Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Otwiera sie strona przy starcie systemu

robpa 14 Paź 2018 20:19 138 3
  • #2 14 Paź 2018 21:19
    Kolobos
    Spec od komputerów

    Odinstaluj Ubisoft Game Launcher Packages

    Zgraj zakladki z Firefox'a, profil utworzony przez infekcje zostanie usuniety.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {3B3321B9-17E1-4ECB-8912-EC44D5829870} - System32\Tasks\{06C6C50D-36C3-4E1A-991E-D1E53F4B5FB3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe" -c -runfromtemp -l0x0415
    Task: {4567F5B2-5E34-4F95-A3B4-B6761AA17972} - System32\Tasks\robertTerraceHonorificsV2 => rundll32.exe CakingPrivately.dll,main 7 1 <==== UWAGA
    Task: {6558E455-1C11-4264-B7D4-9E010C6639AF} - System32\Tasks\robert => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v robert /t REG_SZ /d "explorer.exe hxxp://dipladoks.org" <==== UWAGA
    Task: {7219CBF4-60D3-42F1-840D-22D4E736E12D} - \{658623F5-EBB2-9793-5D26-6399D7E348E5} -> Brak pliku <==== UWAGA
    Task: {AF001B3A-4B0D-42BC-B6B3-23C5FE3A3701} - System32\Tasks\{D177C795-DE7B-4F92-BB2D-EE8852AED537} => C:\Windows\system32\pcalua.exe -a H:\Support\UbisoftGameLauncherInstaller.exe -d H:\Support
    Task: {B6354D97-0B86-4BA3-AA7A-F61FC075050D} - System32\Tasks\{A8779919-A727-47E5-8C71-CB878E6161B4} => C:\Windows\system32\pcalua.exe -a H:\UPDATE\assassins_creed_2_1.01_us.exe -d H:\UPDATE
    Task: {DD6F02DC-C6AF-4247-86D3-D1F95B2850CF} - System32\Tasks\{56A74D0E-3208-4F3E-8F0C-91B566DC7D8B} => C:\Windows\system32\pcalua.exe -a C:\Users\robert\Desktop\XperiaCompanion.exe -d C:\Users\robert\Desktop
    Task: {F91B6165-5AF5-4C0A-9976-5DF11DF2F2B8} - System32\Tasks\Opera scheduled Autoupdate 1412985748 => C:\Program Files (x86)\Opera\launcher.exe [2018-10-02] (Opera Software)
    HKU\S-1-5-21-2289604754-3140867284-3928036061-1001\...\Run: [robert] => explorer.exe hxxp://dipladoks.org <==== UWAGA
    HKU\S-1-5-21-2289604754-3140867284-3928036061-1001\...\CurrentVersion\Windows: [Load] C:\Users\robert\LOCALS~1\Temp\ccizxviec.pif <==== UWAGA
    HKU\S-1-5-21-2289604754-3140867284-3928036061-1001\...\MountPoints2: H - H:\setup.exe
    HKU\S-1-5-21-2289604754-3140867284-3928036061-1001\...\MountPoints2: {38674922-604b-11e4-8a7d-bcaec5bcff39} - I:\Startme.exe
    HKU\S-1-5-21-2289604754-3140867284-3928036061-1001\...\MountPoints2: {4f51d01f-e32f-11e6-9a67-bcaec5bcff39} - I:\Startme.exe
    HKU\S-1-5-21-2289604754-3140867284-3928036061-1001\...\MountPoints2: {fb09a7c7-1334-11e8-996e-bcaec5bcff39} - I:\LGAutoRun.exe
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    FF Homepage: Mozilla\Firefox\Profiles\9pssuh5c.default -> hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki




    FF SearchPlugin: C:\Users\robert\AppData\Roaming\Mozilla\Firefox\Profiles\9pssuh5c.default\searchplugins\nuesearch.xml [2016-06-15]
    FF ProfilePath: C:\Users\robert\AppData\Roaming\Profiles\jus85xwr.default [2018-10-14] <==== UWAGA
    C:\Users\robert\AppData\Roaming\Profiles\jus85xwr.default
    FF Homepage: Profiles\jus85xwr.default -> hxxps://www.google.pl/webhp?ie=utf-8&oe=u...x-b&gfe_rd=cr&ei=RodhV5HuK8bHZKeVi6AM
    FF NewTab: Profiles\jus85xwr.default -> hxxp://d391tbweljugwk.cloudfront.net/?ts=AHEq...37B8585294C2350A5&ptid=ism&mode=loadm
    FF SearchPlugin: C:\Users\robert\AppData\Roaming\Profiles\jus85xwr.default\searchplugins\6jbln3wg.xml [2016-05-20]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security with Backup\Engine\22.15.1.8\Exts\Chrome.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security with Backup\Engine\22.15.1.8\Exts\Chrome.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    S2 ThnAdpsrv; "C:\Program Files (x86)\Thunshprerusp\ThnAdpsrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
    S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2018-10-14 20:07 - 2016-06-15 18:45 - 000000000 ____D C:\AdwCleaner

    0
  • #3 14 Paź 2018 22:38
    robpa
    Poziom 2  

    działa! dzięki wielkie

    0
  • #4 14 Paź 2018 22:42
    RADU23
    Moderator - Komputery Serwis

    Usuń folder C:\FRST i to wszystko.
    Otwiera sie strona przy starcie systemu

    0