Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Avast- org:publicvm:com/is-ready

filipmad 02 Cze 2016 08:25 588 7
  • #1 02 Cze 2016 08:25
    filipmad
    Poziom 3  

    Witam. Od jakiegoś czasu mój program Avast świruje. Bez przerwy wyskakuje komunikat: Osłona WWW Avast zablokowała niebezpieczną stronę lub plik.
    Obiekt: org:publiccvm:com/is-ready
    Zarażenie: URL:Mal
    Proces: C:\Windows\System32\wscript.exe

    Zrobiłem już raport FRST, ale nie umiem zrobić fixlist. Czy ktoś mógłby mi pomóc?
    Pozdrawiam

    Moderowany przez dt1:

    Proszę nie duplikować tematów w różnych działach [3.1.12]. Odpowiedzi z dwóch wątków zostały scalone w tym wątku.

    0 7
  • CControls
  • #2 02 Cze 2016 09:11
    Acorus 20
    Spec od komputerów

    Odinstaluj Java 7 Update 13, Settings Manager. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {0F85C1CD-D719-4B68-9D09-DC1C18E2B24B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {1177CDA3-205A-495F-B0D3-007813903A06} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {2147BD8B-82FD-49C2-857A-7262B9F710B0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {2AD260BB-D5FA-4C1A-B2E8-D1C4D909F8F1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {32F81316-134A-444B-9FA3-6AE54D6BD666} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {5B036D53-54BA-493B-96A8-B806A70F2DC6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {794EE151-ABC8-48F5-92D5-9757BFBB6977} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {7AD87EAD-2481-411C-B309-1DD8880504AE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {A2B88AAA-B32E-4904-B983-1C0FB3C96CC3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {AEFBB227-CCCE-4925-BD88-CE337B2DEF17} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {FC1633CC-60DD-4E57-A98D-ECFCC28FB0E0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1315594904-2830452084-1042238915-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Użytkownik\AppData\Local\Akamai\netsession_win.exe"
    HKU\S-1-5-21-1315594904-2830452084-1042238915-1001\...\Run: [home] => wscript.exe //B "C:\Users\Użytkownik\AppData\Roaming\home.vbe"
    HKU\S-1-5-21-1315594904-2830452084-1042238915-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-1315594904-2830452084-1042238915-1001\...\MountPoints2: {584d7386-8932-11e5-8294-a4db304b1b99} - "D:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1315594904-2830452084-1042238915-1001\...\MountPoints2: {8ffb82f9-7cd6-11e4-826d-a4db304b1b99} - "F:\AutoRun.exe"
    HKU\S-1-5-21-1315594904-2830452084-1042238915-1001\...\MountPoints2: {b6ab181e-0386-11e5-827d-a4db304b1b99} - "E:\HTC_Sync_Manager_PC.exe"
    Startup: C:\Users\Użytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-09-08] ()
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    S2 HuaweiHiSuiteService64.exe; "C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe" -/service [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2016-05-16 14:32 - 2016-05-16 14:37 - 00000000 ____D C:\AdwCleaner
    2015-07-01 11:30 - 2015-07-01 11:30 - 1415680 _____ (wj32) C:\Program Files\6786233D.exe
    2015-07-01 11:30 - 2015-07-01 11:30 - 1415680 _____ (wj32) C:\Program Files\C873UIRJ.exe
    2015-07-01 11:29 - 2015-07-01 11:29 - 1415680 _____ (wj32) C:\Program Files\TPHJGC6W.exe
    2016-01-26 13:53 - 2015-09-08 22:04 - 0092629 _____ () C:\Users\Użytkownik\AppData\Roaming\home.vbe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 02 Cze 2016 10:38
    Kolobos
    Spec od komputerów

    Odinstaluj Settings Manager

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {336E7814-6A01-4AFB-9E05-E52EEBB591FE} - System32\Tasks\{35936015-253E-4B18-A9AB-D62CC9D605F7} => pcalua.exe -a D:\autorun.exe -d D:\
    Task: {51493C80-CD5F-4E9D-9B8D-992534039660} - System32\Tasks\{9AD3D76A-7035-4D11-A5A6-F2AF2E161410} => pcalua.exe -a D:\autorun.exe -d D:\
    Task: {D3E644DF-B352-40E9-9E6F-1FA44E771ED3} - System32\Tasks\{B4EBF2F1-4900-4082-A866-D7622041B467} => pcalua.exe -a C:\Users\Filip\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-1315594904-2830452084-1042238915-1001\...\Run: [home] => wscript.exe //B "C:\Users\Użytkownik\AppData\Roaming\home.vbe"
    HKU\S-1-5-21-1315594904-2830452084-1042238915-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-1315594904-2830452084-1042238915-1001\...\MountPoints2: {584d7386-8932-11e5-8294-a4db304b1b99} - "D:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-21-1315594904-2830452084-1042238915-1001\...\MountPoints2: {8ffb82f9-7cd6-11e4-826d-a4db304b1b99} - "F:\AutoRun.exe"
    HKU\S-1-5-21-1315594904-2830452084-1042238915-1001\...\MountPoints2: {b6ab181e-0386-11e5-827d-a4db304b1b99} - "E:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-05-02] (Autodesk, Inc.)
    Startup: C:\Users\Użytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-09-08] ()
    Startup: C:\Users\Użytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t.lnk [2016-02-11]
    C:\Users\Użytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\t.lnk
    C:\Users\Użytkownik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe
    C:\Users\Użytkownik\AppData\Roaming\home.vbe
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2016-05-16 14:32 - 2016-05-16 14:37 - 00000000 ____D C:\AdwCleaner
    2015-07-01 11:30 - 2015-07-01 11:30 - 1415680 _____ (wj32) C:\Program Files\6786233D.exe
    2015-07-01 11:30 - 2015-07-01 11:30 - 1415680 _____ (wj32) C:\Program Files\C873UIRJ.exe
    2015-07-01 11:29 - 2015-07-01 11:29 - 1415680 _____ (wj32) C:\Program Files\TPHJGC6W.exe
    2016-01-26 13:53 - 2015-09-08 22:04 - 0092629 _____ () C:\Users\Użytkownik\AppData\Roaming\home.vbe
    EmptyTemp:

    W FRST wybierz Napraw.

    Jezeli w nowych logach znowu sie pojawia pliki home.vbe to wykonaj jeszcze raz ten sam fixlist tylko tym razem w trybie awaryjnym.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 02 Cze 2016 17:38
    filipmad
    Poziom 3  

    No niestety nie za wiele to pomogło. Ostrzeżenia wciąż się pojawiają. A tego programu Settings Manager nie potrafię zlokalizować, żeby go usunąć. W żadnych dodatkach nie figuruje. W załączniku nowy skan

    0
  • Pomocny post
    #5 02 Cze 2016 17:46
    Kolobos
    Spec od komputerów

    Jest gorzej niz bylo, do tego zainstalowales SpyHunter...

    Nie pomoglo bo nie wykonales w trybie awaryjnym tak jak radzilem.

    Odinstaluj SpyHunter.

    Uruchom system w trybie awaryjnym.

    Wykonaj taki Fixlist.txt dla FRST:
    CloseProcesses:
    (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
    HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    HKU\S-1-5-21-1070293086-3675916085-4254379012-1002\...\Run: [home] => wscript.exe //B "C:\Users\Filip\AppData\Roaming\home.vbe"
    C:\Users\Filip\AppData\Roaming\home.vbe
    HKU\S-1-5-21-1070293086-3675916085-4254379012-1002\...\MountPoints2: {0cd509ba-9f67-11e5-bf03-78843c3af797} - "E:\Install.exe"
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe
    Startup: C:\Users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-09-08] ()
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=...HGSTXHTS545050A7E380_130722TM8514TF1VA5HRX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=...HGSTXHTS545050A7E380_130722TM8514TF1VA5HRX&q={searchTerms}
    HKU\S-1-5-21-1070293086-3675916085-4254379012-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=476&aid=132&itype=n&ver=12349&tm=333&src=hmp




    SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=132&itype=a&ver=12692&tm=333&src=ds&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=132&itype=a&ver=12692&tm=333&src=ds&p={searchTerms}
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=...TM8514TF1VA5HRX&ts=1424472270&type=default&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=...TM8514TF1VA5HRX&ts=1424472270&type=default&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=...TM8514TF1VA5HRX&ts=1424472270&type=default&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=...TM8514TF1VA5HRX&ts=1424472270&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1070293086-3675916085-4254379012-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=132&itype=a&ver=12521&tm=333&src=ds&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1070293086-3675916085-4254379012-1002 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.mystartsearch.com/web/?utm_source=...TM8514TF1VA5HRX&ts=1424472270&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1070293086-3675916085-4254379012-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://fi.yhs4.search.yahoo.com/yhs/search?hs...8%26a%3Dwncy_ir_15_40%26os%3DWindows%2B8.1&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-1070293086-3675916085-4254379012-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=...TM8514TF1VA5HRX&ts=1424472270&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1070293086-3675916085-4254379012-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.mystartsearch.com/web/?utm_source=...TM8514TF1VA5HRX&ts=1424472270&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1070293086-3675916085-4254379012-1002 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.mystartsearch.com/web/?utm_source=...TM8514TF1VA5HRX&ts=1424472270&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1070293086-3675916085-4254379012-1002 -> {B2D44AA4-C5C3-402F-BCEE-9F7F4371F212} URL = hxxp://www.mystartsearch.com/web/?utm_source=...TM8514TF1VA5HRX&ts=1424472270&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1070293086-3675916085-4254379012-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=...TM8514TF1VA5HRX&ts=1424472270&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1070293086-3675916085-4254379012-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    BHO: Brak nazwy -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> Brak pliku
    BHO: Brak nazwy -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> Brak pliku
    BHO: Brak nazwy -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} -> Brak pliku
    Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml [2014-05-19]
    FF HKLM-x32\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\81jdzbx2.default\extensions\searchengine@gmail.com => nie znaleziono
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1072296 2016-06-02] (Enigma Software Group USA, LLC.)
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-06-02] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-02] ()
    2016-06-02 14:57 - 2016-06-02 14:57 - 00003406 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
    2016-06-02 14:57 - 2016-06-02 14:57 - 00001132 _____ C:\Users\Filip\Desktop\SpyHunter.lnk
    2016-06-02 14:57 - 2016-06-02 14:57 - 00000000 ____D C:\Users\Filip\AppData\Roaming\Enigma Software Group
    2016-06-02 14:57 - 2016-06-02 14:57 - 00000000 _____ C:\autoexec.bat
    2016-06-02 14:56 - 2016-06-02 14:56 - 00000000 ____D C:\sh4ldr
    2016-06-02 14:53 - 2016-06-02 14:53 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
    2016-06-02 14:52 - 2016-06-02 14:52 - 00000000 ____D C:\Program Files\Enigma Software Group
    2016-06-02 14:51 - 2016-06-02 14:52 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\Filip\Downloads\SpyHunter-Installer.exe
    2016-06-01 21:42 - 2015-09-08 22:04 - 00092629 ___SH C:\Users\Filip\AppData\Roaming\home.vbe
    2014-05-09 12:30 - 2014-05-09 12:30 - 6103040 _____ () C:\Program Files (x86)\GUTF7B5.tmp
    2016-06-01 21:42 - 2015-09-08 22:04 - 0092629 ___SH () C:\Users\Filip\AppData\Roaming\home.vbe
    2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Users\Filip\AppData\Roaming\NAW
    2015-01-25 18:12 - 2015-10-06 18:34 - 0000365 _____ () C:\Users\Filip\AppData\Roaming\PRRYIQ

    0
  • #6 02 Cze 2016 18:06
    filipmad
    Poziom 3  

    Ok, zrobione. Na razie się nic nie pojawia, ale dam jeszcze znać czy to stała poprawa. W załączniku jeszcze najnowszy FRST. Teraz wygląda już lepiej?

    0
  • Pomocny post
    #7 02 Cze 2016 18:20
    Kolobos
    Spec od komputerów

    Teraz wykonales poprawnie wszystko i jest ok.

    0
  • #8 02 Cze 2016 18:25
    filipmad
    Poziom 3  

    Dzięki wielkie za pomoc!

    0