Infekcja nie działa antywirus


(Anewel7) #1

Czesc

Zauważyłam ze od paru dni nie uruchamia mi się antywirus. Postanowiłam pod namową znajomego zainstalować AntiMalwareByte i przeskanować komputer, a wykryte infekcje dodałam do kwarantanny. Od pewnego czasu ADBLOCKER znikł mi z komputera, a ponowne instalacje zakończyły się fiaskiem. Adwcleaner usunął kilka rzeczy ale to nie pomogło. Proszę o usunięcie tego syfu z mojego komputera poniżej zamieszczam logi:

FRST: http://www.wklej.org/id/1606797/

Addition: http://www.wklej.org/id/1606798/


(Atis) #2

Jaki antywirus?

Według logów nie masz zainstalowanego żadnego programu antywirusowego.

Odinstaluj Akamai NetSession Interface.

CHR dev: Chrome dev build detected! <======= ATTENTION

Chrome najlepiej reinstaluj, bo szkodliwy program adware przekonwertował na dev build.

Zainstaluj Adguard: Firefox - Chrome - Opera

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-637548174-101203302-210177125-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Agata\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Agata\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
Startup: C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ba6Ad7058E4bc.lnk
Startup: C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR Extension: (No Name) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-24]
S3 TBPanel; No ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
2015-01-13 20:13 - 2015-01-24 11:24 - 00000000 ____ D () C:\AdwCleaner
2015-01-10 21:31 - 2015-01-24 11:40 - 00000000 ____ D () C:\Program Files (x86)\uniSSaleS
2015-01-10 21:31 - 2015-01-24 11:40 - 00000000 ____ D () C:\Program Files (x86)\uNiSaales
2015-01-10 21:30 - 2015-01-24 11:41 - 00000000 ____ D () C:\ProgramData\{ee95d0c0-e3fa-c624-ee95-5d0c0e3f4303}
2015-01-10 21:30 - 2015-01-10 21:30 - 00000000 ____ D () C:\ProgramData\cfonnmkhgkfhmblfimflfppojllemcpf
CustomCLSID: HKU\S-1-5-21-637548174-101203302-210177125-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\Agata\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll No File
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Acorus) #3

Odinstaluj Adobe Reader 9.5.5 - Polish,Akamai NetSession Interface,Browser Configuration Utility.Otwórz notatnik systemowy i wklej:

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-637548174-101203302-210177125-1001\...\Run: [Akamai NetSession Interface] = C:\Users\Agata\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] = C:\Users\Agata\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
Startup: C:\Users\Agata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ba6Ad7058E4bc.lnk
ShortcutTarget: Ba6Ad7058E4bc.lnk - C:\ProgramData\{ee95d0c0-e3fa-c624-ee95-5d0c0e3f4303}\Ba6Ad7058E4bc.exe (No File)
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKU\S-1-5-21-637548174-101203302-210177125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thesettlersonline.pl/
HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thesettlersonline.pl/
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll No File
URLSearchHook: HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll No File
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-637548174-101203302-210177125-1001 - {4B73E70C-2931-4a83-BDD4-8EB937BC91EF} URL = http://uk.search.yahoo.com/search?p={searchTerms}fr=chr-devicevmtype=IEBD
SearchScopes: HKU\S-1-5-21-637548174-101203302-210177125-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - {4B73E70C-2931-4a83-BDD4-8EB937BC91EF} URL = http://uk.search.yahoo.com/search?p={searchTerms}fr=chr-devicevmtype=IEBD
CHR Extension: (No Name) - C:\Users\Agata\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-24]
S3 TBPanel; No ImagePath
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
2015-01-13 20:13 - 2015-01-24 11:24 - 00000000 ____ D () C:\AdwCleaner
2015-01-10 21:31 - 2015-01-24 11:40 - 00000000 ____ D () C:\Program Files (x86)\uniSSaleS
2015-01-10 21:31 - 2015-01-24 11:40 - 00000000 ____ D () C:\Program Files (x86)\uNiSaales
2015-01-10 21:30 - 2015-01-24 11:41 - 00000000 ____ D () C:\ProgramData\{ee95d0c0-e3fa-c624-ee95-5d0c0e3f4303}
2015-01-10 21:30 - 2015-01-10 21:30 - 00000000 ____ D () C:\ProgramData\cfonnmkhgkfhmblfimflfppojllemcpf
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Anewel7) #4

Dziękuje za pomoc :slight_smile:

Odinstalowałam te pliki co mi poleciłeś Acorus i utworzyłam plik fixlist :slight_smile:

Także przeinstalowałam Chroma jak poleciłeś mi Atis :slight_smile:

Wszystko działa, od nowa zainstalowałam atywirusa oraz adbrockera :slight_smile: Mam wrażenie że komputer jakby szybciej działa.

Pozdrawiam :slight_smile:


(Acorus) #5

Skasuj folder C:\FRST

Zainstaluj http://ninite.com/foxit/


(Anewel7) #6

Zainstalowałam ten program. A do czego on służy? 


(Acorus) #7

Zastępuje AdobeReadera. 


(Anewel7) #8

A ok. Dziękuję za pomoc :slight_smile: