Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Proszę o wykonanie skryptu OTL. Pełne skanowanie OTL i ADWcleaner'em zrobione.

rtoip14 10 Maj 2016 11:10 681 5
  • Pomocny post
    #2 10 Maj 2016 11:21
    Kolobos
    Spec od komputerów

    Nie ma wymaganych logow, nie ma pomocy. Chyba widzisz, ze wymagane sa logi z FRST!

    0
  • Pomocny post
    #4 10 Maj 2016 21:35
    Kolobos
    Spec od komputerów

    Odinstaluj:
    AdBlocker
    Adobe Reader 9 - Polish, zmien na najnowsza wersje AR lub Foxit: http://ninite.com/foxit/
    WinZip

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {5627F509-BED3-4A05-8C94-D8F9B7ED98E7} - System32\Tasks\Lorckphsary Reports => C:\Program Files\Lorckphsary\lrcReportsTask.exe [2016-05-06] ()
    Task: {5809B54C-DCF6-4852-87B5-E11BB2CE8BA7} - System32\Tasks\{FE2BAB85-DDA6-44F5-919D-7EF2E4529CBC} => Firefox.exe
    Task: {5AC83246-3C73-4548-9E9E-322C44C6B1AD} - \{143619F7-FB73-4130-AB38-E56EA72EF9E6} -> Brak pliku <==== UWAGA
    Task: {6312C0BD-3D4D-47C5-B01B-6320464E58AE} - \{36F2BEF6-7E01-43A0-A297-7023E702F837} -> Brak pliku <==== UWAGA
    Task: {7BF07242-C70B-45D4-9D3C-AB8FE30CCB87} - \{C4DADAD2-0D8F-4B9A-9D01-4CCC23670D43} -> Brak pliku <==== UWAGA
    Task: {900E45F0-BA0A-4441-A781-541A15E66BF6} - \{F7175EF7-1215-4A5B-AE56-48D4751E1307} -> Brak pliku <==== UWAGA
    Task: {91384726-1109-4E9D-87FB-FAD902B4CFD3} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
    Task: {972AEA67-4372-40D6-95C8-1F406FAD0DFE} - System32\Tasks\cFos\Registration Tasks\Open Browser => Chrome.exe "hxxp://www.cfos.de/pl/cfosspeed/documentation/status.htm?sw-10.10.2238&amp;days=26"
    Task: {B4D72131-989F-4701-9380-0DBCA73EE6EE} - System32\Tasks\svshost => C:\Users\Neo\AppData\Local\svshost\svshost.exe [2016-05-10] () <==== UWAGA
    Task: {BB9D0292-9B07-4FE4-AF05-13402BA0DCF5} - \{126AA21B-B529-40EE-AA34-373B3EC3B18B} -> Brak pliku <==== UWAGA
    Task: {D7D7DAA7-BBA0-4FEE-8786-DA06AF587502} - \{0A2B7E43-4CFD-408D-B7C8-E9DD5BC7A7CB} -> Brak pliku <==== UWAGA
    Task: {D8DFC82F-7024-4EC5-B0B4-1607D84A8105} - System32\Tasks\Nimeckreelule Log => C:\Program Files\Nimeckreelule\Nmclogtask.exe [2016-04-27] ()
    Task: {DEBDB669-C1B0-472C-9C95-EB7B41053D2A} - \{6D434EDE-BB36-4B09-8012-4001F93BD299} -> Brak pliku <==== UWAGA
    Task: {DF2FE124-646F-4B3B-8E2A-5404E48972F2} - \{CBAFDA87-E3D2-470B-B74E-525BBC89E6F0} -> Brak pliku <==== UWAGA
    Task: {E11305ED-206F-4EBC-A4E5-814DF5290395} - \{9DDE060C-7335-40EE-88F1-4F94F85A3884} -> Brak pliku <==== UWAGA
    Task: {E1312902-2AC8-4C72-B137-6AB4A4AD0600} - System32\Tasks\Chromium => C:\Users\Neo\AppData\Local\Chromium\APPLIC~1\450240~1.0\INSTAL~1\UNINST~1.EXE
    Task: C:\Windows\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job => C:\Windows\system32\cscript.exe3C:\ProgramData\Baidu Security\Duplicaterecord.js <==== UWAGA
    Task: C:\Windows\Tasks\1ZrOsO5o56AYSIQ.job => C:\Users\Neo\AppData\Roaming\1ZrOsO5o56AYSIQ.exe <==== UWAGA
    Task: C:\Windows\Tasks\2E5DE2B5-E9ED-4F82-A28E-B8B8854FC68.job => C:\Users\Neo\AppData\Local\2E5DE2B5-E9ED-4F82-A28E-B8B8854FC68\2E5DE2B5-E9ED-4F82-A28E-B8B8854FC68.exe




    Task: C:\Windows\Tasks\7D616B8D-C391-4CCB-BF94-B4F755EF2532.job => C:\Users\Neo\AppData\Local\7D616B8D-C391-4CCB-BF94-B4F755EF2532\7D616B8D-C391-4CCB-BF94-B4F755EF2532.exe <==== UWAGA
    Task: C:\Windows\Tasks\90B35867-FDC3-4819-AE24-64D695EF5AF.job => C:\Users\Neo\AppData\Local\90B35867-FDC3-4819-AE24-64D695EF5AF\90B35867-FDC3-4819-AE24-64D695EF5AF.exe
    Task: C:\Windows\Tasks\B224mn4.job => C:\Users\Neo\AppData\Roaming\B224mn4.exe <==== UWAGA
    Task: C:\Windows\Tasks\C13398AA-9217-48B5-84C3-117F73922E99.job => C:\Users\Neo\AppData\Local\C13398AA-9217-48B5-84C3-117F73922E99\C13398AA-9217-48B5-84C3-117F73922E99.exe <==== UWAGA
    Task: C:\Windows\Tasks\C239BECF-ADA0-4A1B-9DBA-62E24047A11F.job => C:\Users\Neo\AppData\Local\C239BECF-ADA0-4A1B-9DBA-62E24047A11F\C239BECF-ADA0-4A1B-9DBA-62E24047A11F.exe <==== UWAGA
    Task: C:\Windows\Tasks\C4DEA8A5-6997-42B5-A783-2F52F92C6449.job => C:\Users\Neo\AppData\Local\C4DEA8A5-6997-42B5-A783-2F52F92C6449\C4DEA8A5-6997-42B5-A783-2F52F92C6449.exe <==== UWAGA
    Task: C:\Windows\Tasks\Chromium.job => C:\Users\Neo\AppData\Local\Chromium\APPLIC~1\450240~1.0\INSTAL~1\UNINST~1.EXE
    Task: C:\Windows\Tasks\ChYZwjWxJnhcTTyOISobTRJnm.job => C:\Users\Neo\AppData\Roaming\ChYZwjWxJnhcTTyOISobTRJnm.exe <==== UWAGA
    Task: C:\Windows\Tasks\D5AFDB95-EFEE-444B-8B36-BBF18D17EDF4.job => C:\Users\Neo\AppData\Local\D5AFDB95-EFEE-444B-8B36-BBF18D17EDF4\D5AFDB95-EFEE-444B-8B36-BBF18D17EDF4.exe <==== UWAGA
    Task: C:\Windows\Tasks\Launch 5807.job => C:\Program Files\YouTube Accelerator\YouTubeAccelerator.exe <==== UWAGA
    Task: C:\Windows\Tasks\LTPK3mGwBtWFK5PvOAryESmySGP.job => C:\Users\Neo\AppData\Roaming\LTPK3mGwBtWFK5PvOAryESmySGP.exe <==== UWAGA
    Task: C:\Windows\Tasks\p20H8TEsLLajs.job => C:\Users\Neo\AppData\Roaming\p20H8TEsLLajs.exe <==== UWAGA
    Task: C:\Windows\Tasks\PEAiijK3oFJ.job => C:\Users\Neo\AppData\Roaming\PEAiijK3oFJ.exe <==== UWAGA
    Task: C:\Windows\Tasks\PH2WgDpLUwi1Z2f8sXOwKTwXUw.job => C:\Users\Neo\AppData\Roaming\PH2WgDpLUwi1Z2f8sXOwKTwXUw.exe <==== UWAGA
    Task: C:\Windows\Tasks\WarThunder05.job => C:\Program Files\Google\Chrome\Application\chrome.exe©--app=hxxp:/mmotraffic.com/catalog/goplay/1000932/ <==== UWAGA
    Task: C:\Windows\Tasks\wbwVe0e.job => C:\Users\Neo\AppData\Roaming\wbwVe0e.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Neo\AppData\Local\Microsoft\Start Menu\Вoйти в Интeрнeт.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "hxxp://chatozov.ru/?utm_source=startlink03&utm_content=9f387b8b760902670039451ab10f1a8c&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    ShortcutWithArgument: C:\Users\Neo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811008"
    Hosts:
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\...\Run: [rklweryatv] => explorer "hxxp://chatozov.ru/?utm_source=uoua03n&utm_content=1f1a7d4e6784534601121b44b7be8052&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416" <===== UWAGA
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2973184 2016-01-22] (Microsoft Corporation) <==== UWAGA
    IFEO\avcenter.exe: [Debugger] nqij.exe
    IFEO\avconfig.exe: [Debugger] nqij.exe
    IFEO\avgcsrvx.exe: [Debugger] nqij.exe
    IFEO\avgidsagent.exe: [Debugger] nqij.exe
    IFEO\avgnt.exe: [Debugger] nqij.exe
    IFEO\avgrsx.exe: [Debugger] nqij.exe
    IFEO\avguard.exe: [Debugger] nqij.exe
    IFEO\avgui.exe: [Debugger] nqij.exe
    IFEO\avgwdsvc.exe: [Debugger] nqij.exe
    IFEO\avp.exe: [Debugger] nqij.exe
    IFEO\avscan.exe: [Debugger] nqij.exe
    IFEO\bdagent.exe: [Debugger] nqij.exe
    IFEO\blindman.exe: [Debugger] nqij.exe
    IFEO\ccuac.exe: [Debugger] nqij.exe
    IFEO\ComboFix.exe: [Debugger] nqij.exe
    IFEO\egui.exe: [Debugger] nqij.exe
    IFEO\keyscrambler.exe: [Debugger] nqij.exe
    IFEO\mbam.exe: [Debugger] nqij.exe
    IFEO\mbamgui.exe: [Debugger] nqij.exe
    IFEO\mbampt.exe: [Debugger] nqij.exe
    IFEO\mbamscheduler.exe: [Debugger] nqij.exe
    IFEO\mbamservice.exe: [Debugger] nqij.exe
    IFEO\MpCmdRun.exe: [Debugger] nqij.exe
    IFEO\MSASCui.exe: [Debugger] nqij.exe
    IFEO\MsMpEng.exe: [Debugger] nqij.exe
    IFEO\msseces.exe: [Debugger] nqij.exe
    IFEO\rstrui.exe: [Debugger] nqij.exe
    IFEO\SDFiles.exe: [Debugger] nqij.exe
    IFEO\SDMain.exe: [Debugger] nqij.exe
    IFEO\SDWinSec.exe: [Debugger] nqij.exe
    IFEO\spybotsd.exe: [Debugger] nqij.exe
    IFEO\wireshark.exe: [Debugger] nqij.exe
    IFEO\zlclient.exe: [Debugger] nqij.exe
    ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Brak pliku
    ManualProxies: 0hxxp://unstops.net/wpad.dat?3bfdd9d1d1d5b3ff8481263d276873c09454809
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://chatozov.ru/?utm_content=706daf58c4c29...22F49296AF75215BDFE5C6AAFE&utm_d=20160416
    HKU\S-1-5-21-314501420-2261803728-2016192299-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?pc=UE07&ocid=UE07DHP
    URLSearchHook: HKU\S-1-5-21-314501420-2261803728-2016192299-1000 - (Brak nazwy) - {0696f815-a3a9-490a-bb14-9ec3350b1276} - Brak pliku
    SearchScopes: HKLM -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-314501420-2261803728-2016192299-1000 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-314501420-2261803728-2016192299-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B12E30F5F-69B1-41B0-8F6B-2E09FBB9088A%7D&gp=811014
    BHO: Brak nazwy -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> Brak pliku
    FF Homepage: hxxp://chatozov.ru/?utm_content=706daf58c4c29...22F49296AF75215BDFE5C6AAFE&utm_d=20160416
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\hqrvmvbz.default-1375021278795\searchplugins\avast-search.xml [2016-05-03]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\hqrvmvbz.default-1375021278795\searchplugins\google-default.xml [2015-01-27]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\hqrvmvbz.default-1375021278795\searchplugins\google-standard.xml [2016-05-10]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\hqrvmvbz.default-1375021278795\searchplugins\yahoo-.xml [2015-03-04]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\3ak045z4.default-1461073549107\searchplugins\avast-search.xml [2016-05-03]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\3ak045z4.default-1461073549107\searchplugins\google-standard.xml [2016-05-10]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\60qf9dtj.SepulturA\searchplugins\avast-search.xml [2016-05-03]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\60qf9dtj.SepulturA\searchplugins\google-standard.xml [2016-05-10]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\avast-search.xml [2016-05-03]
    FF SearchPlugin: C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\41A66E7E5EE1\searchplugins\google-standard.xml [2016-05-10]
    FF Extension: Firefox365scorescom - C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\hqrvmvbz.default-1375021278795\Extensions\Firefox@365scores.com [2015-01-31] [Brak podpisu cyfrowego]
    FF Extension: Cash Kitten - C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\hqrvmvbz.default-1375021278795\Extensions\{a8edd05a-a96c-48c2-8eb2-1e65dc4461b7}.xpi [2016-04-26] [Brak podpisu cyfrowego]
    FF Extension: Cash Kitten - C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\3ak045z4.default-1461073549107\Extensions\{a8edd05a-a96c-48c2-8eb2-1e65dc4461b7}.xpi [2016-04-26] [Brak podpisu cyfrowego]
    FF Extension: Cash Kitten - C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\60qf9dtj.SepulturA\Extensions\{a8edd05a-a96c-48c2-8eb2-1e65dc4461b7}.xpi [2016-04-26] [Brak podpisu cyfrowego]
    CHR HKLM\...\Chrome\Extension: [aeembeejekghkopiabadonpmfpigojok] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [bgcifljfapbhgiehkjlckfjmgeojijcb] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ilamgbdaebkbpkkmfmmfbnaamkhijdek] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [lbjjfiihgfegniolckphpnfaokdkbmdm] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [mgmkibjehmijilgdlafejbedipjcjeaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ofdgafmdegfkhfdfkmllfefmcmcjllec] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [pnooffjhclkocplopffdbcdghmiffhji] - hxxps://clients2.google.com/service/update2/crx
    OPR Extension: (Web docs) - C:\Users\Neo\AppData\Roaming\Opera Software\Opera Stable\Extensions\onnpamhldelphfpbjneadljcchmcbomn [2016-04-02]
    S4 lrcReportsService; C:\Program Files\Lorckphsary\lrcReportsService.exe [1005736 2016-05-06] ()
    S4 Nmclogservice; C:\Program Files\Nimeckreelule\Nmclogservice.exe [302304 2016-04-27] ()
    S3 AdBlockerService; C:\Program Files\AdBlocker\Service.WinServiceHost.exe [X]
    S2 mrupdsrv; "C:\Program Files\Mail.Ru\Update Service\mrupdsrv.exe" --s [X]
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2016-04-20] ()
    R2 rsdsys; C:\Windows\system32\drivers\protreg.sys [24120 2014-05-28] (Beijing Rising Information Technology Co., Ltd.)
    S3 AsrCDDrv; \??\C:\Windows\system32\Drivers\AsrCDDrv.sys [X]
    S3 cpuz134; \??\C:\Users\Neo\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S1 lxrglxzm; \??\C:\Windows\system32\drivers\lxrglxzm.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S1 pypnucxt; \??\C:\Windows\system32\drivers\pypnucxt.sys [X]
    S3 SHTKSOSSEQ; \??\C:\Windows\system32\drivers\SHTKSOSS.sys [X]
    S3 taphss6; system32\DRIVERS\taphss6.sys [X]
    S1 wlrlgwqd; \??\C:\Windows\system32\drivers\wlrlgwqd.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    S1 {06f9190d-9600-47b8-987f-b57740ac4370}Gw; system32\drivers\{06f9190d-9600-47b8-987f-b57740ac4370}Gw.sys [X]
    U3 axgdk216; Brak ImagePath
    2016-05-10 08:12 - 2016-05-10 20:59 - 00000000 ____D C:\Users\Neo\AppData\Local\svshost
    2016-05-10 06:52 - 2016-05-10 06:52 - 00000000 ____D C:\Users\Neo\AppData\Local\tkdata
    2016-05-09 20:30 - 2016-05-09 21:16 - 00000000 ____D C:\Users\Neo\AppData\Local\FileSystemDriver
    2016-05-06 10:17 - 2016-05-06 10:17 - 00000000 ____D C:\Program Files\Lorckphsary
    2016-05-03 21:55 - 2016-05-03 21:56 - 00000000 ____D C:\Users\Neo\AppData\Local\app
    2016-05-03 21:49 - 2016-05-04 02:04 - 00000000 ____D C:\Program Files\ContentPush
    2016-05-03 11:07 - 2016-05-03 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    2016-05-03 11:06 - 2016-05-10 06:35 - 00000001 _____ C:\Windows\system32\pl.html
    2016-05-02 10:22 - 2016-05-02 10:53 - 00000000 ____D C:\Users\Neo\Desktop\MOSS
    2016-05-02 10:22 - 2016-05-02 10:22 - 01924096 _____ C:\Users\Neo\Desktop\Moss.exe
    2016-04-27 18:23 - 2016-04-27 18:23 - 00000000 ____D C:\Program Files\Nimeckreelule
    2016-04-27 13:23 - 2016-05-10 21:03 - 00000000 ____D C:\AdwCleaner
    2016-04-27 11:53 - 2016-02-27 14:38 - 01269760 ___RH (master131) C:\Users\Neo\Downloads\Extreme Injector v3.6.1.exe
    2016-04-27 11:34 - 2016-05-08 11:38 - 00000000 ____D C:\Users\Neo\AppData\Local\Chromium
    2016-04-20 10:20 - 2016-04-20 10:20 - 00019984 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-04-20 10:20 - 2016-04-20 10:20 - 00000000 ____D C:\Program Files\Enigma Software Group
    2016-04-21 11:17 - 2015-04-19 14:20 - 00000626 _____ C:\Users\Neo\AppData\Roaming\PH2WgDpLUwi1Z2f8sXOwKTwXUw
    2016-04-21 11:17 - 2015-04-19 14:20 - 00000626 _____ C:\Users\Neo\AppData\Roaming\PEAiijK3oFJ
    2016-04-21 11:17 - 2015-04-19 14:20 - 00000626 _____ C:\Users\Neo\AppData\Roaming\p20H8TEsLLajs
    2016-04-21 11:17 - 2015-04-19 14:20 - 00000626 _____ C:\Users\Neo\AppData\Roaming\LTPK3mGwBtWFK5PvOAryESmySGP
    2016-04-21 11:17 - 2015-04-19 14:20 - 00000626 _____ C:\Users\Neo\AppData\Roaming\B224mn4
    2016-04-21 11:16 - 2015-04-19 14:20 - 00000626 _____ C:\Users\Neo\AppData\Roaming\wbwVe0e
    2016-04-21 11:16 - 2015-04-19 14:20 - 00000626 _____ C:\Users\Neo\AppData\Roaming\1ZrOsO5o56AYSIQ
    2016-04-21 11:15 - 2015-04-19 14:20 - 00000626 _____ C:\Users\Neo\AppData\Roaming\ChYZwjWxJnhcTTyOISobTRJnm
    2015-04-19 14:20 - 2016-04-21 11:16 - 0000626 _____ () C:\Users\Neo\AppData\Roaming\1ZrOsO5o56AYSIQ
    2016-02-27 16:26 - 2016-02-27 16:26 - 8003072 _____ () C:\Users\Neo\AppData\Roaming\agent.dat
    2015-02-16 13:52 - 2015-04-15 08:58 - 0000020 _____ () C:\Users\Neo\AppData\Roaming\appdataFr3.bin
    2015-04-19 14:20 - 2016-04-21 11:17 - 0000626 _____ () C:\Users\Neo\AppData\Roaming\B224mn4
    2015-04-19 14:20 - 2016-04-21 11:15 - 0000626 _____ () C:\Users\Neo\AppData\Roaming\ChYZwjWxJnhcTTyOISobTRJnm
    2016-02-27 16:26 - 2016-02-27 16:26 - 0064752 _____ () C:\Users\Neo\AppData\Roaming\Config.xml
    2015-06-19 13:34 - 2015-11-18 19:59 - 0063000 _____ () C:\Users\Neo\AppData\Roaming\FataL_temp_font.ttf
    2016-02-20 20:20 - 2016-02-20 20:20 - 1163776 _____ () C:\Users\Neo\AppData\Roaming\Global Loader ULTRA v5.9.7.exe
    2016-02-12 11:30 - 2016-05-03 21:49 - 0015840 _____ () C:\Users\Neo\AppData\Roaming\InstallationConfiguration.xml
    2016-02-12 11:30 - 2016-05-03 21:49 - 0127488 _____ () C:\Users\Neo\AppData\Roaming\Installer.dat
    2015-04-19 14:20 - 2015-05-30 15:28 - 0000626 _____ () C:\Users\Neo\AppData\Roaming\ka9l0u4lBfm6B7rG9PmatH0xW
    2016-02-27 16:26 - 2016-02-27 16:26 - 1894887 _____ () C:\Users\Neo\AppData\Roaming\Lexitip.tst
    2015-04-19 14:20 - 2016-04-21 11:17 - 0000626 _____ () C:\Users\Neo\AppData\Roaming\LTPK3mGwBtWFK5PvOAryESmySGP
    2016-02-27 16:26 - 2016-02-27 16:26 - 0018432 _____ () C:\Users\Neo\AppData\Roaming\Main.dat
    2016-02-27 16:26 - 2016-02-27 16:26 - 0005568 _____ () C:\Users\Neo\AppData\Roaming\md.xml
    2016-02-12 11:30 - 2016-02-12 11:30 - 0848437 _____ () C:\Users\Neo\AppData\Roaming\MedSonjob.bin
    2015-05-30 18:40 - 2015-06-19 16:28 - 0037120 _____ () C:\Users\Neo\AppData\Roaming\msconfig.ini
    2016-02-27 16:26 - 2016-02-27 16:26 - 0126464 _____ () C:\Users\Neo\AppData\Roaming\noah.dat
    2015-04-19 14:20 - 2016-04-21 11:17 - 0000626 _____ () C:\Users\Neo\AppData\Roaming\p20H8TEsLLajs
    2015-04-19 14:20 - 2016-04-21 11:17 - 0000626 _____ () C:\Users\Neo\AppData\Roaming\PEAiijK3oFJ
    2015-04-19 14:20 - 2016-04-21 11:17 - 0000626 _____ () C:\Users\Neo\AppData\Roaming\PH2WgDpLUwi1Z2f8sXOwKTwXUw
    2010-11-05 17:06 - 2015-12-15 17:06 - 0138576 _____ () C:\Users\Neo\AppData\Roaming\PnkBstrK.sys
    2015-07-26 12:26 - 2015-11-18 19:57 - 0004286 _____ () C:\Users\Neo\AppData\Roaming\SniperHelper_temp_cursor.cur
    2015-07-26 12:26 - 2015-11-18 19:57 - 0109404 _____ () C:\Users\Neo\AppData\Roaming\SniperHelper_temp_font.ttf
    2015-04-19 14:20 - 2016-04-21 11:16 - 0000626 _____ () C:\Users\Neo\AppData\Roaming\wbwVe0e
    C:\Users\Neo\Firefox Setup 3.5.6.exe
    C:\Users\Neo\AppData\Roaming\msconfig.ini
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #6 11 Maj 2016 07:59
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    CHR HomePage: Default -> hxxp://chatozov.ru/?utm_content=706daf58c4c29...B63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416
    CHR StartupUrls: Default -> "hxxp://chatozov.ru/?utm_content=706daf58c4c295e14015a61bf477685c&utm_source=startpm&utm_term=2AB63D22F49296AF75215BDFE5C6AAFE&utm_d=20160416"
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    U3 a0pixz41; Brak ImagePath
    2016-05-11 00:27 - 2016-02-19 21:30 - 00000000 ___HD C:\Windows\00acfea6cf4di3
    2016-05-11 00:27 - 2015-11-18 14:46 - 00000000 ____D C:\Users\Neo\AppData\LocalLow\Company

    Jezeli chatozov nie usunie sie za pomoca FRST to zmien recznie strone glowna w Chrome oraz wylacz przywracanie zestawu stron po starcie.

    Po wykonaniu usun katalog C:\FRST i to wszystko.
    Proszę o wykonanie skryptu OTL. Pełne skanowanie OTL i ADWcleaner'em zrobione.

    0