Elektroda.com
Elektroda.com
X
Elektroda.com
Advanced Search
Elektroda.com

[Solved] The website "gmaegames.pro" starts right after starting

Furtunando 1386 3
This content has been translated flag-pl » flag-en View the original version here.
| New topic
  • #1
    Furtunando
    Level 6  
    Hello all.

    Recently I had to catch a virus that always starts up the "gmaegames.pro" page when launched. I've used several programs (SpyHunter and Malwarebytes) to get rid of the problem, unfortunately it doesn't help. So the only option left is to use FRST. I am sending the scan results. I know that you can meet many experienced people in this topic on the electrode, so I am asking for help.
    Attachments:
  • Helpful post
    #2
    Kolobos
    IT specialist
    Odinstaluj:
    CPUID CPU-Z 1.76
    Google Toolbar for Internet Explorer
    SpyHunter

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {1A97DB29-F5EE-4863-B983-F4BD927E7549} - System32\Tasks\{1C7958F2-C601-472D-B98B-259A2A321BDB} => F:\RunGame.exe
    Task: {2456AFFF-E886-4DEE-80E2-EEF8E7F0114E} - System32\Tasks\{392934E0-CD9B-4244-A2AD-2C87BEB423DF} => C:\Windows\system32\pcalua.exe -a F:\TWEE_Upgrade.exe -d F:\
    Task: {28049062-65A4-4F68-A7B4-40F2027FCA76} - System32\Tasks\{05780EF8-0B51-4F2D-A5EA-69FF612D2E2B} => F:\RunGame.exe
    Task: {37360EED-8E02-4CA0-B624-BD001C1DE40B} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-06-03] (DivX, LLC)
    Task: {A0AA327F-33D3-499D-B70B-89D5D41A0873} - System32\Tasks\MBH => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v MBH /t REG_SZ /d "explorer.exe hxxp://dipladoks.org" C:\Program Files\GridinSoft Anti-Malware\gsam.exe
    Task: {EF3C8714-8CCA-4887-B387-866F8A7D84BB} - System32\Tasks\{8F6C9B62-8611-4B1B-B0F3-EE6851E442A8} => F:\RunGame.exe
    Task: {F2178CE6-6607-4133-8DFD-3C34AB78DEA0} - System32\Tasks\{368B11B7-2B24-4D7F-9D36-9AC79D1AE869} => C:\Windows\system32\pcalua.exe -a C:\Users\MBH\Downloads\epson374993eu.exe -d C:\Users\MBH\Downloads
    (Enigma Software Group USA, LLC.) C:\Program Files (x86)\SpyHunter\SpyHunter4.exe
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2316077946-3691154559-1529715177-1000\...\Run: [MBH] => explorer.exe hxxp://dipladoks.org [X]
    BootExecute: autocheck autochk * sh4native 7099
    GroupPolicy: Ograniczenia ? hxxps://defaultsearch.co/?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> Adaware Secure
    C:\Users\MBH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj
    CHR Extension: (Adaware Secure) - C:\Users\MBH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj [2018-10-15]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
    CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
    S2 SpyHunter 4 Service; C:\Program Files (x86)\SpyHunter\SH4Service.exe [685752 2018-03-30] (Enigma Software Group USA, LLC.)
    R3 esgiguard; C:\Program Files (x86)\SpyHunter\esgiguard.sys [15920 2017-08-12] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [22704 2017-08-12] ()
    S3 MSICDSetup; \??\F:\CDriver64.sys [X]
    S3 MWAC; \??\C:\Windows\system32\drivers\ [X]
    S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
    U0 Partizan; system32\drivers\Partizan.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
    2018-10-17 10:48 - 2018-10-17 10:49 - 002414592 _____ (Farbar) C:\Users\MBH\Downloads\FRST64 (2).exe
    2018-10-15 19:50 - 2018-03-30 10:12 - 000039096 _____ (Enigma Software Group USA, LLC) C:\Windows\SysWOW64\sh4native.exe
    2018-10-15 19:49 - 2018-10-15 19:52 - 000000000 ___HD C:\aTKuDDl7veJzuwec
    2018-10-15 19:49 - 2018-10-15 19:49 - 000007548 _____ C:\spyhunter.fix
    2018-10-15 19:42 - 2018-10-17 10:38 - 000000000 ____D C:\Program Files (x86)\SpyHunter
    2018-10-15 19:42 - 2018-10-15 19:42 - 000001028 _____ C:\Users\MBH\Desktop\SpyHunter.lnk
    2018-10-15 19:42 - 2018-10-15 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter
    2018-10-15 19:42 - 2017-08-12 10:26 - 000022704 _____ C:\Windows\SysWOW64\Drivers\EsgScanner.sys
    2018-10-15 19:41 - 2018-10-15 19:42 - 077142533 _____ C:\Users\MBH\Downloads\SpyHunter.4.28.7.4850.rar
    2018-10-15 19:41 - 2018-10-15 19:41 - 000001061 _____ C:\Users\MBH\Downloads\SpyHunter 4.28.7.4850 (2018) Multi-PL Wersja zarejestrowana.txt
    2018-10-15 19:27 - 2018-10-15 19:27 - 005930728 _____ (EnigmaSoft Limited) C:\Users\MBH\Downloads\SpyHunter-Installer.exe
    2018-10-15 18:23 - 2018-01-19 13:44 - 000000000 ____D C:\AdwCleaner

    Po wykonaniu usun katalog C:\FRST i to wszystko.
  • #3
    Furtunando
    Level 6  
    Kolobos - Thank you helped.
  • #4
    Furtunando
    Level 6  
    Kolobos - Thank you helped.

    Added after 33 [seconds]:

    Kolobos has resolved the problem.
| New topic