Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Samoinstalujące się programy i reklamy same otwierające przeglądarkę

fafor4 09 Lip 2018 21:26 198 11
  • #1 09 Lip 2018 21:26
    fafor4
    Poziom 3  

    Witam,
    Chciałem pobrać sobie jakąś gierkę i tak jak w temacie pobrałem jakieś wirusy i cały czas same instalują mi się jakieś programy i same otwierają się jakieś reklamy w przeglądarce( przeglądarka sama się otwiera). Widziałem że pomagacie za pomocą programu FRST pobrałem go i w załączniku wstawiam pliki frst addition i shortcut. Proszę o dokładne wyjaśnienie co mam dalej zrobić bo nie za bardzo mogłem zrozumieć to co było pisane na forum w innych podobnych tematach. Z góry dziękuję za pomoc

    0 11
  • Pomocny post
    #2 09 Lip 2018 21:46
    Kolobos
    Spec od komputerów

    Odinstaluj:
    AVG Web TuneUp
    McAfee WebAdvisor

    Zainfekowany profil FF zostanie usuniety, po wszystkim mozesz zmienic profil w menadzerze profili FF ten:
    FF ProfilePath: C:\Users\Rafał\AppData\Roaming\Mozilla\Firefox\Profiles\ns7btxi6.default [2018-07-09]

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {0DD010EA-1552-4DB9-97BB-B86A03C4039E} - System32\Tasks\{C7C98D8D-C05B-4589-BB50-F1685C7D4815} => C:\Windows\system32\pcalua.exe -a G:\setup.exe -d G:\
    Task: {1BE6D910-AF74-448D-AB18-7DADF3D4612A} - System32\Tasks\Update_5.0.6 => C:\Program Files\SystemaRev\RevServicesX\SystemUpdate64x.exe [2018-07-02] (SystemaRev)
    Task: {21D9B096-9B77-436D-A878-638546A58334} - System32\Tasks\Opera scheduled Autoupdate 1462794716 => C:\Program Files (x86)\Opera\launcher.exe [2017-06-12] (Opera Software)
    Task: {4465C5D1-B55F-4D7B-93C0-8304749D3092} - System32\Tasks\{A554C0A3-6A8A-4134-BD77-380DB847B3DC} => C:\Windows\system32\pcalua.exe -a F:\OriginInstaller.exe -d F:\
    Task: {4981937F-5B91-4CD1-A7CD-7CF1F3F85CF0} - System32\Tasks\Learning Theomy Remate mod => C:\Windows\system32\rundll32.exe "C:\Program Files\Learning Theomy Remate mod\Learning Theomy Remate mod.dll",YjAhekx <==== UWAGA
    Task: {52DF41F8-5A94-4FB9-8B31-4180053323DF} - System32\Tasks\AppLoaderHelpers => C:\Program Files\SystemaRev\RevServicesX\app_loader.exe [2018-07-02] ()
    Task: {68D31A4A-D351-46FC-8DC3-302B9D84D064} - System32\Tasks\AppLoaderPM => C:\Program Files\SystemaRev\RevServicesX\app_loader.exe [2018-07-02] ()
    Task: {690C3162-655A-43B6-BAA7-FAFD94A169A9} - System32\Tasks\{420217A5-5928-4C77-9843-9C2EE3F584B6} => C:\Windows\system32\pcalua.exe -a E:\install.exe -d E:\
    Task: {969F5E04-1ACB-4CA2-8F68-508290D51390} - System32\Tasks\sjvwo => C:\Users\Rafa│\AppData\Roaming\mxqpm\sjvwo.vbs
    Task: {A7CC61B8-284C-4394-8963-6BA0F229839C} - System32\Tasks\{A1265C40-DC38-40EA-A535-2071B2470B6E} => C:\Windows\system32\pcalua.exe -a E:\INSTALL.EXE -d E:\
    Task: {A886474C-A43D-4E66-8803-3C1BCC5B1922} - System32\Tasks\{3C726D54-8E7E-4EF8-9ED9-E6784877E1BA} => C:\Windows\system32\pcalua.exe -a "D:\Moje Dokumenty\Desktop\new_goodgame_empire_hack_2013.exe" -d "D:\Moje Dokumenty\Desktop"
    Task: {BCA7F5AD-83DB-4626-ADAA-DC47D0386871} - \Begoch Builder -> Brak pliku <==== UWAGA
    Task: {C499106F-D5E0-4D6E-9A43-0902AE57B6F8} - System32\Tasks\RestoreRevTask => C:\Program Files\Common Files\restore_rev.bat [2018-06-24] () <==== UWAGA
    Task: {CE69BE4A-A326-4D2D-A858-8E35AD8EA7DD} - System32\Tasks\{89B3816A-117D-4862-8CA4-FEB92E4F4FE9} => C:\Windows\system32\pcalua.exe -a "D:\Need For Speed - Undercover - Kopia\nfs.exe" -d "D:\Need For Speed - Undercover - Kopia"
    Task: {D073E0A2-8511-4393-9553-0A5BDF820519} - System32\Tasks\RafałCozierUnmeritedV2 => rundll32.exe InduesDumbly.dll,main 7 1 <==== UWAGA
    Task: {D0F2312B-18DC-406B-9D0A-D8DAF6459F18} - System32\Tasks\{4F0C559E-AD47-4A2B-8766-98BA65DEB7EC} => C:\Windows\system32\pcalua.exe -a "D:\Moje Dokumenty\Desktop\Matlab\bin\win32\activate_matlab.exe" -d "D:\Moje Dokumenty\Desktop\Matlab\bin\win32"
    Task: {E48841E2-FFC6-42CE-B346-438EC79DD9E2} - System32\Tasks\ytubc => C:\Users\Rafa│\AppData\Roaming\nadoz\ytubc.vbs
    Task: {F477EC27-AD94-414F-9FCD-8C8BE11CC7FC} - System32\Tasks\Airy Pairility => C:\Windows\system32\rundll32.exe "C:\Program Files\Airy Pairility\Airy Pairility.dll",UwvJQoFrkaO <==== UWAGA
    2018-07-09 20:22 - 2015-06-01 22:57 - 004017152 _____ () C:\Program Files\Learning Theomy Remate mod\Learning Theomy Remate mod.dll
    2018-07-09 20:58 - 2018-07-09 20:58 - 000972288 _____ () C:\Windows\TEMP\g5CB0.tmp.exe
    2018-07-09 20:58 - 2018-07-09 20:58 - 000590336 _____ () C:\Users\Rafał\AppData\Local\Temp\NL7B296JOB\NL7B.exe
    2018-07-09 19:34 - 2018-07-09 19:34 - 000688128 _____ () C:\Program Files\Microsoft SQL Server\VFC5GZSG4D8CK546CK3JIVJ\p-KkLmwç+s.exe
    2018-07-09 20:58 - 2018-07-09 20:58 - 000713216 _____ () C:\Users\RAFA~1\AppData\Local\Temp\is-B1802.tmp\ktzhcbuceur.tmp
    2018-07-09 20:58 - 2018-07-09 20:58 - 000713216 _____ () C:\Users\RAFA~1\AppData\Local\Temp\is-ABSOB.tmp\iqqhrppms2x.tmp
    2018-07-09 20:58 - 2018-07-09 20:58 - 000713216 _____ () C:\Users\RAFA~1\AppData\Local\Temp\is-NH2RQ.tmp\2arovtefsvo.tmp
    2018-07-09 20:59 - 2018-07-09 20:59 - 000030376 _____ () C:\Users\RAFA~1\AppData\Local\Temp\is-6AH7V.tmp\_isetup\_isdecmp.dll
    2018-07-09 20:59 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\RAFA~1\AppData\Local\Temp\is-6AH7V.tmp\itdownload.dll
    2018-07-09 20:59 - 2018-07-09 20:59 - 000030376 _____ () C:\Users\RAFA~1\AppData\Local\Temp\is-2SF7O.tmp\_isetup\_isdecmp.dll
    2018-07-09 20:59 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\RAFA~1\AppData\Local\Temp\is-2SF7O.tmp\itdownload.dll
    2018-07-09 20:59 - 2018-07-09 20:59 - 000030376 _____ () C:\Users\RAFA~1\AppData\Local\Temp\is-DRJIH.tmp\_isetup\_isdecmp.dll
    2018-07-09 20:59 - 2008-10-15 17:44 - 000205312 _____ () C:\Users\RAFA~1\AppData\Local\Temp\is-DRJIH.tmp\itdownload.dll
    AlternateDataStreams: C:\Users\Public\AppData:CSM [460]
    Hosts:
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
    () C:\Windows\temp\g5CB0.tmp.exe
    () C:\Users\Rafał\AppData\Local\Temp\NL7B296JOB\NL7B.exe
    () C:\Program Files\Microsoft SQL Server\VFC5GZSG4D8CK546CK3JIVJ\p-KkLmwç+s.exe
    (Thonder ) C:\Users\Rafał\AppData\Roaming\0m5rnwhsfy3\ktzhcbuceur.exe
    (Thonder ) C:\Users\Rafał\AppData\Roaming\vlu2xvpb0ak\iqqhrppms2x.exe
    () C:\Users\RAFA~1\AppData\Local\Temp\is-B1802.tmp\ktzhcbuceur.tmp
    () C:\Users\RAFA~1\AppData\Local\Temp\is-ABSOB.tmp\iqqhrppms2x.tmp
    (Thonder ) C:\Users\Rafał\AppData\Roaming\1mlurmat0os\2arovtefsvo.exe
    () C:\Users\RAFA~1\AppData\Local\Temp\is-NH2RQ.tmp\2arovtefsvo.tmp
    HKLM\...\Run: [rundll32] => C:\Windows\system32\rundll32.exe "C:\Program Files\Learning Theomy Remate mod\Learning Theomy Remate mod.dll",YjAhekx
    HKLM\...\RunOnce: [OMEWPRODUCT_] => C:\Program Files\Microsoft SQL Server\VFC5GZSG4D8CK546CK3JIVJ\tMPU+-85pp.exe [293376 2018-07-09] ()
    HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
    HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
    HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
    HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
    HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
    HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
    HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
    HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
    HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-2672544192-3673513097-2516349809-1000\...\Run: [p-KkLmwç+s.exe] => C:\Program Files\Microsoft SQL Server\VFC5GZSG4D8CK546CK3JIVJ\p-KkLmwç+s.exe [688128 2018-07-09] ()
    HKU\S-1-5-21-2672544192-3673513097-2516349809-1000\...\Run: [8992622] => C:\Users\Rafał\AppData\Roaming\0m5rnwhsfy3\ktzhcbuceur.exe [545895 2018-07-09] (Thonder )
    HKU\S-1-5-21-2672544192-3673513097-2516349809-1000\...\Run: [3354470] => C:\Users\Rafał\AppData\Roaming\vlu2xvpb0ak\iqqhrppms2x.exe [545895 2018-07-09] (Thonder )
    HKU\S-1-5-21-2672544192-3673513097-2516349809-1000\...\Run: [5968066] => C:\Users\Rafał\AppData\Roaming\1mlurmat0os\2arovtefsvo.exe [545895 2018-07-09] (Thonder )
    HKU\S-1-5-21-2672544192-3673513097-2516349809-1000\...\Policies\Explorer: []
    AppInit_DLLs: C:\ProgramData\ocep\Tipplus.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\ocep\Haybam.dll => Brak pliku
    GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA
    HKU\S-1-5-21-2672544192-3673513097-2516349809-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...b6722mpMSB74hmK6vNA8n6LvRFGuaiGHlavvI,&q={searchTerms}
    HKU\S-1-5-21-2672544192-3673513097-2516349809-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRYEqQao...rXm3YFQ75DATi9f-6IoELK5x314KS6KiGHuUABiq1iP0,,
    SearchScopes: HKLM -> DefaultScope {FDC320A9-B4B2-491E-B140-815C11613CB6} URL =
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-2672544192-3673513097-2516349809-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...fTkv5l6nY5no_LXPPl-6dUy8JsdLFq3rEINsc,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2672544192-3673513097-2516349809-1000 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = hxxp://search.yahoo.com/search?p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2672544192-3673513097-2516349809-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...fTkv5l6nY5no_LXPPl-6dUy8JsdLFq3rEINsc,&q={searchTerms}
    BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
    BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
    FF DefaultProfile: 680angu9.default
    FF ProfilePath: C:\Users\Rafał\AppData\Roaming\Profiles\680angu9.default [2018-07-09] <==== UWAGA
    FF Homepage: Profiles\680angu9.default -> hxxps://encrypted.google.com
    FF NewTab: Profiles\680angu9.default -> C:\\ProgramData\\oceps\\ff.NT
    FF SearchPlugin: C:\Users\Rafał\AppData\Roaming\Profiles\680angu9.default\searchplugins\findit.xml [2017-04-26]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => nie znaleziono
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2672544192-3673513097-2516349809-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-06-05] (McAfee, Inc.) [Brak podpisu cyfrowego]
    S3 SystemUpdate64; C:\Program Files\SystemaRev\RevServicesX\SystemUpdate64x.exe [593920 2018-07-02] (SystemaRev) [Brak podpisu cyfrowego] <==== UWAGA
    R2 winamgr; C:\ProgramData\Microsoft\Windows\Audio\winamgr.exe [10415104 2018-07-05] (Microsoft Corporation) [Brak podpisu cyfrowego] <==== UWAGA
    S2 BitTorrent; "C:\Program Files\BitTorrent\BitTorrent.exe" /s iid=7053506 did=APSnapdoAMRev sid=3 ref=dd842ba7-c58e-76d3-e3f3-e672c39e0996-PolicyMac id=dd812add0fa25e18ae3e821b34499a85ed36452d71702c83eadec1ea9c0c0077 [X] <==== UWAGA
    S2 ktip; "C:\Program Files\ktip\ktip.exe" /s iid=7053525 did=APSFTuto4PC sid=11 ref=dd842ba7-c58e-76d3-e3f3-e672c39e0996-PolicyMac id=dd812add0fa25e18ae3e821b34499a85ed36452d71702c83eadec1ea9c0c0077 [X]
    S2 prhMngSrv; "C:\Program Files (x86)\Prehuph\prhMngSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
    U3 aswbdisk; Brak ImagePath
    S3 iscFlash; \??\C:\Users\RAFA~1\AppData\Local\Temp\7zS310E.tmp\iscflashx64.sys [X] <==== UWAGA
    S1 prisafe; \SystemRoot\System32\drivers\prisafe.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2018-07-09 21:00 - 2018-07-09 21:00 - 000000000 ____D C:\ProgramData\SystemaRev
    2018-07-09 21:00 - 2018-07-09 21:00 - 000000000 ____D C:\AdwCleaner
    2018-07-09 20:40 - 2018-07-09 21:00 - 000003784 _____ C:\Windows\System32\Tasks\AppLoaderPM
    2018-07-09 20:40 - 2018-07-09 20:40 - 000000000 ____D C:\Program Files\SystemaRev
    2018-07-09 20:38 - 2018-07-09 21:01 - 000016080 _____ C:\Users\Rafał\AppData\Local\InstallationConfiguration.xml
    2018-07-09 20:33 - 2018-07-09 20:33 - 000000000 _____ C:\Users\Rafał\No
    2018-07-09 20:33 - 2018-07-09 20:33 - 000000000 _____ C:\Users\Rafał\DefaultScope
    2018-07-09 20:22 - 2018-07-09 21:25 - 000016758 _____ C:\Windows\System32\Tasks\Learning Theomy Remate mod
    2018-07-09 20:14 - 2018-07-09 21:00 - 000003788 _____ C:\Windows\System32\Tasks\Update_5.0.6
    2018-07-09 20:14 - 2018-07-09 20:14 - 000003994 _____ C:\Windows\System32\Tasks\AppLoaderHelpers
    2018-07-09 20:14 - 2018-07-09 20:14 - 000003372 _____ C:\Windows\System32\Tasks\RestoreRevTask
    2018-07-09 20:14 - 2018-06-19 16:31 - 000003922 _____ C:\Program Files\Common Files\AppLoaderHelpers.xml.back
    2018-07-09 20:14 - 2018-06-17 02:28 - 000001609 _____ C:\Program Files\Common Files\RestoreRevTask.xml.back
    2018-07-09 20:08 - 2018-07-09 21:00 - 000016718 _____ C:\Windows\System32\Tasks\Airy Pairility
    2018-07-09 20:07 - 2018-07-09 21:01 - 000929792 _____ C:\Users\Rafał\AppData\Local\sham.db
    2018-07-09 20:07 - 2018-07-09 20:07 - 000140800 _____ C:\Users\Rafał\AppData\Local\installer.dat
    2018-07-09 19:58 - 2018-07-09 19:58 - 000001428 _____ C:\Users\Rafał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2018-07-09 19:52 - 2018-07-09 19:52 - 000000266 __RSH C:\Users\Rafał\ntuser.pol
    2018-07-09 19:37 - 2018-07-09 19:37 - 000675239 _____ ( ) C:\Users\Rafał\AppData\Roaming\N4IFYDO.exe
    2018-07-09 19:37 - 2018-07-09 19:37 - 000007168 _____ () C:\Users\Rafał\AppData\Roaming\BO4XRXG.exe
    2018-07-09 19:37 - 2018-07-09 19:37 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\N4IFYDO.exe.config
    2018-07-09 19:37 - 2018-07-09 19:37 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\BO4XRXG.exe.config
    2018-07-09 19:37 - 2018-07-09 19:37 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\1mlurmat0os
    2018-07-09 19:37 - 2018-07-09 19:37 - 000000000 ____D C:\Program Files\QD8DNN8GZG
    2018-07-09 19:36 - 2018-07-09 19:36 - 000003230 _____ C:\Windows\System32\Tasks\ytubc
    2018-07-09 19:36 - 2018-07-09 19:36 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\nadoz
    2018-07-09 19:35 - 2018-07-09 20:58 - 000002836 __RSH C:\ProgramData\ntuser.pol
    2018-07-09 19:35 - 2018-07-09 19:37 - 000000000 ____D C:\Program Files (x86)\Frot
    2018-07-09 19:35 - 2018-07-09 19:35 - 000675239 _____ ( ) C:\Users\Rafał\AppData\Roaming\G5CFFVO.exe
    2018-07-09 19:35 - 2018-07-09 19:35 - 000007168 _____ () C:\Users\Rafał\AppData\Roaming\OAQBQXG.exe
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\OAQBQXG.exe.config
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\G5CFFVO.exe.config
    2018-07-09 19:35 - 2018-07-09 19:35 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\vlu2xvpb0ak
    2018-07-09 19:35 - 2018-07-09 19:35 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\0m5rnwhsfy3
    2018-07-09 19:35 - 2018-07-09 19:35 - 000000000 ____D C:\Program Files\YR1CFKE0QT
    2018-07-09 19:35 - 2018-07-09 19:35 - 000000000 ____D C:\Program Files\I7J0PIWHU1
    2018-07-09 19:34 - 2018-07-09 19:40 - 000000000 ____D C:\Program Files (x86)\foldershare
    2018-07-09 19:34 - 2018-07-09 19:34 - 000003230 _____ C:\Windows\System32\Tasks\sjvwo
    2018-07-09 19:34 - 2018-07-09 19:34 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\mxqpm
    2018-06-24 15:07 - 2018-06-24 15:07 - 000000168 ____H C:\Program Files\Common Files\restore_rev.bat
    2018-06-19 16:31 - 2018-07-09 20:14 - 000003900 _____ C:\Program Files\Common Files\AppLoaderHelpers.xml
    2018-06-17 02:28 - 2018-07-09 20:14 - 000001638 _____ C:\Program Files\Common Files\RestoreRevTask.xml
    2018-06-19 16:31 - 2018-07-09 20:14 - 000003900 _____ () C:\Program Files\Common Files\AppLoaderHelpers.xml
    2018-07-09 20:14 - 2018-06-19 16:31 - 000003922 _____ () C:\Program Files\Common Files\AppLoaderHelpers.xml.back
    2018-06-17 02:28 - 2018-07-09 20:14 - 000001638 _____ () C:\Program Files\Common Files\RestoreRevTask.xml
    2018-07-09 20:14 - 2018-06-17 02:28 - 000001609 _____ () C:\Program Files\Common Files\RestoreRevTask.xml.back
    2018-06-24 15:07 - 2018-06-24 15:07 - 000000168 ____H () C:\Program Files\Common Files\restore_rev.bat
    2016-05-24 15:34 - 2016-05-24 15:36 - 000054272 _____ () C:\Users\Rafał\AppData\Roaming\ApplicationHosting.dat
    2016-05-24 15:34 - 2016-05-24 15:34 - 000072827 _____ () C:\Users\Rafał\AppData\Roaming\Bluein.tst
    2018-07-09 19:37 - 2018-07-09 19:37 - 000007168 _____ () C:\Users\Rafał\AppData\Roaming\BO4XRXG.exe
    2018-07-09 19:37 - 2018-07-09 19:37 - 000001810 _____ () C:\Users\Rafał\AppData\Roaming\BO4XRXG.exe.config
    2016-05-24 15:34 - 2016-05-24 15:34 - 001756488 _____ () C:\Users\Rafał\AppData\Roaming\Canlam.tst
    2016-05-23 17:47 - 2016-05-23 19:12 - 000000693 _____ () C:\Users\Rafał\AppData\Roaming\del.bat
    2017-09-19 22:33 - 2017-09-19 22:33 - 000155674 _____ () C:\Users\Rafał\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
    2013-08-29 10:25 - 2013-08-29 10:25 - 000889416 _____ (Microsoft Corporation) C:\Users\Rafał\AppData\Roaming\dotNetFx40_Full_setup.exe
    2018-07-09 19:35 - 2018-07-09 19:35 - 000675239 _____ ( ) C:\Users\Rafał\AppData\Roaming\G5CFFVO.exe
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ () C:\Users\Rafał\AppData\Roaming\G5CFFVO.exe.config
    2016-05-24 15:34 - 2016-05-24 15:34 - 001756488 _____ () C:\Users\Rafał\AppData\Roaming\Inchcore.tst
    2016-05-24 15:35 - 2016-05-24 15:35 - 000072827 _____ () C:\Users\Rafał\AppData\Roaming\K-plus.tst
    2016-05-24 15:34 - 2016-05-24 15:36 - 000126464 _____ () C:\Users\Rafał\AppData\Roaming\lobby.dat
    2018-07-09 19:37 - 2018-07-09 19:37 - 000675239 _____ ( ) C:\Users\Rafał\AppData\Roaming\N4IFYDO.exe
    2018-07-09 19:37 - 2018-07-09 19:37 - 000001810 _____ () C:\Users\Rafał\AppData\Roaming\N4IFYDO.exe.config
    2018-07-09 19:35 - 2018-07-09 19:35 - 000007168 _____ () C:\Users\Rafał\AppData\Roaming\OAQBQXG.exe
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ () C:\Users\Rafał\AppData\Roaming\OAQBQXG.exe.config
    2016-05-24 15:34 - 2016-05-24 15:34 - 000072827 _____ () C:\Users\Rafał\AppData\Roaming\Trueron.tst
    2016-05-24 15:36 - 2016-05-24 15:37 - 000032038 _____ () C:\Users\Rafał\AppData\Roaming\uninstall_temp.ico
    2016-05-24 15:36 - 2016-05-24 15:36 - 001756488 _____ () C:\Users\Rafał\AppData\Roaming\Viaovelab.tst
    2016-05-24 15:35 - 2016-05-24 15:35 - 001756488 _____ () C:\Users\Rafał\AppData\Roaming\Vilatax.tst
    2013-10-16 12:15 - 2013-10-16 12:15 - 000000096 _____ () C:\Users\Rafał\AppData\Roaming\WB.CFG
    2013-10-16 12:15 - 2013-10-16 12:15 - 000000006 _____ () C:\Users\Rafał\AppData\Roaming\WBPU-TTL.DAT
    2016-05-24 15:36 - 2016-05-24 15:36 - 000072827 _____ () C:\Users\Rafał\AppData\Roaming\Zookeyfax.tst
    2013-10-10 19:24 - 2014-01-04 20:31 - 000008704 _____ () C:\Users\Rafał\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-07-09 20:38 - 2018-07-09 21:01 - 000016080 _____ () C:\Users\Rafał\AppData\Local\InstallationConfiguration.xml
    2018-07-09 20:07 - 2018-07-09 20:07 - 000140800 _____ () C:\Users\Rafał\AppData\Local\installer.dat
    2016-05-24 15:35 - 2016-05-24 15:35 - 000041472 _____ () C:\Users\Rafał\AppData\Local\Lottexon.dat
    2016-05-24 15:35 - 2016-05-24 15:35 - 000000187 _____ () C:\Users\Rafał\AppData\Local\Lottexon.exe.config
    2016-05-24 15:35 - 2016-05-24 15:35 - 000041472 _____ () C:\Users\Rafał\AppData\Local\Quadtex.dat
    2016-05-24 15:35 - 2016-05-24 15:35 - 000000187 _____ () C:\Users\Rafał\AppData\Local\Quadtex.exe.config
    2016-05-29 16:34 - 2016-06-05 20:49 - 000007594 _____ () C:\Users\Rafał\AppData\Local\resmon.resmoncfg
    2018-07-09 20:07 - 2018-07-09 21:01 - 000929792 _____ () C:\Users\Rafał\AppData\Local\sham.db
    2016-05-24 15:35 - 2016-05-24 15:35 - 000041472 _____ () C:\Users\Rafał\AppData\Local\Suntexon.dat
    2016-05-24 15:35 - 2016-05-24 15:35 - 000000187 _____ () C:\Users\Rafał\AppData\Local\Suntexon.exe.config

    Po wykonaniu zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Zamiesc tez nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #4 09 Lip 2018 22:45
    Kolobos
    Spec od komputerów

    Z tego co widze to nie wykonales.

    Wykonaj podany Fixlist.txt, po wykonaniu zamiesc Fixlog, ktory sie utworzy oraz nowe logi z FRST, ze skanowania.

    0
  • #6 09 Lip 2018 23:22
    fafor4
    Poziom 3  

    Po przeskanowaniu malwarebyte skanowałem też za pomoca FRST i powyżej są z tego logi

    0
  • Pomocny post
    #7 10 Lip 2018 10:51
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    Task: {4AC0779C-02C7-4F3A-9670-2C4B7C6DAEF6} - System32\Tasks\Opera scheduled Autoupdate 1531167528 => C:\Program Files\Opera\launcher.exe [2018-07-06] (Opera Software)
    2018-07-09 22:18 - 2018-07-09 22:18 - 000004094 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1531167528
    2018-07-09 20:33 - 2018-07-09 20:33 - 000000000 _____ C:\Users\Rafał\No
    2018-07-09 20:33 - 2018-07-09 20:33 - 000000000 _____ C:\Users\Rafał\DefaultScope
    2018-07-09 20:07 - 2018-07-09 20:07 - 000140800 _____ C:\Users\Rafał\AppData\Local\installer.dat
    2018-07-09 19:58 - 2018-07-09 19:58 - 000001428 _____ C:\Users\Rafał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2018-07-09 19:52 - 2018-07-09 22:30 - 000000008 __RSH C:\Users\Rafał\ntuser.pol
    2018-07-09 19:37 - 2018-07-09 22:26 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\1mlurmat0os
    2018-07-09 19:37 - 2018-07-09 19:37 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\N4IFYDO.exe.config
    2018-07-09 19:37 - 2018-07-09 19:37 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\BO4XRXG.exe.config
    2018-07-09 19:35 - 2018-07-09 22:26 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\vlu2xvpb0ak
    2018-07-09 19:35 - 2018-07-09 22:26 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\0m5rnwhsfy3
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\OAQBQXG.exe.config
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\G5CFFVO.exe.config
    2018-07-04 22:58 - 2018-07-04 22:58 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\Wise Auto Shutdown
    2018-07-09 22:28 - 2018-02-12 21:13 - 000000000 ____D C:\ProgramData\McAfee
    2018-07-09 22:26 - 2016-05-24 15:32 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\GcX1N
    2018-07-09 21:53 - 2009-07-14 05:20 - 000000000 ____D C:\Program Files\Learning Theomy Remate mod
    2018-07-09 19:37 - 2018-07-09 19:37 - 000001810 _____ () C:\Users\Rafał\AppData\Roaming\BO4XRXG.exe.config
    2016-05-23 17:47 - 2016-05-23 19:12 - 000000693 _____ () C:\Users\Rafał\AppData\Roaming\del.bat
    2017-09-19 22:33 - 2017-09-19 22:33 - 000155674 _____ () C:\Users\Rafał\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
    2013-08-29 10:25 - 2013-08-29 10:25 - 000889416 _____ (Microsoft Corporation) C:\Users\Rafał\AppData\Roaming\dotNetFx40_Full_setup.exe
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ () C:\Users\Rafał\AppData\Roaming\G5CFFVO.exe.config
    2018-07-09 19:37 - 2018-07-09 19:37 - 000001810 _____ () C:\Users\Rafał\AppData\Roaming\N4IFYDO.exe.config
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ () C:\Users\Rafał\AppData\Roaming\OAQBQXG.exe.config
    2013-10-16 12:15 - 2013-10-16 12:15 - 000000096 _____ () C:\Users\Rafał\AppData\Roaming\WB.CFG
    2013-10-16 12:15 - 2013-10-16 12:15 - 000000006 _____ () C:\Users\Rafał\AppData\Roaming\WBPU-TTL.DAT
    2013-10-10 19:24 - 2014-01-04 20:31 - 000008704 _____ () C:\Users\Rafał\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-07-09 20:07 - 2018-07-09 20:07 - 000140800 _____ () C:\Users\Rafał\AppData\Local\installer.dat

    Po wykonaniu zamiesc nowe logi, z FRST, ze skanowania.

    0
  • #9 10 Lip 2018 18:58
    Kolobos
    Spec od komputerów

    Odinstaluj SHAREit.

    Juz wiem co jest problemem, polski znak w nazwie Twojego konta, dlatego sie nie usunelo wszystko.

    Usun recznie te pliki:
    2018-07-09 20:48 - 2018-07-10 16:33 - 000000000 ____D C:\FRST
    2018-07-09 20:33 - 2018-07-09 20:33 - 000000000 _____ C:\Users\Rafał\No
    2018-07-09 20:33 - 2018-07-09 20:33 - 000000000 _____ C:\Users\Rafał\DefaultScope
    2018-07-09 20:07 - 2018-07-09 20:07 - 000140800 _____ C:\Users\Rafał\AppData\Local\installer.dat
    2018-07-09 19:58 - 2018-07-09 19:58 - 000001428 _____ C:\Users\Rafał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2018-07-09 19:52 - 2018-07-09 22:30 - 000000008 __RSH C:\Users\Rafał\ntuser.pol
    2018-07-09 19:37 - 2018-07-09 22:26 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\1mlurmat0os
    2018-07-09 19:37 - 2018-07-09 19:37 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\N4IFYDO.exe.config
    2018-07-09 19:37 - 2018-07-09 19:37 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\BO4XRXG.exe.config
    2018-07-09 19:35 - 2018-07-09 22:26 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\vlu2xvpb0ak
    2018-07-09 19:35 - 2018-07-09 22:26 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\0m5rnwhsfy3
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\OAQBQXG.exe.config
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ C:\Users\Rafał\AppData\Roaming\G5CFFVO.exe.config
    2018-07-09 22:26 - 2016-05-24 15:32 - 000000000 ____D C:\Users\Rafał\AppData\Roaming\GcX1N
    2016-05-23 17:47 - 2016-05-23 19:12 - 000000693 _____ () C:\Users\Rafał\AppData\Roaming\del.bat
    2017-09-19 22:33 - 2017-09-19 22:33 - 000155674 _____ () C:\Users\Rafał\AppData\Roaming\DMGR_1N1I1F1S1T1I0M1F1Q2Y1I1P1B0C1F1Q1P.txt
    2013-08-29 10:25 - 2013-08-29 10:25 - 000889416 _____ (Microsoft Corporation) C:\Users\Rafał\AppData\Roaming\dotNetFx40_Full_setup.exe
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ () C:\Users\Rafał\AppData\Roaming\G5CFFVO.exe.config
    2018-07-09 19:37 - 2018-07-09 19:37 - 000001810 _____ () C:\Users\Rafał\AppData\Roaming\N4IFYDO.exe.config
    2018-07-09 19:35 - 2018-07-09 19:35 - 000001810 _____ () C:\Users\Rafał\AppData\Roaming\OAQBQXG.exe.config
    2013-10-10 19:24 - 2014-01-04 20:31 - 000008704 _____ () C:\Users\Rafał\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-07-09 20:07 - 2018-07-09 20:07 - 000140800 _____ () C:\Users\Rafał\AppData\Local\installer.dat

    To wszystko.

    0
  • #11 10 Lip 2018 19:55
    Kolobos
    Spec od komputerów

    Tak, moze tak zostac, to wszystko.

    0
  • #12 10 Lip 2018 20:59
    fafor4
    Poziom 3  

    Ok, dzięki za pomoc :D

    0