Adverttraff.org

Dla specjalistów Bezpieczeństwo
#1

Witam,

Od jakiegoś czasu przy włączaniu komputera automatycznie otwiera się opera a tam jakaś ruska stronka adverttraff.org, jak to usunąć ?

 

Proszę o pomoc

 

Addition.txt

FRST.txt

#2

Otwórz Notatnik i wklej:

HKU\S-1-5-21-1910228669-1226663037-4243644267-1000\...\Run: [AdobeBridge] = [X]
HKU\S-1-5-21-1910228669-1226663037-4243644267-1000\...\Run: [CMD] = cmd.exe /c start http://adverttraff.org exit ===== ATTENTION
HKU\S-1-5-21-1910228669-1226663037-4243644267-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-1910228669-1226663037-4243644267-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3321459octid=EB_ORIGINAL_CTIDSearchSource=55CUI=UM=4UP=SP21A6023E-6685-4AE1-BDCC-DE2AD37F07DASSPV=
SearchScopes: HKU\S-1-5-21-1910228669-1226663037-4243644267-1000 - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459octid=EB_ORIGINAL_CTIDSearchSource=58CUI=UM=4UP=SP21A6023E-6685-4AE1-BDCC-DE2AD37F07DAq={searchTerms}SSPV=
SearchScopes: HKU\S-1-5-21-1910228669-1226663037-4243644267-1000 - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3321459octid=EB_ORIGINAL_CTIDSearchSource=58CUI=UM=4UP=SP21A6023E-6685-4AE1-BDCC-DE2AD37F07DAq={searchTerms}SSPV=
CHR HomePage: Default - hxxp://search.conduit.com/?ctid=CT3321459octid=EB_ORIGINAL_CTIDSearchSource=55CUI=UM=4UP=SP21A6023E-6685-4AE1-BDCC-DE2AD37F07DASSPV=
CHR StartupUrls: Default - "hxxp://search.conduit.com/?ctid=CT3321459octid=EB_ORIGINAL_CTIDSearchSource=55CUI=UM=4UP=SP21A6023E-6685-4AE1-BDCC-DE2AD37F07DASSPV=", "hxxp://www.sweet-page.com/?type=hpts=1407972227from=coruid=ST1000LM014-SSHD-8GB_W381NVF6XXXXW381NVF6"
S3 XFDriver64; \\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
2014-11-15 16:28 - 2014-11-15 16:28 - 00003316 _____ () C:\Windows\System32\Tasks\{34DE2432-5A9F-44D9-953B-F4EFB3D97C00}
2014-10-26 16:39 - 2014-10-26 16:39 - 00002978 _____ () C:\Windows\System32\Tasks\{A185D47A-CB2E-4DEE-BA94-B4A3D4FD337C}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Dzięki za pomoc :slight_smile:

#4

Skasuj folder C:\FRST