Witam,
padłem ofiarą złośliwego oprogramowania. Wirus zmienia mi numer konta w przeglądarce.
Jeden przelew już nie świadomie poszedł na marne 
Antywirusy nie pomagają.
FRST
Addition
Bardzo proszę o pomoc, robi się to mało zabawne.
Pozdrawiam
Masz zainstalowany jakiś keylogger: C:\ProgramData\SysLogger
Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses:
HKLM-x32\...\Run: [ROC_roc_ssl_v12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM-x32\...\Run: [TrayServer] => C:\Program Files (x86)\MAGIX\Video_deluxe_14_Download_version\TrayServer.exe [90112 2008-07-08] (MAGIX AG)
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM\...\Policies\Explorer\Run: [SysLogger64] => C:\ProgramData\SysLogger\core64_175.dll [575488 2014-03-30] ( ())
HKU\S-1-5-21-1682161841-3302115716-4063328782-1000\...\Run: [iLivid] => "C:\Users\samsung\AppData\Local\iLivid\iLivid.exe" -autorun
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
FF Extension: Ask New Tabs - C:\Users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\1p3ihiwo.default\Extensions\{669E7F40-B964-7100-9E2C-16C6DAA58A01} [2014-02-09]
FF Extension: Shopper-Pro - C:\Users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\1p3ihiwo.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2014-03-30]
FF Extension: DealPly - C:\Users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\1p3ihiwo.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012-04-22]
FF Extension: FTdownloader - C:\Users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\1p3ihiwo.default\Extensions\ftdownloader@ftdownloader.com.xpi [2012-11-29]
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\1p3ihiwo.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012-04-22]
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [aaaaabcbmongicmdegkmmfgdickgnnob] - C:\Users\samsung\AppData\Local\ilividmoviestoolbarha\GC\toolbar.crx [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Users\samsung\AppData\Local\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx [2012-08-26]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\samsung\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-04-22]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\samsung\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-09-08]
CHR StartMenuInternet: Google Chrome - C:\Users\samsung\AppData\Local\Google\Chrome\Application\chrome.exe
S2 DatamngrCoordinator2; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [X]
R2 TorchCrashHandler; C:\Users\samsung\AppData\Local\Torch\Update\TorchCrashHandler.exe [1207648 2013-07-30] (TorchMedia Inc.) [File not signed] <==== ATTENTION
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S2 SPDRIVER_1.35.1.155; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
C:\Program Files\Enigma Software Group
C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
C:\Users\samsung\Desktop\SpyHunter-Installer.exe
C:\Program Files\_1AA7CD13.key
C:\ProgramData\.sys
C:\ProgramData\wms.exe
C:\ProgramData\SysLogger
CustomCLSID: HKU\S-1-5-21-1682161841-3302115716-4063328782-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\samsung\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {27F628FC-7F4E-4D51-9324-B95CBAF4D083} - System32\Tasks\MetaCrawler => C:\Users\samsung\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {3E60B94C-D9C5-44DC-8F4A-785A3D92D2A3} - System32\Tasks\SYSTEM => C:\ProgramData\wms.exe [2014-10-12] (Microsoft® Corporation)
Task: {50EEB862-CFAA-4FFE-B41A-D773C5E292CE} - System32\Tasks\{B454CA34-1DDA-401F-AAA6-AD6F495BA181} => Chrome.exe http://ui.skype.com/ui/0/6.18.0.105/pl/abandoninstall?page=tsProgressBar
Task: {59250704-76F6-4E13-8E80-8EF3EE1CC2ED} - System32\Tasks\ShopperPro => C:\Program Files (x86)\ShopperPro\ShopperPro.exe <==== ATTENTION
Task: {7BFB737D-903C-4136-B038-DEFDEEBC9075} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {861B8E0D-9A91-4163-B14F-D08F6D6BFCF7} - System32\Tasks\ShopperProJSUpd => C:\Program Files (x86)\ShopperPro\updater.exe <==== ATTENTION
Task: {9934E8E4-6101-42F3-856D-259E3149562B} - System32\Tasks\SPDriver => C:\Program Files (x86)\ShopperPro\JSDriver\1.35.1.155\jsdrv.exe <==== ATTENTION
Task: {B617B447-E2F1-46FF-B50E-FB3F459EF4DB} - System32\Tasks\0 => Chrome.exe <==== ATTENTION
Task: C:\Windows\Tasks\MetaCrawler.job => C:\Users\samsung\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF DefaultSearchUrluser_pref("browser.search.defaulturl", "");: user_pref("browser.search.defaulturl", "");
C:\AdwCleaner
DeleteQuarantine:
Uruchom FRST i kliknij Fix.Później skasuj folder C:\FRST
Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
http://wstaw.org/m/2014/03/25/2014-03-25_123039.png
Język PL > Settings > General Settings > Language > Polish
Odinstaluj:
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 60
Java 6 Update 37
Zainstaluj:
Flash Player 15.0.0.167 ActiveX
Flash Player 15.0.0.152 Plugin
Service Pack 1 x64 (903.2 MB)
Zrobione, dziękuje.
Przy skanowaniu tym Malwarebytes Anti-Malware znalazło jeszcze bodajże 47 zagrożeń w tym jedno groźniejsze. Wszystkie oddane kwarantannie.
Problem z numerem konta wydaję się jakby rozwiązany. Tylko chrome troszkę jakby wciąż uporczywie chodzi…
Czy to wszystko na pewno wystarczy? 
Tak.