SafeGroup

SafeGroup > Bezpieczeństwo > Pomoc po zainfekowaniu > URL:mal chrome.exe - proszę o pomoc
Pełna wersja: URL:mal chrome.exe - proszę o pomoc
Aktualnie przeglądasz uproszczoną wersję forum. Kliknij tutaj, by zobaczyć wersję z pełnym formatowaniem.

julianstrzalkowski

30.12.2014, 09:22
Objawy zainfekowania:
Za każdym razem, gdy korzystam z przeglądarki Google Chrome, Avast wykrywa wirusa URL:mal. Jest to bardzo uciążliwe, ponieważ potrafi on wykryć go nawet kilka razy w ciągu pięciu minut.

Wykonywane działania:
Korzystałem z programów:
- adwcleaner
- Malwarebytes Anti-Malware
- EmsisoftEmergencyKit
Wszystko bez efektów

Logi:
OTL:
OTL.txt:

[Aby zobaczyć linki, zarejestruj się tutaj]

Extras.txt:

[Aby zobaczyć linki, zarejestruj się tutaj]


FRST:
FRST.txt:

[Aby zobaczyć linki, zarejestruj się tutaj]

Addition.txt:

[Aby zobaczyć linki, zarejestruj się tutaj]

tachion

30.12.2014, 21:22
Do notatnika wklej i zapisz jako fixlist.txt

Kod:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3804235083-4162339761-2848940853-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3804235083-4162339761-2848940853-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-3804235083-4162339761-2848940853-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3804235083-4162339761-2848940853-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Julian\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3804235083-4162339761-2848940853-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
HKU\S-1-5-21-3804235083-4162339761-2848940853-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3804235083-4162339761-2848940853-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-3804235083-4162339761-2848940853-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3804235083-4162339761-2848940853-1001 -> {A0E855BE-C96C-410B-B217-87FE22E96277} URL =
SearchScopes: HKU\S-1-5-21-3804235083-4162339761-2848940853-1001 -> {C5A08D2B-36C5-49AA-B72C-10D9263DB30B} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=925777&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3804235083-4162339761-2848940853-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {A0E855BE-C96C-410B-B217-87FE22E96277} URL =
SearchScopes: HKU\S-1-5-21-3804235083-4162339761-2848940853-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C5A08D2B-36C5-49AA-B72C-10D9263DB30B} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=925777&p={searchTerms}
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-06]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-06]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha83\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta998\ff [Not Found]
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha301\ff [Not Found]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> E4A354C75E6AF350BF7FBFD77582D670B94F22CE2EAAA64EA3C2D11DE39E6E95
CHR DefaultSearchURL: Default -> 5C5606AD7C19D91505E33E13AAE6454766BB34D1A604EFEB003DE2CEA9468EB7
CHR Extension: (uniisaLes) - C:\ProgramData\okcieehljgfepabenfbejdkehcojgglm\ [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [epdfinciekpmjpcdlomjkdgbpnoijjne] - No Path
CHR HKLM-x32\...\Chrome\Extension: [fadpbnbalddlielemdpmnpbkpimjabii] - No Path
CHR HKLM-x32\...\Chrome\Extension: [ihmgbhmnfhnfpbbcgbdlfpegalgehnad] - No Path
CHR HKLM-x32\...\Chrome\Extension: [jnlmniccahafgipdfnmedbdfhhlakoeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nfgmeploobaihaklbipckndojmkadejb] - No Path
CHR HKLM-x32\...\Chrome\Extension: [pfcihgbnedglgdolcdaadlgjdcbhbcae] - No Path
S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
C:\Program Files (x86)\YoutubeAodBloicckae
C:\Program Files (x86)\Unissallees
C:\Program Files (x86)\uniisaLes
C:\ProgramData\okcieehljgfepabenfbejdkehcojgglm
C:\Users\Julian\AppData\Local\Akamai
C:\Program Files (x86)\Outlookcom Notifier
C:\Users\Julian\AppData\Roaming\Real
Task: {3AB13552-BB8A-4542-B348-EA673678775F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: {636B278A-15E4-4E3D-8B53-CF2993BB5BA0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-09] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {03F569EC-C3BF-41CF-9EF1-2DADDE1971E5} - System32\Tasks\{70599AC1-5C77-4EE7-9722-B0F73EAC1502} => pcalua.exe -a "C:\Program Files (x86)\Black Moon Chronicles\bmc.exe" -d C:\PROGRA~2\BLACKM~1 -c -url="http://www.blackmoon-online.com/_CDlinks/start.asp"
Task: {0559157C-DB7E-4664-A6B5-F21653A98B70} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {15E93EAF-7616-42A3-A851-9C8F22400051} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-09-03] (Lenovo)
Task: {1FD14E03-7196-46D7-A0F8-C2FA96BEF8A4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3804235083-4162339761-2848940853-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {220023FE-085D-48EA-9543-F37D035A7322} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {3904F461-CC4B-42AC-9B9F-63565656B771} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-09-03] (Lenovo)
Task: {41F89ED2-5801-4252-B510-ACB480ACBA67} - System32\Tasks\{E1A2D856-A52E-4516-928B-4F880B1A4B95} => pcalua.exe -a C:\Users\Julian\Downloads\wrlite.exe -d C:\Users\Julian\Downloads
Task: {46169A7B-60E2-497C-86DC-28A2BE803845} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {5D2579EB-8579-4D45-A016-E880C62563FB} - System32\Tasks\{465B8C0C-854F-4458-BA0A-214C494383AE} => pcalua.exe -a "C:\Program Files (x86)\Ubi Soft\Rayman3\Rayman3.exe" -d "C:\Program Files (x86)\Ubi Soft\Rayman3\"
Task: {64ACB293-3478-414C-BAC5-BDFCDAE11013} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-09-03] ()
Task: {6BD612FB-D93E-43E3-98CC-65A3045E274D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3804235083-4162339761-2848940853-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {87A0AF34-2161-4103-B73D-326C0BA747BA} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {A6105F5C-7B57-46EE-8DE1-0000626B5D66} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3804235083-4162339761-2848940853-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {A702EF72-C3E7-40E3-800D-43A2A8C75E31} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)
Task: {B50B45AC-DF67-454A-A293-8C226E1E44F0} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-09-03] ()
Task: {BB9337CD-332B-4128-BDA6-903AF1350A2B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {CC9EBD61-FA44-4906-92C4-2BC8CDADC75A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3804235083-4162339761-2848940853-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {E8E3C3B0-F185-41D3-AACE-93A8C9FDE9B4} - System32\Tasks\{329CC1A2-240F-4497-99D2-AC08FBC45A40} => pcalua.exe -a E:\welcome.exe -d E:\
Task: {E99150E1-4528-46F5-902B-16005B583CC2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3804235083-4162339761-2848940853-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f
CMD: netsh advfirewall reset
CMD: dir /a "C:\Program Files"
CMD: dir /a "C:\Program Files (x86)"
CMD: dir /a "C:\Program Files (x86)\Common Files"
CMD: dir /a C:\ProgramData
CMD: dir /a C:\Users\Julian\AppData\Local
CMD: dir /a C:\Users\Julian\AppData\LocalLow
CMD: dir /a C:\Users\Julian\AppData\Roaming
EmptyTemp:

Zapisany skrypt umieść obok ściągniętego programu FRST
Następnie w programie kliknij Fix,po wykonaniu pokaż raport z tego działania.

Odinstaluj:

Better Surf Plus
Foxtab
Media Player
Media View
Media Viewer
Media Watch

Google Chrome

Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję "Zresetuj ustawienia przeglądarki".


Wykonaj jeszcze raz działania adwcleaner i przedstaw log po wykonaniu.
SafeGroup > Bezpieczeństwo > Pomoc po zainfekowaniu > URL:mal chrome.exe - proszę o pomoc