Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Sprawdzenie Logów FRST oraz foldery tmp

ArutlupeS 24 Maj 2017 01:44 615 12
  • Pomocny post
    #2 24 Maj 2017 06:20
    krzychupar
    Poziom 40  

    Odinstaluj:
    GoodGames Online (HKLM-x32\...\GoodGames Online) (Version: - True Digital Plus) <==== UWAGA

    Otwórz notatnik systemowy i wklej:

    Task: {076448C1-512D-47CE-9898-488BC09AB1AC} - System32\Tasks\Microsoft\Windows\DeviceSettings\Pribtion => msiexec.exe /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/oc...skXSDSSDA240G_164095442413&amp;d=20170524 /q <==== UWAGA
    Task: {1CF5049E-F59D-4253-B9B7-D634CCBC6148} - System32\Tasks\{033F747D-AD91-4F9A-8C1C-138B913F93A7} => pcalua.exe -a "C:\Users\Logic\Downloads\C++\vcredist_x64 (1).exe" -d C:\Users\Logic\Downloads\C++
    ShellIconOverlayIdentifiers: [JzShlobj] -> {9A0700D2-920A-4E52-8697-9B5230C92612} => -> Brak pliku
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\4rqexzww.default -> initialsite123
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\4rqexzww.default -> initialsite123
    FF Extension: (Brak nazwy) - C:\Users\Logic\AppData\Roaming\Mozilla\Firefox\Profiles\4rqexzww.default\extensions\amcontextmenu@loucypher [nie znaleziono]
    CHR DefaultProfile: funodomclbowardfeory
    CHR HomePage: funodomclbowardfeory -> hxxp://www.initialsite123.com/?z=ff6956fe934b...d=SanDiskXSDSSDA240G_164095442413&type=hp
    CHR StartupUrls: funodomclbowardfeory -> "hxxp://www.initialsite123.com/?z=ff6956fe934bdf40d3d9845gbz6tew3w4m5mag6o7e&from=icb&uid=SanDiskXSDSSDA240G_164095442413&type=hp"
    CHR DefaultSearchURL: funodomclbowardfeory -> hxxp://www.initialsite123.com/search/?q={searchTerms}&z=ff6956fe934bdf40d3d9845gbz6tew3w4m5mag6o7e&from=icb&uid=SanDiskXSDSSDA240G_164095442413&type=sp
    CHR DefaultSearchKeyword: funodomclbowardfeory -> 2initialsite123
    CHR Profile: C:\Users\Logic\AppData\Local\Google\Chrome\User Data\funodomclbowardfeory [2017-05-24] <==== UWAGA
    S2 Windows; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== UWAGA (ServiceDLL nie znaleziono)
    S1 JsZipProtect; \??\C:\Program Files (x86)\Maoha\JiSuZip\JsZipProtect64.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2017-05-24 01:12 - 2017-05-24 01:12 - 00000000 ____D C:\AdwCleaner
    2017-05-24 00:05 - 2017-05-24 00:05 - 00000000 ____D C:\MSIb9cfd.tmp
    2017-05-23 21:48 - 2017-05-23 21:48 - 00000000 ____D C:\Users\Administrator
    2017-05-23 21:33 - 2017-05-23 21:33 - 00000000 ____D C:\MSIcf64a.tmp
    2017-05-23 21:33 - 2017-05-23 21:33 - 00000000 ____D C:\MSIcf5c6.tmp
    2017-05-23 21:33 - 2017-05-23 21:33 - 00000000 ____D C:\MSIcf504.tmp




    2017-05-23 21:33 - 2017-05-23 21:33 - 00000000 ____D C:\MSIcf467.tmp
    2017-05-23 21:33 - 2017-05-23 21:33 - 00000000 ____D C:\MSIcf363.tmp
    2017-05-23 21:32 - 2017-05-23 21:32 - 00000000 ____D C:\MSIcf253.tmp
    2017-05-23 21:32 - 2017-05-23 21:32 - 00000000 ____D C:\MSIcf249.tmp
    2017-05-23 21:32 - 2017-05-23 21:32 - 00000000 ____D C:\MSIcf22d.tmp
    2017-05-23 21:32 - 2017-05-23 21:32 - 00000000 ____D C:\MSIcf1de.tmp
    2017-05-23 21:32 - 2017-05-23 21:32 - 00000000 ____D C:\MSIcf1af.tmp
    2017-05-23 21:31 - 2017-05-23 21:31 - 00000000 ____D C:\MSIcf0bb.tmp
    2017-05-23 21:31 - 2017-05-23 21:31 - 00000000 ____D C:\MSIcf0b3.tmp
    2017-05-23 21:31 - 2017-05-23 21:31 - 00000000 ____D C:\MSIcf09e.tmp
    2017-05-23 21:31 - 2017-05-23 21:31 - 00000000 ____D C:\MSIcf056.tmp
    2017-05-23 21:31 - 2017-05-23 21:31 - 00000000 ____D C:\MSIcf029.tmp
    2017-05-23 21:31 - 2017-05-23 21:31 - 00000000 ____D C:\MSI67001.tmp
    2017-05-23 21:30 - 2017-05-23 21:30 - 00000000 ____D C:\MSIcefd5.tmp
    2017-05-23 21:30 - 2017-05-23 21:30 - 00000000 ____D C:\MSIcefc2.tmp
    2017-05-23 21:30 - 2017-05-23 21:30 - 00000000 ____D C:\MSIcefba.tmp
    2017-05-23 21:30 - 2017-05-23 21:30 - 00000000 ____D C:\MSIcefa3.tmp
    2017-05-23 21:30 - 2017-05-23 21:30 - 00000000 ____D C:\MSIcef96.tmp
    2017-05-23 21:29 - 2017-05-23 21:29 - 00000000 ____D C:\MSIcef4b.tmp
    2017-05-23 21:29 - 2017-05-23 21:29 - 00000000 ____D C:\MSIcef39.tmp
    2017-05-23 21:29 - 2017-05-23 21:29 - 00000000 ____D C:\MSIced34.tmp
    2017-05-23 21:29 - 2017-05-23 21:29 - 00000000 ____D C:\MSI418be.tmp
    2017-05-23 21:28 - 2017-05-23 21:28 - 00000000 ____D C:\MSI33053.tmp
    2017-05-23 21:23 - 2017-05-23 21:23 - 00000000 ____D C:\MSIcebc6.tmp
    2017-05-23 21:23 - 2017-05-23 21:23 - 00000000 ____D C:\MSIceb70.tmp
    2017-05-23 21:23 - 2017-05-23 21:23 - 00000000 ____D C:\MSIceb4d.tmp
    2017-05-23 21:23 - 2017-05-23 21:23 - 00000000 ____D C:\MSIceb40.tmp
    2017-05-23 21:23 - 2017-05-23 21:23 - 00000000 ____D C:\MSIceb31.tmp
    2017-05-23 21:23 - 2017-05-23 21:23 - 00000000 ____D C:\MSIce5a6.tmp
    2017-05-23 21:23 - 2017-05-23 21:23 - 00000000 ____D C:\MSIce103.tmp
    2017-05-23 21:23 - 2017-05-23 21:23 - 00000000 ____D C:\MSIcd657.tmp
    2017-05-23 21:23 - 2017-05-23 21:23 - 00000000 ____D C:\MSIcd64c.tmp
    2017-05-23 21:23 - 2017-05-23 21:23 - 00000000 ____D C:\MSIcd641.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcd11e.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcd0dc.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcd0b7.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcc4aa.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcc49e.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcc492.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcb9ee.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcb9c5.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcb8e0.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcb8c9.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcb7c2.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcb781.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcafcf.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcafb6.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcaf9e.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcaf98.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcaf8f.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcaf4e.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcaf46.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcaf30.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcae77.tmp
    2017-05-23 21:22 - 2017-05-23 21:22 - 00000000 ____D C:\MSIcae71.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIcacb5.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca699.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca684.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca625.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca442.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca405.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca273.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca242.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca0f9.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca0ca.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca0b5.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca077.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca049.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIca00b.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIc9ad6.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIc9acc.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIc969b.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIc9687.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIc9680.tmp
    2017-05-23 21:21 - 2017-05-23 21:21 - 00000000 ____D C:\MSIc95b9.tmp
    2017-05-23 15:04 - 2017-05-23 15:04 - 00000000 ____D C:\MSI4c958.tmp
    2017-05-23 15:04 - 2017-05-23 15:04 - 00000000 ____D C:\MSI4c926.tmp
    2017-05-23 15:04 - 2017-05-23 15:04 - 00000000 ____D C:\MSI4c91e.tmp
    2017-05-23 15:04 - 2017-05-23 15:04 - 00000000 ____D C:\MSI4c907.tmp
    2017-05-23 15:04 - 2017-05-23 15:04 - 00000000 ____D C:\MSI4c8fb.tmp
    2017-05-23 15:04 - 2017-05-23 15:04 - 00000000 ____D C:\MSI4c8ea.tmp
    2017-05-23 15:04 - 2017-05-23 15:04 - 00000000 ____D C:\MSI4c8e2.tmp
    2017-05-23 15:04 - 2017-05-23 15:04 - 00000000 ____D C:\MSI4c8da.tmp
    2017-05-23 15:04 - 2017-05-23 15:04 - 00000000 ____D C:\MSI4c8d2.tmp
    2017-05-23 15:03 - 2017-05-23 15:03 - 00000000 ____D C:\MSI4c8c2.tmp
    2017-05-23 15:03 - 2017-05-23 15:03 - 00000000 ____D C:\MSI4c8ba.tmp
    2017-05-23 15:03 - 2017-05-23 15:03 - 00000000 ____D C:\MSI4c8af.tmp
    2017-05-23 15:03 - 2017-05-23 15:03 - 00000000 ____D C:\MSI4c8a7.tmp
    2017-05-23 15:02 - 2017-05-23 15:02 - 00000000 ____D C:\MSI4c89f.tmp
    2017-05-23 15:02 - 2017-05-23 15:02 - 00000000 ____D C:\MSI4c897.tmp
    2017-05-23 15:02 - 2017-05-23 15:02 - 00000000 ____D C:\MSI4c88f.tmp
    2017-05-23 15:02 - 2017-05-23 15:02 - 00000000 ____D C:\MSI4c743.tmp
    2017-05-23 15:02 - 2017-05-23 15:02 - 00000000 ____D C:\MSI4c6a8.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c696.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c684.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c678.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c66c.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c664.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c65c.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c654.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c64c.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c644.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c63c.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c634.tmp
    2017-05-23 15:01 - 2017-05-23 15:01 - 00000000 ____D C:\MSI4c62c.tmp
    2017-05-23 15:00 - 2017-05-23 15:00 - 00000000 ____D C:\MSI4c623.tmp
    2017-05-23 15:00 - 2017-05-23 15:00 - 00000000 ____D C:\MSI4c5f8.tmp
    2017-05-23 15:00 - 2017-05-23 15:00 - 00000000 ____D C:\MSI4c5e6.tmp
    2017-05-23 14:59 - 2017-05-23 14:59 - 00000000 ____D C:\MSI4c598.tmp
    2017-05-23 14:59 - 2017-05-23 14:59 - 00000000 ____D C:\MSI4c590.tmp
    2017-05-23 14:59 - 2017-05-23 14:59 - 00000000 ____D C:\MSI4c587.tmp
    2017-05-23 14:59 - 2017-05-23 14:59 - 00000000 ____D C:\MSI4c57e.tmp
    2017-05-23 14:59 - 2017-05-23 14:59 - 00000000 ____D C:\MSI4c576.tmp
    2017-05-23 14:59 - 2017-05-23 14:59 - 00000000 ____D C:\MSI4c56e.tmp
    2017-05-23 14:59 - 2017-05-23 14:59 - 00000000 ____D C:\MSI4c566.tmp
    2017-05-23 14:59 - 2017-05-23 14:59 - 00000000 ____D C:\MSI4c55e.tmp
    2017-05-23 14:58 - 2017-05-23 14:58 - 00000000 ____D C:\MSI4c556.tmp
    2017-05-23 14:58 - 2017-05-23 14:58 - 00000000 ____D C:\MSI4c54d.tmp
    2017-05-23 14:57 - 2017-05-23 14:57 - 00000000 ____D C:\MSI4c544.tmp
    2017-05-23 14:57 - 2017-05-23 14:57 - 00000000 ____D C:\MSI4c538.tmp
    2017-05-23 14:57 - 2017-05-23 14:57 - 00000000 ____D C:\MSI4c52d.tmp
    2017-05-23 14:57 - 2017-05-23 14:57 - 00000000 ____D C:\MSI4c51b.tmp
    2017-05-23 14:57 - 2017-05-23 14:57 - 00000000 ____D C:\MSI4c510.tmp
    2017-05-23 14:57 - 2017-05-23 14:57 - 00000000 ____D C:\MSI4c508.tmp
    2017-05-23 14:55 - 2017-05-23 14:55 - 00000000 ____D C:\MSI4c49b.tmp
    2017-05-23 14:55 - 2017-05-23 14:55 - 00000000 ____D C:\MSI4c493.tmp
    2017-05-23 14:55 - 2017-05-23 14:55 - 00000000 ____D C:\MSI4c487.tmp
    2017-05-23 14:55 - 2017-05-23 14:55 - 00000000 ____D C:\MSI4c47b.tmp
    2017-05-23 14:55 - 2017-05-23 14:55 - 00000000 ____D C:\MSI4c473.tmp
    2017-05-23 14:54 - 2017-05-23 14:54 - 00000000 ____D C:\MSI4c467.tmp
    2017-05-23 14:54 - 2017-05-23 14:54 - 00000000 ____D C:\MSI4c459.tmp
    2017-05-23 14:53 - 2017-05-23 14:53 - 00000000 ____D C:\MSI4c44d.tmp
    2017-05-23 14:53 - 2017-05-23 14:53 - 00000000 ____D C:\MSI4c445.tmp
    2017-05-23 14:53 - 2017-05-23 14:53 - 00000000 ____D C:\MSI4c43d.tmp
    2017-05-23 14:53 - 2017-05-23 14:53 - 00000000 ____D C:\MSI4c435.tmp
    2017-05-23 14:51 - 2017-05-23 14:51 - 00000000 ____D C:\MSI4c39d.tmp
    2017-05-23 14:51 - 2017-05-23 14:51 - 00000000 ____D C:\MSI4c38f.tmp
    2017-05-23 14:42 - 2017-05-23 14:42 - 00000000 ____D C:\MSI4c357.tmp
    2017-05-23 14:42 - 2017-05-23 14:42 - 00000000 ____D C:\MSI4c350.tmp
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 24 Maj 2017 07:45
    Kolobos
    Spec od komputerów

    @krzychupar wystarczy: C:\MSI*.tmp zamiast wszystkich.

    Do tego warto usunac ze skryptu linie: C:\Users\Administrator

    0
  • #5 24 Maj 2017 14:19
    Kolobos
    Spec od komputerów

    Zrob kopie zakladek z Chrome, skrypt usunie katalog profilu przegladarki utworzony przez infekcje.
    Usun tez dane synchronizacji Chrome z konta google:
    https://support.google.com/chrome/answer/6386691?hl=pl\

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {07B135B5-6B59-42AA-8B7D-CF214A6586AA} - System32\Tasks\{63CFC0F6-16D5-4F3B-BCE4-49736D4B248E} => H:\GRY\GameforgeLive\Games\POL_pol\S.K.I.L.L\DFUBG.exe
    Task: {14EBECEC-2717-43EF-9EE1-D94A8E13AF10} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-24] () <==== UWAGA
    Task: {A1D8F4BB-AE05-4918-BC9E-07453AD63CA1} - System32\Tasks\{B8ABC3DA-9034-4732-9D67-E776065040C8} => H:\GRY\GameforgeLive\Games\POL_pol\S.K.I.L.L\DFUBG.exe
    Task: {AA9AFE83-AF3E-40C7-9779-A769DC7E2AD9} - System32\Tasks\Anebosnadry Server => C:\Program Files (x86)\Atudkdrekepy\yaupdcache.exe [2017-05-24] ()
    () C:\Program Files (x86)\Atudkdrekepy\yaupdcache.exe
    HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
    HKU\S-1-5-21-1604192549-780709704-2603572814-1000\...\Run: [tyvnhbdv4dr] => C:\Users\Logic\AppData\Roaming\webxh0igmmq\xt32ziqswdk.exe [7680 2017-05-24] ()
    IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
    IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
    CHR DefaultProfile: funodomclbowardfeory
    CHR Profile: C:\Users\Logic\AppData\Local\Google\Chrome\User Data\funodomclbowardfeory [2017-05-24] <==== UWAGA
    C:\Users\Logic\AppData\Local\Google\Chrome\User Data\funodomclbowardfeory
    OPR Extension: (Fast search) - C:\Users\Logic\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-05-24]
    R2 snare; C:\Users\Logic\AppData\Local\snare\Snare.dll [1050112 2017-05-24] (IntertSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    R2 WinSAPSvc; C:\Users\Logic\AppData\Roaming\WinSAPSvc\WinSAP.dll [1887232 2017-05-24] (TODO: <公司名>) [Brak podpisu cyfrowego] <==== UWAGA
    R1 cryptfd; C:\Windows\System32\drivers\cryptfd.sys [193448 2017-04-18] ()
    R1 WiserIso; System32\Drivers\vcdrom.sys [X]
    S2 BIT; C:\ProgramData\BIT\BIT.dll [X] <==== UWAGA
    2017-05-24 12:57 - 2017-05-24 12:57 - 00003576 _____ C:\Windows\System32\Tasks\Milimili
    2017-05-24 12:57 - 2017-05-24 12:57 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-05-24 12:57 - 2017-05-24 12:57 - 00000000 ____D C:\MSI*.tmp
    2017-05-24 12:55 - 2017-05-24 12:57 - 00000000 ____D C:\Program Files\MK
    2017-05-24 12:55 - 2017-05-24 12:55 - 00000000 ____D C:\Program Files (x86)\gt103rdh
    2017-05-24 01:50 - 2017-05-24 01:50 - 00000000 ____D C:\Program Files\O7HH4E0MAL
    2017-05-24 01:50 - 2017-05-24 01:50 - 00000000 ____D C:\Program Files\NHZ1BBSSVV
    2017-05-24 01:50 - 2017-05-24 01:50 - 00000000 ____D C:\Program Files (x86)\lkpnadphw1n
    2017-05-24 01:50 - 2017-05-24 01:50 - 00000000 ____D C:\$AV_ASW
    2017-05-24 00:59 - 2017-05-24 00:59 - 00000000 ____D C:\Program Files (x86)\IObit
    2017-05-24 00:46 - 2017-05-24 00:46 - 00000961 _____ C:\Program Files (x86)\Pliki programów (x86) — skrót.lnk
    2017-05-24 00:05 - 2017-05-24 12:55 - 00000000 ____D C:\Program Files (x86)\Atudkdrekepy
    2017-05-24 00:05 - 2017-05-24 00:05 - 00006032 _____ C:\Windows\System32\Tasks\Anebosnadry Server
    2017-05-24 00:05 - 2017-05-24 00:05 - 00000000 ____D C:\Windows\Azart
    2017-05-24 00:05 - 2017-05-24 00:05 - 00000000 ____D C:\Program Files (x86)\Anebosnadry Server
    2017-05-24 00:05 - 2016-12-27 04:34 - 00025432 _____ C:\Windows\system32\Drivers\vcdrom.sys
    2017-05-20 15:41 - 2017-05-17 20:58 - 00000194 _____ C:\Windows\SysWOW64\Jamu.bat
    2017-05-20 02:54 - 2017-05-20 02:58 - 00000000 ____D C:\Program Files (x86)\IZArc
    2017-05-20 02:35 - 2017-05-20 02:35 - 00000000 ____D C:\Spacekace
    2018-05-27 00:00 - 2017-04-02 02:23 - 00083968 _____ C:\Windows\SysWOW64\mrsnapznet.dll
    2017-05-24 00:46 - 2017-05-24 00:46 - 0000961 _____ () C:\Program Files (x86)\Pliki programów (x86) — skrót.lnk
    2017-01-23 21:27 - 2017-02-11 02:08 - 0063000 _____ () C:\Users\Logic\AppData\Roaming\FataL_temp_font.ttf
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #7 24 Maj 2017 15:54
    Kolobos
    Spec od komputerów

    W ogole nie wykonales podanego Fixlist, wysil sie bardziej i zamiesc logi dopiero PO wykonaniu tego co podalem.

    Zamiesc tez Fixlog.txt, ktory sie utworzy po wykonaniu.

    0
  • #8 24 Maj 2017 16:14
    Waldemar z Kaszub
    Poziom 28  

    @ArutlupeS Jeżeli nie wiesz jak to zrobić to otwórz notatnik, na pulpicie bo tam zapewne masz FRST. Do notatnika wklej wiersze wyszczególnione przez Kolobosa i zapisz notatnik z nazwą :
    fixlist.txt Następnie w FRST kliknij zakładkę "napraw". Utworzy się nowy plik.

    0
  • #10 24 Maj 2017 16:44
    Kolobos
    Spec od komputerów

    Z tego co widze, to te katalogi tmp na c:\ nadal sie tworza.

    Odinstaluj Avast.

    Wykonaj kolejny Fixlist.txt dla FRST:
    CloseProcesses:
    HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp
    2017-05-24 15:38 - 2017-05-24 15:38 - 00000000 ____D C:\MSI*.tmp
    2017-05-24 14:03 - 2017-05-24 14:03 - 00000000 ____D C:\AdwCleaner
    2017-05-24 12:57 - 2017-05-24 12:57 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-05-24 12:55 - 2017-05-24 12:57 - 00000000 ____D C:\Program Files\MK
    2017-05-24 12:55 - 2017-05-24 12:55 - 00000000 ____D C:\Program Files (x86)\gt103rdh
    2017-05-24 01:50 - 2017-05-24 01:50 - 00000000 ____D C:\Program Files\O7HH4E0MAL
    2017-05-24 01:50 - 2017-05-24 01:50 - 00000000 ____D C:\Program Files\NHZ1BBSSVV
    2017-05-24 01:50 - 2017-05-24 01:50 - 00000000 ____D C:\Program Files (x86)\lkpnadphw1n
    2017-05-24 00:59 - 2017-05-24 00:59 - 00000000 ____D C:\Program Files (x86)\IObit
    2017-05-24 00:46 - 2017-05-24 00:46 - 00000961 _____ C:\Program Files (x86)\Pliki programów (x86) — skrót.lnk
    2017-05-24 00:05 - 2017-05-24 12:55 - 00000000 ____D C:\Program Files (x86)\Atudkdrekepy
    2017-05-24 00:05 - 2017-05-24 00:05 - 00006032 _____ C:\Windows\System32\Tasks\Anebosnadry Server
    2017-05-24 00:05 - 2017-05-24 00:05 - 00000000 ____D C:\Windows\Azart
    2017-05-24 00:05 - 2017-05-24 00:05 - 00000000 ____D C:\Program Files (x86)\Anebosnadry Server
    2017-05-20 02:54 - 2017-05-20 02:58 - 00000000 ____D C:\Program Files (x86)\IZArc
    2017-05-20 02:35 - 2017-05-20 02:35 - 00000000 ____D C:\Spacekace



    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wszystkim zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #12 24 Maj 2017 17:25
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #13 24 Maj 2017 17:32
    ArutlupeS
    Poziom 4  

    Wielkie Dzięki :)

    0