Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

URL:MAL - wscript.exe, Avast, FRST i Addition

emikrecik 19 Maj 2016 10:34 585 2
  • #1 19 Maj 2016 10:34
    emikrecik
    Poziom 2  

    Witam. Od kilku dni ciągle na avaście wyskakuje mi komunikat:

    Obiekt
    //org.publicvm.com/is-ready (przed "http:")
    Zarażenie
    URL:MAL
    Proces
    C:\Windows\System32\wscript.exe

    wyskakujące powiadomienia całkowicie blokują mi możliwość pisania i poruszania się po stronach


    w załaczeniu raport FRST i Addition

    bardzo proszę o sprawdzenie logów i pomoc

    0 2
  • #2 19 Maj 2016 10:41
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Adobe Reader 9.1 - Polish, zmien na najnowsza wersje AR lub na Foxit: http://ninite.com/foxit/
    Facemoods Toolbar
    Java(TM) 6 Update 30
    V9 Homepage Uninstaller

    Zainstaluj http://ninite.com/java/

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {08BE600C-594D-40D4-985C-FF04194990B7} - System32\Tasks\{63395AE0-DA1F-4FAA-AF4A-9911D9D49ECA} => pcalua.exe -a E:\setup.exe -d E:\
    Task: {903BA3B0-5E3B-43B1-B821-4A5D41D1E202} - System32\Tasks\{6A0C063E-1D4C-418F-BBF7-CD018957774C} => pcalua.exe -a "C:\Program Files\PAL Games\Arcade Racing\Uninstal.exe"
    Task: {B8580165-2964-471B-BEA2-7F1722CCFE4F} - System32\Tasks\{4685810F-3021-40DC-92A1-82A6DFE1DEBE} => pcalua.exe -a E:\Autorun.exe -d E:\
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\Run: [home] => wscript.exe //B "C:\Users\Ewa\AppData\Roaming\home.vbe"
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: F - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {62e6c7ad-34fa-11e5-ab01-0026224aae21} - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {6b62c699-2f40-11e2-845c-001e101f8ed0} - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {70072d35-e43c-11e0-9c12-0026224aae21} - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {8c7575e2-32df-11e5-9664-0026224aae21} - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {b341ac2a-3984-11e2-a75e-0026b670afd4} - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {b341ac3a-3984-11e2-a75e-0026224aae21} - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {b341ac58-3984-11e2-a75e-0026224aae21} - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {b3622a7a-e3a9-11e0-bb74-0026224aae21} - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {b3622a9c-e3a9-11e0-bb74-0026224aae21} - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {c047e6e2-9aaf-11e2-a7da-0026224aae21} - G:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {d126768b-3a47-11e2-acf2-0026224aae21} - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {ed98bcaa-336a-11e5-ace3-0026224aae21} - F:\AutoRun.exe
    HKU\S-1-5-21-385297010-1522532525-1477479232-1001\...\MountPoints2: {ed98bcc4-336a-11e5-ace3-0026224aae21} - F:\AutoRun.exe
    C:\Users\Ewa\AppData\Roaming\home.vbe
    Startup: C:\Users\Ewa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-09-08] ()




    C:\Users\Ewa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe
    BHO: Brak nazwy -> {64182481-4F71-486b-A045-B233BD0DA8FC} -> Brak pliku
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    FF SearchPlugin: C:\Users\Ewa\AppData\Roaming\Mozilla\Firefox\Profiles\nzb9cl1l.default\searchplugins\conduit.xml [2012-06-07]
    CHR Extension: (Facemoods) - C:\Users\Ewa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif [2016-05-03] [UpdateUrl: hxxp://facemoods.com/public/download/chrome/update.xml] <==== UWAGA
    CHR Extension: (uTorrentControl2) - C:\Users\Ewa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2016-05-03] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-service...extensionData=&lt;extension_data&gt;] <==== UWAGA
    CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoods.crx [2011-09-05]
    CHR HKLM\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Ewa\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-06-30]
    S2 PLAY ONLINE. RunOuc; C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe [X]
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
    S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
    2016-05-17 23:03 - 2015-09-08 21:04 - 00092629 _____ C:\Users\Ewa\AppData\Roaming\home.vbe
    2014-06-24 20:24 - 2014-06-24 20:24 - 6010880 _____ () C:\Program Files\GUT44DE.tmp
    2016-05-17 23:03 - 2015-09-08 21:04 - 0092629 _____ () C:\Users\Ewa\AppData\Roaming\home.vbe
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ i usun to co wykryje.

    Uzyj tez http://www.bleepingcomputer.com/download/adwcleaner/ wybierz opcje Szukaj, nastepnie Usun.

    Usun katalog C:\FRST.

    0
  • #3 20 Maj 2016 14:22
    emikrecik
    Poziom 2  

    Hej, po zastosowaniu się do instrukcji laptop działa o niebo lepiej i zniknęły wszelkie bolączki związane z tematem, serdeczne dzięki :)

    0