Zainfekowany system przez offers.bycontext.com


(Puzi20055) #1

witam przeskanowałem system adwcleanerem i malwarebytes ale nic to nie dało ;/ wklejam logi po przeskanowaniu FRST-em

http://www.wklej.org/id/1595544/ frst

http://www.wklej.org/id/1595546/ addition


(Atis) #2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2463748157-4065776949-25679784-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
FF Extension: DigiHelp 1.0.1 - C:\Users\...\AppData\Roaming\Mozilla\Firefox\Profiles\jie08a4v.default\Extensions\{2b4f8230-394e-4951-9495-bafd44d837da}.xpi [2014-12-28]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
CHR Extension: (DigiHelp) - C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmmoiadcbckhcfakeaflobjaamdmplda [2014-12-30]
CHR Extension: (AppEnable) - C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnffnijnbmbikkefopepmcakldgcpk [2014-11-07]
R2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
C:\Users\...\Doctor Web
C:\AdwCleaner
CustomCLSID: HKU\S-1-5-21-2463748157-4065776949-25679784-1001_Classes\CLSID\{5C7D05C8-C3EC-7121-A976-2739974BC2B4}\InprocServer32 -> No File Path
Task: {B3E5C98A-4468-4025-B703-2382EFF63656} - System32\Tasks\{6C37B1C3-5C31-4E44-9397-901F7A21ECD0} => pcalua.exe -a C:\Users\...\Downloads\SetupRevelationV2.exe -d C:\Users\...\Downloads
HKU\S-1-5-21-2463748157-4065776949-25679784-1001\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\S-1-5-21-2463748157-4065776949-25679784-1001\Software\Classes\exefile: <===== ATTENTION!
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Puzi20055) #3

już ponad 2 godziny skanuje ;/  http://pokazywarka.pl/daxl0v/


(Atis) #4

Nowa wersja FRST ma chyba jakiś błąd, bo problem powtarza się u innych użytkowników.

Jeżeli wykonałeś fixlist to już nie ma czego usuwać.

Skasuj folder C:\FRST

Jeżeli korzystasz z Opery to musisz samodzielnie usunąć szkodliwe rozszerzenia.