Mam problem z avast. Po podpięciu pendrive zaczął cyklicznie (co kilka sekund) pojawiać się komunikat o zagrożeniu URL:Mal.
FRST: http://wklej.org/id/2784411/
Addition: http://wklej.org/id/2784413/
Shortcut: http://wklej.org/id/2784414/
Dzięki z góry za pomoc.
Atis
(Atis)
16 Sierpień 2016 22:17
#2
W panelu sterowania odinstaluj Spybot - Search & Destroy 2.
Pobierz i uruchom AdwCleaner Kliknij Skanuj (Scan) i później Usuń (Cleaning).
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses: HKLM…\Run: [] => [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1351526490-505198510-3136473616-1000…\Run: [home] => wscript.exe //B “C:\Users\Magda\AppData\Roaming\home.vbe” Startup: C:\Users\Magda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe [2015-09-08] () BootExecute: autocheck autochk * sdnclean64.exe HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=N360&pvid=21.6.0.32 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=N360&pvid=21.6.0.32 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=N360&pvid=21.6.0.32 HKU\S-1-5-21-1351526490-505198510-3136473616-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=N360&pvid=21.6.0.32 StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1449156776&z=1dead26914fdf2cf7ff5df2gcz1zat8gbw1q2mbmft&from=cor&uid=ST500LT012-1DG142_S3P3349PXXXXS3P3349P CHR HKU\S-1-5-21-1351526490-505198510-3136473616-1000\SOFTWARE\Google\Chrome\Extensions…\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.istartpageing.com/?type=sc&ts=1449156776&z=1dead26914fdf2cf7ff5df2gcz1zat8gbw1q2mbmft&from=cor&uid=ST500LT012-1DG142_S3P3349PXXXXS3P3349P R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S1 wfdrvr_vt_1_10_0_28; system32\drivers\wfdrvr_vt_1_10_0_28.sys [X] 2016-08-16 19:44 - 2015-09-08 22:04 - 00092629 ___SH C:\Users\Magda\AppData\Roaming\home.vbe Task: {105D81D1-CD43-45F7-931F-BC8B1C7C7EFF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== UWAGA Task: {4F5D1E5E-6EC1-4205-8DFC-70A35AA03C85} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\SymErr.exe Task: {573DD1F3-51ED-4B79-82DC-41A4978B83B4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.) Task: {619F51A3-392D-41FD-B179-493A27156F42} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.) Task: {98612FD1-E874-4930-BFAD-37B4C6DA6439} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\SymErr.exe Task: {BBA4FFC6-95A5-4687-A418-8C44C963E20C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\WSCStub.exe Task: {C54D66BF-D009-4E9D-ABA0-0F3B494E3138} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.istartpageing.com/?type=sc&ts=1449156776&z=1dead26914fdf2cf7ff5df2gcz1zat8gbw1q2mbmft&from=cor&uid=ST500LT012-1DG142_S3P3349PXXXXS3P3349P EmptyTempt:
Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.
Atis
(Atis)
17 Sierpień 2016 08:25
#4
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
Uruchom FRST i kliknij Napraw (Fix). Skasuj folder C:\FRST
Czyszczenie folderów Przywracania systemu
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium: KLIK
Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK
Odinstaluj Adobe Flash Player 18 ActiveX i zainstaluj Flash Player 22.0.0.209 ActiveX