Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

ads by counterflix i inne malware

kamaxpoland 30 Sie 2017 22:54 765 8
  • #1 30 Sie 2017 22:54
    kamaxpoland
    Poziom 2  

    Witam
    Zainstalowałem code video od tej pory zalała mnie fala malware miedzy innymi "ads by counterflix"


    - Anywirus avast nie podołał
    - udało mi się uruchomić hitmanpro_x64 coś wykrył i usunął ale "ads by counterflix" pozostało i wyskakują okna w chrome
    -nie mogę zainstalować żadnego MBAM oraz ADWCleaner czy innego antywirusa


    Proszę o pomoc, załączam logi z FRST

    0 8
  • Pomocny post
    #2 30 Sie 2017 23:10
    RADU23
    Moderator - Komputery Serwis

    kamaxpoland napisał:
    nie mogę zainstalować żadnego MBAM oraz ADWCleaner

    ADWcleaner się nie instaluje. Pobierasz i uruchamiasz.
    Możesz wykonać skanowianie MBAM oraz ADW w trybie awaryjnym

    0
  • Pomocny post
    #3 30 Sie 2017 23:48
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {25A5FF6C-952B-48C5-A726-40C0274B404C} - System32\Tasks\{00B65311-B247-4F64-9927-974AB026574F} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\2e40f90f\10f2af2a.dll" <==== ATTENTION
    Task: {35684D51-D1CF-4FAE-94C0-32A98F95C131} - System32\Tasks\{5F7154CD-404F-43F3-AE70-2DDE13BD9F05} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Core Temp\unins000.exe"
    Task: {5B175E90-949E-42F1-BAD0-B0FBC90F4078} - System32\Tasks\uuxHwpnMkRCRpJh2 => rundll32 "C:\Program Files (x86)\thzXuJvjU\VA2h1A3.dll",#1
    Task: {744445CE-5323-4F75-8954-CD6B2627D863} - \{DE6E6BE2-69C5-DC49-32D2-7B30FAB767AA} -> No File <==== ATTENTION
    Task: {A0E7D4AB-36D4-4F1C-BC53-00B992A2F360} - System32\Tasks\{B81868C0-86AC-4BBE-A093-6FC698219A12} => C:\WINDOWS\system32\pcalua.exe -a L:\DirectX9\dxsetup.exe -d L:\DirectX9
    Task: {CF9C1F80-127C-4501-99A4-2B8E1853F094} - System32\Tasks\uuxHwpnMkRCRpJh => rundll32 "C:\Program Files (x86)\thzXuJvjU\VA2h1A3.dll",#1
    Task: {E3E6C4CB-BD58-407D-B0B0-CF847FBEB764} - System32\Tasks\TnqpiRJoXWMCwN => rundll32 "C:\Program Files (x86)\GXZiGyYLSHyU2\j7OauQX.dll",#1
    Task: {E9E5835D-C6D8-4813-9ADC-F2A73D2E4F26} - System32\Tasks\{01D097C9-74E9-45E6-A8E1-BA47D5D6CE1F} => C:\WINDOWS\system32\pcalua.exe -a L:\FarCryAutoCD.exe -d L:\
    Task: {F5F98B62-9146-4D69-A7D6-63D909311FDC} - System32\Tasks\{7E0C0C47-090A-0D0F-0D11-7E0E080B1108} => C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand
    Task: C:\WINDOWS\Tasks\uuxHwpnMkRCRpJh.job => C:\Program Files (x86)\thzXuJvjU\VA2h1A3.dll
    HKLM\...\Run: [gplyra] => C:\Users\xxx22\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== ATTENTION
    HKLM-x32\...\Run: [] => [X]
    Hosts:
    HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
    HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
    HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
    HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
    HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
    HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
    HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
    HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
    HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
    HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION




    HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
    HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
    HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
    HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
    HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
    HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
    HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
    HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
    HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
    HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
    HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
    HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
    HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
    HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
    HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
    HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
    HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
    HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
    HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
    HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
    HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
    HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
    HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
    HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
    HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
    HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
    HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
    HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
    HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
    HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
    HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
    HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
    HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
    HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
    HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
    GroupPolicy: Restriction - Chrome <==== ATTENTION
    Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{8d3e144d-ce29-48fb-970e-82f3ef4b0bf2}: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{ecd48745-4466-4535-8a06-50252f503344}: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{ecd48745-4466-4535-8a06-50252f503344}: [DhcpNameServer] 82.163.143.176
    FF user.js: detected! => C:\Users\xxx22\AppData\Roaming\Mozilla\Firefox\Profiles\5KUkmgis.default\user.js [2017-03-23]
    FF Extension: (Avira Browser Safety) - C:\Users\xxx22\AppData\Roaming\Mozilla\Firefox\Profiles\5KUkmgis.default\Extensions\abs@avira.com [2017-03-10]
    FF Extension: (Avira Password Manager) - C:\Users\xxx22\AppData\Roaming\Mozilla\Firefox\Profiles\5KUkmgis.default\Extensions\passwordmanager@avira.com [2017-03-1
    CHR Extension: (Adblocker for Youtube™) - C:\Users\xxx22\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl [2017-08-25]
    C:\Users\xxx22\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl
    CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
    2017-08-30 20:30 - 2017-08-30 20:30 - 018357776 _____ (Microsoft Corporation) C:\Users\xxx22\Downloads\MediaCreationTool (1).exe
    2017-08-30 18:36 - 2017-08-30 18:36 - 000023714 _____ C:\WINDOWS\System32\Tasks\{7E0C0C47-090A-0D0F-0D11-7E0E080B1108}
    2017-08-30 18:36 - 2017-08-30 18:36 - 000003882 _____ C:\WINDOWS\System32\Tasks\{00B65311-B247-4F64-9927-974AB026574F}
    2017-08-30 18:36 - 2017-08-30 18:36 - 000000000 ____D C:\ProgramData\4a972798-3207-0
    2017-08-30 18:36 - 2017-08-30 18:36 - 000000000 ____D C:\ProgramData\4a972798-15e5-1
    2017-08-30 18:36 - 2017-08-30 18:36 - 000000000 ____D C:\ProgramData\{91B3407B-2618-F7D0-6F8F-DD074EF45AC1}
    2017-08-30 18:36 - 2017-08-30 18:36 - 000000000 ____D C:\ProgramData\{663270c0-612c-0}
    2017-08-30 18:36 - 2017-08-30 18:36 - 000000000 ____D C:\ProgramData\{61f506fc-012c-1}
    2017-08-30 18:36 - 2017-08-30 18:36 - 000000000 ____D C:\ProgramData\{43f96da7-112c-0}
    2017-08-30 18:36 - 2017-08-30 18:36 - 000000000 ____D C:\ProgramData\{31a92189-712c-1}
    2017-08-25 17:23 - 2017-08-26 01:20 - 000000000 ____D C:\ProgramData\29d89f3d874b42bfa9805a11b0a89dde
    2017-08-25 17:23 - 2017-08-25 17:48 - 000000000 ____D C:\Users\xxx22\AppData\Roaming\f344d8c9c95248e784b406a6d72043a9
    2017-08-25 16:36 - 2017-08-25 18:02 - 000000000 ____D C:\Users\xxx22\AppData\Roaming\7b26d8e4b4ab4566975d89704145e492
    2017-08-25 15:20 - 2017-08-30 18:37 - 000000000 ____D C:\ProgramData\3ebbd2ce-4c35-1
    2017-08-25 15:20 - 2017-08-30 18:37 - 000000000 ____D C:\ProgramData\3ebbd2ce-0c37-0
    2017-08-25 15:20 - 2017-08-25 18:54 - 000000000 ____D C:\Users\xxx22\AppData\Roaming\gplyra
    2017-08-25 15:20 - 2017-08-25 18:54 - 000000000 ____D C:\Users\xxx22\AppData\Roaming\Event Monitor
    2017-08-25 15:20 - 2017-08-25 18:38 - 000000000 ____D C:\Program Files (x86)\QYERbvxRHIE
    2017-08-25 15:20 - 2017-08-25 18:31 - 000000000 ____D C:\Program Files (x86)\dCHHaxjOpqUn
    2017-08-25 15:20 - 2017-08-25 18:02 - 000000000 ____D C:\Program Files (x86)\thzXuJvjU
    2017-08-25 15:20 - 2017-08-25 16:35 - 000000322 _____ C:\WINDOWS\Tasks\uuxHwpnMkRCRpJh.job
    2017-08-25 15:20 - 2017-08-25 15:20 - 000003202 _____ C:\WINDOWS\System32\Tasks\TnqpiRJoXWMCwN
    2017-08-25 15:20 - 2017-08-25 15:20 - 000002866 _____ C:\WINDOWS\System32\Tasks\uuxHwpnMkRCRpJh2
    2017-08-25 15:20 - 2017-08-25 15:20 - 000002642 _____ C:\WINDOWS\System32\Tasks\uuxHwpnMkRCRpJh
    2017-08-25 15:19 - 2017-08-25 18:02 - 000000000 ____D C:\ProgramData\9d1c1097221b4b968bff0f64c0f7b068
    2017-08-25 15:19 - 2017-08-25 15:19 - 001847296 _____ C:\Users\xxx22\AppData\Local\po.db
    2017-08-25 15:19 - 2017-08-25 15:19 - 000140800 _____ C:\Users\xxx22\AppData\Local\installer.dat
    2017-08-25 15:19 - 2017-08-25 15:19 - 000011568 _____ C:\Users\xxx22\AppData\Local\InstallationConfiguration.xml
    2017-08-25 15:19 - 2017-08-25 15:19 - 000000000 ____D C:\Program Files (x86)\pccleanplus
    2017-08-24 20:20 - 2017-08-24 20:22 - 001433368 _____ C:\Users\xxx22\Downloads\stratus-firmware-update-57_us_windows-10_3264bit (1).exe
    2017-08-24 12:18 - 2017-08-24 12:19 - 007040152 _____ (Solvusoft Corporation ) C:\Users\xxx22\Downloads\Setup_DriverDoc_2016 (1).exe
    2017-08-24 12:15 - 2017-08-24 12:15 - 003260416 _____ (BluetoothInstaller.com) C:\Users\xxx22\Downloads\BluetoothDriverInstaller_x64 (1).exe
    2016-12-30 04:44 - 2016-12-30 04:44 - 000000000 _____ () C:\Program Files (x86)\GUT19DB.tmp
    2016-12-30 04:48 - 2016-12-30 04:48 - 000000000 _____ () C:\Program Files (x86)\GUTEB27.tmp
    2017-08-25 15:19 - 2017-08-25 15:19 - 000140800 _____ () C:\Users\xxx22\AppData\Local\installer.dat
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #5 31 Sie 2017 06:58
    Kolobos
    Spec od komputerów

    Trzeba sie na tym znac.

    W Chrome usun rozszerzenie Adblocker for Youtube.

    Wykonaj kolejny Fixlist.txt dla FRST:
    Tcpip\..\Interfaces\{8d3e144d-ce29-48fb-970e-82f3ef4b0bf2}: [NameServer] 156.154.70.25,156.154.71.25
    CHR Extension: (Adblocker for Youtube™) - C:\Users\xxx22\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl [2017-08-31]
    C:\Users\xxx22\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhomipkklckpomafalojobppmmidlgl
    C:\AdwCleaner


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #8 31 Sie 2017 10:16
    Kolobos
    Spec od komputerów

    Wszystko wyglada ok. Usun katalog C:\FRST i to wszystko.

    0
  • #9 31 Sie 2017 12:11
    kamaxpoland
    Poziom 2  

    Wielkie dzięki zamykam temat.
    ads by counterflix i inne malware

    0