Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

wirus Вoйти в И&

KOLEGA53241 06 Kwi 2017 20:04 381 4
  • #2 06 Kwi 2017 21:16
    Kolobos
    Spec od komputerów

    Dlaczego wykonales jakis fixlist, ktory w ogole nie ma zastosowania u Ciebie?

    Zamiesc brakujacy addition!

    0
  • #4 06 Kwi 2017 22:02
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    ShortcutWithArgument: C:\Users\Admin\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://valisto.ru/?utm_source=startlink03&utm_content=1f3288cbbcf3082bcd8508e8fc508169&utm_term=03D0EC4C45EC79B47946D3818EC39CC0&utm_d=20170405"
    ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGGjMhxpsXWEzo...HTnE%2FMrSbQ3uvqwSnQ4POXdHOjzQesjviL0l4Ay0%3D
    ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
    ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://valisto.ru/?utm_source=startlink03&utm_content=1f3288cbbcf3082bcd8508e8fc508169&utm_term=03D0EC4C45EC79B47946D3818EC39CC0&utm_d=20170405"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxps://launchpage.org/?uid=oTlKGGjMhxpsXWEzo...HTnE%2FMrSbQ3uvqwSnQ4POXdHOjzQesjviL0l4Ay0%3D
    HKU\S-1-5-21-2226245567-961089042-478485940-1000\...\Run: [uupinfkukp] => explorer "hxxp://valisto.ru/?utm_source=uoua03&utm_content=86735b1c41ed86986fefb9166bb7a47b&utm_term=03D0EC4C45EC79B47946D3818EC39CC0&utm_d=20170405" <===== UWAGA
    HKU\S-1-5-21-2226245567-961089042-478485940-1000\...\MountPoints2: F - F:\AutoRun.exe
    HKU\S-1-5-21-2226245567-961089042-478485940-1000\...\MountPoints2: {d737a393-c852-11e6-b51a-023835060908} - F:\AutoRun.exe
    HKU\S-1-5-21-2226245567-961089042-478485940-1000\...\MountPoints2: {e4a79118-dfaa-11e6-923c-00a0c6000000} - F:\LG_PC_Programs.exe
    HKU\S-1-5-21-2226245567-961089042-478485940-1000\...\MountPoints2: {f9788885-b95a-11e6-9175-023835060908} - F:\HTC_Sync_Manager_PC.exe
    GroupPolicy: Ograniczenia <======= UWAGA
    GroupPolicy\User: Ograniczenia <======= UWAGA
    AutoConfigURL: [S-1-5-21-2226245567-961089042-478485940-1000] => hxxp://websacesses.com/wpad.dat?b7a2fae7f6947252c87811eb3c62e88527750088




    ManualProxies: 0hxxp://websacesses.com/wpad.dat?b7a2fae7f6947252c87811eb3c62e88527750088
    RemoveProxy:
    HKU\S-1-5-21-2226245567-961089042-478485940-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811013
    SearchScopes: HKU\S-1-5-21-2226245567-961089042-478485940-1000 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B15D2BBD0-D540-4998-9267-39DEFD2D051B%7D&gp=811014
    SearchScopes: HKU\S-1-5-21-2226245567-961089042-478485940-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B15D2BBD0-D540-4998-9267-39DEFD2D051B%7D&gp=811014
    BHO-x32: Ďîčńę@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Admin\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-04-05] (Mail.Ru)
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\4vgzuidx.default -> Поиск@Mail.Ru
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4vgzuidx.default -> Поиск@Mail.Ru
    FF Homepage: Mozilla\Firefox\Profiles\4vgzuidx.default -> hxxp://mail.ru/cnt/10445?gp=811013
    FF Keyword.URL: Mozilla\Firefox\Profiles\4vgzuidx.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B3B...-EA56-4E5A-9D65-4E32A4DDAAD6%7D&gp=811014
    FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4vgzuidx.default\Extensions\homepage@mail.ru [2017-04-05]
    FF Extension: (Поиск@Mail.Ru) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4vgzuidx.default\Extensions\search@mail.ru [2017-04-05]
    FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4vgzuidx.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2017-04-05]
    FF SearchPlugin: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4vgzuidx.default\searchplugins\mailru.xml [2017-04-05]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\25324032.js [2017-04-05] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\25324032.cfg [2017-04-05] <==== UWAGA
    CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
    CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
    OPR Extension: (Brak nazwy) - C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Extensions\ahggfmgiidlaceichjfemgbaggnbaloe [2017-04-05]
    S3 EasyAntiCheatSys; \??\C:\Windows\system32\drivers\EasyAntiCheat.sys [X]
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2017-04-05 22:23 - 2017-04-05 22:23 - 00000000 ____D C:\Users\Admin\AppData\Local\NetBoxLogs
    2017-04-05 22:22 - 2017-04-05 22:22 - 00000000 ____D C:\Users\Admin\AppData\Local\Вoйти в Интeрнет
    2017-04-05 22:20 - 2017-04-05 22:21 - 00000000 ____D C:\Users\Admin\AppData\Local\wmipr
    2017-04-05 22:18 - 2017-04-05 22:18 - 00000000 ____D C:\Users\Admin\AppData\Local\Поиcк в Интeрнете
    2017-04-05 22:18 - 2017-04-05 22:18 - 00000000 ____D C:\Program Files (x86)\Hiru
    2017-04-05 22:17 - 2017-04-05 22:17 - 00000000 ____D C:\Users\Admin\AppData\Local\Mail.Ru
    2017-04-05 22:17 - 2017-04-05 22:17 - 00000000 ____D C:\ProgramData\Mail.Ru
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #5 06 Kwi 2017 22:04
    KOLEGA53241
    Poziom 2  

    Dziękuję za Pomoc już to robię !

    0