Wirus reklamy + download złośliwego oprogramowania

bart_grono · 9 Styczeń 2016 09:52

Witam serdecznie, nie mogę poradzić sobie z pewnym wirusem. Ktoś wcześniej próbował ComboFix(folder w C:) ale widać nie przyniósł oczekiwanych skutków

Atis · 9 Styczeń 2016 11:09

Jeżeli nie masz aktualnej licencji to odinstaluj stary Norton Internet Security.

Pobierz i uruchom AdwCleaner 5.028 Kliknij Skanuj (Scan) i później Usuń (Cleaning).

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM-x32\...\Run: [] = [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-913992997-2817092315-3468964293-1000\...\Run: [Galileo] = C:\Users\xxx\AppData\Local\Galileo\galileo.exe [94720 2012-04-18] ()
HKU\S-1-5-21-913992997-2817092315-3468964293-1000\...\Run: [lollipop_11141134] = "c:\users\xxx\appdata\local\lollipop\lollipop_11141134.exe" lollipop_11141134
HKU\S-1-5-21-913992997-2817092315-3468964293-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Galileo] = C:\Users\xxx\AppData\Local\Galileo\galileo.exe [94720 2012-04-18] ()
HKU\S-1-5-21-913992997-2817092315-3468964293-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [lollipop_11141134] = "c:\users\xxx\appdata\local\lollipop\lollipop_11141134.exe" lollipop_11141134
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =  Brak pliku
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia ======= UWAGA
 83.145.129.234HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia ======= UWAGA
HKU\S-1-5-21-913992997-2817092315-3468964293-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia ======= UWAGA
HKU\S-1-5-21-913992997-2817092315-3468964293-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia ======= UWAGA
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}l=diso=HPNTDF
SearchScopes: HKU\S-1-5-21-913992997-2817092315-3468964293-1000 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-913992997-2817092315-3468964293-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SaVeLotss - {1F6EF888-F6C4-9D45-3793-5EF5F90B005C} - C:\ProgramData\SaVeLotss\D.x64.dll = Brak pliku
BHO: AlalCCheeaPPriccee - {27640af1-f1bf-4c16-b2eb-6350d11c01a7} - C:\ProgramData\AlalCCheeaPPriccee\wkE0RLWGaknrL6.x64.dll = Brak pliku
BHO: AllSavveir - {3c90d571-d638-46a9-bedb-1dd31f4de8fb} - C:\ProgramData\AllSavveir\WylCkC6NvJP4Bg.x64.dll = Brak pliku
BHO: MinimummPriCee - {4f87f831-5506-47f8-a12a-6445a50de745} - C:\ProgramData\MinimummPriCee\vaR7pZjdLGDscM.x64.dll = Brak pliku
BHO: HApipy2Save - {58B31CE1-F415-E490-A38F-564085B9DFB2} - C:\ProgramData\HApipy2Save\2LcbT.x64.dll = Brak pliku
BHO: RoboSaver - {746C8840-A780-7FFB-575C-3A2A92C07125} - C:\ProgramData\RoboSaver\74er.x64.dll = Brak pliku
BHO: FUnDDeals - {d2dcf1b9-a27e-4d09-9214-45c4c7d01c17} - C:\ProgramData\FUnDDeals\SJ4ETZ140MwKlP.x64.dll = Brak pliku
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll = Brak pliku
BHO: ENjOOyCoupoN - {ffb8f638-672b-42ae-b36b-ff9db3c42644} - C:\ProgramData\ENjOOyCoupoN\NDkG3Uj59z2ari.x64.dll = Brak pliku
BHO-x32: SaVeLotss - {1F6EF888-F6C4-9D45-3793-5EF5F90B005C} - C:\ProgramData\SaVeLotss\D.dll = Brak pliku
BHO-x32: AlalCCheeaPPriccee - {27640af1-f1bf-4c16-b2eb-6350d11c01a7} - C:\ProgramData\AlalCCheeaPPriccee\wkE0RLWGaknrL6.dll = Brak pliku
BHO-x32: AllSavveir - {3c90d571-d638-46a9-bedb-1dd31f4de8fb} - C:\ProgramData\AllSavveir\WylCkC6NvJP4Bg.dll = Brak pliku
BHO-x32: MinimummPriCee - {4f87f831-5506-47f8-a12a-6445a50de745} - C:\ProgramData\MinimummPriCee\vaR7pZjdLGDscM.dll = Brak pliku
BHO-x32: HApipy2Save - {58B31CE1-F415-E490-A38F-564085B9DFB2} - C:\ProgramData\HApipy2Save\2LcbT.dll = Brak pliku
BHO-x32: Browse2save - {60E61F9F-D244-9BC5-108C-512AF67ACAD1} - C:\ProgramData\Browse2save\50f33d71b3d7e.dll = Brak pliku
BHO-x32: RoboSaver - {746C8840-A780-7FFB-575C-3A2A92C07125} - C:\ProgramData\RoboSaver\74er.dll = Brak pliku
BHO-x32: safee ysavve - {A8B12D31-EBFC-535F-583D-58C933399DA3} - C:\ProgramData\safee ysavve\51c0b2df1c3b7.dll = Brak pliku
BHO-x32: FUnDDeals - {d2dcf1b9-a27e-4d09-9214-45c4c7d01c17} - C:\ProgramData\FUnDDeals\SJ4ETZ140MwKlP.dll = Brak pliku
BHO-x32: Rich Media View - {ec3d83cd-2067-4adc-b98a-72063b1c8e35} - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release7698\ie\RichMediaViewV1release7698.dll = Brak pliku
BHO-x32: ENjOOyCoupoN - {ffb8f638-672b-42ae-b36b-ff9db3c42644} - C:\ProgramData\ENjOOyCoupoN\NDkG3Uj59z2ari.dll = Brak pliku
Toolbar: HKU\S-1-5-21-913992997-2817092315-3468964293-1000 - Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Brak pliku
Toolbar: HKU\S-1-5-21-913992997-2817092315-3468964293-1000 - Brak nazwy - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} -  Brak pliku
Toolbar: HKU\S-1-5-21-913992997-2817092315-3468964293-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  Brak pliku
Toolbar: HKU\S-1-5-21-913992997-2817092315-3468964293-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - Brak nazwy - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} -  Brak pliku
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-12] () [Brak podpisu cyfrowego] ==== UWAGA
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2016-01-07 20:39 - 2016-01-07 21:43 - 00000000 ____ D C:\Qoobox
2016-01-07 20:39 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-07 20:39 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-07 20:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-07 20:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-07 20:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-07 20:39 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-07 20:39 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-07 20:39 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-20 00:21 - 2015-12-20 00:30 - 00000000 ____ D C:\AdwCleaner
C:\Users\xxx\AppData\Local\Galileo
C:\Program Files (x86)\Tor
C:\Users\xxx\AppData\Roaming\appdataFr25.bin
C:\Program Files\TuakeTheCoUpono
C:\ProgramData\TubeuIttAdBBlocukFFr
Task: {23DF41DE-535B-45F7-A6AE-4E166B6358C5} - System32\Tasks\{5506950B-607B-49E0-A74C-916EABEECB90} = pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="XM2C-50A9-HH4M-0ZM8-4X06-9P25-5A46-618P-AH19-6647"
Task: {276D6078-4D50-4022-AED6-972751DEEF3D} - \FoxTab - Brak pliku ==== UWAGA
Task: {4ED0EC16-5AF6-4AC7-8B03-7384E6375235} - System32\Tasks\{B95EFD48-790C-4BF5-BF89-4D217EAC005D} = pcalua.exe -a "C:\Program Files (x86)\RocketDock\unins000.exe"
Task: {AB493573-8D54-4726-BEFC-32C8A440241E} - System32\Tasks\{6AFB3828-407F-4570-8CA3-F8FE320DC905} = pcalua.exe -a "C:\Program Files (x86)\RocketDock\unins000.exe"
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

bart_grono · 9 Styczeń 2016 11:53

Kolejne logi

Atis · 9 Styczeń 2016 12:06

Napisałem, że masz pobrać najnowszą wersję AdwCleaner.