Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Ruska strona z porno-grami przy starcie systemu

Przebrzydle Yeti 13 Paź 2018 12:22 351 3
  • #1 13 Paź 2018 12:22
    Przebrzydle Yeti
    Poziom 2  

    Witam,
    Przy starcie systemu samoczynnie włącza mi się jakaś ruska strona z porno grami gmaegames.pro/redirect-from-banner.html. Skanowałem kilkoma antywirusami i coś tam pousuwałem ale ten problem nie zniknął. Bardzo proszę o pomoc i przesyłam logi z FRST. Z góry dzięki za pomoc.

    0 3
  • #2 13 Paź 2018 12:58
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120508764_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120508764_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120508764_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120508764_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\pl-PL\acadficn.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120508764_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1001_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe /Automation => Brak pliku
    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\pl-PL\acadficn.dll => Brak pliku




    CustomCLSID: HKU\S-1-5-21-3307363290-62160213-3959077413-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\UpdatusUser\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
    Task: {37775916-B409-4F0F-BD44-0CA189DC59D4} - System32\Tasks\Dom => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Dom /t REG_SZ /d "cmd.exe /c start www.dipladoks.org"
    Task: {7F6775E3-2FD7-462F-A40E-CC8D854651EA} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
    AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]
    AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [105]
    Hosts:
    HKLM\...\Run: [Autodesk Sync] => [X]
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files\McAfee Safe Connect\McAfee Safe Connect.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\Run: [Dom] => cmd.exe /c start www.dipladoks.org
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: G - G:\setup.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: {15fe614a-176f-11e6-97d0-001cbfa57a47} - G:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: {27baa90e-eae9-11e5-9df0-001fc657ec9e} - F:\start.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: {3369be3a-5baa-11e5-ac3f-001cbfa57a47} - F:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: {3fb236b3-0142-11e6-bf56-001fc657ec9e} - G:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: {4194cb0e-5fa5-11e5-8078-001fc657ec9e} - G:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: {5a26a4da-cdc7-11e5-97f0-001fc657ec9e} - F:\autorun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: {6be37251-91bb-11e5-aa44-001fc657ec9e} - F:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: {79983274-016c-11e6-8049-001cbfa57a47} - G:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: {f536c753-23e7-11e6-aa68-001fc657ec9e} - F:\startme.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: {ffbc4d7a-e0dc-11e6-abe4-001fc657ec9e} - H:\autorun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\...\MountPoints2: {ffbc4d7c-e0dc-11e6-abe4-001fc657ec9e} - I:\autorun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\Run: [McAfeeSafeConnect] => C:\Program Files\McAfee Safe Connect\McAfee Safe Connect.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\Run: [Dom] => cmd.exe /c start www.dipladoks.org
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\Policies\Explorer: []
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: G - G:\setup.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: {15fe614a-176f-11e6-97d0-001cbfa57a47} - G:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: {27baa90e-eae9-11e5-9df0-001fc657ec9e} - F:\start.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: {3369be3a-5baa-11e5-ac3f-001cbfa57a47} - F:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: {3fb236b3-0142-11e6-bf56-001fc657ec9e} - G:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: {4194cb0e-5fa5-11e5-8078-001fc657ec9e} - G:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: {5a26a4da-cdc7-11e5-97f0-001fc657ec9e} - F:\autorun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: {6be37251-91bb-11e5-aa44-001fc657ec9e} - F:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: {79983274-016c-11e6-8049-001cbfa57a47} - G:\AutoRun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: {f536c753-23e7-11e6-aa68-001fc657ec9e} - F:\startme.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: {ffbc4d7a-e0dc-11e6-abe4-001fc657ec9e} - H:\autorun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\...\MountPoints2: {ffbc4d7c-e0dc-11e6-abe4-001fc657ec9e} - I:\autorun.exe
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pudelek.pl/
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pudelek.pl/
    HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    FF Extension: (Telemetry coverage) - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\lmk8olt3.default-1539371106846\features\{511b2912-aa98-4a54-b753-14a4603516ce}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-10-12] [Przestarzałe]
    CHR HKU\S-1-5-21-3307363290-62160213-3959077413-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3307363290-62160213-3959077413-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10132018120504484\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
    S3 WsDrvInst; "C:\Program Files\Keepvid\KeepVid Pro\DriverInstall.exe" [X]
    U3 aswbdisk; Brak ImagePath
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    1
  • #3 13 Paź 2018 13:56
    Przebrzydle Yeti
    Poziom 2  

    Ok wszystko działa, dzięki bardzo

    0
  • #4 13 Paź 2018 14:30
    RADU23
    Moderator - Komputery Serwis

    Usuń folder C:\FRST i to wszystko.
    Ruska strona z porno-grami przy starcie systemu

    0