Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Samootwierające się okienka

smartfon 27 Paź 2017 15:07 333 4
  • #1 27 Paź 2017 15:07
    smartfon
    Poziom 4  

    Mam problem z wyskakującymi nowymi oknami i złą przeglądarką.W panelu sterowania nic nie ma niepokojącego do odinstalowania. Niue mogę uruchomić też AdwCleanera, gdyż wyskakuje komunikat"Ten program został zablokowany w celu ochrony użytkownika". Proszę o pomoc. Zamieszczam logi z FRST i Adddition.

    0 4
  • #2 27 Paź 2017 16:02
    Kolobos
    Spec od komputerów

    Tak sie konczy bezmyslnie uzywanie zainfekowanych aktywatorow do systemu...

    Odinstaluj:
    DLL-Files.com Client
    McAfee Security Scan Plus
    Spybot - Search & Destroy
    oraz ByteFence o ile w ogole masz taka opcje.

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {118C84EB-5ADD-4679-A351-7D0121580C07} - System32\Tasks\GoogleUpdateSecurityTaskMachine_PB => C:\Users\demo\AppData\Local\Temp\14da0a22957b40ab949e7b7fd0b11163\chipset.exe <==== UWAGA
    Task: {188B6761-A3F9-4D7A-97DD-51FD63230F30} - System32\Tasks\GoogleUpdateSecurityTaskMachine_OM => C:\Users\demo\AppData\Roaming\17a48eb30d304f42a496454fadf92848\chipset.exe [2017-10-26] (NirSoft)
    Task: {411B0545-9284-4AD3-8D98-A09DF47D4543} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2017-10-03] (Byte Technologies LLC)
    Task: {4512CE39-36A4-4B3A-808A-2548AAC3976D} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HS => C:\Users\demo\AppData\Local\556eaf8112b24ba1abaad20dd2170c62\chipset.exe [2017-10-26] (NirSoft)
    Task: {4521019B-3846-448C-BC9F-360E128CA24C} - System32\Tasks\DXdnoft Virwool => Rundll32.exe "C:\Program Files\DXdnoft Virwool\DXdnoft Virwool.dll",QjdDxrI
    Task: {51F36530-EB6A-4DC2-96CD-A1E5C9C5BC75} - System32\Tasks\{5CEB6D1C-1CC2-4C35-AF30-63AA3CFB9299} => pcalua.exe -a F:\Setup.exe -d F:\
    Task: {64302A5E-FDC3-4FEB-86F7-60032099C5AD} - System32\Tasks\WinThruster64-demo-Notification => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== UWAGA
    Task: {6FEA1F88-FFE9-4F3A-ACFE-F9446695D7B3} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UD => C:\Users\demo\AppData\Local\2fdaa30320bc4a0e86b74dc93e1c69ee\chipset.exe [2017-10-26] (NirSoft)
    Task: {9C8D977E-D55B-49DC-BCAD-16203C3DFFA7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {AAB83BFC-36CD-458C-BF23-AD198F8350A8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {B0CC8931-8386-454F-A50D-355A3427462E} - System32\Tasks\0ZzYAtHkgiFq => 0zzyathkgifq.exe
    Task: {E3EFD7AA-2199-43DF-8155-783F2F366D6F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
    Task: {EEEB5802-C7F4-4939-BF20-02E4F29A68AB} - System32\Tasks\GoogleUpdateSecurityTaskMachine_JZ => C:\ProgramData\9b5c20e6ccc1403fb12bc78ecb69bdac\chipset.exe [2017-10-26] (NirSoft)
    Task: {FB6A4C64-E9F3-48ED-A97D-C469DB03408A} - System32\Tasks\WinThruster64-demo-Startup => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== UWAGA
    Task: C:\Windows\Tasks\WinThruster64-demo-Notification.job => C:\Program Files\Solvusoft\WinThruster\Sync.exe <==== UWAGA




    Task: C:\Windows\Tasks\WinThruster64-demo-Startup.job => C:\Program Files\Solvusoft\WinThruster\WinThruster64.exe <==== UWAGA
    2017-10-27 13:16 - 2017-10-27 14:22 - 00570368 _____ () C:\Windows\TEMP\gD604.tmp.exe
    2017-03-07 20:18 - 2017-03-07 20:18 - 00582936 _____ () C:\Program Files\ByteFence\rsLggr.exe
    2017-10-27 14:47 - 2017-10-27 14:49 - 00302920 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    2017-10-27 14:47 - 2017-10-27 14:49 - 00620872 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    2017-02-02 19:53 - 2017-01-17 17:20 - 03843584 _____ () C:\Program Files (x86)\TorrentsTime Media Player\bin\torrent.dll
    2017-10-27 14:37 - 2016-09-13 14:00 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-10-27 14:37 - 2016-09-13 14:00 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2017-10-27 14:37 - 2016-09-13 14:00 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2017-10-27 14:37 - 2017-05-12 11:36 - 00507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    AlternateDataStreams: C:\akt notarialny 2000 r..jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\akt notarialny 2000 r..jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\akt notarialny str. 2 - 2000 r..jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\akt notarialny str. 2 - 2000 r..jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\akt notarialny str. 3 - 2000 r..jpeg.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\akt notarialny str. 3 - 2000 r..jpeg.jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\akt notarialny str.1 - 2013 r..jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\akt notarialny str.1 - 2013 r..jpeg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\demo\Desktop\ZUS.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\demo\Desktop\ZUS.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\demo\Desktop\ZUS1.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\demo\Desktop\ZUS1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    AlternateDataStreams: C:\Users\demo\Desktop\ZUS2.jpeg:3or4kl4x13tuuug3Byamue2s4b
    AlternateDataStreams: C:\Users\demo\Desktop\ZUS2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
    () C:\Windows\Temp\gD604.tmp.exe
    (TorrentsTime) C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
    () C:\Program Files\NVIDIA Corporation\FFIBSJEWAR\CMHSQJRHQJ.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
    () C:\Program Files\ByteFence\rsLggr.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (OldTimer Tools) C:\Users\demo\Downloads\OTL (1).exe
    (fgg ltd) C:\Program Files (x86)\0ZzYAtHkgiFq\0zzyathkgifq.exe
    HKLM\...\Run: [SERVICE] => [X]
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
    HKLM\...\RunOnce: [DEMO-KOMPUTER] => C:\Windows\Temp\gBD36.tmp.exe <===== UWAGA
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKLM\...\Policies\Explorer: [NofolderOptions] 0
    HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\...\Run: [Bonus.SSR.FR14] => C:\Program Files (x86)\ABBYY FineReader 14\ScreenshotReader.exe [1037464 2017-03-23] (ABBYY Production LLC.)
    HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\...\Run: [CMHSQJRHQJ.exe] => C:\Program Files\NVIDIA Corporation\FFIBSJEWAR\CMHSQJRHQJ.exe [297984 2017-10-26] ()
    HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\...\MountPoints2: F - F:\Autorun.exe
    HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\...\MountPoints2: G - G:\Autorun.exe
    HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\...\MountPoints2: {197cd8c7-62d0-11e5-87b1-408d5c155faa} - F:\Setup.exe
    HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\...\MountPoints2: {30f5a9c4-6344-11e5-80d6-408d5c155faa} - G:\Setup.exe
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    BootExecute: autocheck autochk * sdnclean64.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{D31901E2-F4FC-40A9-B1F3-FE29B4371FF6}: [NameServer] 82.163.142.8,95.211.158.136
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_re...ndex.jsp?lg=pl&pid=NIS&pvid=22.7.0.76
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_re...ndex.jsp?lg=pl&pid=NIS&pvid=22.7.0.76
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_re...ndex.jsp?lg=pl&pid=NIS&pvid=22.7.0.76
    HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...Btufzic4oUe1y0cDMMJ4RpJmJoJHaVMB6Jaw,,&q={searchTerms}
    HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...W4WXjj6l_-IZkxDcDiFWrXHrKCh3xUwJkbT--IcKoJw,,,,
    HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...Btufzic4oUe1y0cDMMJ4RpJmJoJHaVMB6Jaw,,&q={searchTerms}
    HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...Btufzic4oUe1y0cDMMJ4RpJmJoJHaVMB6Jaw,,&q={searchTerms}
    HKU\S-1-5-21-1746069391-1434092417-1463518702-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
    HKU\S-1-5-21-1746069391-1434092417-1463518702-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_re...ndex.jsp?lg=pl&pid=NIS&pvid=22.7.0.76
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    FF NewTab: C:\\ProgramData\\Quoteexs\\ff.NT
    FF Plugin HKU\S-1-5-21-1746069391-1434092417-1463518702-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [2017-01-17] (Torrents Time)
    FF user.js: detected! => C:\Users\demo\AppData\Roaming\Mozilla\Firefox\Profiles\bimtvz6f.default-1477688267784\user.js [2017-09-27]
    FF Extension: Brak nazwy - C:\Users\demo\AppData\Roaming\Mozilla\Firefox\Profiles\bimtvz6f.default-1477688267784\Extensions\646506@extcorp.com.xpi [2017-10-26]
    FF Extension: Brak nazwy - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-11-15]
    C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
    C:\Users\demo\AppData\Roaming\Mozilla\Firefox\Profiles\bimtvz6f.default-1477688267784\Extensions\646506@extcorp.com.xpi
    CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...bvk-pgMU7W1Z7JnlWoKheGEzxkAFzH-nN-XQQ2zw-iQ,,,,
    C:\Users\demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg
    CHR Extension: (Tables) - C:\Users\demo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-10-26]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.11.0.41\Exts\Chrome.crx <nie znaleziono>
    CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <Brak Path/update_url>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-1746069391-1434092417-1463518702-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.11.0.41\Exts\Chrome.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <Brak Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    C:\Users\demo\AppData\Roaming\Opera Software\Opera Stable\Extensions\egafjhhpbipcmpoiomegbckljbbbphoj
    C:\Users\demo\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh
    OPR Extension: (Tables) - C:\Users\demo\AppData\Roaming\Opera Software\Opera Stable\Extensions\egafjhhpbipcmpoiomegbckljbbbphoj [2017-10-26]
    OPR Extension: (ChromeWebstore) - C:\Users\demo\AppData\Roaming\Opera Software\Opera Stable\Extensions\ofhehnfmgbgnkjaojifkmebjjgffjaeh [2017-10-26]
    R2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [156640 2017-10-03] (Byte Technologies LLC)
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2017-10-27] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
    S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
    R2 TTService; C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [3278336 2017-01-27] (TorrentsTime) [Brak podpisu cyfrowego]
    S2 0ZzYAtHkgiFq Updater; C:\Program Files (x86)\0ZzYAtHkgiFq Updater\0ZzYAtHkgiFq Updater.exe [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20161031.021\ENG64.SYS [X]
    S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20161031.021\EX64.SYS [X]
    U0 sr; Brak ImagePath
    S1 wfcre; system32\drivers\wfcre.sys [X]
    2017-10-27 14:53 - 2017-10-27 14:54 - 00602112 _____ (OldTimer Tools) C:\Users\demo\Downloads\OTL (1).exe
    2017-10-27 14:47 - 2017-10-27 14:47 - 00000000 ____D C:\ProgramData\ByteFence
    2017-10-27 14:38 - 2017-10-27 14:38 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
    2017-10-27 14:37 - 2017-10-27 14:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-10-27 14:37 - 2017-10-27 14:39 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-10-27 14:37 - 2017-10-27 14:37 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2017-10-27 14:37 - 2017-10-27 14:37 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2017-10-27 14:37 - 2017-10-27 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2017-10-27 14:37 - 2017-05-23 09:22 - 00032240 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
    2017-10-27 14:36 - 2017-10-27 15:01 - 00000000 ____D C:\Program Files\ByteFence
    2017-10-27 14:36 - 2017-10-27 14:36 - 51725936 _____ (Safer-Networking Ltd. ) C:\Users\demo\Downloads\spybotsd-2.6.46.exe
    2017-10-27 14:36 - 2017-10-27 14:36 - 00003388 _____ C:\Windows\System32\Tasks\ByteFence
    2017-10-27 14:36 - 2017-10-27 14:36 - 00001027 _____ C:\Users\demo\Desktop\ByteFence Anti-Malware.lnk
    2017-10-27 14:36 - 2017-10-27 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
    2017-10-27 14:35 - 2017-10-27 14:36 - 01668096 _____ ( ) C:\Users\demo\Downloads\Spybot-Search-Destroy-12546-AsystentPobierania.exe
    2017-10-27 14:17 - 2017-10-27 14:51 - 00001632 _____ C:\Users\demo\Downloads\adwcleaner_7.0.3.1_www.INSTALKI.pl.exe — skrót.lnk
    2017-10-27 14:17 - 2017-10-27 14:17 - 08250832 _____ (Malwarebytes) C:\Users\demo\Downloads\adwcleaner_7.0.3.1_www.INSTALKI.pl.exe
    2017-10-27 14:07 - 2017-10-27 14:07 - 08250832 _____ (Malwarebytes) C:\Users\demo\Downloads\AdwCleaner.exe
    2017-10-26 22:06 - 2017-10-26 22:06 - 08250832 _____ (Malwarebytes) C:\Users\demo\Downloads\adwcleaner_7.0.3.1.exe
    2017-10-26 21:55 - 2017-10-26 21:55 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-10-26 21:51 - 2017-10-27 14:54 - 00016714 _____ C:\Windows\System32\Tasks\DXdnoft Virwool
    2017-10-26 21:51 - 2017-10-26 21:51 - 00003984 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_PB
    2017-10-26 21:51 - 2017-10-26 21:51 - 00003972 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_OM
    2017-10-26 21:51 - 2017-10-26 21:51 - 00003964 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_UD
    2017-10-26 21:51 - 2017-10-26 21:51 - 00003964 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_HS
    2017-10-26 21:51 - 2017-10-26 21:51 - 00003912 _____ C:\Windows\System32\Tasks\GoogleUpdateSecurityTaskMachine_JZ
    2017-10-26 21:51 - 2017-10-26 21:51 - 00000000 ____D C:\Users\demo\AppData\Roaming\CleanBrowMode
    2017-10-26 21:51 - 2017-10-26 21:51 - 00000000 ____D C:\Users\demo\AppData\Roaming\ChromeHelper
    2017-10-26 21:51 - 2017-10-26 21:51 - 00000000 ____D C:\Users\demo\AppData\Roaming\17a48eb30d304f42a496454fadf92848
    2017-10-26 21:51 - 2017-10-26 21:51 - 00000000 ____D C:\Users\demo\AppData\Local\556eaf8112b24ba1abaad20dd2170c62
    2017-10-26 21:51 - 2017-10-26 21:51 - 00000000 ____D C:\Users\demo\AppData\Local\2fdaa30320bc4a0e86b74dc93e1c69ee
    2017-10-26 21:51 - 2017-10-26 21:51 - 00000000 ____D C:\ProgramData\9b5c20e6ccc1403fb12bc78ecb69bdac
    2017-10-26 21:51 - 2017-10-26 21:51 - 00000000 ____D C:\Program Files (x86)\nowidget
    2017-10-26 21:49 - 2017-10-26 21:50 - 00000266 __RSH C:\Users\demo\ntuser.pol
    2017-10-26 21:48 - 2017-10-26 21:50 - 00004020 __RSH C:\ProgramData\ntuser.pol
    2017-10-26 21:48 - 2017-10-26 21:48 - 00021536 _____ C:\Windows\System32\Tasks\0ZzYAtHkgiFq
    2017-10-26 21:48 - 2017-10-26 21:48 - 00000000 ____D C:\Program Files (x86)\0ZzYAtHkgiFq
    2017-10-26 21:47 - 2017-10-26 21:47 - 07334400 _____ C:\Users\demo\AppData\Local\agent.dat
    2017-10-26 21:47 - 2017-10-26 21:47 - 02198528 _____ (TODO: <Company name>) C:\Users\demo\AppData\Local\DripTincof.exe
    2017-10-26 21:47 - 2017-10-26 21:47 - 02198528 _____ (TODO: <Company name>) C:\Users\demo\AppData\Local\Cansing.exe
    2017-10-26 21:47 - 2017-10-26 21:47 - 01900178 _____ C:\Users\demo\AppData\Local\DripTincof.tst
    2017-10-26 21:47 - 2017-10-26 21:47 - 01895382 _____ C:\Users\demo\AppData\Local\Daltcom.bin
    2017-10-26 21:47 - 2017-10-26 21:47 - 00278509 _____ C:\Users\demo\AppData\Local\Cansing.tst
    2017-10-26 21:47 - 2017-10-26 21:47 - 00140800 _____ C:\Users\demo\AppData\Local\installer.dat
    2017-10-26 21:47 - 2017-10-26 21:47 - 00126464 _____ C:\Users\demo\AppData\Local\noah.dat
    2017-10-26 21:47 - 2017-10-26 21:47 - 00070800 _____ C:\Users\demo\AppData\Local\Config.xml
    2017-10-26 21:47 - 2017-10-26 21:47 - 00005568 _____ C:\Users\demo\AppData\Local\md.xml
    2017-10-26 21:47 - 2017-10-26 21:47 - 00000000 ____D C:\WinSys
    2017-10-26 21:47 - 2017-10-26 21:47 - 00000000 ____D C:\Applications
    2017-10-26 21:46 - 2017-10-26 21:46 - 00000000 ____D C:\Program Files (x86)\Removewat 2.2.7
    2017-10-26 19:00 - 2017-10-26 19:00 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2017-10-21 20:54 - 2017-10-21 20:54 - 00766552 _____ C:\Users\demo\Downloads\flux-setup (1).exe
    2017-10-13 21:31 - 2017-10-13 21:31 - 00001129 _____ C:\Users\Public\Desktop\DLL-Files.com Client.lnk
    2017-10-13 21:31 - 2017-10-13 21:31 - 00000000 ____D C:\Users\demo\AppData\Roaming\DLL-files.com
    2017-10-13 21:31 - 2017-10-13 21:31 - 00000000 ____D C:\Users\demo\AppData\Roaming\DFXCT
    2017-10-13 21:31 - 2017-10-13 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL-Files.com Client
    2017-10-13 21:31 - 2017-10-13 21:31 - 00000000 ____D C:\Program Files (x86)\DLL-Files.com Client
    2017-10-27 14:36 - 2015-09-18 16:20 - 00000000 ____D C:\ProgramData\McAfee
    2017-10-27 14:32 - 2016-10-24 15:07 - 00000374 _____ C:\Windows\Tasks\WinThruster64-demo-Notification.job
    2017-10-27 14:32 - 2016-10-24 15:07 - 00000366 _____ C:\Windows\Tasks\WinThruster64-demo-Startup.job
    2017-10-26 22:06 - 2015-12-09 16:19 - 00000000 ____D C:\AdwCleaner
    2017-10-13 21:48 - 2016-10-24 15:06 - 00000000 ____D C:\Users\demo\AppData\Local\IIIQF
    2017-10-26 21:47 - 2017-10-26 21:47 - 7334400 _____ () C:\Users\demo\AppData\Local\agent.dat
    2017-10-26 21:47 - 2017-10-26 21:47 - 2198528 _____ (TODO: <Company name>) C:\Users\demo\AppData\Local\Cansing.exe
    2017-10-26 21:47 - 2017-10-26 21:47 - 0278509 _____ () C:\Users\demo\AppData\Local\Cansing.tst
    2017-10-26 21:47 - 2017-10-26 21:47 - 0070800 _____ () C:\Users\demo\AppData\Local\Config.xml
    2017-10-26 21:47 - 2017-10-26 21:47 - 1895382 _____ () C:\Users\demo\AppData\Local\Daltcom.bin
    2017-10-26 21:47 - 2017-10-26 21:47 - 2198528 _____ (TODO: <Company name>) C:\Users\demo\AppData\Local\DripTincof.exe
    2017-10-26 21:47 - 2017-10-26 21:47 - 1900178 _____ () C:\Users\demo\AppData\Local\DripTincof.tst
    2017-10-26 21:47 - 2017-10-26 21:47 - 0140800 _____ () C:\Users\demo\AppData\Local\installer.dat
    2017-10-26 21:47 - 2017-10-26 21:47 - 0005568 _____ () C:\Users\demo\AppData\Local\md.xml
    2017-10-26 21:47 - 2017-10-26 21:47 - 0126464 _____ () C:\Users\demo\AppData\Local\noah.dat
    2016-06-27 20:47 - 2016-06-27 20:47 - 0002483 _____ () C:\Users\demo\AppData\Local\recently-used.xbel
    2015-10-30 19:10 - 2015-10-30 19:10 - 0007601 _____ () C:\Users\demo\AppData\Local\Resmon.ResmonCfg
    2017-10-26 21:47 - 2017-10-26 21:47 - 0032038 _____ () C:\Users\demo\AppData\Local\uninstall_temp.ico
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #4 27 Paź 2017 17:31
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #5 27 Paź 2017 17:33
    smartfon
    Poziom 4  

    Dzięki wielkie, temat można zamknąć.

    0