Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Zagrozenie zablokowane, avast

HighVoltageX 16 Maj 2016 10:09 894 5
  • #1 16 Maj 2016 10:09
    HighVoltageX
    Poziom 2  

    Witam. Od ostatniego czasu ciagle na avascie wyskakuje mi:

    Obiekt
    //org.publicvm.com/is-ready (przed "http:")
    Zarazenie
    URL:MAL
    Proces
    C:\Windows\System32\wscript.exe

    I tak ciagle.
    Prosze o pomoc,
    Pozdrawiam

    0 5
  • Pomocny post
    #4 16 Maj 2016 10:48
    Acorus 20
    Spec od komputerów

    Odinstaluj ByteFence Anti-Malware, WarThunder. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {27BABEFC-630F-4627-BBCB-E8313BB073CF} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-03-29] (Byte Technologies LLC) <==== UWAGA
    Task: {42533AD5-9E28-4ADD-A34A-7452423644F1} - System32\Tasks\AION 0Sun0 => Chrome.exe --app=hxxp://boost.games724.com/click/e41614aa088743ed2ffb3b3333d19d079f0ba22c5adcdf1bb57589d16e6f0f90?cp1=tCzz0C0FyD0E0ByCtBzzyDzztC0AtAtC2RtBtDtCyCtDyDtCyCtCtDtCyBtBzytBtByC --app-window-size=1920,1080 <==== UWAGA
    Task: {6641D474-A0D9-4242-B11F-9E63BF56A800} - System32\Tasks\WarThunder 0Sat0 => Chrome.exe --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=3&amp;click_id=56b7d3d37346ffe5e673c874dae89193b2770e35 --app-window-size=1920,1080 <==== UWAGA
    Task: {73A33745-C604-4007-892E-FCD9322207E8} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-03-29] (Byte Technologies LLC) <==== UWAGA
    Task: {9731223D-E8D9-499F-8801-5E66BB7FDDBB} - System32\Tasks\Lenovo\Experience Improvement => C:\Users\SĹ‚awek\AppData\Local\Temp\LenovoExperienceImprovement.exe <==== UWAGA
    Task: {985C7390-53E9-4935-A23F-0D1627AA9F9C} - System32\Tasks\AION 01440 => Chrome.exe --app=hxxp://boost.games724.com/click/e41614aa088743ed2ffb3b3333d19d079f0ba22c5adcdf1bb57589d16e6f0f90?cp1=tCzz0C0FyD0E0ByCtBzzyDzztC0AtAtC2RtBtDtCyCtDyDtCyCtCtDtCyBtBzytBtByC --app-window-size=1920,1080 <==== UWAGA
    Task: {9983D881-369F-4888-A3D1-32DBF87968F0} - System32\Tasks\WarThunder 01440 => Chrome.exe --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=3&amp;click_id=56b7d3d37346ffe5e673c874dae89193b2770e35 --app-window-size=1920,1080 <==== UWAGA
    Task: {A1FEA5BC-2D90-4276-8C94-2FFA95102CBF} - System32\Tasks\WarThunder 0Sun0 => Chrome.exe --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=3&amp;click_id=56b7d3d37346ffe5e673c874dae89193b2770e35 --app-window-size=1920,1080 <==== UWAGA
    Task: {A44AABBE-03FB-42DB-9ABB-BD5EA302BD80} - System32\Tasks\AION 0Sat0 => Chrome.exe --app=hxxp://boost.games724.com/click/e41614aa088743ed2ffb3b3333d19d079f0ba22c5adcdf1bb57589d16e6f0f90?cp1=tCzz0C0FyD0E0ByCtBzzyDzztC0AtAtC2RtBtDtCyCtDyDtCyCtCtDtCyBtBzytBtByC --app-window-size=1920,1080 <==== UWAGA
    ShortcutWithArgument: C:\Users\Sławek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=3&click_id=56b7d3d37346ffe5e673c874dae89193b2770e35 --app-window-size=1920,1080
    ShortcutWithArgument: C:\Users\Sławek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubisoft register.lnk -> C:\Program Files (x86)\Ubi Soft\Register\schedule.exe (Ubi Soft) -> /2015-09-22 18:05:45 /game=Battle Realms WOTW /language=English /country=United Kingdom /url=hxxp://register-it.ubi.com/register.asp




    ShortcutWithArgument: C:\Users\Sławek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AION\AION.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://boost.games724.com/click/e41614aa088743ed2ffb3b3333d19d079f0ba22c5adcdf1bb57589d16e6f0f90?cp1=tCzz0C0FyD0E0ByCtBzzyDzztC0AtAtC2RtBtDtCyCtDyDtCyCtCtDtCyBtBzytBtByC --app-window-size=1920,1080
    ShortcutWithArgument: C:\Users\Sławek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AION.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://boost.games724.com/click/e41614aa088743ed2ffb3b3333d19d079f0ba22c5adcdf1bb57589d16e6f0f90?cp1=tCzz0C0FyD0E0ByCtBzzyDzztC0AtAtC2RtBtDtCyCtDyDtCyCtCtDtCyBtBzytBtByC --app-window-size=1920,1080
    ShortcutWithArgument: C:\Users\Sławek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=3&click_id=56b7d3d37346ffe5e673c874dae89193b2770e35 --app-window-size=1920,1080
    AlternateDataStreams: C:\ProgramData:NT [40]
    AlternateDataStreams: C:\ProgramData:NT2 [346]
    AlternateDataStreams: C:\Windows:nlsPreferences [386]
    AlternateDataStreams: C:\Users\All Users:NT [40]
    AlternateDataStreams: C:\Users\All Users:NT2 [346]
    AlternateDataStreams: C:\ProgramData\Application Data:NT [40]
    AlternateDataStreams: C:\ProgramData\Application Data:NT2 [346]
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT [40]
    AlternateDataStreams: C:\ProgramData\Dane aplikacji:NT2 [346]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT [40]
    AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2 [346]
    AlternateDataStreams: C:\Users\Sławek\Dane aplikacji:NT [40]
    AlternateDataStreams: C:\Users\Sławek\Dane aplikacji:NT2 [346]
    AlternateDataStreams: C:\Users\Sławek\AppData\Roaming:NT [40]
    AlternateDataStreams: C:\Users\Sławek\AppData\Roaming:NT2 [346]
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-07] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [jmekey] => C:\WINDOWS\jmesoft\hotkey.exe
    HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-197582941-195464746-3421844580-1001\...\Run: [home] => wscript.exe //B "C:\Users\Sławek\AppData\Roaming\home.vbe"
    HKU\S-1-5-21-197582941-195464746-3421844580-1001\...\MountPoints2: {28dbb84b-7408-11e4-8261-0025ab6211cc} - "E:\AutoRun.exe"
    HKU\S-1-5-21-197582941-195464746-3421844580-1001\...\MountPoints2: {28dbc46a-7408-11e4-8261-0025ab6211cc} - "E:\START.exe"
    HKU\S-1-5-21-197582941-195464746-3421844580-1001\...\MountPoints2: {74cc3bb6-7bed-11e4-8264-0025ab6211cc} - "F:\S3\Autorun.exe"
    HKU\S-1-5-21-197582941-195464746-3421844580-1001\...\MountPoints2: {ac2de22e-a667-11e5-8297-0025ab6211cc} - "F:\startme.exe"
    HKU\S-1-5-21-197582941-195464746-3421844580-1001\...\MountPoints2: {f97b2238-7b25-11e5-8291-0025ab6211cc} - "F:\AutoRun.exe"
    Startup: C:\Users\Sławek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-09-08] ()
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-197582941-195464746-3421844580-1001 -> {0068D0BC-FC26-40DE-8640-9B599A7211CC} URL =
    S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
    S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
    2016-05-16 10:17 - 2016-05-16 10:18 - 00000000 ____D C:\Program Files\ByteFence
    2016-05-16 10:17 - 2016-05-16 10:17 - 00003924 _____ C:\WINDOWS\System32\Tasks\AION 0Sun0
    2016-05-16 10:17 - 2016-05-16 10:17 - 00003924 _____ C:\WINDOWS\System32\Tasks\AION 0Sat0
    2016-05-16 10:17 - 2016-05-16 10:17 - 00003924 _____ C:\WINDOWS\System32\Tasks\AION 01440
    2016-05-16 10:17 - 2016-05-16 10:17 - 00003842 _____ C:\WINDOWS\System32\Tasks\WarThunder 0Sun0
    2016-05-16 10:17 - 2016-05-16 10:17 - 00003842 _____ C:\WINDOWS\System32\Tasks\WarThunder 0Sat0
    2016-05-16 10:17 - 2016-05-16 10:17 - 00003842 _____ C:\WINDOWS\System32\Tasks\WarThunder 01440
    2016-05-16 10:17 - 2016-05-16 10:17 - 00003480 _____ C:\WINDOWS\System32\Tasks\ByteFence Scan
    2016-05-16 10:17 - 2016-05-16 10:17 - 00003380 _____ C:\WINDOWS\System32\Tasks\ByteFence
    2016-05-16 10:17 - 2016-05-16 10:17 - 00000000 ____D C:\Users\Sławek\AppData\Roaming\WarThunder
    2016-05-16 10:17 - 2016-05-16 10:17 - 00000000 ____D C:\Users\Sławek\AppData\Roaming\Tv-Plug-In
    2016-05-16 10:17 - 2016-05-16 10:17 - 00000000 ____D C:\Users\Sławek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
    2016-05-16 10:17 - 2016-05-16 10:17 - 00000000 ____D C:\Users\Sławek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AION
    2016-05-16 10:17 - 2016-05-16 10:17 - 00000000 ____D C:\Users\Sławek\AppData\Roaming\AION
    2016-05-16 10:17 - 2016-05-16 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tv-Plug-In
    2016-05-16 10:17 - 2016-05-16 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    2016-05-16 10:17 - 2016-05-16 10:17 - 00000000 ____D C:\Program Files (x86)\Tv-Plug-In
    2016-05-15 23:09 - 2015-09-08 22:04 - 00092629 ___SH C:\Users\Sławek\AppData\Roaming\home.vbe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #5 16 Maj 2016 11:17
    HighVoltageX
    Poziom 2  

    Dzieki, problem rozwiazany.
    Jeszcze jedno pytanie na przyszlosc - jak sie bronic przed tego typu zagrozeniami?
    Pozdrawiam

    0