Problem ze złośliwym oprogramowaniem o nazwie BestSavveeFoRYou

awenger120 · 5 Kwiecień 2014 16:50

Posiadam niechciane rozszerzenie w przeglądarce Google Chrome, które zostało pobrane przez przypadek z jakimiś plikami. Nie można go usunąć, po każdej próbie usunięcia z z przeglądarki działa nadal i pojawia się po ponownym jej włączeniu. Jego działanie polega na wyświetlaniu reklam w postaci banerów w różnych miejscach stron internetowych i na podświetlaniu niektórych słów na zielono, gdy się na nie najedzie pojawia sie reklama. po kliknięciu na reklamę pojawia się ta strona: [CIACH] lub [CIACH]

Atis · 5 Kwiecień 2014 16:55

Pobierz Farbar Recovery Scan Tool zgodny z wersją systemu 32-bit lub 64-bit.

Uruchom FRST i kliknij Scan. Pokaż raport FRST, Addition i Shortcut.

Raporty umieść na http://wklej.org/ i podaj link.

awenger120 · 5 Kwiecień 2014 18:49

http://wklej.org/id/1323639/

Atis · 5 Kwiecień 2014 19:05

Odinstaluj:

FLV Player

FLV Media Player

LiveSupport

Optimizer Pro v3.2

Performance Optimizer

PrinCEECoupon

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [] - [X]
HKU\S-1-5-21-985371118-3684691413-836169922-1000\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-985371118-3684691413-836169922-1000\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-13] (PC Utilities Software Limited)
HKU\S-1-5-21-985371118-3684691413-836169922-1000\...\Winlogon: [Shell] expstart.exe [925184 2014-02-09] () <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL => C:\ProgramData\Performance Optimizer\PerformanceOptimizer_x64.dll [4308480 2013-12-27] ()
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-02-09] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2961368 2014-02-09] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=34&r=2013/10/27&hid=17935585798444822044&lg=EN&cc=PL&unqvl=39
BHO: No Name - {1294941D-67CC-FB78-F395-CB59D4944C7D} - No File
BHO: No Name - {6C7CA94B-3771-40A4-A5E9-EAA11449B32A} - No File
BHO: No Name - {9FE6B567-EDF0-18AD-D29B-C93BCFB476B6} - No File
BHO: No Name - {ACD49B87-D9CE-0293-C5E7-BF80A92A1B16} - No File
BHO: PrinCEECoupon - {D3A56AD3-DC72-29C3-4F37-FEA5F5035C00} - C:\ProgramData\PrinCEECoupon\MWj6SdW.x64.dll ()
BHO-x32: No Name - {ACD49B87-D9CE-0293-C5E7-BF80A92A1B16} - No File
BHO-x32: PrinCEECoupon - {D3A56AD3-DC72-29C3-4F37-FEA5F5035C00} - C:\ProgramData\PrinCEECoupon\MWj6SdW.dll ()
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: hxxp://websearch.wisesearch.info/?pid=34&r=2013/10/27&hid=17935585798444822044&lg=EN&cc=PL&unqvl=39
FF Keyword.URL: hxxp://websearch.wisesearch.info/?pid=34&r=2013/10/27&hid=17935585798444822044&lg=EN&cc=PL&unqvl=39&l=1&q=
FF SearchPlugin: C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\xps9vfn4.default\searchplugins\WebSearch.xml
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (YTAdRemaoviall) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\iolipimakchhcfjiogakicgpjeihjbhe [2014-01-31]
CHR Extension: (BestSavveeFoRYou) - C:\ProgramData\gbgemmcemkehckfmlggeonjpngaehonh [2013-12-30]
R2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-02-09] ()
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\ProgramData\PrinCEECoupon
C:\ProgramData\ApPure
C:\ProgramData\InstallMate
C:\ProgramData\584b8aa467f07811
C:\ProgramData\sAvingtoyaoui
C:\ProgramData\RoBBoSaaver
C:\ProgramData\YTAdRemaoviall
C:\ProgramData\JoniCoupon
C:\ProgramData\SearchNewTab
C:\ProgramData\Performance Optimizer
C:\Users\Ja\AppData\Local\genienext
C:\Users\Ja\AppData\Local\Temp\*.dll
Task: {EAED5075-F532-4172-BA10-591EFD4BC31B} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Ja\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Deinstalacja programu Optimizer Pro.lnk -> C:\Program Files (x86)\Optimizer Pro\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk -> C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PC Utilities Software Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Pomoc.lnk -> C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Media Player\FLV Media Player.lnk -> C:\Program Files (x86)\FLV Media Player\FLVMPlayer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Media Player\Uninstall FLV Media Player.lnk -> C:\Program Files (x86)\FLV Media Player\unins000.exe ()
Shortcut: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie\Uninstall.lnk -> C:\Program Files (x86)\Mobogenie\uninst.exe (No File)
Shortcut: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie\Website.lnk -> C:\Program Files (x86)\Mobogenie\Mobogenie.url (No File)
Shortcut: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Play online FLV files.lnk -> C:\Users\Ja\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe ()
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport\LiveSupport.lnk -> C:\Program Files (x86)\LiveSupport\LiveSupport.exe (PC Utilities Software Limited) -> /log
ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk -> C:\Users\Ja\AppData\Local\WebPlayer\Uninstall.exe () -> _?=C:\Users\Ja\AppData\Local\WebPlayer\FLV Player
InternetURL: C:\Users\Ja\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.url -> hxxp://www.voga360.com
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FLV Player" /f

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.

awenger120 · 6 Kwiecień 2014 11:06

Atis:

Odinstaluj: FLV Player FLV Media Player LiveSupport Optimizer Pro v3.2 Performance Optimizer PrinCEECoupon Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń. Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist: HKLM-x32…\Run: [] - [X] HKU\S-1-5-21-985371118-3684691413-836169922-1000…\Run: [AdobeBridge] - [X] HKU\S-1-5-21-985371118-3684691413-836169922-1000…\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-13] (PC Utilities Software Limited) HKU\S-1-5-21-985371118-3684691413-836169922-1000…\Winlogon: [Shell] expstart.exe [925184 2014-02-09] () <==== ATTENTION AppInit_DLLs: C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL => C:\ProgramData\Performance Optimizer\PerformanceOptimizer_x64.dll [4308480 2013-12-27] () AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-02-09] () AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll => C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [2961368 2014-02-09] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=34&r=2013/10/27&hid=17935585798444822044&lg=EN&cc=PL&unqvl=39 BHO: No Name - {1294941D-67CC-FB78-F395-CB59D4944C7D} - No File BHO: No Name - {6C7CA94B-3771-40A4-A5E9-EAA11449B32A} - No File BHO: No Name - {9FE6B567-EDF0-18AD-D29B-C93BCFB476B6} - No File BHO: No Name - {ACD49B87-D9CE-0293-C5E7-BF80A92A1B16} - No File BHO: PrinCEECoupon - {D3A56AD3-DC72-29C3-4F37-FEA5F5035C00} - C:\ProgramData\PrinCEECoupon\MWj6SdW.x64.dll () BHO-x32: No Name - {ACD49B87-D9CE-0293-C5E7-BF80A92A1B16} - No File BHO-x32: PrinCEECoupon - {D3A56AD3-DC72-29C3-4F37-FEA5F5035C00} - C:\ProgramData\PrinCEECoupon\MWj6SdW.dll () FF DefaultSearchEngine: WebSearch FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.user_pref(“browser.search.order.1,S”, “WebSearch”);: user_pref(“browser.search.order.1,S”, “WebSearch”); FF SelectedSearchEngine: WebSearch FF Homepage: hxxp://websearch.wisesearch.info/?pid=34&r=2013/10/27&hid=17935585798444822044&lg=EN&cc=PL&unqvl=39 FF Keyword.URL: hxxp://websearch.wisesearch.info/?pid=34&r=2013/10/27&hid=17935585798444822044&lg=EN&cc=PL&unqvl=39&l=1&q= FF SearchPlugin: C:\Users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\xps9vfn4.default\searchplugins\WebSearch.xml CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR Extension: (YTAdRemaoviall) - C:\Users\Ja\AppData\Local\Google\Chrome\User Data\Default\Extensions\iolipimakchhcfjiogakicgpjeihjbhe [2014-01-31] CHR Extension: (BestSavveeFoRYou) - C:\ProgramData\gbgemmcemkehckfmlggeonjpngaehonh [2013-12-30] R2 70e6ca8c; C:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-02-09] () S3 xhunter1; \ ??\C:\Windows\xhunter1.sys [X] C:\ProgramData\PrinCEECoupon C:\ProgramData\ApPure C:\ProgramData\InstallMate C:\ProgramData\584b8aa467f07811 C:\ProgramData\sAvingtoyaoui C:\ProgramData\RoBBoSaaver C:\ProgramData\YTAdRemaoviall C:\ProgramData\JoniCoupon C:\ProgramData\SearchNewTab C:\ProgramData\Performance Optimizer C:\Users\Ja\AppData\Local\genienext C:\Users\Ja\AppData\Local\Temp*.dll Task: {EAED5075-F532-4172-BA10-591EFD4BC31B} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\Ja\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Deinstalacja programu Optimizer Pro.lnk -> C:\Program Files (x86)\Optimizer Pro\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk -> C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PC Utilities Software Limited) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Pomoc.lnk -> C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Media Player\FLV Media Player.lnk -> C:\Program Files (x86)\FLV Media Player\FLVMPlayer.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Media Player\Uninstall FLV Media Player.lnk -> C:\Program Files (x86)\FLV Media Player\unins000.exe () Shortcut: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie\Uninstall.lnk -> C:\Program Files (x86)\Mobogenie\uninst.exe (No File) Shortcut: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie\Website.lnk -> C:\Program Files (x86)\Mobogenie\Mobogenie.url (No File) Shortcut: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Play online FLV files.lnk -> C:\Users\Ja\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe () ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport\LiveSupport.lnk -> C:\Program Files (x86)\LiveSupport\LiveSupport.exe (PC Utilities Software Limited) -> /log ShortcutWithArgument: C:\Users\Ja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\Uninstall.lnk -> C:\Users\Ja\AppData\Local\WebPlayer\Uninstall.exe () -> _?=C:\Users\Ja\AppData\Local\WebPlayer\FLV Player InternetURL: C:\Users\Ja\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.url -> hxxp://www.voga360.com Reg: reg delete “HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FLV Player” /fUruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog. Kliknij Scan i pokaż nowy raport z FRST bez Addition.

http://wklej.org/id/1324113/

Atis · 6 Kwiecień 2014 13:34

Skasuj folder: C:\AdwCleaner i C:\FRST

Pobierz TFC - Temp File Cleaner Uruchom TFC i kliknij Start.

Usuń stare punkty przywracania:

Aby usunąć wszystkie punkty przywracania

Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

awenger120 · 7 Kwiecień 2014 12:45

Zrobione, dziękuję za pomoc.