Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Wirus gameorplay włączający się w przeglądarce przy uruchomieniu systemu.

Enzomayol 28 Lis 2018 11:15 60 4
  • #1 28 Lis 2018 11:15
    Enzomayol
    Poziom 2  

    Witam
    Na komputerze pojawił się wirus, który przy każdym uruchomieniu systemu Windows włącza przeglądarkę ,ze stroną o adresie gmaegames.pro/redirect-from-banner.html . Prosiłbym o pomoc, jak się pozbyć tego wirusa. W załączniku daje pliki FRST.txt oraz Addition.txt.

    0 4
  • Pomocny post
    #2 28 Lis 2018 11:51
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    CustomCLSID: HKU\S-1-5-21-2425096044-2907444943-2888746404-1004_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2425096044-2907444943-2888746404-1004_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2425096044-2907444943-2888746404-1004_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku
    Task: {4D95714C-548B-4F0D-B327-5B3A43D79070} - System32\Tasks\cathy => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v cathy /t REG_SZ /d "cmd.exe /c start www.dipladoks.org"
    Task: {7659EED5-BE79-4AEB-8DB2-9BD4A64BC6D3} - System32\Tasks\{A5400050-6121-4463-9F82-0D90B0C43DE1} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Settlers IV - Zlota Edycja\Editor\S4Editor.exe" -d "C:\Program Files (x86)\Ubisoft\Settlers IV - Zlota Edycja\Editor\"




    Task: {B2BBFF2A-F6B7-4906-9704-E8FF695A9A43} - System32\Tasks\{4884A7A5-DBEA-48DE-A3F9-5FBD633AA82D} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3884720 2017-10-04] (ALLPlayer.org)
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\...\Run: [BingSvc] => C:\Users\cathy\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-31] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [6168768 2016-09-15] (ALLPlayer Group Ltd.)
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\...\Run: [cathy] => cmd.exe /c start www.dipladoks.org
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV752/search/web?q={searchTerms}
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV752/
    SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV752/search/web?q={searchTerms}
    SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV752/search/web?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2425096044-2907444943-2888746404-1004 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV752/search/web?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2425096044-2907444943-2888746404-1004 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV752/search/web?q={searchTerms}
    Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll Brak pliku
    FF Homepage: Mozilla\Firefox\Profiles\n80ibye8.default -> hxxps://search.avast.com/AV752/
    FF NewTab: Mozilla\Firefox\Profiles\n80ibye8.default -> about:newtab
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    2018-11-28 10:16 - 2018-11-28 10:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 28 Lis 2018 11:52
    Kolobos
    Spec od komputerów

    Co masz w pliku C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat?

    Wykonaj Fixlist.txt dla FRST:
    CustomCLSID: HKU\S-1-5-21-2425096044-2907444943-2888746404-1004_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2425096044-2907444943-2888746404-1004_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-2425096044-2907444943-2888746404-1004_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\cathy\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku
    ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku
    Task: {4D95714C-548B-4F0D-B327-5B3A43D79070} - System32\Tasks\cathy => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v cathy /t REG_SZ /d "cmd.exe /c start www.dipladoks.org"
    Task: {7659EED5-BE79-4AEB-8DB2-9BD4A64BC6D3} - System32\Tasks\{A5400050-6121-4463-9F82-0D90B0C43DE1} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Ubisoft\Settlers IV - Zlota Edycja\Editor\S4Editor.exe" -d "C:\Program Files (x86)\Ubisoft\Settlers IV - Zlota Edycja\Editor\"
    Task: {B2BBFF2A-F6B7-4906-9704-E8FF695A9A43} - System32\Tasks\{4884A7A5-DBEA-48DE-A3F9-5FBD633AA82D} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\...\Run: [ALLUpdate] => C:\Program Files\ALLPlayer\ALLUpdate.exe [3884720 2017-10-04] (ALLPlayer.org)
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\...\Run: [BingSvc] => C:\Users\cathy\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-31] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe [6168768 2016-09-15] (ALLPlayer Group Ltd.)
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\...\Run: [cathy] => cmd.exe /c start www.dipladoks.org
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV752/search/web?q={searchTerms}
    HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avast.com/AV752/
    SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV752/search/web?q={searchTerms}
    SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV752/search/web?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2425096044-2907444943-2888746404-1004 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV752/search/web?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2425096044-2907444943-2888746404-1004 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV752/search/web?q={searchTerms}
    Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll Brak pliku
    FF Homepage: Mozilla\Firefox\Profiles\n80ibye8.default -> hxxps://search.avast.com/AV752/
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2425096044-2907444943-2888746404-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.16.2.22\Exts\Chrome.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    2018-11-28 10:16 - 2018-11-28 10:16 - 000002600 _____ C:\WINDOWS\System32\Tasks\cathy
    2018-11-28 10:16 - 2018-11-28 10:16 - 000002444 _____ C:\WINDOWS\System32\Tasks\{A5400050-6121-4463-9F82-0D90B0C43DE1}
    2018-11-28 10:16 - 2018-11-28 10:16 - 000002258 _____ C:\WINDOWS\System32\Tasks\{4884A7A5-DBEA-48DE-A3F9-5FBD633AA82D}

    0
  • #4 28 Lis 2018 12:33
    Enzomayol
    Poziom 2  

    Dziękuje Panowie pomogło pierwsze rozwiązanie dziękuje serdecznie i życzę bogatego mikołaja .

    0
  • #5 28 Lis 2018 12:34
    Enzomayol
    Poziom 2  

    Dziękuje Panowie pomogło pierwsze rozwiązanie dziękuje serdecznie i życzę bogatego mikołaja .

    0