Wirus usuwa antywirusa.

[debiska]

Witam. Windows 7 x64 Home Premium
Proszę o analizę logów i pomoc w usunięciu infekcji.

[ordynat]

1) Odinstaluj ten program:

Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION

2) Odinstaluj ten program:

Plus-HD-8.1 (HKLM-x32\...\Plus-HD-8.1) (Version: 1.34.1.29 - Plus HD) <==== ATTENTION

3) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport C:\AdwCleaner\AdwCleaner[S].txt.

4) Otwórz Notatnik i wklej w nim:

Task: C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
Task: C:\windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe <==== ATTENTION
C:\Program Files (x86)\SaveSenseLive
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Task: {E9B7FC43-1EF9-4FBE-BC80-0F08DBAC514D} - System32\Tasks\Plus-HD-8.1-enabler => C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-enabler.exe <==== ATTENTION
C:\Program Files (x86)\Plus-HD-8.1
Task: {A6B0D6CD-1DF0-4D6C-9D17-06B3882518C1} - System32\Tasks\SaveSense => C:\Users\AGI\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {1E57B253-0B6C-4097-B8AD-C2F09B97CD5D} - System32\Tasks\SaveSenseLiveUpdateTaskMachineUA => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-20] (SaveSense) <==== ATTENTION
Task: {20B08868-B13E-48FF-AEC5-A6B44982ADC4} - System32\Tasks\SaveSenseLiveUpdateTaskMachineCore => C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [2014-02-20] (SaveSense) <==== ATTENTION
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Mobogenie
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
ShortcutTarget: Rejestracja FIFA 11.lnk -> C:\Program Files (x86)\EA Sports\FIFA 11\Support\EAregister.exe (No File)
ShortcutTarget: Torpedo.lnk -> C:\Users\AGI\AppData\Local\Torpedo\Torpedo.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3099691929-597136357-677967994-1002\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-search.com/?babsrc=HP_ss&mntrId=169CDCA971225E43&affID=119535&tsp=5034
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1387708730&from=cor&uid=SAMSUNGXHN-M500MBB_S2RSJ9BB851714&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1387708730&from=cor&uid=SAMSUNGXHN-M500MBB_S2RSJ9BB851714&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis.com/web/?type=ds&ts=1387708730&from=cor&uid=SAMSUNGXHN-M500MBB_S2RSJ9BB851714&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis.com/web/?type=ds&ts=1387708730&from=cor&uid=SAMSUNGXHN-M500MBB_S2RSJ9BB851714&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-3099691929-597136357-677967994-1002 - (No Name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://aartemis.com/?type=sc&ts=1387708730&from=cor&uid=SAMSUNGXHN-M500MBB_S2RSJ9BB851714
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1387708730&from=cor&uid=SAMSUNGXHN-M500MBB_S2RSJ9BB851714&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1387708730&from=cor&uid=SAMSUNGXHN-M500MBB_S2RSJ9BB851714&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1387708730&from=cor&uid=SAMSUNGXHN-M500MBB_S2RSJ9BB851714&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.aartemis.com/web/?type=ds&ts=1387708730&from=cor&uid=SAMSUNGXHN-M500MBB_S2RSJ9BB851714&q={searchTerms}
SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://search.searchonme.com/?l=1&q={searchTerms}
BHO: Plus-HD-8.1 -> {11111111-1111-1111-1111-110511111108} -> C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-bho64.dll (Plus HD)
BHO-x32: Plus-HD-8.1 -> {11111111-1111-1111-1111-110511111108} -> C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-bho.dll No File
BHO-x32: Download and Sa Class -> {3EEDDCCE-5D8A-99C7-1E7C-B85EFEACF5E6} -> C:\ProgramData\Download and Sa\507ee5cdab98f.ocx ()
BHO-x32: Download and Sa Class -> {41BF20AD-BEF4-41C7-19D4-C102C1EE7A34} -> C:\ProgramData\Download and Sa\507f0848bdd48.ocx ()
BHO-x32: Download and Sa Class -> {5BC1ED88-9763-2D4E-E0E8-A77476096147} -> C:\ProgramData\Download and Sa\508269bc93e9d.ocx ()
BHO-x32: Download and Sa Class -> {6B10EDD9-168E-E899-FA6E-41DCF3865AFE} -> C:\ProgramData\Download and Sa\507c50e388711.ocx ()
BHO-x32: SaveSense -> {71e129ff-6c2a-4984-818c-7e2c998b8d99} -> C:\Users\AGI\AppData\Local\SaveSense\SaveSenseIE.dll (SaveSense)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll No File
BHO-x32: Download and Sa Class -> {B6871472-48F4-ECB3-A7BC-3BD2132A0387} -> C:\ProgramData\Download and Sa\508268b29df35.ocx ()
BHO-x32: Codec-C Class -> {C064E9E8-198B-4D24-80DB-94ABE9B90C0C} -> C:\ProgramData\Codec-C\bhoclass.dll (Injector)
BHO-x32: Download and Sa Class -> {D4D53696-A8B0-AC7A-AFC5-150D3225D623} -> C:\ProgramData\Download and Sa\507f0ddabff53.ocx ()
BHO-x32: Download and Sa Class -> {F1D2DE22-316F-CB47-8CCD-8A7B9E525761} -> C:\ProgramData\Download and Sa\5081b1eaa5b23.ocx ()
Toolbar: HKU\S-1-5-21-3099691929-597136357-677967994-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3099691929-597136357-677967994-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FF SearchPlugin: C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\searchplugins\dsrlte.xml
FF SearchPlugin: C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\searchplugins\SearchOnMe.xml
FF Extension: Download and Sa - C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\Extensions\507c50e38857e@507c50e3885b9.com [2012-10-15]
FF Extension: Download and Sa - C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\Extensions\507ee5cdab7ff@507ee5cdab838.com [2012-10-17]
FF Extension: Download and Sa - C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\Extensions\507f0848bdbc9@507f0848bdc02.com [2012-10-17]
FF Extension: Download and Sa - C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\Extensions\507f0ddabfdcc@507f0ddabfe05.com [2012-10-17]
FF Extension: Download and Sa - C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\Extensions\5081b1eaa598f@5081b1eaa59c9.com [2012-10-19]
FF Extension: Download and Sa - C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\Extensions\508268b29dda5@508268b29dddf.com [2012-10-20]
FF Extension: Download and Sa - C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\Extensions\508269bc93d0d@508269bc93d46.com [2012-10-20]
FF Extension: Plus-HD-8.1 - C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\Extensions\8ef36653-7dcd-4c5f-81f5-7870fda4b7b7@67e486b0-922d-4a2d-9e3f-77394107f67c.com [2014-03-09]
FF Extension: SaveSense - C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\Extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23} [2014-02-20]
FF Extension: DownloadHelper - C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: BonanzaDeals - C:\Users\AGI\AppData\Roaming\Mozilla\Firefox\Profiles\j2rx8blw.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi
CHR Extension: (Clearly) - C:\Users\AGI\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2014-10-05]
CHR Extension: (webget) - C:\Users\AGI\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheplajlialegkhogehgdbhaogeikfag
CHR HKLM-x32\...\Chrome\Extension: [aioehanoknpmpkoejhkjhdhhdicbadan] - C:\ProgramData\Download and Sa\aioehanoknpmpkoejhkjhdhhdicbadan.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [bjcbijndnlnjahaghbbbeobhibkfhihk] - C:\ProgramData\Download and Sa\bjcbijndnlnjahaghbbbeobhibkfhihk.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [ecphbpfijdigidaooengilhckealhdpj] - C:\ProgramData\Download and Sa\ecphbpfijdigidaooengilhckealhdpj.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [gekhgmhmidoimpcahpknompnpoemlhko] - C:\ProgramData\Download and Sa\gekhgmhmidoimpcahpknompnpoemlhko.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [hjakmojkcnhgipgkkbiempkfdndcnlah] - C:\ProgramData\Codec-C\hjakmojkcnhgipgkkbiempkfdndcnlah.crx [2012-03-21]
CHR HKLM-x32\...\Chrome\Extension: [jiagijchmnpeakogiijommiaemaplfca] - C:\ProgramData\Download and Sa\jiagijchmnpeakogiijommiaemaplfca.crx [2012-03-21]
CHR HKLM-x32\...\Chrome\Extension: [kbdndcfiajgndmgciijgghcolpidopdp] - C:\ProgramData\Download and Sa\kbdndcfiajgndmgciijgghcolpidopdp.crx [2012-03-21]
CHR HKLM-x32\...\Chrome\Extension: [mdghoaichpoknnolpephpekccfjfikfk] - C:\ProgramData\Download and Sa\mdghoaichpoknnolpephpekccfjfikfk.crx [2012-03-21]
S2 MaintainerSvc1.11.3209076; C:\ProgramData\a68d9eea-b970-45e3-ba05-b4a5e2e396bc\maintainer.exe
C:\ProgramData\a68d9eea-b970-45e3-ba05-b4a5e2e396bc
S2 rqpbhevlkc64; C:\Program Files\004\rqpbhevlkc64.exe [709120 2014-05-08] () [File not signed]
S2 savesenselive; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-20] (SaveSense)
S3 savesenselivem; C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe [146920 2014-02-20] (SaveSense)
S2 Update webget; C:\Program Files (x86)\webget\updatewebget.exe [423192 2014-11-23] ()
S2 Util webget; C:\Program Files (x86)\webget\bin\utilwebget.exe
C:\Program Files\004
S1 {1ffea19d-7c99-423a-a198-c6b90ff23847}w64; C:\Windows\System32\drivers\{1ffea19d-7c99-423a-a198-c6b90ff23847}w64.sys [48776 2014-10-19] (StdLib)
S1 {372d03ae-4cb6-4087-9149-bc1c4bc6238d}w64; C:\Windows\System32\drivers\{372d03ae-4cb6-4087-9149-bc1c4bc6238d}w64.sys [48776 2014-10-17] (StdLib)
S1 {3e621eab-ed2c-4c84-aec5-15b99c4c467e}w64; C:\Windows\System32\drivers\{3e621eab-ed2c-4c84-aec5-15b99c4c467e}w64.sys [48776 2014-10-19] (StdLib)
S1 {55685567-4840-4a91-962b-49a412e9485a}w64; C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [44728 2014-09-19] (StdLib)
S1 {79ff6e5c-8913-4b1b-8d72-66f9fa5a754e}w64; C:\Windows\System32\drivers\{79ff6e5c-8913-4b1b-8d72-66f9fa5a754e}w64.sys [48776 2014-10-20] (StdLib)
S1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}w64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys [61112 2014-04-28] (StdLib)
S1 {bfb10c93-5530-4015-9a3f-61dfa880af58}w64; C:\Windows\System32\drivers\{bfb10c93-5530-4015-9a3f-61dfa880af58}w64.sys [48776 2014-10-23] (StdLib)
C:\Users\AGI\AppData\Local\CrashDumps
C:\ProgramData\sysqcl1129139270.dat
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download and Sa
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

5) Zrób nowe logi FRST.

===========================================================

Error: (11/24/2014 11:27:47 AM) (Source: Disk) (EventID: 11) (User: )
Description: Sterownik wykrył błąd kontrolera na \Device\Harddisk1\DR1.

http://www.fixitpc.pl/topic/5553-blad-sterownik-wykryl-blad-kontrolera-na-deviceharddiskxdrx-i-jego-interpretacja/
Załóż temat w dziale hardware-vf4.html
albo na http://www.fixitpc.pl/forum/43-hardware/
.

zaraz ...

[debiska]

Plus-HD-8.1

Usunięte tylko z listy programów.

Google Update Helper

Nie było na liście zainstalowanych.

Laptop uruchamia się tylko w awaryjnym. W normalnym trybie zawiesza się.

Log z adwcleaner-a.

Wykonuję dalsze polecenia.

Dodano Dzisiaj, 13:38:
Wstawiam logi z usuwania oraz nowe z frst.

Fixlog.txt

(24.4 KiB) Ściągnięto 58 razy

FRST.txt

(39.89 KiB) Ściągnięto 55 razy

[ordynat]

Otwórz Notatnik i wklej w nim:

CHR Extension: (webget) - C:\Users\AGI\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheplajlialegkhogehgdbhaogeikfag
C:\Users\AGI\AppData\Local\Temp\dsrsetup.exe
C:\Users\AGI\AppData\Local\Temp\Quarantine.exe
C:\Users\AGI\AppData\Local\Temp\res.dll
C:\Users\AGI\AppData\Local\Temp\SHSetup.exe
C:\Users\AGI\AppData\Local\Temp\sqlite3.dll
C:\Users\PRACA\AppData\Local\Temp\dsrsetup.exe
C:\Users\PRACA\AppData\Local\Temp\res.dll
Startup: C:\Users\AGI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk
ShortcutTarget: Torpedo.lnk -> C:\Users\AGI\AppData\Local\Torpedo\Torpedo.exe (No File)
Startup: C:\Users\AGI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rejestracja FIFA 11.lnk
ShortcutTarget: Rejestracja FIFA 11.lnk -> C:\Program Files (x86)\EA Sports\FIFA 11\Support\EAregister.exe (No File)
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

Boot Mode: Safe Mode (minimal)

Spróbuj w Trybie Normalnym.

Nie dałeś logu Additional.txt (z FRST)
.

Autor postu otrzymał pochwałę

[debiska]

Nie jest dobrze.
Log po usunięciu.

Fixlog.txt

(2.29 KiB) Ściągnięto 55 razy

A tu dodatkowo screen z kondycji dysku.
Chyba na niego czas.



Nadal w trybie normalnym zawiecha, ale to już chyba wina dysku ?

Addition.txt

(32.52 KiB) Ściągnięto 53 razy

Nie ma sensu dalej bawić się w oczyszczanie śmieci - prawdopodobnie będę wymieniał dysk.
Za powyższe dziękuję i pozdrawiam.

[ordynat]

Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION

To dalej jest na liście Twoich programów!

Nie ma sensu dalej bawić się w oczyszczanie śmieci - prawdopodobnie będę wymieniał dysk.

Nie znam się na sprawach sprzętowych, więc trudno mi ocenić, czy rzeczywiście potrzebna jest wymiana dysku.
.