URL:Mal Avast ciągle blokuje zagrożenie

Xardas1373 · 21 Kwiecień 2015 10:06

Przy otwieraniu stron w chrome Avast informuje o zablokowaniu infekcji URL:Mal

Acorus · 21 Kwiecień 2015 12:37

Odinstaluj Adobe Reader 9.5.5 MUI,ASUS WebStorage.Otwórz notatnik systemowy i wklej:

Task: {09B9223B-027A-47CF-A7F8-A6B037944205} - System32\Tasks\{5FA2850B-09D8-4B94-A580-DFD031EF8F91} = Chrome.exe http://www.skype.com/go/downloading?source=lightinstalleramp;ver=6.6.0.106amp;LastError=12002
HKLM-x32\...\Run: [HP Software Update] = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1428317997from=coruid=ST9320325AS_6VD79RWJXXXX6VD79RWJq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1428317997from=coruid=ST9320325AS_6VD79RWJXXXX6VD79RWJq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1428317997from=coruid=ST9320325AS_6VD79RWJXXXX6VD79RWJq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1428317997from=coruid=ST9320325AS_6VD79RWJXXXX6VD79RWJq={searchTerms}
HKU\S-1-5-21-2409103860-1338326516-583973279-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=0systemid=2v=a11465-123apn_uid=9420348300704064apn_dtid=IME002o=APN10641apn_ptnrs=AG2q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = http://dts.search.ask.com/sr?src=iebgct=dsappid=0systemid=2v=a11465-123apn_uid=9420348300704064apn_dtid=IME002o=APN10641apn_ptnrs=AG2q={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6crg=3.1010000st=12q={searchTerms}barid={6D430EC3-3DCF-44D8-9395-24F6443F6DF6}
SearchScopes: HKU\S-1-5-21-2409103860-1338326516-583973279-1001 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2409103860-1338326516-583973279-1001 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: No Name - {c0b1016f-b7e5-46f0-b415-6bf9e55ab00d} - No File
Toolbar: HKLM-x32 - No Name - {15a0413e-9f45-4d45-9a75-2c20b15b5b51} - No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Ask.xml [2014-02-21]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2013-04-26]
CHR StartupUrls: Default - "hxxp://do-search.com/?type=hpts=1428317997from=coruid=ST9320325AS_6VD79RWJXXXX6VD79RWJ"
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
2015-04-21 11:08 - 2015-04-21 11:08 - 00000000 _____ () C:\Program Files (x86)\bestadblocker
2015-04-21 11:07 - 2015-04-21 11:07 - 00000000 ____ D () C:\ProgramData\17427240273062644316
2015-04-21 11:07 - 2015-04-21 11:07 - 00000000 ____ D () C:\Program Files (x86)\UniDeals
2015-04-21 11:06 - 2015-04-21 11:09 - 00000370 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-04-21 11:06 - 2015-04-21 11:09 - 00000000 ____ D () C:\ProgramData\{74b3b85f-4b2e-2538-74b3-3b85f4b2e17d}
2015-04-21 11:06 - 2015-04-21 11:06 - 00003288 _____ () C:\Windows\System32\Tasks\Bidaily Synchronize Task
2015-04-21 11:06 - 2015-04-21 11:06 - 00000000 ____ D () C:\ProgramData\ffafmgndhoklnfoccfejifeaaiigphhe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Odinstaluj Chrome zaznaczając usunięcie danych przeglądania.

Xardas1373 · 22 Kwiecień 2015 10:39

Dzięki wielkie Fachowa porada po wirusie ani śladu.

Acorus · 22 Kwiecień 2015 16:52

Skasuj folder C:\FRST.