Zagrożenie URL:Mal Avast

magda_smok91 · 16 Sierpień 2016 21:38

Mam problem z avast. Po podpięciu pendrive zaczął cyklicznie (co kilka sekund) pojawiać się komunikat o zagrożeniu URL:Mal.
FRST: http://wklej.org/id/2784411/

Addition: http://wklej.org/id/2784413/

Shortcut: http://wklej.org/id/2784414/

Dzięki z góry za pomoc.

Atis · 16 Sierpień 2016 22:17

W panelu sterowania odinstaluj Spybot - Search & Destroy 2.
Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Usuń (Cleaning).
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses: HKLM…\Run: [] => [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1351526490-505198510-3136473616-1000…\Run: [home] => wscript.exe //B “C:\Users\Magda\AppData\Roaming\home.vbe” Startup: C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-09-08] () BootExecute: autocheck autochk * sdnclean64.exe HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=N360&pvid=21.6.0.32 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=N360&pvid=21.6.0.32 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=N360&pvid=21.6.0.32 HKU\S-1-5-21-1351526490-505198510-3136473616-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=N360&pvid=21.6.0.32 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1449156776&z=1dead26914fdf2cf7ff5df2gcz1zat8gbw1q2mbmft&from=cor&uid=ST500LT012-1DG142_S3P3349PXXXXS3P3349P CHR HKU\S-1-5-21-1351526490-505198510-3136473616-1000\SOFTWARE\Google\Chrome\Extensions…\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.istartpageing.com/?type=sc&ts=1449156776&z=1dead26914fdf2cf7ff5df2gcz1zat8gbw1q2mbmft&from=cor&uid=ST500LT012-1DG142_S3P3349PXXXXS3P3349P R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X] 2016-08-16 19:44 - 2015-09-08 22:04 - 00092629 ___SH C:\Users\Magda\AppData\Roaming\home.vbe Task: {105D81D1-CD43-45F7-931F-BC8B1C7C7EFF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== UWAGA Task: {4F5D1E5E-6EC1-4205-8DFC-70A35AA03C85} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\SymErr.exe Task: {573DD1F3-51ED-4B79-82DC-41A4978B83B4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {619F51A3-392D-41FD-B179-493A27156F42} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {98612FD1-E874-4930-BFAD-37B4C6DA6439} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\SymErr.exe Task: {BBA4FFC6-95A5-4687-A418-8C44C963E20C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\WSCStub.exe Task: {C54D66BF-D009-4E9D-ABA0-0F3B494E3138} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.istartpageing.com/?type=sc&ts=1449156776&z=1dead26914fdf2cf7ff5df2gcz1zat8gbw1q2mbmft&from=cor&uid=ST500LT012-1DG142_S3P3349PXXXXS3P3349P EmptyTempt:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

magda_smok91 · 17 Sierpień 2016 07:07

Fixlog:http://wklej.org/id/2784506/

Nowy raport FRST: http://wklej.org/id/2784508/

Atis · 17 Sierpień 2016 08:25

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-03] () C:\Windows\System32\DRIVERS\EsgScanner.sys C:\AdwCleaner C:\Windows\System32\Tasks\Norton Internet Security C:\Program Files (x86)\Spybot - Search & Destroy 2 C:\ProgramData\Spybot - Search & Destroy StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service FirewallRules: [{7E779409-12A9-4644-92E2-52CFF7FC58C9}] => (Allow) C:\Users\Magda\AppData\Local\Temp\7zSA7A4.tmp\SymNRT.exe FirewallRules: [{892E2CD4-7D1E-46D2-9F5C-CA5F1CCD7B21}] => (Allow) C:\Users\Magda\AppData\Local\Temp\7zSA7A4.tmp\SymNRT.exe FirewallRules: [{53BCEFE2-0DB1-4249-BD75-4BF1BFE1D9F1}] => (Allow) C:\Users\Magda\AppData\Local\Temp\7zSBF29.tmp\SymNRT.exe FirewallRules: [{5D2D789C-1FAF-44A8-9882-833AC890F9FD}] => (Allow) C:\Users\Magda\AppData\Local\Temp\7zSBF29.tmp\SymNRT.exe DeleteQuarantine: EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Skasuj folder C:\FRST
Czyszczenie folderów Przywracania systemu
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium: KLIK
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK

Odinstaluj Adobe Flash Player 18 ActiveX i zainstaluj Flash Player 22.0.0.209 ActiveX