Zarażenie URL:MAL


(Rozekk17) #1

Proszę o pomoc, Jesem bezdradny z tym URL:MAL. Wystarczy, że otworzę nową stronkę w firefoxie i wyskakują mi 21 nowych zagrożeń. Podczas instalowania otl i frst wyskakiwały mi z 100 razy.


(Atis) #2

Wymagane są dwa logi z FRST.

Usuń szkodliwe rozszerzenia. W pasek adresu wpisz: about:addons

Nowy log obowiązkowy - Farbar Recovery Scan Tool


(Rozekk17) #3

Dodaje


(Atis) #4

W panelu sterowania odinstaluj:

McAfee Security Scan Plus

RelevantKnowledge

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Rozekk17) #5

Odinstalowałem MCAfee, ale w panelu sterowania w programach nie mam RelevantKnowledge;// Nie wiem jak dziada odinstalować.


(Atis) #6

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF SearchEngineOrder.1: v9
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
CHR StartupUrls: Default -> "www.wp.pl/?src01=dp3",
CHR DefaultSearchKeyword: Default -> isearch.avg.com
CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1
R2 MaintainerSvc1.92.5302915; C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840\maintainer.exe [123632 2015-01-19] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
2015-01-19 23:21 - 2015-01-19 23:23 - 00000000 ____ D () C:\AdwCleaner
2015-01-19 21:38 - 2014-10-28 10:47 - 00000000 ____ D () C:\ProgramData\ecbaef90-5696-41e1-a1c3-3e8112ce2840
Task: {2BD8D8AF-F71E-4047-8E04-B401D9AD1430} - System32\Tasks\{FA0BA983-89EA-4248-AA65-5C646A689178} => pcalua.exe -a C:\Windows\SysWOW64\Samsung_USB_Drivers\6\SSBCUninstall.exe
Task: {8A32CDEB-FBBC-404C-BA89-8BFC6F7BA95E} - System32\Tasks\{3FE9082C-4822-4EC0-A658-E65116256152} => pcalua.exe -a D:\start.exe -d D:\
Task: {94C278D0-A43E-45E2-B6D3-EA05261D42CB} - \AutoKMS No Task File <==== ATTENTION
Task: {B3C69B24-213D-4974-B706-B175321CC195} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{920118BD-4DDE-46CD-9C6A-ECEFB531A944}.exe
Task: {B52DE3CC-F898-4196-99CC-D7883D1E96B0} - \AutoKMSDaily No Task File <==== ATTENTION
Task: {FF221699-B6ED-4497-9D49-AEF9E028C3DF} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{8A070AF5-6D04-4EA3-8001-F953891D7433}.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{920118BD-4DDE-46CD-9C6A-ECEFB531A944}.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{8A070AF5-6D04-4EA3-8001-F953891D7433}.exe
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Rozekk17) #7

Fixlog ----- http://wklej.org/id/1601705/|


(Atis) #8

Usuń adres avg.com:

Otwórz konkretną stronę lub zestaw stron

Ustawianie domyślnej wyszukiwarki

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CHR DefaultSearchKeyword: Default -> isearch.avg.com
CHR DefaultSuggestURL: Default -> http://toolbar.avg.com/acp?q={searchTerms}&o=1
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
C:\Windows\system32\drivers\avgtpx64.sys
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK

Odinstaluj Java 7 Update 17 i Microsoft Silverlight.

Zainstaluj Java 8 Update 25 i Silverlight 5.1.30514.0


(Rozekk17) #9

Wykonałem wszystkie czynności tak jak mi kazałeś. Wszystko działa poprawnie. Podczas skanowanie Malwarebytes wyskoczyły 4 pliki