Usunięcie wirusa z Visty


(Milosz Gorny) #1

Cześć. Mam system Windows Vista. Mój komputer wolno chodzi, pamięci sporo jeszcze jest niezapełnionej. Komputer ma 4 lata. Podejrzewam, że to wirus. AVG niestety nic mi nie wykrywa. Opisałby ktoś co zrobić krok po kroku? 

Ps. I jakie programy pobrać?

Logi: Extras: http://www.wklej.org/id/1365087/

        OLT: http://www.wklej.org/id/1365088/


(Semtex) #2

Proszę zrobić logi OTL i OTLExtras w/g tej instrukcja: http://forum.dobreprogramy.pl/analiza-dezynfekcja-zestaw-narzedzi-nieingerencyjnych-t485632.html , dać je na http://www.wklej.org a na forum podać linki do nich.


(Milosz Gorny) #3

Logi: Extras: http://www.wklej.org/id/1365087/

        OLT: http://www.wklej.org/id/1365088/


(Acorus) #4

Odinstaluj Search Protect,Akamai NetSession Interface.Użyj AdwCleaner http://www.bleepingcomputer.com/download/adwcleaner/ z funkcji Skan(Szukaj) a następnie Clean(usuń) (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.


(Milosz Gorny) #5

Logi: 

ADW: http://wklej.org/id/1365128/

Addition: http://wklej.org/id/1365135/

FRST: http://wklej.org/id/1365137/


(Acorus) #6

Otwórz Notatnik i wklej:

Task: {C27F18B1-B8D2-46F8-9D42-22B3DC4DD58C} - \Microsoft\Microsoft Antimalware\MpIdleTask No Task File ==== ATTENTION
Task: {C456DDDC-E71B-4047-BA4D-B411BDACDDD6} - System32\Tasks\Go for FilesUpdate = C:\Program Files\GoforFiles\GFFUpdater.exe ==== ATTENTION
HKU\S-1-5-21-169719687-2416116662-592180505-1000\...\Run: [Akamai NetSession Interface] = C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
URLSearchHook: HKCU - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {43C377D3-FEA0-404C-8527-8DBC0FFA0836} URL = http://www.22apple.com/search/web/?q={searchTerms}utm_source=butm_medium=bnlref=bnluid=TOSHIBAXMK8037GSX_77SQT2GYTXX77SQT2GYTreg=1363374619
Toolbar: HKCU - No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No File
CHR HomePage: hxxp://mysearch.avg.com?cid={C49F93CE-CDE9-417C-8AFB-047CFC8CBE9A}mid=e63f04e30daa47d096c4d1527edf7173-77b7e23116c1787c3d23ecbd03a678b2d5994d0alang=plds=AVGcoid=avgtbavgcmpid=pr=frd=2014-02-04 19:48:58v=17.3.1.204pid=safeguardsg=sap=hp
CHR StartupUrls: "hxxp://mysearch.avg.com?cid={C49F93CE-CDE9-417C-8AFB-047CFC8CBE9A}mid=e63f04e30daa47d096c4d1527edf7173-77b7e23116c1787c3d23ecbd03a678b2d5994d0alang=plds=AVGcoid=avgtbavgcmpid=pr=frd=2014-02-04 19:48:58v=17.3.1.204pid=safeguardsg=sap=hp", "hxxp://google.pl/"
CHR Extension: (Kaboom) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\beahobhgpojnjfdjglaehfhdanaioode [2014-05-10]
CHR Extension: (BitTorrentControl_v12) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2014-01-30]
CHR Extension: (Shopping price comparison) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbdabnfmdemcjjadpkpjibhhacggangd [2014-01-30]
CHR HKLM\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\user\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-08-26]
CHR HKLM\...\Chrome\Extension: [fbbfhlpjoiomopckjoiiokgkneppjple] - C:\ProgramData\Bcool\fbbfhlpjoiomopckjoiiokgkneppjple.crx [2012-08-26]
CHR HKLM\...\Chrome\Extension: [gbdabnfmdemcjjadpkpjibhhacggangd] - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx [2013-03-15]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-17]
CHR HKLM\...\Chrome\Extension: [oaamoihhikdfenhnamipbnfmmjdfmjbm] - C:\Users\user\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx [2014-02-17]
CHR HKLM\...\Chrome\Extension: [okbpiomhfjabbhmpfafdnedmgkofgadj] - C:\Windows\system32\config\systemprofile\AppData\Roaming\okitSpace\Chrome\OKitSpace.crx [2014-01-23]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
S3 dump_wmimmc; \\C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys [X]
S3 EagleNT; \\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \\C:\Windows\system32\drivers\EagleXNt.sys [X]
S1 MpKsl13a72e8a; \\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{290B6CC6-593F-4807-9F1C-E51DC81D3463}\MpKsl13a72e8a.sys [X]
S2 S; C [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 XDva399; \\C:\Windows\system32\XDva399.sys [X]
S3 XDva405; \\C:\Windows\system32\XDva405.sys [X]
2014-05-18 14:29 - 2014-05-18 14:35 - 00000000 ____ D () C:\AdwCleaner
2014-05-01 17:00 - 2014-05-01 17:07 - 00000000 ____ D () C:\Users\user\AppData\Local\Akamai

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST


(Milosz Gorny) #7

Fixlog: http://wklej.org/id/1365448/


(Acorus) #8

Skasuj folder C:\FRST

Użyj http://www.bleepingcomputer.com/download/tfc/ (uruchom TFC i kliknij Start).

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.1.1004.exe


(Milosz Gorny) #9

RAPORT ZE SKANU

http://wklej.org/id/1365508/


(Acorus) #10

Usuń wszystko.