Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

loadstart.net - doklejony loadstart.net

wielo82 03 Paź 2016 12:51 480 2
  • #1 03 Paź 2016 12:51
    wielo82
    Poziom 7  

    Witam

    Nie chciałem się podpinać pod temat niżej dlatego pisze tutaj.
    Czy może ktoś by i mi pomógł z tym dziadostawem.
    Nie wiem skąd to się dzisiaj wzieło ale uruchamia sie z każda przeglądarka.
    Poniżej pliki z FRST.
    Z góry dziękuję za pomoc :-)

    0 2
  • #2 03 Paź 2016 12:56
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    Task: {8F04C4EB-D20F-480F-B556-2716F5E5F1BA} - System32\Tasks\Opera scheduled Autoupdate 1474219934 => C:\Program Files (x86)\Opera\launcher.exe [2016-09-21] (Opera Software)
    Task: {CC8F1444-960D-45B2-9D9B-44C3D4ADF6C4} - \KMSAutoNet -> Brak pliku <==== UWAGA
    Task: {CF568C41-C2C9-4523-8FCA-87EB4837D44E} - \WinTaske -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\Iw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://loadstart.net/?ssid=1475484106&a=1107267&src=sh&uuid=f5dd6741-5309-46d1-9618-b671b276f514,1475484052508"
    ShortcutWithArgument: C:\Users\Iw\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://loadstart.net/?ssid=1475484106&a=1107267&src=sh&uuid=f5dd6741-5309-46d1-9618-b671b276f514,1475484052508"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://loadstart.net/?ssid=1475484106&a=1107267&src=sh&uuid=f5dd6741-5309-46d1-9618-b671b276f514,1475484052508"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://loadstart.net/?ssid=1475484106&a=1107267&src=sh&uuid=f5dd6741-5309-46d1-9618-b671b276f514,1475484052508"
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://loadstart.net/?ssid=1475484106&a=1107267&src=sh&uuid=f5dd6741-5309-46d1-9618-b671b276f514,1475484052508"
    ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> "hxxp://loadstart.net/?ssid=1475484106&a=1107267&src=sh&uuid=f5dd6741-5309-46d1-9618-b671b276f514,1475484052508"
    HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (dane wartości zawierają 36 znaków więcej).
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {4d5e0029-45ca-11e6-98fd-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {4d5e01f1-45ca-11e6-98fd-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {4d5e01fb-45ca-11e6-98fd-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f4cf-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"




    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f4da-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f721-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f728-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f7ac-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f7b8-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f80b-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f815-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f86a-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f873-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f8b9-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {5de6f8c3-2b34-11e6-98fa-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {65e330cc-2a7c-11e6-98f9-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {65e330e5-2a7c-11e6-98f9-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {65e33a8e-2a7c-11e6-98f9-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {6cba79de-2a75-11e6-98f8-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {6cba79e6-2a75-11e6-98f8-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {6cba7c18-2a75-11e6-98f8-86f232b800fe} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {75eaea4a-275f-11e6-98f6-7429afeca838} - "G:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {83d05d44-fcbf-11e5-98f4-7429afeca838} - "G:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {9c3866d4-3a32-11e6-98fc-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {9c386730-3a32-11e6-98fc-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {9c386742-3a32-11e6-98fc-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {9c386746-3a32-11e6-98fc-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {9c386765-3a32-11e6-98fc-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {9c386787-3a32-11e6-98fc-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {9c386792-3a32-11e6-98fc-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {a0e5cef4-6ee0-11e6-9900-7429afeca838} - "E:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {f151ee51-33f4-11e6-98fb-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {f151ee6f-33f4-11e6-98fb-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {f151f0c9-33f4-11e6-98fb-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {f151f0ce-33f4-11e6-98fb-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {f151f3f2-33f4-11e6-98fb-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {f151f3f7-33f4-11e6-98fb-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {f151f4ae-33f4-11e6-98fb-7429afeca838} - "E:\AutoRun.exe"
    HKU\S-1-5-21-759232906-3530827451-1116224768-1002\...\MountPoints2: {f151f4b5-33f4-11e6-98fb-7429afeca838} - "E:\AutoRun.exe"
    GroupPolicy: Ograniczenia <======= UWAGA
    AutoConfigURL: [S-1-5-21-759232906-3530827451-1116224768-1002] => hxxp://un-blocking.com/wpad.dat?126866e9833f47791f2956d203a28c9c17694490
    ManualProxies: 0hxxp://un-blocking.com/wpad.dat?126866e9833f47791f2956d203a28c9c17694490
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\1468218650.js [2016-10-03] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\1468218650.cfg [2016-10-03] <==== UWAGA
    S1 bacmaghh; \??\C:\Windows\system32\drivers\bacmaghh.sys [X]
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    Zrob tez pelny skan przy pomocy mbam:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #3 03 Paź 2016 13:31
    wielo82
    Poziom 7  

    Zrobiłem tak jak napisałeś.
    Mbam wykrył też jakieś 21 plików ale wsio już usunięte i działa wszystko ok.
    Wielkie dzięki kolego :-)

    0