Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Prośba o napisanie fixlist

Miszaw01 28 Maj 2017 16:48 498 5
  • #1 28 Maj 2017 16:48
    Miszaw01
    Poziom 2  

    samoczynnie instaluje mi się zawirusowany chrome oraz firefox. Często zmienia mi się też wyszukiwarka w omniboksie i wyskakują dziwne reklamy. Pilnie potrzebuję pomocy gdyż sam nie potrafię pisać fixlist-u :cry: FRST.txt Download (75.48 kB) Additi..txt Download (61.99 kB)

    0 5
  • CControls
  • Pomocny post
    #2 28 Maj 2017 17:07
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Adobe Reader 7.0.8, zmien na najnowsza wersje AR.
    AlphaGo
    amulesw
    Google Toolbar for Internet Explorer
    groover
    Trend Micro Internet Security
    trotux - Uninstall
    Update_msi
    WinSnare
    YAC(Yet Another Cleaner!)

    Zrob kopei zakladek z Chrome i Firefox, profile zostana usuniete.

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {0CCB55F1-F2D6-412D-AAB9-0F4C4872F139} - System32\Tasks\{0B50D6A8-C080-4F84-BCA5-99A0729243C7} => Chrome.exe
    Task: {13AEE94F-D7C6-44F6-BC5C-55D92D392AC9} - \JambenUpdateTaskMachineUA -> Brak pliku <==== UWAGA
    Task: {1FA153A0-8242-4BAE-8049-AA18AC6F3003} - System32\Tasks\{F96E3790-5064-4858-B0CF-27FE7B3C439B} => Chrome.exe
    Task: {29EDBD6A-9CC9-4049-A07B-5FD848671AD8} - System32\Tasks\{E0C80E75-27AD-4DCC-92AC-ED99A8F9BC53} => C:\Program Files (x86)\Middle Earth Shadow of Mordor\x64\ShadowOfMordor.exe
    Task: {2A9BBAD8-555F-4AC1-A171-E6038C8F9EEA} - System32\Tasks\{DCC6253C-A75A-4BAD-83AD-1B371108A4F5} => C:\Program Files (x86)\South Park The Stick of Truth\South Park - The Stick of Truth.exe
    Task: {3582828E-07BC-4539-9515-1B2B75DAECAC} - System32\Tasks\Araochstjuther Host => C:\Program Files (x86)\Gazshrasity\rgk.exe
    Task: {4022284E-10C2-4E65-9178-902D739F3F69} - System32\Tasks\{1DA09046-9735-47E2-9082-19C285434CF0} => C:\Program Files (x86)\Super Meat Boy\SuperMeatBoy.exe
    Task: {41024BF9-095D-4A15-AF29-4357C43649CB} - System32\Tasks\{91357859-C3B2-40A6-8FA2-2564D639855B} => C:\GOG Games\Enter the Gungeon\EtG.exe [2016-04-05] ()
    Task: {514AA587-497D-47E5-B743-866EADF705C2} - System32\Tasks\{C556497C-C6C2-4B55-9E79-9FCCB68E6FD9} => C:\Program Files (x86)\Middle Earth Shadow of Mordor\x64\ShadowOfMordor.exe
    Task: {72F618CA-07E2-419D-87E1-E4A3EA08B15F} - System32\Tasks\{8D239AE0-35A7-4552-9BE1-33AB2F905D90} => C:\Program Files (x86)\Team Meat\SuperMeatBoy\SuperMeatBoy.exe
    Task: {8C6ED753-F7A5-4E03-B670-AA360DDB79B1} - System32\Tasks\JambenUpdateTaskMachineCore => C:\Program Files (x86)\Jamben\Update\JambenUpdate.exe <==== UWAGA
    Task: {93B6ACEB-C244-465E-BC24-B80FFD93D35D} - System32\Tasks\{E0619D18-A070-4988-A091-7626CEBFEDCF} => Chrome.exe
    Task: {9B0AEFCF-8AC4-4E26-B167-540C931B4E49} - System32\Tasks\{AA7A3A25-AFD0-4597-878D-2FA380EF8E93} => pcalua.exe -a "C:\Users\Misza\Downloads\Super.Meat.Boy (www.TorrentSpain.com)\Super_Meat_Boy.exe" -d "C:\Users\Misza\Downloads\Super.Meat.Boy (www.TorrentSpain.com)"
    Task: {A56EEC1C-DE73-4448-9A59-D9C476A9EFBC} - System32\Tasks\Windows-PG => powershell.exe C:\windows\psgo\psgo.ps1
    Task: {BA847FD5-FC51-4B5E-BC08-7C1CB8B916A8} - System32\Tasks\{761A5443-8F19-4952-9D70-AA1B5447FFC2} => C:\GOG Games\Worms W.M.D\Worms W.M.D.exe
    TasTask: {C559FEF1-1948-4320-AE24-463BF3ED1FA4} - System32\Tasks\{3D407ECF-B889-4CCD-8766-30DDF91B7296} => C:\Users\Misza\Desktop\Thumper\THUMPER.exe




    Task: {C7A02C1A-4204-413D-9D38-4675490E8A12} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-24] () <==== UWAGA
    Task: {C9586B03-6DFE-4B02-9A0A-1B0B8CD57E7F} - System32\Tasks\{D261B3CD-43D1-4008-A5C8-784C4B087ABB} => C:\Users\Misza\Desktop\Thumper\THUMPER.exe
    Task: {CCD430F7-B917-460E-AA28-BFD66CD5555F} - System32\Tasks\{36565905-F71A-49F8-934C-306CC0CCAA33} => pcalua.exe -a "C:\Users\Misza\Downloads\Super Meat Boy.exe" -d C:\Users\Misza\Downloads
    Task: {D3CB6CB1-04F4-4A3D-BE5B-DD80214FD46E} - System32\Tasks\{2D79226E-B807-4A47-8CC9-B455838EFAA3} => C:\GOG Games\Enter the Gungeon\EtG.exe [2016-04-05] ()
    Task: {E03516D2-DB42-4D41-B347-567403A94C1C} - System32\Tasks\InternetDD => ""
    Task: {E9BF2011-876B-463C-95C5-D5C40144A0DF} - System32\Tasks\{EB395F40-D920-4D08-8778-FC2C4DCDD38A} => C:\Program Files (x86)\Middle Earth Shadow of Mordor\x64\ShadowOfMordor.exe
    Task: {F787191D-0B53-4646-A391-1E9B47B641FD} - System32\Tasks\{A955DBA0-FBD2-40BB-8994-43F694DAC2BF} => C:\Users\Misza\Desktop\Minecraft.exe [2017-03-03] (Titan Launcher)
    ShortcutWithArgument: C:\Users\Misza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=...0812&uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8
    Hosts:
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
    (Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
    HKU\S-1-5-21-3956894242-3814388944-4244797191-1000\...\Run: [background_fault] => C:\Users\Misza\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-04] (AVAST Software) <===== UWAGA
    HKU\S-1-5-21-3956894242-3814388944-4244797191-1000\...\MountPoints2: {909963e3-3f70-11e6-9711-74f06dcead4f} - G:\setup.exe
    HKU\S-1-5-21-3956894242-3814388944-4244797191-1000\...\MountPoints2: {b75ea74a-e881-11e6-ae47-bcaec5d477ae} - D:\setup\rsrc\Autorun.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-04-10] (Microsoft Corporation)
    HKLM\...\Providers\5lp7tumu: C:\Program Files (x86)\Araochstjuther Host\local64spl.dll [309248 2017-03-01] ()
    IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
    IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
    IFEO\taskmgr.exe: [Debugger]
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2017-02-01]
    ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    GroupPolicy: Ograniczenia <======= UWAGA
    GroupPolicy\User: Ograniczenia <======= UWAGA
    Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
    Tcpip\..\Interfaces\{237BE69A-A0BA-4908-9620-283D51C1E97E}: [DhcpNameServer] 82.163.143.176
    Tcpip\..\Interfaces\{5B48BFB4-1F87-4635-B78C-070EA23FA25F}: [NameServer] 77.234.40.79
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8&q={searchTerms}
    HKU\S-1-5-21-3956894242-3814388944-4244797191-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8&q={searchTerms}
    HKU\S-1-5-21-3956894242-3814388944-4244797191-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=...0812&uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8
    HKU\S-1-5-21-3956894242-3814388944-4244797191-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&...p;uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKU\S-1-5-21-3956894242-3814388944-4244797191-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...p;uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3956894242-3814388944-4244797191-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...p;uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3956894242-3814388944-4244797191-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    SearchScopes: HKU\S-1-5-21-3956894242-3814388944-4244797191-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-3956894242-3814388944-4244797191-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL =
    FF SearchPlugin: C:\Users\Misza\AppData\Roaming\Mozilla\Firefox\Profiles\926v9h1m.default\searchplugins\5lp7tumu.xml [2017-03-01]
    FF SearchPlugin: C:\Users\Misza\AppData\Roaming\Mozilla\Firefox\Profiles\926v9h1m.default\searchplugins\nice.xml [2016-12-14]
    FF SearchPlugin: C:\Users\Misza\AppData\Roaming\Mozilla\Firefox\Profiles\926v9h1m.default\searchplugins\startpageing123.xml [2017-03-06]
    FF ProfilePath: C:\Users\Misza\AppData\Roaming\Firefox\Firefox\Profiles\926v9h1m.default [2017-05-24]
    FF Extension: (Polski Language Pack) - C:\Users\Misza\AppData\Roaming\Firefox\Firefox\Profiles\926v9h1m.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-05-24] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\Misza\AppData\Roaming\Firefox\Firefox\Profiles\926v9h1m.default\searchplugins\5lp7tumu.xml [2017-03-01]
    FF SearchPlugin: C:\Users\Misza\AppData\Roaming\Firefox\Firefox\Profiles\926v9h1m.default\searchplugins\nice.xml [2016-12-14]
    FF SearchPlugin: C:\Users\Misza\AppData\Roaming\Firefox\Firefox\Profiles\926v9h1m.default\searchplugins\startpageing123.xml [2017-03-06]
    FF SearchPlugin: C:\Users\Misza\AppData\Roaming\Firefox\Firefox\Profiles\926v9h1m.default\searchplugins\startsearch.xml [2017-05-24]
    CHR StartupUrls: Profile 1 -> "hxxp://www.ourluckysites.com/?type=hp&ts=1495629853&z=372186cb128dabb1ab861b7g7zft1w5qeo5t0b2w5e&from=che0812&uid=ST9640320AS_5WX1YWH8XXXX5WX1YWH8"
    CHR DefaultSearchURL: Profile 1 -> hxxp://www.mystarting123.com/search/index.php...bb41bd8381eda77833cg9z8tawbqdoetem1teq&q={searchTerms}
    CHR DefaultSearchKeyword: Profile 1 -> mystarting123
    CHR Profile: C:\Users\Misza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-05-22] <==== UWAGA
    C:\Users\Misza\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    R2 BIT; C:\ProgramData\BIT\BIT.dll [1811968 2017-05-24] (TODO: <公司名>) [Brak podpisu cyfrowego] <==== UWAGA
    S2 CSHMDR; C:\Users\Misza\AppData\Local\CSHMDR\Snare.dll [900096 2017-05-22] (IntertSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    S2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [110592 2017-05-24] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 GameExplorerUpdate; C:\ProgramData\Microsoft\Windows\GameExplorer\Resources.dll [113664 2017-04-19] () [Brak podpisu cyfrowego]
    S2 IISvr; C:\Program Files (x86)\IIS\Microsoft Web Deploy V3\te\msdeploy.resources.dll [105984 2017-05-12] () [Brak podpisu cyfrowego]
    R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda)
    S2 snare; C:\Users\Misza\AppData\Local\snare\Snare.dll [1050112 2017-05-24] (IntertSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    R2 WinAppSvr; C:\ProgramData\Microsoft\AppV\setup\install.dll [104448 2017-05-15] (TODO: <Company name>) [Brak podpisu cyfrowego] <==== UWAGA
    S2 WinCacheSrv; C:\ProgramData\Package Cache\{E01CB7F1-3E88-4450-1764-B3CC1E205C4A}v10.1.14393.795\Installers\30daf459e79c5d26366654b1b482e87.cab [84 2017-05-24] () [Brak podpisu cyfrowego]
    S2 odtclientsrv; "C:\Program Files (x86)\Odtheratezotain\odtclientsrv.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) <==== UWAGA
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) <==== UWAGA
    S3 ALSysIO; \??\C:\Users\Misza\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA
    U3 tmlwf; Brak ImagePath
    U3 tmwfp; Brak ImagePath
    U2 WinSnare; Brak ImagePath
    2017-05-28 14:05 - 2017-05-28 14:05 - 00000000 __SHD C:\found.003
    2017-05-25 19:28 - 2017-05-26 15:27 - 00145675 _____ C:\Windows\SysWOW64\gsw
    2017-05-24 16:50 - 2017-05-24 16:50 - 00000000 ____D C:\Users\Misza\AppData\Roaming\Setleaf
    2017-05-24 16:48 - 2017-05-24 16:48 - 00000000 ____D C:\Users\Misza\AppData\Local\Setleaf
    2017-05-24 16:39 - 2017-05-24 16:39 - 00000000 ____D C:\Program Files (x86)\Default Company Name
    2017-05-22 22:08 - 2017-05-25 17:45 - 00000000 ____D C:\Program Files (x86)\Anumle
    2017-05-22 15:15 - 2017-05-22 15:15 - 00000000 ____D C:\Users\Misza\AppData\Local\CSHMDR
    2017-05-17 15:45 - 2017-05-17 15:45 - 00000000 ____D C:\Users\Misza\AppData\Roaming\Babylon
    2017-05-17 15:43 - 2017-05-17 15:43 - 01299000 _____ ( ) C:\Users\Misza\Downloads\pobierz_Unlocker_1.9.2_(32-bit)_V1.9.2.exe
    2017-05-17 15:41 - 2017-05-17 15:41 - 00000000 ____D C:\Users\Misza\AppData\Roaming\Hotleaf
    2017-05-17 15:37 - 2017-05-17 15:37 - 00000000 ____D C:\Users\Misza\AppData\Local\Hotleaf
    2017-05-17 15:26 - 2017-05-17 15:26 - 00000000 ____D C:\Program Files (x86)\591C4F73_jumpeasy
    2017-05-16 16:21 - 2017-05-16 16:21 - 00000000 ____D C:\Users\Misza\AppData\Local\Footjane
    2017-05-15 14:30 - 2017-05-23 13:59 - 00000000 ____D C:\Users\Misza\AppData\Local\CWASRE
    2017-05-13 19:55 - 2017-05-24 14:50 - 00000000 _____ C:\Windows\SysWOW64\1
    2017-05-12 20:22 - 2017-05-12 20:22 - 00000000 ____D C:\Users\Misza\AppData\Local\Eggper
    2017-05-12 14:25 - 2017-05-12 14:25 - 00000000 ____D C:\Users\Misza\AppData\Local\Bagsarah
    2017-05-11 21:33 - 2017-05-11 21:33 - 00000000 _____ C:\Windows\SysWOW64\00
    2017-05-11 21:26 - 2017-05-23 13:59 - 00000000 ____D C:\Users\Misza\AppData\Local\NPASRE
    2017-05-09 16:32 - 2017-05-09 16:32 - 00000000 ____D C:\Users\Misza\AppData\Local\Jamper
    2017-05-09 16:28 - 2017-05-24 16:39 - 00000000 _____ C:\Windows\SysWOW64\1111
    2017-05-09 14:28 - 2017-05-23 13:59 - 00000000 ____D C:\Users\Misza\AppData\Local\VNASRE
    2017-05-08 13:43 - 2017-05-08 13:43 - 00000000 ____D C:\Users\Misza\AppData\Local\Canrain
    2017-05-08 13:34 - 2017-05-23 13:59 - 00000000 ____D C:\Users\Misza\AppData\Local\ANSARE
    2017-05-08 13:34 - 2017-05-11 21:26 - 00000000 ____D C:\ProgramData\BIT
    2017-05-04 13:13 - 2017-05-28 15:20 - 00000000 ____D C:\Users\Misza\AppData\Local\background_fault
    2017-05-03 17:31 - 2017-05-03 17:31 - 00000000 ____D C:\Users\Misza\AppData\Local\Dayglad
    2017-05-03 17:31 - 2017-05-03 17:31 - 00000000 ____D C:\Program Files (x86)\IIS
    2017-05-03 17:27 - 2017-05-11 21:33 - 00000000 _____ C:\Windows\SysWOW64\1111111
    2017-05-03 17:26 - 2017-05-23 13:59 - 00000000 ____D C:\Users\Misza\AppData\Local\SNAREA
    2017-05-28 15:52 - 2017-03-16 15:27 - 00000000 ____D C:\Users\Misza\Downloads\FRST-OlderVersion
    2017-05-28 15:23 - 2017-03-22 17:50 - 00000046 _____ C:\Users\Public\Documents\temp.dat
    2017-05-26 15:24 - 2017-04-10 14:30 - 00000000 ____D C:\Users\Misza\AppData\Roaming\WinSAPSvc
    2017-05-24 18:40 - 2017-04-13 19:17 - 00000000 ____D C:\Users\Misza\AppData\Local\SNARE
    2017-05-24 18:40 - 2017-04-10 14:31 - 00003578 _____ C:\Windows\System32\Tasks\Milimili
    2017-05-24 18:40 - 2017-03-31 13:47 - 00000000 ____D C:\Program Files\MK
    2017-05-24 18:39 - 2017-03-03 12:28 - 00000000 ____D C:\Program Files\5lp7tumu
    2017-05-24 16:49 - 2017-03-22 17:46 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-05-22 15:13 - 2017-03-13 18:49 - 00000000 ____D C:\Program Files (x86)\Gazshrasity
    2017-05-11 21:33 - 2017-04-21 11:23 - 00000000 _____ C:\Windows\SysWOW64\22
    2017-05-11 21:33 - 2017-04-21 11:23 - 00000000 _____ C:\Windows\SysWOW64\11
    2017-05-10 10:47 - 2017-04-13 19:17 - 00000000 ____D C:\Users\Misza\AppData\Local\Kitty
    2017-05-09 16:30 - 2017-04-21 11:21 - 00000000 ____D C:\Program Files (x86)\AlphaGo
    2017-05-04 13:15 - 2017-04-25 15:56 - 00000000 ____D C:\Windows\psgo
    2017-05-04 13:14 - 2017-04-10 14:31 - 00003504 _____ C:\Windows\System32\Tasks\Windows-PG
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • CControls
  • Pomocny post
    #4 30 Maj 2017 09:01
    Kolobos
    Spec od komputerów

    Widze, ze poprzedni Fixlist nie wykonal sie do konca.

    Wykonaj Fixlist.txt dla FRST:
    Task: {022A20E0-AC06-4D20-8331-5E4182E4F00A} - System32\Tasks\{4BEFCE5E-B546-475A-9853-D4127C69DFB3} => C:\Users\Misza\Desktop\ChromeSetup.exe
    Task: {0D66E707-FE2C-4F5A-82B9-0D196B45B637} - System32\Tasks\WiperSoft Startup => C:\Program Files\WiperSoft\WiperSoft.exe
    Task: {154FF19D-246A-4B9B-84D0-3EC4079A60B4} - System32\Tasks\{1519DA0A-7306-4BD9-9311-2ADF2E66F347} => C:\Users\Misza\Desktop\ChromeSetup.exe
    Task: {1AE3319C-8D58-43E5-85BF-50255CCA9290} - System32\Tasks\{1FD42499-AFB1-4B3E-8920-094370A081FB} => C:\Users\Misza\Desktop\ChromeSetup.exe
    Task: {2090870D-6D93-4FF0-B937-5CCC3281C5C1} - System32\Tasks\{C242858F-13D9-4CE7-961D-3D47737F7674} => C:\Users\Misza\Desktop\ChromeSetup.exe
    Task: {22D58D7C-AA9F-460F-B012-8E15DE7E7BE6} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-25] ()
    Task: {397DA678-597D-4569-808C-1AFC2E08D5BC} - System32\Tasks\{08655847-872B-4F75-9F72-314389F6855D} => C:\Users\Misza\Desktop\ChromeSetup.exe
    Task: {629AB256-E894-4F05-8A2A-C2D41B32F1F1} - System32\Tasks\{CE9F4D9A-75FF-48FF-891C-C8F691C26763} => C:\Users\Misza\Desktop\ChromeSetup.exe
    Task: {739BEFE2-D989-4075-80A5-02C733336E98} - System32\Tasks\{E48BAB45-9E5E-40B2-9750-4977725E1B31} => C:\Users\Misza\Desktop\ChromeSetup.exe
    Task: {9B19F47D-D6BA-4C50-B437-D7ABDEAE58DC} - System32\Tasks\{8D0C6065-74BE-4094-8A8D-A7DD70003B61} => C:\Users\Misza\Desktop\ChromeSetup.exe
    Task: {AA98C5AD-F2C1-40A6-B62B-5A349C88DF94} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-25] ()
    Task: {B84C20CF-7CCF-49AB-BC09-3CAFAD7C600E} - System32\Tasks\{3162F324-B78B-4CBF-B58C-BECCBD5EE7EE} => C:\Users\Misza\Desktop\ChromeSetup.exe
    Task: {C559FEF1-1948-4320-AE24-463BF3ED1FA4} - System32\Tasks\{3D407ECF-B889-4CCD-8766-30DDF91B7296} => C:\Users\Misza\Desktop\Thumper\THUMPER.exe
    Task: {ECB1D7CC-07A6-4875-91B9-7CFBC9BF0B03} - System32\Tasks\{EC7997A3-7BC5-44EA-A510-74CD00466852} => C:\Users\Misza\Desktop\ChromeSetup.exe
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
    S3 4F9584966132D718; \??\C:\Users\Misza\AppData\Local\Temp\2F83AA6C.sys [X] <==== UWAGA
    R3 ALSysIO; \??\C:\Users\Misza\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA
    U2 snare; Brak ImagePath
    2017-05-29 22:02 - 2017-04-13 19:17 - 00000000 ____D C:\Users\Misza\AppData\Local\SNARE
    2017-05-28 20:50 - 2017-04-17 14:16 - 00000000 ____D C:\Windows\Update
    2017-05-28 20:50 - 2017-04-10 14:31 - 00000000 ____D C:\Update
    2017-05-28 20:50 - 2017-03-10 12:23 - 00000000 ____D C:\Users\Misza\AppData\Roaming\Elex-tech
    2017-05-28 20:50 - 2017-03-01 19:08 - 00000000 ____D C:\Program Files (x86)\Araochstjuther Host
    2017-05-28 19:11 - 2017-03-22 17:50 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-05-28 18:33 - 2017-03-10 12:23 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2017-05-24 18:40 - 2017-03-31 13:47 - 00000000 ____D C:\Program Files\MK
    2017-05-24 18:39 - 2017-03-03 12:28 - 00000000 ____D C:\Program Files\5lp7tumu
    2017-05-24 16:49 - 2017-03-22 17:46 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-05-22 15:13 - 2017-03-13 18:49 - 00000000 ____D C:\Program Files (x86)\Gazshrasity
    2017-05-11 21:33 - 2017-04-21 11:23 - 00000000 _____ C:\Windows\SysWOW64\22
    2017-05-11 21:33 - 2017-04-21 11:23 - 00000000 _____ C:\Windows\SysWOW64\11
    2017-05-10 10:47 - 2017-04-13 19:17 - 00000000 ____D C:\Users\Misza\AppData\Local\Kitty
    2017-05-09 16:30 - 2017-04-21 11:21 - 00000000 ____D C:\Program Files (x86)\AlphaGo

    Po wykonaniu zamiesc nowy log z FRST (wystarczy frst.txt), ze skanowania + fixlog.

    AlphaGo (HKLM-x32\...\{B7CB7055-EFAE-4CD2-928A-15DB5F4FF7C7}) (Version: 1.2.5 - AlphaGo) <==== UWAGA nadal nie daje sie odinstalowac?
    W takim razie uruchom regedit, wyszukaj 15DB5F4FF7C7 i usun wpis z klucza uninstall.

    0
  • Pomocny post
    #6 30 Maj 2017 13:50
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0