Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus gmaegames.pro/redirect-from-banner.html Win 7 Opera

semir78 17 Lis 2018 19:49 72 1
  • #1 17 Lis 2018 19:49
    semir78
    Poziom 1  

    Witam
    Na komputerze pojawił się wirus, który przy każdym uruchomieniu systemu Windows włącza przeglądarkę Opera, ze stroną o adresie gmaegames.pro/redirect-from-banner.html . Prosiłbym o pomoc, jak się pozbyć tego wirusa. W załączniku daje pliki FRST.txt oraz Addition.txt. Myślę że powinny one pomóc w rozwiązaniu problemu. Z góry dzięki serdeczne. :)

    Additi..txt Download (60.51 kB) FRST.txt Download (37.35 kB)

    0 1
  • #2 17 Lis 2018 21:09
    RADU23
    Moderator - Komputery Serwis

    Otwórz notatnik i wklej zawartość:

    Cytat:
    CloseProcesses:
    CreateRestorePoint:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\Run: [samsung] => explorer.exe hxxp://kb-ribaki.org <==== UWAGA
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {006b0a7a-2b64-11e4-ae13-b482fe52a160} - F:\_AUTORUN\AUTORUN.EXE
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {22c28645-4640-11e4-9d25-b482fe52a160} - G:\Startme.exe
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {2b681ca5-1381-11e5-9a67-b482fe52a160} - H:\AutoRun.exe
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {2b681e9e-1381-11e5-9a67-b482fe52a160} - H:\AutoRun.exe
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {351858ab-0ef3-11e6-803f-b482fe52a160} - H:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {51b32b4a-9517-11e5-9343-b482fe52a160} - H:\LG_PC_Programs.exe
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {9b6c89b2-6dbb-11e4-bae3-b482fe52a160} - H:\LG_PC_Programs.exe
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {a7c97212-0df0-11e6-81a1-b482fe52a160} - H:\AutoRun.exe
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {a7c97307-0df0-11e6-81a1-b482fe52a160} - H:\AutoRun.exe
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {cb762101-6a38-11e7-b3cf-b482fe52a160} - H:\HiSuiteDownLoader.exe
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {cc360b05-2a16-11e4-aaa4-b482fe52a160} - F:\SETUP.EXE
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {d4a496cc-3aad-11e6-b262-b482fe52a160} - H:\AutoRun.exe
    HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\MountPoints2: {e5d883af-3aa1-11e6-b262-b482fe52a160} - H:\AutoRun.exe
    AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll [95712 2016-08-10] (Zemana Ltd.)
    AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll [86936 2016-08-10] (Zemana Ltd.)
    GroupPolicy: Ograniczenia ? <==== UWAGA
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => Brak pliku




    Toolbar: HKLM - Brak nazwy - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Brak pliku
    FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\8mk1jree.default\extensions\detgdp@gmail.com => nie znaleziono
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    CHR HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <nie znaleziono>
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
    S3 BstHdAndroidSvc; "for\ProgramFiles\HD-Service.exe" BstHdAndroidSvc Android [X]
    S3 BstHdLogRotatorSvc; "for\ProgramFiles\HD-LogRotatorService.exe" [X]
    S3 BstHdPlusAndroidSvc; "for\ProgramFiles\HD-Plus-Service.exe" BstHdPlusAndroidSvc Android [X]
    S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe" [X]
    S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
    R3 keycrypt; C:\windows\System32\DRIVERS\KeyCrypt64.sys [158848 2016-08-10] (Zemana Ltd.)
    S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
    S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
    S3 BstHdDrv; for\ProgramFiles\HD-Hypervisor-amd64.sys [X]
    S3 BstkDrv; for\ProgramFiles\BstkDrv.sys [X]
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    S1 ZAM; \??\C:\windows\System32\drivers\zam64.sys [X]
    S1 ZAM_Guard; \??\C:\windows\System32\drivers\zamguard64.sys [X]
    2018-11-16 18:15 - 2015-09-18 13:49 - 000000266 __RSH C:\ProgramData\ntuser.pol
    CustomCLSID: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000_Classes\CLSID\{240CE5D0-6A59-8280-5BE8-042969019C16}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000_Classes\CLSID\{5CE3D9F0-2325-9ED3-A41F-2D0DE63FD21D}\InprocServer32 -> Brak ścieżki do pliku
    CustomCLSID: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000_Classes\CLSID\{6C7D5ECD-46B3-1D41-3115-12CD579D76E3}\InprocServer32 -> Brak ścieżki do pliku
    Task: {05F1AEA8-E6D7-4EB0-8818-FF41F7EDB505} - System32\Tasks\{E48FBAA7-10F6-42CE-BE0F-E16FE36DCF66} => C:\windows\system32\pcalua.exe -a D:\Gry\Starcraft\setup.exe -d D:\Gry\Starcraft
    Task: {1E050EC5-73B1-47DD-9517-934B4138240F} - System32\Tasks\{4F27C7CF-774A-47CB-9E64-3FCA90E9F88B} => C:\windows\system32\pcalua.exe -a F:\Setup.exe -d F:\
    Task: {4F7271F7-3DB7-4DDF-A00F-A62A7D80E65C} - System32\Tasks\{EC189396-E480-495F-9DA2-A992309ECAD8} => C:\windows\system32\pcalua.exe -a C:\Users\samsung\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=smt
    Task: {A68361FF-1044-4DB4-A966-7CD07AA75FFB} - System32\Tasks\samsung => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v samsung /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org" <==== UWAGA
    Task: {BCCDF6E9-36C3-496A-95B9-6C43FF30A6AD} - System32\Tasks\{9ACA0579-7F55-4D17-8BD2-92D2A0C730A7} => C:\windows\system32\pcalua.exe -a D:\Gry\Sims4\__Installer\vp6\vp6install.exe -d D:\Gry\Sims4\__Installer\vp6
    AlternateDataStreams: C:\ProgramData\Temp:60002631 [264]
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0