Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

autismhealthinsurance.org - Avast i dziwne komunikaty

silentyt 11 Mar 2017 15:01 393 4
  • #1 11 Mar 2017 15:01
    silentyt
    Poziom 5  

    autismhealthinsurance.org

    Avast alarmuje o jakimś wirusie w rundll.exe i w chrome.exe z opisem "autismhealthinsurance.org", oczywiście go blokuje ale ten komunikat o wirusie wyskakuje co chwile. Da się to jakoś usunąć?

    Dodano po 13 [minuty]:

    Dodatkowe screeny:
    autismhealthinsurance.org - Avast i dziwne komunikaty autismhealthinsurance.org - Avast i dziwne komunikaty

    0 4
  • #3 11 Mar 2017 16:13
    Kolobos
    Spec od komputerów

    Zamiesc wymagane logi z FRST!

    0
  • #5 11 Mar 2017 17:05
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Adobe Reader 9.5.0 - Polish, zmien na najnowsza wersje AR lub Foxit: http://ninite.com/foxit/
    Booking.com version 1.3.0.5019
    ByteFence Anti-Malware

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {27D1FCE7-DBB3-48D0-BC13-18BE5440D214} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-12-05] (Byte Technologies LLC) <==== UWAGA
    Task: {34FD773E-DE80-405B-A809-E6CC66CBD526} - System32\Tasks\SBWUpdateTask_Time_7ac3343b-18CF5E7CCF60 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe <==== UWAGA
    Task: {5E3D4101-ECEE-47C8-88DF-1DC9B9ECA096} - System32\Tasks\{1426C68F-A480-4832-8CBE-3A9314FAF1CF} => pcalua.exe -a "D:\TEST\Prgramy\Avast anty wirus.exe" -d D:\TEST\Prgramy
    Task: {F489843F-57B4-4D70-B263-FEA238FC7082} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-12-05] (Byte Technologies LLC) <==== UWAGA
    Task: {F7A52096-DF66-4BB9-A9E8-40EEFD1FFEA3} - System32\Tasks\SBWUpdateTask_Logon_7ac3343b-18CF5E7CCF60 => C:\PROGRA~2\COMMON~1\SpeedBit\SBUpdate\SBUpdate.exe <==== UWAGA
    2017-01-22 18:33 - 2017-02-06 23:46 - 00304456 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    2017-01-22 18:33 - 2017-02-06 23:46 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    2017-03-11 12:57 - 2017-03-11 12:57 - 04387840 _____ () C:\ProgramData\Microsoft\Performance\TheftProtection\TheftProtection.dll
    HKU\S-1-5-21-2338628825-1241547439-1932774302-1000\Software\Classes\regfile: regedit.exe "%1" <===== UWAGA
    Hosts:
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
    HKLM-x32\...\RunOnce: [DXTempFolder] => rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Gady\AppData\Local\Temp\DXCCB3.tmp\" <===== UWAGA
    HKU\S-1-5-21-2338628825-1241547439-1932774302-1000\...\MountPoints2: {9298b973-e00a-11e6-aaaa-18cf5e7ccf60} - E:\AutoRun.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2017-01-26] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\TheftProtection\TheftProtection.dll [2017-03-11] ()
    Startup: C:\Users\Gady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk [2017-02-25]
    ShortcutTarget: Torpedo.lnk -> C:\Users\Gady\AppData\Local\Torpedo\Torpedo.exe (Brak pliku)




    SearchScopes: HKLM-x32 -> DefaultScope {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://search.speedbit.com/search.aspx?s=H1Me105&q={searchTerms}
    SearchScopes: HKLM-x32 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://search.speedbit.com/search.aspx?s=H1Me105&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2338628825-1241547439-1932774302-1000 -> {7F4EFF06-7032-458e-AE16-1C1D8255C28A} URL = hxxp://search.speedbit.com/search.aspx?s=H1Me105&q={searchTerms}
    FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - => nie znaleziono
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [147936 2016-12-05] (Byte Technologies LLC)
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-02-06] ()
    S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2017-03-11 13:38 - 2017-01-22 18:21 - 00000000 ____D C:\Program Files\ByteFence
    2017-02-25 15:52 - 2017-01-22 18:38 - 00000000 ____D C:\Users\Gady\AppData\Local\Torpedo
    EmptyTemp:

    W FRST wybierz Napraw. Usun katalog C:\FRST po wykonaniu.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0