfu z mojego komputera poniżej zamieszczam logi:
FRST: http://www.wklej.org/id/1606797/
Addition: http://www.wklej.org/id/1606798/
Atis
(Atis)
24 Styczeń 2015 11:31
#2
Jaki antywirus?
Według logów nie masz zainstalowanego żadnego programu antywirusowego.
Odinstaluj Akamai NetSession Interface.
CHR dev: Chrome dev build detected! <======= ATTENTION
Chrome najlepiej reinstaluj, bo szkodliwy program adware przekonwertował na dev build.
Zainstaluj Adguard: Firefox - Chrome - Opera
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
HKU\S-1-5-21-637548174-101203302-210177125-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Agata\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Agata\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
Startup: C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ba6Ad7058E4bc.lnk
Startup: C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Extension: (No Name) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-24]
S3 TBPanel; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
2015-01-13 20:13 - 2015-01-24 11:24 - 00000000 ____ D () C:\AdwCleaner
2015-01-10 21:31 - 2015-01-24 11:40 - 00000000 ____ D () C:\Program Files (x86)\uniSSaleS
2015-01-10 21:31 - 2015-01-24 11:40 - 00000000 ____ D () C:\Program Files (x86)\uNiSaales
2015-01-10 21:30 - 2015-01-24 11:41 - 00000000 ____ D () C:\ProgramData\{ee95d0c0-e3fa-c624-ee95-5d0c0e3f4303}
2015-01-10 21:30 - 2015-01-10 21:30 - 00000000 ____ D () C:\ProgramData\cfonnmkhgkfhmblfimflfppojllemcpf
CustomCLSID: HKU\S-1-5-21-637548174-101203302-210177125-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Agata\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll No File
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
Acorus
(Acorus)
24 Styczeń 2015 11:38
#3
Odinstaluj Adobe Reader 9.5.5 - Polish,Akamai NetSession Interface,Browser Configuration Utility.Otwórz notatnik systemowy i wklej:
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-637548174-101203302-210177125-1001\...\Run: [Akamai NetSession Interface] = C:\Users\Agata\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] = C:\Users\Agata\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
Startup: C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ba6Ad7058E4bc.lnk
ShortcutTarget: Ba6Ad7058E4bc.lnk - C:\ProgramData\{ee95d0c0-e3fa-c624-ee95-5d0c0e3f4303}\Ba6Ad7058E4bc.exe (No File)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKU\S-1-5-21-637548174-101203302-210177125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thesettlersonline.pl/
HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thesettlersonline.pl/
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-637548174-101203302-210177125-1001 - {4B73E70C-2931-4a83-BDD4-8EB937BC91EF} URL = http://uk.search.yahoo.com/search?p={searchTerms}fr=chr-devicevmtype=IEBD
SearchScopes: HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - {4B73E70C-2931-4a83-BDD4-8EB937BC91EF} URL = http://uk.search.yahoo.com/search?p={searchTerms}fr=chr-devicevmtype=IEBD
CHR Extension: (No Name) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-24]
S3 TBPanel; No ImagePath
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
2015-01-13 20:13 - 2015-01-24 11:24 - 00000000 ____ D () C:\AdwCleaner
2015-01-10 21:31 - 2015-01-24 11:40 - 00000000 ____ D () C:\Program Files (x86)\uniSSaleS
2015-01-10 21:31 - 2015-01-24 11:40 - 00000000 ____ D () C:\Program Files (x86)\uNiSaales
2015-01-10 21:30 - 2015-01-24 11:41 - 00000000 ____ D () C:\ProgramData\{ee95d0c0-e3fa-c624-ee95-5d0c0e3f4303}
2015-01-10 21:30 - 2015-01-10 21:30 - 00000000 ____ D () C:\ProgramData\cfonnmkhgkfhmblfimflfppojllemcpf
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
gizmaa
(Anewel7)
24 Styczeń 2015 13:05
#4
Dziękuje za pomoc
Odinstalowałam te pliki co mi poleciłeś Acorus i utworzyłam plik fixlist
Także przeinstalowałam Chroma jak poleciłeś mi Atis
Wszystko działa, od nowa zainstalowałam atywirusa oraz adbrockera Mam wrażenie że komputer jakby szybciej działa.
Pozdrawiam
Acorus
(Acorus)
24 Styczeń 2015 13:14
#5
Skasuj folder C:\FRST
Zainstaluj http://ninite.com/foxit/
gizmaa
(Anewel7)
25 Styczeń 2015 09:47
#6
Zainstalowałam ten program. A do czego on służy?