Juz zdazyles pobrac szkodliwy Reimage? To teraz go usun.
Wykonaj Fixlist.txt dla FRST:
Task: {B625D26F-0820-4076-B249-AC8F1FB6B7CD} - System32\Tasks\rudy1970 => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v rudy1970 /t REG_SZ /d "cmd.exe /c start www.dipladoks.org"
Task: {BB9DAB8F-F643-4BC5-99D7-47D98A578BE2} - System32\Tasks\Opera scheduled Autoupdate 1447181598 => C:\Program Files (x86)\Opera\launcher.exe [2018-11-26] (Opera Software)
AlternateDataStreams: C:\Users\1\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\1\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\1\AppData\Local\Historia:gs5sys [2048]
AlternateDataStreams: C:\Users\1\Documents\desktop.ini:gs5sys [3074]
(Reimage) C:\Users\1\AppData\Local\Temp\~nsu.tmp\Au_.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-611993285-916337961-3334344629-1001\...\Run: [rudy1970] => cmd.exe /c start www.dipladoks.org
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w48
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w48
HKU\S-1-5-21-611993285-916337961-3334344629-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.gmx.com/start?src=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w48
SearchScopes: HKLM -> DefaultScope {c2b8e594-d284-ef0b-2c66-48a9c98914bc} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w48&q={searchTerms}
SearchScopes: HKLM -> {c2b8e594-d284-ef0b-2c66-48a9c98914bc} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w48&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {c2b8e594-d284-ef0b-2c66-48a9c98914bc} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w48&q={searchTerms}
SearchScopes: HKLM-x32 -> {c2b8e594-d284-ef0b-2c66-48a9c98914bc} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w48&q={searchTerms}
SearchScopes: HKU\S-1-5-21-611993285-916337961-3334344629-1001 -> {c2b8e594-d284-ef0b-2c66-48a9c98914bc} URL = hxxps://search.gmx.com/web/result?origin=p_jkld_pl&p=jkld&p_brw=ie&p_mkt=pl&p_tsrc=301ssg01&p_w=y1w48&q={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
2018-12-10 19:47 - 2018-12-10 19:56 - 000000140 _____ C:\WINDOWS\Reimage.ini
