Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Avast org:publicvm.com/is-ready

muuki 15 Wrz 2016 17:09 564 3
  • #1 15 Wrz 2016 17:09
    muuki
    Poziom 2  

    Witam. Od paru dni Avast wyświetla mi komunikat: Osłona WWW Avast zablokowała niebezpieczną stronę lub plik.
    Obiekt: org:publiccvm.com/is-ready
    Zarażenie: URL:Mal
    Proces: C:\Windows\System32\wscript.exe

    Wiem że już było kilka tematów takich na forum ale niestety żaden fixlist nie pomaga. Podaje swój FRST.txt


    Proszę o pomoc.

    0 3
  • CControls
  • Pomocny post
    #2 15 Wrz 2016 18:39
    Acorus 20
    Spec od komputerów

    Odinstaluj Bonanza Deals (remove only), Browser-Security, ByteFence Anti-Malware, DealPly (remove only), McAfee Security Scan Plus, Setup, Update_for_BonanzaDeals, WarThunder. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {24547816-56A2-4802-9EBD-8B5EDF2AFDDA} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\windows\TEMP\{34F05F97-42BC-499A-96E7-35F613506735}.exe <==== UWAGA
    Task: {3571D403-7388-44B1-A649-F474EE65CA14} - System32\Tasks\WindowsUpda2ta => C:\Users\Ada\AppData\Roaming\MICROSOFT\home.vbe [2016-08-31] () <==== UWAGA
    Task: {44DCF2EF-CB76-4CDF-89A8-ABBBBB763C94} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{321FC3A8-5A5C-4A24-B0E8-CD46195C89EB}.exe <==== UWAGA
    Task: {49E08115-DE9C-4491-BA53-2B26656DFC4D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2880825375-1752733598-2583273677-1001UA => C:\Users\Ada\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-12] (Facebook Inc.)
    Task: {85BCAE50-7BB7-4CEB-968E-FE4DDB6D61CF} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-06-20] (Byte Technologies LLC) <==== UWAGA
    Task: {8CCCC9E2-828A-42E3-9AE5-5472F06E80BB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2880825375-1752733598-2583273677-1001Core => C:\Users\Ada\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-12] (Facebook Inc.)
    Task: {BF2B8D10-D79A-4829-A10C-E31D5F8AC8F5} - System32\Tasks\BonanzaDealsUpdate => C:\Program [Argument = Files (x86)\BonanzaDeals\BonanzaDealsUpdate.exe] <==== UWAGA
    Task: {EEFCD96A-ACC2-4947-91FB-80D5CF881259} - System32\Tasks\DealPlyUpdate => C:\Program [Argument = Files (x86)\DealPly\DealPlyUpdate.exe] <==== UWAGA
    Task: {F7D854B2-E35B-41B7-BC7E-BF9189D8F62D} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-06-20] (Byte Technologies LLC) <==== UWAGA
    Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\windows\TEMP\{34F05F97-42BC-499A-96E7-35F613506735}.exe <==== UWAGA
    Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{321FC3A8-5A5C-4A24-B0E8-CD46195C89EB}.exe <==== UWAGA
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2880825375-1752733598-2583273677-1001Core.job => C:\Users\Ada\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2880825375-1752733598-2583273677-1001UA.job => C:\Users\Ada\AppData\Local\Facebook\Update\FacebookUpdate.exe
    ShortcutWithArgument: C:\Users\Ada\Desktop\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/...FyDyE0BtD2RtBtDtCyCtDtBtDyCtCyCtAyCtCyDyEyEyC




    ShortcutWithArgument: C:\Users\Ada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.awesomehp.com/?type=sc&ts=1394...=ild&uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX
    ShortcutWithArgument: C:\Users\Ada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/...FyDyE0BtD2RtBtDtCyCtDtBtDyCtCyCtAyCtCyDyEyEyC
    ShortcutWithArgument: C:\Users\Ada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.awesomehp.com/?type=sc&ts=1394...=ild&uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX
    ShortcutWithArgument: C:\Users\Ada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.awesomehp.com/?type=sc&ts=1394...=ild&uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX
    ShortcutWithArgument: C:\Users\Ada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/...FyDyE0BtD2RtBtDtCyCtDtBtDyCtCyCtAyCtCyDyEyEyC
    ShortcutWithArgument: C:\Users\Ada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.awesomehp.com/?type=sc&ts=1394...=ild&uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX
    ShortcutWithArgument: C:\Users\Ada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.awesomehp.com/?type=sc&ts=1394...=ild&uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX
    ShortcutWithArgument: C:\Users\Ada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (4).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.awesomehp.com/?type=sc&ts=1394...=ild&uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX
    Hosts:
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKU\S-1-5-21-2880825375-1752733598-2583273677-1001\...\Run: [Facebook Update] => C:\Users\Ada\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-12] (Facebook Inc.)
    HKU\S-1-5-21-2880825375-1752733598-2583273677-1001\...\MountPoints2: I - I:\RunGame.exe
    HKU\S-1-5-21-2880825375-1752733598-2583273677-1001\...\MountPoints2: {5cfe4189-881d-11e2-a153-10bf48261806} - E:\Startme.exe
    HKU\S-1-5-21-2880825375-1752733598-2583273677-1001\...\MountPoints2: {fe8e626e-b898-11e2-8a06-10bf48261806} - F:\RunGame.exe
    Startup: C:\Users\Ada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2016-08-31] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-11]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=...p;uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=...p;uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1394...=ild&uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1394...=ild&uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=...p;uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=...p;uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX&q={searchTerms}
    URLSearchHook: HKLM-x32 - (Brak nazwy) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - Brak pliku
    URLSearchHook: HKU\S-1-5-21-2880825375-1752733598-2583273677-1001 - (Brak nazwy) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - Brak pliku
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO-x32: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
    BHO-x32: Brak nazwy -> {EF7BD87A-8024-11E2-F316-F3E56188709B} -> Brak pliku
    BHO-x32: Brak nazwy -> {fe063412-bea4-4d76-8ed3-183be6220d17} -> Brak pliku
    Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.5.0\ViProtocol.dll [2016-08-22] (AVG Secure Search)
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1394...=ild&uid=ST9320325AS_6VDG2DCXXXXX6VDG2DCX
    CHR Extension: (BitTorrentControl_v12) - C:\Users\Ada\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf [2014-06-16] [UpdateUrl: hxxp://autoupdate.chromewebtb.tbccint.com/sb/?productId=CT3225826&extensionData=\u003Cextension_data>] <==== UWAGA
    CHR Extension: (Facts Right) - C:\Users\Ada\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclnfjlahibepdjoaigkhcljmnpmnihl [2016-02-02] [UpdateUrl: hxxp://cdn.factsright.com/update] <==== UWAGA
    CHR Extension: (GoPhoto.it) - C:\Users\Ada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk [2014-03-11] [UpdateUrl: hxxp://cdn.gophoto.it/Extensions/gophotoit/chrome/update.xml] <==== UWAGA
    S1 swsedrvr_vt_1_10_0_25; system32\drivers\swsedrvr_vt_1_10_0_25.sys [X]
    2016-09-13 21:24 - 2016-08-31 09:41 - 00114148 ___SH C:\Users\Ada\AppData\Roaming\home.vbe
    2016-08-23 13:01 - 2016-08-23 13:01 - 00002970 _____ C:\windows\System32\Tasks\{3BCD2D1F-4152-404B-93A0-44CEA6F58FA9}
    2016-08-22 14:28 - 2016-08-22 14:28 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
    2016-09-15 16:01 - 2016-07-31 19:42 - 00000000 ____D C:\Program Files\ByteFence
    2013-06-26 16:03 - 2014-01-11 12:52 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    2016-09-13 21:24 - 2016-08-31 09:41 - 0114148 ___SH () C:\Users\Ada\AppData\Roaming\home.vbe
    2016-09-13 21:24 - 2016-08-31 09:41 - 0114148 ___SH () C:\Users\Ada\AppData\Roaming\Microsoft\home.vbe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • CControls
  • #3 15 Wrz 2016 19:09
    muuki
    Poziom 2  

    Wszystko teraz ok zero zagrożeń po skanowaniu adwclenerem i avast przestał wyświetlać komunikaty o zagrożeniu. Dziękuje bardzo za pomoc. :))

    0