Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus na komputerze - programy same się pobierają, antywirus sam się OFF

DewMaster 12 Maj 2017 20:04 1410 5
  • #1 12 Maj 2017 20:04
    DewMaster
    Poziom 2  

    Witam,
    Zauważyłem że z moim komputerem zaczynają dziać się jakieś dziwne rzeczy.
    Np:Strona Chroma zmieniła się na LuckySearch.com , antywirus sam się wyłączał , zaczeły pobierać się programy : Big Bang Empire , Big Farm i Mozilla Firefox.Pomimo mojego usunięcia programów i zresetowania przeglądarek problem ciągle się powtarza.Skanowałem mój komputer WindowsDefender ale on niczego nie wykrył (pełne skanowanie).Jestem nowy na forum i jeżeli narzuszyłem jakąś zasadę to przepraszam ale piszę to na szybko bo chciałbym już normalnie korzystać z komputera.Proszę o pomoc :)

    System : Win10

    1 5
  • CControls
  • #2 12 Maj 2017 21:23
    Kolobos
    Spec od komputerów

    Zgraj zakladki z FF i odinstaluj Firefox.
    W Chrome zmien profil na drugi, a ten utworzony przez infekcje usun.

    Odinstaluj WorldofTanks

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    2017-05-11 21:01 - 2017-05-11 21:01 - 00001910 _____ C:\Users\User\Desktop\big_bang_empire.lnk
    2017-05-11 21:01 - 2017-05-11 21:01 - 00001884 _____ C:\Users\User\Desktop\BigFarm.lnk
    HKU\S-1-5-21-2055952257-4250577601-441890819-1001\...\ChromeHTML: -> C:\Program Files (x86)\Dayglad\Application\chrome.exe (Google Inc.) <==== UWAGA
    Task: {02041394-40B9-4D8B-8A2F-CE55CE897966} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-11] () <==== UWAGA
    Task: {4683591C-4AAE-4386-8C60-3C75FF773C19} - System32\Tasks\Samsung Update => msiexec.exe /i hxxp://D2Buh1bF1G584W.CLouDfRoNT.net/mmtsk/oc...UNGXHD502HJ_S20BJ9FB300266&amp;d=20170428 /q <==== UWAGA
    Task: {6D338D1F-773C-4CBB-B99E-C5E6B39D9716} - System32\Tasks\{A8EE2A14-3DC1-4683-B7EB-7A86D0DCF53D} => pcalua.exe -a "C:\Program Files (x86)\ivo\Ivona_Rehab-1.0\rejestracja_ivony_rehab.exe" -d "C:\Program Files (x86)\ivo\Ivona_Rehab-1.0" -c C:\Program Files (x86)\ivo\Ivona_Rehab-1.0\ivona.id
    Task: {8FF2E168-6BCB-426D-8387-C0CCCF03088A} - System32\Tasks\Windows-PG => powershell.exe C:\windows\psgo\psgo.ps1
    Task: {B7BD1BAB-F6E6-45F3-8353-467D923BC158} - System32\Tasks\Ajuent => msiexec.exe /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/oc...UNGXHD502HJ_S20BJ9FB300266&amp;d=20170427 /q <==== UWAGA
    Task: {CA0B9461-9048-457F-AAB1-CCABCB294A77} - System32\Tasks\Gogekqahsy Log => C:\Program Files (x86)\Rerjutain\vihght.exe [2017-04-27] (Google Inc.)
    Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Dayglad\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Dayglad\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Dayglad\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\167c78b32431516\Google Chrome.lnk -> C:\Program Files (x86)\Dayglad\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Dayglad\Application\chrome.exe (Google Inc.)




    Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Dayglad\Application\chrome.exe (Google Inc.)
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WorldofTanks\WorldofTanks.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.ourluckysites.com/?type=sc&ts=...he0812&uid=SAMSUNGXHD502HJ_S20BJ9FB300266
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...he0812&uid=SAMSUNGXHD502HJ_S20BJ9FB300266
    2017-04-27 22:51 - 2017-04-27 22:51 - 00316928 _____ () C:\Program Files (x86)\Gogekqahsy Log\local64spl.dll
    2016-08-10 17:03 - 2017-01-31 22:47 - 00304456 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    2017-05-03 23:37 - 2017-05-03 06:29 - 00107672 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
    2016-08-21 16:21 - 2017-01-31 22:47 - 00619848 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    2017-05-09 14:58 - 2017-05-09 16:40 - 00323584 _____ () C:\Users\User\AppData\Local\background_fault\bf.dll
    2017-05-09 14:58 - 2017-04-11 08:36 - 67718656 _____ () C:\Users\User\AppData\Local\background_fault\libcef.dll
    2017-05-09 14:58 - 2017-04-11 08:36 - 01922560 _____ () C:\Users\User\AppData\Local\background_fault\libglesv2.dll
    2017-05-09 14:58 - 2017-04-11 08:36 - 00079872 _____ () C:\Users\User\AppData\Local\background_fault\libegl.dll
    2017-05-03 23:39 - 2017-04-19 06:04 - 02864984 _____ () C:\Program Files (x86)\Dayglad\Application\libglesv2.dll
    2017-05-03 23:39 - 2017-04-19 06:04 - 00087384 _____ () C:\Program Files (x86)\Dayglad\Application\libegl.dll
    Hosts:
    () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (© 2015 Microsoft Corporation) C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (AVAST Software) C:\Users\User\AppData\Local\background_fault\aswRD.exe
    (Tencent) C:\Users\User\AppData\Local\background_fault\QQIme.exe
    HKU\S-1-5-21-2055952257-4250577601-441890819-1001\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-03-22] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-2055952257-4250577601-441890819-1001\...\Run: [ALLUpdate] => "E:\ALLPlayer\ALLUpdate.exe" "sleep"
    HKU\S-1-5-21-2055952257-4250577601-441890819-1001\...\Run: [ALLPlayer WiFi Remote] => C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe
    HKU\S-1-5-21-2055952257-4250577601-441890819-1001\...\Run: [background_fault] => C:\Users\User\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-09] (AVAST Software) <===== UWAGA
    HKU\S-1-5-21-2055952257-4250577601-441890819-1001\...\MountPoints2: {8573da07-edfb-11e5-bd02-806e6f6e6963} - "D:\start.exe"
    HKU\S-1-5-21-2055952257-4250577601-441890819-1001\...\Winlogon: [Shell] C:\WINDOWS\EXPLORER.EXE [4674360 2017-04-28] (Microsoft Corporation) <==== UWAGA
    HKLM\...\Providers\yt1boj04: C:\Program Files (x86)\Gogekqahsy Log\local64spl.dll [316928 2017-04-27] ()
    AppInit_DLLs: C:\ProgramData\Quotenamron\Goodzap.dll => Brak pliku
    IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
    IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
    ShellExecuteHooks: Brak nazwy - {ED9C1486-2680-11E7-B703-64006A5CFC23} - C:\Users\User\AppData\Roaming\Galeiedchecther\Vectyprevaent.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX64.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\User\AppData\Local\MEGAsync\ShellExtX32.dll -> Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...he0812&uid=SAMSUNGXHD502HJ_S20BJ9FB300266
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...he0812&uid=SAMSUNGXHD502HJ_S20BJ9FB300266
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ9FB300266&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ9FB300266&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...he0812&uid=SAMSUNGXHD502HJ_S20BJ9FB300266
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...he0812&uid=SAMSUNGXHD502HJ_S20BJ9FB300266
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ9FB300266&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ9FB300266&q={searchTerms}
    HKU\S-1-5-21-2055952257-4250577601-441890819-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-2055952257-4250577601-441890819-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...he0812&uid=SAMSUNGXHD502HJ_S20BJ9FB300266
    HKU\S-1-5-21-2055952257-4250577601-441890819-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...he0812&uid=SAMSUNGXHD502HJ_S20BJ9FB300266
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ9FB300266&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ9FB300266&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ9FB300266&q={searchTerms}
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ9FB300266&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2055952257-4250577601-441890819-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ9FB300266&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2055952257-4250577601-441890819-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ9FB300266&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2055952257-4250577601-441890819-1001 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
    Edge HomeButtonPage: HKU\S-1-5-21-2055952257-4250577601-441890819-1001 -> hxxp://www.ourluckysites.com/?type=hp&ts=...he0812&uid=SAMSUNGXHD502HJ_S20BJ9FB300266
    FF DefaultProfile: sh1v03py.default
    FF ProfilePath: C:\Users\User\AppData\Roaming\Firefox\Firefox\Profiles\sh1v03py.default [2017-05-12]
    FF Extension: (SimilarWeb) - C:\Users\User\AppData\Roaming\Firefox\Firefox\Profiles\sh1v03py.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-05-12] [Brak podpisu cyfrowego]
    FF Extension: (HSearch) - C:\Users\User\AppData\Roaming\Firefox\Firefox\Profiles\sh1v03py.default\Extensions\@E97YHOMI-FU8L-IM23-VUT9-RVDZT7M8XL8H.xpi [2017-05-03] [Brak podpisu cyfrowego]
    FF Extension: (FF Adr) - C:\Users\User\AppData\Roaming\Firefox\Firefox\Profiles\sh1v03py.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-05-03] [Brak podpisu cyfrowego]
    FF Extension: (Polski Language Pack) - C:\Users\User\AppData\Roaming\Firefox\Firefox\Profiles\sh1v03py.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-05-03] [Brak podpisu cyfrowego]
    CHR DefaultProfile: ChromeDefaultData
    CHR HomePage: ChromeDefaultData -> msn.com
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.luckysearch123.com?type=hp&ts=1494084920&from=d6440504&uid=samsungxhd502hj_s20bj9fb300266&z=b138fe27347949195ee1e7agaz3t3zfe6b2zetdocc"
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-11] <==== UWAGA
    CHR Extension: (SafeFinder Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jidkebcigjgheaahopdnlfaohgnocfai [2017-04-27]
    CHR Extension: (SafeFinder Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidkebcigjgheaahopdnlfaohgnocfai [2017-03-20]
    CHR HKU\S-1-5-21-2055952257-4250577601-441890819-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    HKU\S-1-5-21-2055952257-4250577601-441890819-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Dayglad\Application\chrome.exe (Google Inc.) <==== UWAGA
    R2 BIT; C:\ProgramData\BIT\BIT.dll [1858048 2017-05-11] (BIT.dll) [Brak podpisu cyfrowego]
    S2 DHCPArbSvc; C:\Program Files\Common Files\System\svc\dllhost.exe [13608 2014-10-04] ()
    R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [107672 2017-05-03] () <==== UWAGA
    R2 IISvr; C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\te\msdeploy.resources.dll [105984 2017-05-03] () [Brak podpisu cyfrowego]
    R2 Kitty; C:\Users\User\AppData\Local\Kitty\Kitty.dll [123904 2017-05-03] (word) [Brak podpisu cyfrowego] <==== UWAGA
    S2 NPASRE; C:\Users\User\AppData\Local\NPASRE\Snare.dll [830464 2017-05-10] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [304456 2017-01-31] ()
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-21] (Microsoft Corporation)
    R2 SNARE; C:\Users\User\AppData\Local\SNARE\Snare.dll [826368 2017-05-02] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    R2 SNAREA; C:\Users\User\AppData\Local\SNAREA\Snare.dll [826368 2017-05-03] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    S2 VNASRE; C:\Users\User\AppData\Local\VNASRE\Snare.dll [826880 2017-05-10] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego]
    R2 WinSAPSvc; C:\Users\User\AppData\Roaming\WinSAPSvc\WinSAP.dll [585216 2017-05-11] (serviec) [Brak podpisu cyfrowego] <==== UWAGA
    S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X] <==== UWAGA
    S1 xgbbvsqw; \??\C:\WINDOWS\system32\drivers\xgbbvsqw.sys [X]
    2017-05-11 21:01 - 2017-05-11 21:01 - 00000000 _____ C:\WINDOWS\SysWOW64\44
    2017-05-11 21:01 - 2017-05-11 21:01 - 00000000 _____ C:\WINDOWS\SysWOW64\3333333
    2017-05-11 21:01 - 2017-05-11 21:01 - 00000000 _____ C:\WINDOWS\SysWOW64\00
    2017-05-11 21:00 - 2017-05-11 21:00 - 00000000 ____D C:\Users\User\AppData\Local\NPASRE
    2017-05-09 16:53 - 2017-05-11 21:00 - 00000000 _____ C:\WINDOWS\SysWOW64\1111
    2017-05-09 14:59 - 2017-05-09 14:59 - 00000000 ____D C:\Reaqapytegupy
    2017-05-09 14:58 - 2017-05-11 07:36 - 00000000 ____D C:\Users\User\AppData\Local\background_fault
    2017-05-09 14:58 - 2017-05-10 20:09 - 00000000 ____D C:\Users\User\AppData\Local\VNASRE
    2017-05-09 14:58 - 2017-05-09 14:58 - 00000000 ____D C:\ProgramData\BIT
    2017-05-03 23:39 - 2017-05-03 23:39 - 00000000 ____D C:\Users\User\AppData\Local\Dayglad
    2017-05-03 23:39 - 2017-05-03 23:39 - 00000000 ____D C:\Users\Public\Documents\Google
    2017-05-03 23:39 - 2017-05-03 23:39 - 00000000 ____D C:\Program Files (x86)\IIS
    2017-05-03 23:38 - 2017-05-12 01:14 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
    2017-05-03 23:38 - 2017-05-11 21:01 - 00002029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-05-03 23:38 - 2017-05-03 23:38 - 00000000 ____D C:\Users\User\AppData\Roaming\Firefox
    2017-05-03 23:38 - 2017-05-03 23:38 - 00000000 ____D C:\Users\User\AppData\Local\Firefox
    2017-05-03 23:37 - 2017-05-11 21:01 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111
    2017-05-03 23:37 - 2017-05-11 21:01 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-05-03 23:37 - 2017-05-03 23:37 - 00000000 ____D C:\WINDOWS\system32\log
    2017-05-03 23:37 - 2017-05-03 23:37 - 00000000 ____D C:\Program Files (x86)\Firefox
    2017-05-03 23:37 - 2017-05-03 23:37 - 00000000 ____D C:\Program Files (x86)\Dayglad
    2017-05-03 23:37 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeKrnlBoot.sys
    2017-05-03 23:37 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\WINDOWS\system32\Drivers\iSafeNetFilter.sys
    2017-05-03 23:36 - 2017-05-12 01:03 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-05-03 23:36 - 2017-05-11 21:01 - 00000000 _____ C:\WINDOWS\SysWOW64\11
    2017-05-03 23:36 - 2017-05-03 23:36 - 00000000 _____ C:\WINDOWS\SysWOW64\22
    2017-05-03 07:57 - 2017-05-03 23:36 - 00000000 ____D C:\Users\User\AppData\Local\SNAREA
    2017-05-03 07:56 - 2017-05-03 07:56 - 00000000 ____D C:\Insist
    2017-05-02 08:52 - 2017-05-11 20:59 - 00000000 _____ C:\WINDOWS\SysWOW64\1
    2017-05-02 08:51 - 2017-05-10 20:05 - 00000000 ____D C:\Program Files (x86)\2pb6ksd5
    2017-04-30 21:49 - 2017-04-30 21:49 - 00000000 ____D C:\Users\User\AppData\Roaming\.technic
    2017-04-28 10:55 - 2017-05-03 23:36 - 00003590 _____ C:\WINDOWS\System32\Tasks\Windows-PG
    2017-04-28 10:55 - 2017-04-28 10:55 - 00004050 _____ C:\WINDOWS\System32\Tasks\Samsung Update
    2017-04-28 10:55 - 2017-04-28 10:55 - 00000000 ____D C:\WINDOWS\psgo
    2017-04-28 10:55 - 2017-04-28 10:55 - 00000000 ____D C:\Users\User\AppData\Local\Kitty
    2017-04-28 10:54 - 2017-05-11 21:00 - 00003656 _____ C:\WINDOWS\System32\Tasks\Milimili
    2017-04-28 10:54 - 2017-05-11 21:00 - 00000000 ____D C:\Users\User\AppData\Roaming\WinSAPSvc
    2017-04-28 10:54 - 2017-05-02 08:54 - 00000000 ____D C:\Users\User\AppData\Local\SNARE
    2017-04-28 10:54 - 2017-04-28 10:54 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-04-28 10:52 - 2017-05-11 20:58 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
    2017-04-27 22:54 - 2017-04-27 22:54 - 00003358 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
    2017-04-27 22:54 - 2017-04-27 22:54 - 00000000 ____D C:\Users\User\AppData\Roaming\System Healer
    2017-04-27 22:54 - 2017-04-27 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
    2017-04-27 22:54 - 2017-04-27 22:54 - 00000000 ____D C:\Program Files (x86)\SystemHealer
    2017-04-27 22:53 - 2017-04-27 22:53 - 00021600 _____ C:\WINDOWS\System32\Tasks\Mlwpb2LPAiOf
    2017-04-27 22:53 - 2017-04-27 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop
    2017-04-27 22:53 - 2017-04-27 22:53 - 00000000 ____D C:\Program Files (x86)\YeaDesktop
    2017-04-27 22:53 - 2017-04-27 22:53 - 00000000 ____D C:\Program Files (x86)\Mlwpb2LPAiOf Updater
    2017-04-27 22:53 - 2017-04-27 22:53 - 00000000 ____D C:\Program Files (x86)\Mlwpb2LPAiOf
    2017-04-27 22:52 - 2017-04-27 22:52 - 00000000 ____D C:\Users\User\AppData\Roaming\Microleaves
    2017-04-27 22:52 - 2017-04-27 22:52 - 00000000 ____D C:\Users\User\AppData\Local\AdvinstAnalytics
    2017-04-27 22:51 - 2017-05-11 20:58 - 00000000 ____D C:\Program Files (x86)\Rerjutain
    2017-04-27 22:51 - 2017-04-28 23:38 - 00000000 ____D C:\Users\User\AppData\Roaming\Galeiedchecther
    2017-04-27 22:51 - 2017-04-27 22:52 - 00000000 ____D C:\Users\User\AppData\Local\Sociryshwose
    2017-04-27 22:51 - 2017-04-27 22:51 - 00006102 _____ C:\WINDOWS\System32\Tasks\Gogekqahsy Log
    2017-04-27 22:51 - 2017-04-27 22:51 - 00006052 _____ C:\WINDOWS\System32\Tasks\Ajuent
    2017-04-27 22:51 - 2017-04-27 22:51 - 00000000 ____D C:\Program Files (x86)\Gogekqahsy Log
    2016-03-22 21:56 - 2016-03-22 21:56 - 6493696 _____ () C:\Users\User\AppData\Roaming\agent.dat
    2016-03-22 21:56 - 2016-03-22 21:56 - 0065232 _____ () C:\Users\User\AppData\Roaming\Config.xml
    2016-03-22 21:56 - 2016-03-22 21:56 - 0083749 _____ () C:\Users\User\AppData\Roaming\inst.lat
    2016-03-22 21:56 - 2016-03-22 21:56 - 0014208 _____ () C:\Users\User\AppData\Roaming\InstallationConfiguration.xml
    2016-03-22 21:56 - 2016-03-22 21:56 - 0127488 _____ () C:\Users\User\AppData\Roaming\Installer.dat
    2016-03-22 21:56 - 2016-03-22 21:56 - 0018432 _____ () C:\Users\User\AppData\Roaming\Main.dat
    2016-03-22 21:56 - 2016-03-22 21:56 - 0005568 _____ () C:\Users\User\AppData\Roaming\md.xml
    2016-03-22 21:56 - 2016-03-22 21:56 - 0126464 _____ () C:\Users\User\AppData\Roaming\noah.dat
    2016-03-22 21:56 - 2016-03-22 21:56 - 1622056 _____ () C:\Users\User\AppData\Roaming\Sontrax.tst
    2016-03-22 21:56 - 2016-03-22 21:56 - 0402905 _____ () C:\Users\User\AppData\Roaming\StimCof.bin
    2016-03-22 21:56 - 2016-03-22 21:56 - 0032038 _____ () C:\Users\User\AppData\Roaming\uninstall_temp.ico
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi z FRST ze skanowania.

    0
  • CControls
  • #4 12 Maj 2017 22:11
    Kolobos
    Spec od komputerów

    > Jakbyś mógł mi tylko powiedzieć co byłą przyczyną to byłoby super.

    To co zwykle, bezmyslne sciaganie pirackich zainfekowanych gier lub programow.

    W Chrome masz nadal zainfekowany profil:
    CHR DefaultProfile: ChromeDefaultData
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-12] <==== UWAGA

    Miales zmienic w ustawieniach Chrome, a ten usunac, dlaczego tego nie zrobiles?



    Nowy Fixlist.txt dla FRST:
    2017-05-12 21:05 - 2017-05-12 21:05 - 00000000 ____D C:\Program Files (x86)\Default Company Name
    2017-05-12 21:05 - 2017-05-12 21:05 - 00000000 _____ C:\WINDOWS\SysWOW64\3333
    2017-05-12 21:05 - 2017-05-12 21:05 - 00000000 _____ C:\WINDOWS\SysWOW64\2222
    2017-05-11 20:58 - 2017-05-11 20:58 - 00000000 ____D C:\Reerdition
    2017-04-29 08:11 - 2017-05-11 01:38 - 00000000 __SHD C:\Users\User\AppData\Roaming\ViaFolder
    2017-04-29 08:11 - 2017-04-29 08:12 - 00000000 ____D C:\Users\User\AppData\Roaming\remcos
    CHR DefaultProfile: ChromeDefaultData
    CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-12] <==== UWAGA
    C:\Users\User\AppData\Local\Google\Chrome\User Data\ChromeDefaultData

    Usun tez dane synchronizacji Chrome z konta google:
    https://support.google.com/chrome/answer/6386691?hl=pl

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #6 12 Maj 2017 22:35
    Kolobos
    Spec od komputerów

    > Po wykonaniu usun katalog C:\FRST i to wszystko.

    0