Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus powoduje bluescreena. Logi FRTS

--Paweł-- 05 Lip 2018 10:47 198 11
  • #1 05 Lip 2018 10:47
    --Paweł--
    Poziom 6  

    Witam.
    Potrzebuje o pomocy, dzisiaj pobierając program z internetu nie zwróciłem uwagi i instalator zainstalował mi nie chciane programy. Problemem jest bluescreen co 3 mim po uruchomieniu komputera oraz masę reklama przy starcie systemu.
    Udało wykonać skan FRTS. Proszę o pomoc .
    Prawdopodobnie program Driver Updater który sam się zainstalował powoduje bluescreena oraz masę reklam.

    0 11
  • Pomocny post
    #2 05 Lip 2018 10:55
    Kolobos
    Spec od komputerów

    Odinstaluj Advanced SystemCare

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {07B9A059-735E-4114-8DBF-2FF8673ACBDA} - System32\Tasks\ASC11_PerformanceMonitor => D:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2018-01-15] (IOb
    Task: {18070F14-9260-48B6-B76E-A948CE7525D2} - System32\Tasks\psv_Whitezap => /c regedit.exe /s "C:\ProgramData\Voyasollam\Big-Hold.reg" &amp; del "C:\ProgramData\Voyasollam\Big-Hold.reg" &amp; SCHTASKS /Delete /TN "psv_Whitezap" /F <==== UWAGA
    Task: {2C9F523E-A1B0-4332-BA60-03F1FF9D89F4} - System32\Tasks\psv_Freeit => /c regedit.exe /s "C:\ProgramData\Voyasollam\TreeReddox.reg" &amp; del "C:\ProgramData\Voyasollam\TreeReddox.reg" &amp; SCHTASKS /Delete /TN "psv_Freeit" /F <==== UWAGA
    Task: {3FB3D2EF-FD12-406B-A850-567296D30F1F} - System32\Tasks\psv_Zoomansoft => /c regedit.exe /s "C:\ProgramData\Voyasollam\Kindom.reg" &amp; del "C:\ProgramData\Voyasollam\Kindom.reg" &amp; SCHTASKS /Delete /TN "psv_Zoomansoft" /F <==== UWAGA
    Task: {52DA46DC-0B56-4054-8ED4-E288B827D255} - System32\Tasks\ASC11_SkipUac_Pawel => D:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2018-01-30] (IObit)
    Task: {560B50AC-D53A-4E49-9A26-D65053E7CA6E} - System32\Tasks\psv_Move-Core => /c regedit.exe /s "C:\ProgramData\Voyasollam\Double-Plus.reg" &amp; del "C:\ProgramData\Voyasollam\Double-Plus.reg" &amp; SCHTASKS /Delete /TN "psv_Move-Core" /F <==== UWAGA
    Task: {6CE8811D-2F11-4216-9671-45124F283B45} - System32\Tasks\psv_Zonetrax => /c regedit.exe /s "C:\ProgramData\Voyasollam\Silsoft.reg" &amp; del "C:\ProgramData\Voyasollam\Silsoft.reg" &amp; SCHTASKS /Delete /TN "psv_Zonetrax" /F <==== UWAGA
    Task: {7C82F831-C55B-4274-B23E-38C14F1537A3} - System32\Tasks\lqpue => C:\Users\Pawel\AppData\Roaming\vtgyc\lqpue.vbs [2018-07-05] ()
    Task: {8695B0EB-0A37-4E2E-803E-A0DD458CDB35} - System32\Tasks\psv_Roundex => /c regedit.exe /s "C:\ProgramData\Voyasollam\Betasing.reg" &amp; del "C:\ProgramData\Voyasollam\Betasing.reg" &amp; SCHTASKS /Delete /TN "psv_Roundex" /F <==== UWAGA
    Task: {96585916-C700-4EA2-97AD-37D24F088D40} - \One System Care Monitor -> Brak pliku <==== UWAGA
    Task: {B80983DC-1B80-4666-8D77-88F149CE644A} - System32\Tasks\psv_Dingdox => /c regedit.exe /s "C:\ProgramData\Voyasollam\Superflex.reg" &amp; del "C:\ProgramData\Voyasollam\Superflex.reg" &amp; SCHTASKS /Delete /TN "psv_Dingdox" /F <==== UWAGA
    Task: {C074A220-A3CE-4685-A61F-3BC7E6F93A6B} - System32\Tasks\snp => C:\ProgramData\Voyasollam\Voyasollam.exe [2018-07-05] () <==== UWAGA
    Task: {CF6DA8F5-B715-47E7-8CFB-ACF54601BCF4} - System32\Tasks\psv_Transhold => /c regedit.exe /s "C:\ProgramData\Voyasollam\Goldenzoofind.reg" &amp; del "C:\ProgramData\Voyasollam\Goldenzoofind.reg" &amp; SCHTASKS /Delete /TN "psv_Transhold" /F <==== UWAGA
    Task: {EF2DD74F-B4C4-4CD2-8A2E-FD70705813D0} - System32\Tasks\ohllg => C:\Users\Pawel\AppData\Roaming\acuty\ohllg.vbs [2018-07-05] ()




    Task: {F6CB5FBF-5B60-479D-A212-7777DDA418DE} - System32\Tasks\psv_LatCanstrong => /c regedit.exe /s "C:\ProgramData\Voyasollam\StockLab.reg" &amp; del "C:\ProgramData\Voyasollam\StockLab.reg" &amp; SCHTASKS /Delete /TN "psv_LatCanstrong" /F <==== UWAGA
    Task: C:\Windows\Tasks\Driver Easy Scheduled Scan.job => D:\Program Files\Easeware\DriverEasy\DriverEasy.exe
    2018-07-05 09:53 - 2018-07-05 09:39 - 03780096 _____ () C:\ProgramData\Logic Cramble\set.exe
    2018-07-05 09:53 - 2018-07-04 02:49 - 00670720 _____ () C:\Program Files (x86)\Tjrii\2912215.exe
    2018-07-05 10:47 - 2018-07-05 10:47 - 00714752 _____ () C:\Users\Pawel\AppData\Local\Temp\is-OHA2E.tmp\z1s05dpmo5k.tmp
    2018-07-05 10:47 - 2018-07-05 10:47 - 00714752 _____ () C:\Users\Pawel\AppData\Local\Temp\is-TM7JN.tmp\jd3uwq0uohu.tmp
    2018-07-05 10:47 - 2018-07-05 10:47 - 00714752 _____ () C:\Users\Pawel\AppData\Local\Temp\is-4PDTU.tmp\kscdyxsqr5z.tmp
    2018-07-05 10:47 - 2018-07-05 10:47 - 00714752 _____ () C:\Users\Pawel\AppData\Local\Temp\is-IR7HU.tmp\bdz4xmqct0z.tmp
    2018-07-05 10:47 - 2008-10-15 17:44 - 00205312 _____ () C:\Users\Pawel\AppData\Local\Temp\is-4RDLH.tmp\itdownload.dll
    2018-07-05 10:47 - 2008-10-15 17:44 - 00205312 _____ () C:\Users\Pawel\AppData\Local\Temp\is-P6JAK.tmp\itdownload.dll
    2018-07-05 10:47 - 2008-10-15 17:44 - 00205312 _____ () C:\Users\Pawel\AppData\Local\Temp\is-KVQA0.tmp\itdownload.dll
    2018-07-05 10:47 - 2008-10-15 17:44 - 00205312 _____ () C:\Users\Pawel\AppData\Local\Temp\is-T2BCK.tmp\itdownload.dll
    () C:\ProgramData\Logic Cramble\set.exe
    () C:\Program Files (x86)\Tjrii\2912215.exe
    (IObit) D:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
    (Stom ) C:\Users\Pawel\AppData\Roaming\qjaajub334v\jd3uwq0uohu.exe
    (%RSXKM) C:\Program Files\PMIVHI9I1N\PMIVHI9I1.exe
    (Stom ) C:\Users\Pawel\AppData\Roaming\upgkulp3alb\z1s05dpmo5k.exe
    () C:\Users\Pawel\AppData\Local\Temp\is-OHA2E.tmp\z1s05dpmo5k.tmp
    (%RSXKM) C:\Program Files\1HW4PWPRFB\1HW4PWPRF.exe
    () C:\Users\Pawel\AppData\Local\Temp\is-TM7JN.tmp\jd3uwq0uohu.tmp
    (%RSXKM) C:\Program Files\NPYVWBL3QE\NPYVWBL3Q.exe
    (Stom ) C:\Users\Pawel\AppData\Roaming\2whg2rhp31x\kscdyxsqr5z.exe
    () C:\Users\Pawel\AppData\Local\Temp\is-4PDTU.tmp\kscdyxsqr5z.tmp
    (Stom ) C:\Users\Pawel\AppData\Roaming\mljazpuity1\bdz4xmqct0z.exe
    () C:\Users\Pawel\AppData\Local\Temp\is-IR7HU.tmp\bdz4xmqct0z.tmp
    (%RSXKM) C:\Program Files\TJZZPW625M\TJZZPW625.exe
    HKLM\...\RunOnce: [i33yutqs0pe] => C:\Program Files (x86)\Tjrii\2912215.exe [670720 2018-07-04] ()
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [Advanced SystemCare 11] => D:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3580176 2018-01-16] (IObit)
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [5013419] => C:\Users\Pawel\AppData\Roaming\qjaajub334v\jd3uwq0uohu.exe [787435 2018-07-05] (Stom )
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [NOUBF3O8QYLXICV] => C:\Program Files\PMIVHI9I1N\PMIVHI9I1.exe [666112 2018-07-05] (%RSXKM)
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [1216101] => C:\Users\Pawel\AppData\Roaming\upgkulp3alb\z1s05dpmo5k.exe [787435 2018-07-05] (Stom )
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [JW77Q6ZLJZHDLNV] => C:\Program Files\1HW4PWPRFB\1HW4PWPRF.exe [666112 2018-07-05] (%RSXKM)
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [0JHFZOHKSY65J4S] => C:\Program Files\NPYVWBL3QE\NPYVWBL3Q.exe [666112 2018-07-05] (%RSXKM)
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [3620076] => C:\Users\Pawel\AppData\Roaming\2whg2rhp31x\kscdyxsqr5z.exe [787435 2018-07-05] (Stom )
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [8799678] => C:\Users\Pawel\AppData\Roaming\mljazpuity1\bdz4xmqct0z.exe [787435 2018-07-05] (Stom )
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [YKEYHW7CDIMKVN3] => C:\Program Files\TJZZPW625M\TJZZPW625.exe [666112 2018-07-05] (%RSXKM)
    AppInit_DLLs: C:\ProgramData\Voyasollam\ZunTone.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Trio-Is.dll => Brak pliku
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...qYHdC7n0FrMP04fEX5pFw9DrdUvZrVJ18RAhsT&q={searchTerms}
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...rsOxPdVUstYxV-pUqlxP5nxeENhVF4wepRmUuN2iaOTvE
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...qYHdC7n0FrMP04fEX5pFw9DrdUvZrVJ18RAhsT&q={searchTerms}
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...qYHdC7n0FrMP04fEX5pFw9DrdUvZrVJ18RAhsT&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...qYHdC7n0FrMP04fEX5pFw9DrdUvZrVJ18RAhsT&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2390916359-2105850983-3003124736-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...qYHdC7n0FrMP04fEX5pFw9DrdUvZrVJ18RAhsT&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2390916359-2105850983-3003124736-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...qYHdC7n0FrMP04fEX5pFw9DrdUvZrVJ18RAhsT&q={searchTerms}
    CHR HomePage: Default -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...su1ad9mVI8xsUCMwP5T-PEMiN9ZwGXO0B8kf-Er87eQ,,,,
    U2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-07-05] () [Brak podpisu cyfrowego]
    S3 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2018-07-05] () [Brak podpisu cyfrowego]
    S2 Voyasollam; C:\ProgramData\\Voyasollam\\Voyasollam.exe [1810944 2018-07-05] () [Brak podpisu cyfrowego]
    R2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [10644480 2018-05-28] (Microsoft Corporation) [Brak podpisu cyfrowego]
    R1 prisafe; C:\Windows\System32\drivers\prisafe.sys [114800 2018-05-25] ()
    S3 AsrSetupDrv; \??\C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [X]
    S4 MBAMProtection; system32\DRIVERS\mbam.sys [X]
    S4 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
    S4 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2018-07-05 10:47 - 2018-07-05 10:47 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\mljazpuity1
    2018-07-05 10:47 - 2018-07-05 10:47 - 00000000 ____D C:\Program Files\TJZZPW625M
    2018-07-05 10:45 - 2018-07-05 10:45 - 00000000 ____D C:\Program Files\RE4F2GGR2G
    2018-07-05 10:44 - 2018-07-05 10:44 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\ynvmuj5arju
    2018-07-05 10:41 - 2018-07-05 10:41 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\3piot4zeeo5
    2018-07-05 10:41 - 2018-07-05 10:41 - 00000000 ____D C:\Program Files\OU5MX98OJ5
    2018-07-05 10:37 - 2018-07-05 10:38 - 00000000 ____D C:\Program Files\NPYVWBL3QE
    2018-07-05 10:37 - 2018-07-05 10:37 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\2whg2rhp31x
    2018-07-05 10:35 - 2018-07-05 10:35 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\upgkulp3alb
    2018-07-05 10:35 - 2018-07-05 10:35 - 00000000 ____D C:\Program Files\1HW4PWPRFB
    2018-07-05 10:31 - 2018-07-05 10:31 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\i1j2gxc1esb
    2018-07-05 10:31 - 2018-07-05 10:31 - 00000000 ____D C:\Program Files\TUB41SAIJ7
    2018-07-05 10:29 - 2018-07-05 10:29 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\f44zo4nqkvy
    2018-07-05 10:29 - 2018-07-05 10:29 - 00000000 ____D C:\Program Files\YMPH3TTG7C
    2018-07-05 10:26 - 2018-07-05 10:26 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\2duujoki23z
    2018-07-05 10:26 - 2018-07-05 10:26 - 00000000 ____D C:\Program Files\1RA3EZZ63C
    2018-07-05 10:22 - 2018-07-05 10:22 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\z0pjpzaxv54
    2018-07-05 10:22 - 2018-07-05 10:22 - 00000000 ____D C:\Program Files\INEAPN0BX2
    2018-07-05 10:20 - 2018-07-05 10:20 - 00003664 _____ C:\Windows\System32\Tasks\snp
    2018-07-05 10:20 - 2018-07-05 10:20 - 00003282 _____ C:\Windows\System32\Tasks\psv_Freeit
    2018-07-05 10:20 - 2018-07-05 10:20 - 00003278 _____ C:\Windows\System32\Tasks\psv_Whitezap
    2018-07-05 10:19 - 2018-07-05 10:19 - 00000000 ____D C:\Program Files\PMIVHI9I1N
    2018-07-05 10:18 - 2018-07-05 10:18 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\qjaajub334v
    2018-07-05 10:17 - 2018-07-05 10:17 - 00003300 _____ C:\Windows\System32\Tasks\psv_Transhold
    2018-07-05 10:17 - 2018-07-05 10:17 - 00003274 _____ C:\Windows\System32\Tasks\psv_Zonetrax
    2018-07-05 10:16 - 2018-07-05 10:16 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\h1kc34txfkn
    2018-07-05 10:16 - 2018-07-05 10:16 - 00000000 ____D C:\Program Files\J93TYNOVZR
    2018-07-05 10:13 - 2018-07-05 10:15 - 00196466 _____ C:\Windows\ntbtlog.txt
    2018-07-05 10:13 - 2018-07-05 10:13 - 00003280 _____ C:\Windows\System32\Tasks\psv_Dingdox
    2018-07-05 10:13 - 2018-07-05 10:13 - 00003276 _____ C:\Windows\System32\Tasks\psv_Roundex
    2018-07-05 10:13 - 2018-07-05 10:13 - 00003274 _____ C:\Windows\System32\Tasks\psv_Zoomansoft
    2018-07-05 10:11 - 2018-07-05 10:11 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\xxspffqwnp1
    2018-07-05 10:11 - 2018-07-05 10:11 - 00000000 ____D C:\Program Files\JOCEBT9GOS
    2018-07-05 10:10 - 2018-07-05 10:10 - 00003286 _____ C:\Windows\System32\Tasks\psv_LatCanstrong
    2018-07-05 10:08 - 2018-07-05 10:08 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\gmyo4nihviq
    2018-07-05 10:08 - 2018-07-05 10:08 - 00000000 ____D C:\Program Files\J9TUND4ASK
    2018-07-05 10:06 - 2018-07-05 10:06 - 00003292 _____ C:\Windows\System32\Tasks\psv_Move-Core
    2018-07-05 10:05 - 2018-07-05 10:05 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\b4ms22fwokw
    2018-07-05 10:05 - 2018-07-05 10:05 - 00000000 ____D C:\Program Files\4QJKVSFHWO
    2018-07-05 09:54 - 2018-07-05 09:54 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\Mozilla
    2018-07-05 09:54 - 2018-07-05 09:54 - 00000000 ____D C:\ProgramData\Voyasollams
    2018-07-05 09:54 - 2018-07-05 09:54 - 00000000 ____D C:\ProgramData\dec5f87f-7c1a-45d2-bbb0-52d9d01ae1ab
    2018-07-05 09:53 - 2018-07-05 10:47 - 00000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2018-07-05 09:53 - 2018-07-05 10:20 - 00000000 ____D C:\ProgramData\Voyasollam
    2018-07-05 09:53 - 2018-07-05 10:13 - 00929792 _____ C:\Users\Pawel\AppData\Local\sham.db
    2018-07-05 09:53 - 2018-07-05 09:53 - 07631872 _____ C:\Users\Pawel\AppData\Local\agent.dat
    2018-07-05 09:53 - 2018-07-05 09:53 - 01989199 _____ C:\Users\Pawel\AppData\Local\Vialux.tst
    2018-07-05 09:53 - 2018-07-05 09:53 - 01895382 _____ C:\Users\Pawel\AppData\Local\Spantone.bin
    2018-07-05 09:53 - 2018-07-05 09:53 - 01810944 _____ (TODO: <Company name>) C:\Users\Pawel\AppData\Local\Vialux.exe
    2018-07-05 09:53 - 2018-07-05 09:53 - 00278511 _____ C:\Users\Pawel\AppData\Local\Stimjob.bin
    2018-07-05 09:53 - 2018-07-05 09:53 - 00140800 _____ C:\Users\Pawel\AppData\Local\installer.dat
    2018-07-05 09:53 - 2018-07-05 09:53 - 00126464 _____ C:\Users\Pawel\AppData\Local\noah.dat
    2018-07-05 09:53 - 2018-07-05 09:53 - 00070896 _____ C:\Users\Pawel\AppData\Local\Config.xml
    2018-07-05 09:53 - 2018-07-05 09:53 - 00018432 _____ C:\Users\Pawel\AppData\Local\Main.dat
    2018-07-05 09:53 - 2018-07-05 09:53 - 00016080 _____ C:\Users\Pawel\AppData\Local\InstallationConfiguration.xml
    2018-07-05 09:53 - 2018-07-05 09:53 - 00005568 _____ C:\Users\Pawel\AppData\Local\md.xml
    2018-07-05 09:53 - 2018-07-05 09:53 - 00003230 _____ C:\Windows\System32\Tasks\ohllg
    2018-07-05 09:53 - 2018-07-05 09:53 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\fv3tp1cpjzv
    2018-07-05 09:53 - 2018-07-05 09:53 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\acuty
    2018-07-05 09:53 - 2018-07-05 09:53 - 00000000 ____D C:\ProgramData\PrefsSecure
    2018-07-05 09:53 - 2018-07-05 09:53 - 00000000 ____D C:\ProgramData\Logic Cramble
    2018-07-05 09:53 - 2018-07-05 09:53 - 00000000 ____D C:\Program Files\YQX6TUSIJW
    2018-07-05 09:53 - 2018-07-05 09:53 - 00000000 ____D C:\Program Files (x86)\Tjrii
    2018-07-05 09:52 - 2018-07-05 09:53 - 00003232 _____ C:\Windows\System32\Tasks\lqpue
    2018-07-05 09:52 - 2018-07-05 09:52 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
    2018-07-05 09:52 - 2018-07-05 09:52 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\vtgyc
    2018-07-05 09:53 - 2018-07-05 09:53 - 7631872 _____ () C:\Users\Pawel\AppData\Local\agent.dat
    2018-07-05 09:53 - 2018-07-05 09:53 - 0070896 _____ () C:\Users\Pawel\AppData\Local\Config.xml
    2018-07-05 09:53 - 2018-07-05 09:53 - 0016080 _____ () C:\Users\Pawel\AppData\Local\InstallationConfiguration.xml
    2018-07-05 09:53 - 2018-07-05 09:53 - 0140800 _____ () C:\Users\Pawel\AppData\Local\installer.dat
    2018-07-05 09:53 - 2018-07-05 09:53 - 0018432 _____ () C:\Users\Pawel\AppData\Local\Main.dat
    2018-07-05 09:53 - 2018-07-05 09:53 - 0005568 _____ () C:\Users\Pawel\AppData\Local\md.xml
    2018-07-05 09:53 - 2018-07-05 09:53 - 0126464 _____ () C:\Users\Pawel\AppData\Local\noah.dat
    2018-07-05 09:53 - 2018-07-05 10:13 - 0929792 _____ () C:\Users\Pawel\AppData\Local\sham.db
    2018-07-05 09:53 - 2018-07-05 09:53 - 1895382 _____ () C:\Users\Pawel\AppData\Local\Spantone.bin
    2018-07-05 09:53 - 2018-07-05 09:53 - 0278511 _____ () C:\Users\Pawel\AppData\Local\Stimjob.bin
    2018-07-05 09:53 - 2018-07-05 09:53 - 0032038 _____ () C:\Users\Pawel\AppData\Local\uninstall_temp.ico
    2018-07-05 09:53 - 2018-07-05 09:53 - 1810944 _____ (TODO: <Company name>) C:\Users\Pawel\AppData\Local\Vialux.exe
    2018-07-05 09:53 - 2018-07-05 09:53 - 1989199 _____ () C:\Users\Pawel\AppData\Local\Vialux.tst
    2018-05-10 17:27 - 2018-05-10 17:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Po wykonaniu zrob pelny skan przy pomocy mbam i usun to co wykryje, uzyj adwclenaer, opcja Clean i zamiesc nowe logi z FRST, ze skanowania.

    0
  • #3 05 Lip 2018 11:07
    --Paweł--
    Poziom 6  

    Byłbym wdzięczny gdybyś wkleił fixlist.txt w załącznik, ponieważ nie wiem czy zdążę zrobić to sam zanim dostanę bluescreena. Dziękuję.

    Użyłem ponownie FRTS do naprawy i jedynie co się zmieniło to, że teraz ok 30 sekund po starcie systemu dostaje bluescreena, myślę że bez instalacji Windowsa na nowo się nie obejdzie.

    Uruchamilem system z ostatnią dobra konfiguracja, bluescreeny o dziwo ustały, udało mi się przeskanować system programem adecleaner, 64 zagrożenia usunięte. Wchodząc przez msconfig nadal widnieją dziwne pozycję których wyłącznie nie skutkuje, oraz nie mogę wejść w żadną przeglądarkę internetową (biała ikonka).
    Za minutę wrzucę ponownie logi FRTS.

    0
  • #4 05 Lip 2018 11:25
    Kolobos
    Spec od komputerów

    Uruchom w trybie awarynym i tam wykonaj skanowanie.

    0
  • #6 05 Lip 2018 12:02
    Kolobos
    Spec od komputerów

    Screeny sa zbedne, po to zamieszczasz logi.

    Nowy Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {7C82F831-C55B-4274-B23E-38C14F1537A3} - \lqpue -> Brak pliku <==== UWAGA
    Task: {DFF1B983-D8FA-440B-8D61-2AE47004127C} - System32\Tasks\Driver Easy Scheduled Scan => D:\Program Files\Easeware\DriverEasy\DriverEasy.exe [2018-04-12] (Easeware)
    Task: {EF2DD74F-B4C4-4CD2-8A2E-FD70705813D0} - \ohllg -> Brak pliku <==== UWAGA
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [5013419] => "C:\Users\Pawel\AppData\Roaming\qjaajub334v\jd3uwq0uohu.exe" /VERYSILENT
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [NOUBF3O8QYLXICV] => "C:\Program Files\PMIVHI9I1N\PMIVHI9I1.exe"
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [1216101] => "C:\Users\Pawel\AppData\Roaming\upgkulp3alb\z1s05dpmo5k.exe" /VERYSILENT
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [JW77Q6ZLJZHDLNV] => "C:\Program Files\1HW4PWPRFB\1HW4PWPRF.exe"
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [0JHFZOHKSY65J4S] => "C:\Program Files\NPYVWBL3QE\NPYVWBL3Q.exe"
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Run: [3620076] => "C:\Users\Pawel\AppData\Roaming\2whg2rhp31x\kscdyxsqr5z.exe" /VERYSILENT
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
    AppInit_DLLs: C:\ProgramData\Voyasollam\ZunTone.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Trio-Is.dll => Brak pliku
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...qYHdC7n0FrMP04fEX5pFw9DrdUvZrVJ18RAhsT&q={searchTerms}
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...rsOxPdVUstYxV-pUqlxP5nxeENhVF4wepRmUuN2iaOTvE
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...qYHdC7n0FrMP04fEX5pFw9DrdUvZrVJ18RAhsT&q={searchTerms}
    HKU\S-1-5-21-2390916359-2105850983-3003124736-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...qYHdC7n0FrMP04fEX5pFw9DrdUvZrVJ18RAhsT&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    S3 AsrSetupDrv; \??\C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [X]
    S3 iobit_monitor_server; \??\D:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win7_x64.sys [X]
    R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2018-07-05 11:29 - 2018-07-05 11:29 - 00000000 ____D C:\AdwCleaner
    2018-07-05 11:24 - 2018-07-05 11:24 - 00367288 _____ C:\Windows\Minidump\070518-15303-01.dmp
    2018-07-05 11:19 - 2018-07-05 11:19 - 00367288 _____ C:\Windows\Minidump\070518-9063-01.dmp
    2018-07-05 11:17 - 2018-07-05 11:17 - 00367440 _____ C:\Windows\Minidump\070518-9765-01.dmp
    2018-07-05 11:16 - 2018-07-05 11:16 - 00367288 _____ C:\Windows\Minidump\070518-9547-01.dmp
    2018-07-05 11:14 - 2018-07-05 11:14 - 00403256 _____ C:\Windows\Minidump\070518-10670-01.dmp
    2018-07-05 11:11 - 2018-07-05 11:11 - 00400288 _____ C:\Windows\Minidump\070518-9828-01.dmp
    2018-07-05 11:11 - 2018-07-05 11:11 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\ylsrfhtq0yl
    2018-07-05 11:11 - 2018-07-05 11:11 - 00000000 ____D C:\Program Files\YE3NZQOVKB
    2018-07-05 11:09 - 2018-07-05 11:09 - 00000000 ____D C:\Program Files\4HT5DMBAM1
    2018-07-05 11:08 - 2018-07-05 11:08 - 00403624 _____ C:\Windows\Minidump\070518-11668-01.dmp
    2018-07-05 11:08 - 2018-07-05 11:08 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\kxsrjlfnabb
    2018-07-05 10:57 - 2018-07-05 10:57 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\3utqmmscucs
    2018-07-05 10:57 - 2018-07-05 10:57 - 00000000 ____D C:\Program Files\74P6XUKT59
    2018-07-05 10:56 - 2018-07-05 10:56 - 00401952 _____ C:\Windows\Minidump\070518-11091-01.dmp
    2018-07-05 10:53 - 2018-07-05 10:53 - 00403400 _____ C:\Windows\Minidump\070518-11450-01.dmp
    2018-07-05 10:53 - 2018-07-05 10:53 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\jhwt5cunwkc
    2018-07-05 10:53 - 2018-07-05 10:53 - 00000000 ____D C:\Program Files\4ALBD81179
    2018-07-05 10:50 - 2018-07-05 10:50 - 00000000 ____D C:\Users\Pawel\AppData\Roaming\pito4r5dmx1
    2018-07-05 10:50 - 2018-07-05 10:50 - 00000000 ____D C:\Program Files\YM6BQBQ32V
    2018-07-05 10:49 - 2018-07-05 10:49 - 00405792 _____ C:\Windows\Minidump\070518-10857-01.dmp
    2018-07-05 10:46 - 2018-07-05 10:46 - 00406008 _____ C:\Windows\Minidump\070518-11232-01.dmp
    2018-07-05 10:43 - 2018-07-05 10:44 - 00405792 _____ C:\Windows\Minidump\070518-9906-01.dmp
    2018-07-05 10:40 - 2018-07-05 10:40 - 00401952 _____ C:\Windows\Minidump\070518-11310-01.dmp
    2018-07-05 10:37 - 2018-07-05 10:37 - 00400288 _____ C:\Windows\Minidump\070518-9734-01.dmp
    2018-07-05 10:34 - 2018-07-05 10:34 - 00403568 _____ C:\Windows\Minidump\070518-12152-01.dmp
    2018-07-05 10:31 - 2018-07-05 10:31 - 00405592 _____ C:\Windows\Minidump\070518-11341-01.dmp
    2018-07-05 10:28 - 2018-07-05 10:28 - 00403560 _____ C:\Windows\Minidump\070518-10842-01.dmp
    2018-07-05 10:25 - 2018-07-05 10:25 - 00401952 _____ C:\Windows\Minidump\070518-12448-01.dmp
    2018-07-05 10:21 - 2018-07-05 10:21 - 00405672 _____ C:\Windows\Minidump\070518-10576-01.dmp
    2018-07-05 10:18 - 2018-07-05 10:18 - 00400288 _____ C:\Windows\Minidump\070518-11700-01.dmp
    2018-07-05 10:13 - 2018-07-05 10:14 - 00400288 _____ C:\Windows\Minidump\070518-9937-01.dmp
    2018-07-05 10:10 - 2018-07-05 10:10 - 00401952 _____ C:\Windows\Minidump\070518-10062-01.dmp
    2018-06-30 01:26 - 2018-06-30 01:26 - 00800033 _____ () C:\Users\Pawel\Downloads\_programy_EasyClicker Pro 1.3v.exe

    Po wykonaniu zamiesc nowe logi ze skanowania.

    Fixlist wykonaj w trybie awaryjnym, pozniej w trybie normalnym. Do tego staraj sie to wykonywac jak najszybciej, te wpisy sie caly czas dodaja i jak sie nie pospieszysz to zaraz pojawia sie nowe.

    0
  • #8 05 Lip 2018 12:30
    --Paweł--
    Poziom 6  

    Przeprowadzam skanowanie programem Malwarebytes, do tej pory wykryło 200 zagrożeń.
    Po skończeniu wyślę ponownie logi FRST

    0
  • Pomocny post
    #9 05 Lip 2018 12:37
    Kolobos
    Spec od komputerów

    Zle wklejasz/kopiujesz Fixlist! Skasowaly sie wszystkie \ dlatego nadal nie wszystko zostalo usuniete.

    Wykonaj ponownie podany wczesniej Fixlist, tym razem upewnij sie, ze \ sa na swoich miejscach.

    0
  • Pomocny post
    #11 05 Lip 2018 12:54
    Kolobos
    Spec od komputerów

    Wszystko wyglada ok, usun katalog C:\FRST i to wszystko.

    0
  • #12 05 Lip 2018 12:57
    --Paweł--
    Poziom 6  

    Nawet nie wiesz jak się ciesze, że pomogłeś mi z tego wybrnąć. Dziękuje i życzę miłego dnia. ;)

    0