Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wyskakujące bez przerwy okienka z reklamami w przeglądarce

DeadFill23 07 Sie 2018 17:40 120 6
  • Pomocny post
    #2 07 Sie 2018 17:58
    Kolobos
    Spec od komputerów

    Napisales w zlym dziale, do tego zamiesc w zalaczniku wymagane logi z FRST, ze skanowania.

    Dodano po 12 [minuty]:




    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {12220E5D-1ACC-4A94-AC2B-53CA92AB658D} - System32\Tasks\klcp_update => C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-08-18] ()
    Task: {23BCF52E-1677-483F-9AC3-A656AF7253B3} - System32\Tasks\Chromium namis => "wscript.exe" "C:\ProgramData\{C8340D57-4276-8791-C4B0-19D35EF2921D}\tara.txt" "68747470733a2f2f64326234366537617832617466692e636c6f756466726f6e742e6e6574" "//B" "//E:jscript" "--IsErIk" <==== UWAGA
    Task: {37E59BA8-FB39-4385-9E18-1E2667C3AD4B} - System32\Tasks\{F23EBE7A-D518-4C37-89CD-C787A22C8440} => C:\Windows\system32\pcalua.exe -a G:\SETUP.EXE -d G:\
    Task: {66B999D9-217D-4E64-A748-639545594459} - System32\Tasks\Opera scheduled Autoupdate 1519036741 => C:\Users\Krystian\AppData\Local\Programs\Opera\launcher.exe
    Task: {8FF7759F-5F97-44E8-89A5-73A4916D502C} - System32\Tasks\{D0E17806-7B6D-4698-855D-A6C8103F5CCC} => C:\Windows\system32\pcalua.exe -a C:\Users\Krystian\Downloads\15.58-nforce-winvista-win7-32bit-international-whql.exe -d C:\Users\Krystian\Downloads
    Task: {925106DA-53AB-43CF-A808-0642DD0D7895} - System32\Tasks\{9A2DFD36-5894-4406-9793-75FE7DD9EE7A} => C:\Program Files\Steam\Steam.exe
    Task: {ADA98938-966B-45A4-B5DE-0CEE099466E2} - System32\Tasks\{F15ED574-AD12-4310-8B09-BAE30DAF5F5F} => C:\Program Files\Steam\Steam.exe
    Task: {AF95EA74-D967-4DF2-B343-2BFD90CB48E8} - System32\Tasks\{F0C23BD3-B91D-4CE7-B083-5A503E290FF3} => C:\Windows\system32\pcalua.exe -a D:\Gry\Crysis_2-FLT\EASetup.exe -d D:\Gry\Crysis_2-FLT
    Task: {B5271DEF-82CB-4A9C-91A1-8D80032496D4} - System32\Tasks\{22636F6F-4BBE-4C2E-9A14-CC57433AEADB} => C:\Windows\system32\pcalua.exe -a "D:\Deluxe Ski Jump 3dasvh\Setup.exe" -d "D:\Deluxe Ski Jump 3dasvh"
    Task: {D4E4F2AF-A593-41AF-A8E8-A46A4876275C} - System32\Tasks\Opera scheduled Autoupdate 1503746118 => C:\Users\Krystian\AppData\Local\Programs\Opera\launcher.exe
    AlternateDataStreams: C:\Windows\system32\config\systemprofile:.repos [6121642]
    Hosts:
    () C:\Program Files\Fear\trzE493.tmp
    () C:\Program Files\Fear\trzF1CF.tmp
    (%IG) C:\Users\Krystian\AppData\Local\Temp\is-2BHD9.tmp\trz7BAB.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-UEGFT.tmp\trz4253.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\oaw430ygt23\wq5uo3ob05b.exe
    ( ) C:\Users\Krystian\AppData\Roaming\murex2ou0el\x0angrscuxh.exe
    ( ) C:\Users\Krystian\AppData\Roaming\vn5ore5qh1u\mst2wfrbsxy.exe
    (%IG) C:\Program Files\V0OQUPYMDX\trz3480.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-7CAV7.tmp\wq5uo3ob05b.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-4OMUJ.tmp\x0angrscuxh.tmp




    (%IG) C:\Program Files\K2P1QQWJW3\trzC2CA.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-6JGVA.tmp\mst2wfrbsxy.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\5vrgko1aggj\lf3b04nhlaz.exe
    ( ) C:\Users\Krystian\AppData\Roaming\asjihf3j4rh\2xl3yi4e4a0.exe
    (%IG) C:\Program Files\477XJ02KM6\trzEDAD.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\q3grss2lgtt\c2bwbaii5tx.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-SD2LD.tmp\lf3b04nhlaz.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\51qxfykflxe\gxbhy5id1vg.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-24UUT.tmp\2xl3yi4e4a0.tmp
    (%IG) C:\Program Files\KVC2YL0F56\trzD0F1.tmp
    (%IG) C:\Program Files\QCOGVX86S0\trz1845.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-ATIPI.tmp\c2bwbaii5tx.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-5DDGA.tmp\gxbhy5id1vg.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\etspstxkh4k\gk4xepatoow.exe
    (%IG) C:\Program Files\3VXB46AEVG\trzE38C.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\ln4cspchslz\wjemx44cv0b.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-S1MUC.tmp\gk4xepatoow.tmp
    (%IG) C:\Program Files\Q7WKCH8RFT\trz14C9.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\ehv43kavy0a\yjmyo401r2h.exe
    ( ) C:\Users\Krystian\AppData\Roaming\bw34o2wojdl\yvke3rvkxzk.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-ES23F.tmp\wjemx44cv0b.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\35qhr1pegm1\u10rjvcbfgr.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-T9G7B.tmp\yjmyo401r2h.tmp
    (%IG) C:\Program Files\KAMLEN0XJS\trzCA4B.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-AVAJ2.tmp\yvke3rvkxzk.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\0ikngh4nj4a\5l1l5lenm03.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-RQJFD.tmp\u10rjvcbfgr.tmp
    (%IG) C:\Program Files\XYZQ88DQFC\trz46F9.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\xagde1qfmvu\rjulemurojt.exe
    ( ) C:\Users\Krystian\AppData\Roaming\g2cyqlm2pvh\aes0lvzuuro.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-QA5NA.tmp\5l1l5lenm03.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\hfvofqwa23i\rzjskyrlk0i.exe
    (%IG) C:\Program Files\18MWECH4JJ\trzD2D6.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-OU078.tmp\rjulemurojt.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-9P93J.tmp\aes0lvzuuro.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-BII45.tmp\rzjskyrlk0i.tmp
    (%IG) C:\Program Files\M90WBOYFSM\trzE919.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\kwpxbqnrupi\g5mrktd3bpc.exe
    (%IG) C:\Program Files\5YTP6WTEBZ\trzFA32.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\gllm4o2clny\2kq0utko5fn.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-KCMUV.tmp\g5mrktd3bpc.tmp
    (%IG) C:\Program Files\48BACULKXA\trzF37A.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\yck5epzpf03\yrytospjjny.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-718RS.tmp\2kq0utko5fn.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\rtzjr21k02p\rd40cipz0g3.exe
    ( ) C:\Users\Krystian\AppData\Roaming\yabdirtsffu\df15zzcniwv.exe
    ( ) C:\Users\Krystian\AppData\Roaming\550441vm0xs\wilhq2ksc1s.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-MAIVV.tmp\yrytospjjny.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\gx5jsv3qgu2\c3dwrkom4sk.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-QJ7P4.tmp\rd40cipz0g3.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\iv0gzd1svpe\dc5lyiyvgxd.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-9R0T3.tmp\df15zzcniwv.tmp
    (66CL3) C:\Program Files\T26MO6VNVI\T26MO6VNV.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-JU97L.tmp\wilhq2ksc1s.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-CG5TS.tmp\c3dwrkom4sk.tmp
    (66CL3) C:\Program Files\NIE3Q9HAUE\trzF744.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-F12MK.tmp\dc5lyiyvgxd.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\0rrt0vxgeh5\hqqwqia5ku5.exe
    ( ) C:\Users\Krystian\AppData\Roaming\izmnih5dbfz\ctizkmkzh3r.exe
    ( ) C:\Users\Krystian\AppData\Roaming\lwblnuvdvsk\lavqx2dlwyx.exe
    (66CL3) C:\Program Files\LUSTNNAEFP\trzD41E.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-SOE2F.tmp\hqqwqia5ku5.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-G7AVE.tmp\ctizkmkzh3r.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\uezpbisyqnk\ohfg042uzab.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-MVBH7.tmp\lavqx2dlwyx.tmp
    (66CL3) C:\Program Files\D57U1BD8V8\trz6FB6.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\vkxqaesuxzw\jbigz3giesr.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-IVI0G.tmp\ohfg042uzab.tmp
    (66CL3) C:\Program Files\F0QSPO0UKA\trz7F35.tmp
    (66CL3) C:\Program Files\WFOGWWGW1C\trz4005.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-BIVMS.tmp\jbigz3giesr.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\hddumfxp3zn\ouknmmp5y0t.exe
    ( ) C:\Users\Krystian\AppData\Roaming\rooqlc5rlrv\2izupks2gkw.exe
    ( ) C:\Users\Krystian\AppData\Roaming\eeyaywavyt4\xdixpt4kiwv.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-Q1UQT.tmp\ouknmmp5y0t.tmp
    () C:\Program Files\9OYGZJEGMB\trz50E.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-B1FV9.tmp\2izupks2gkw.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-R553E.tmp\xdixpt4kiwv.tmp
    () C:\Program Files\KR8AZW6Y6T\trzCD87.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\o5l1lu55r2a\vop4atospps.exe
    ( ) C:\Users\Krystian\AppData\Roaming\ax5h4y1nuoh\a0ralyvzxj0.exe
    () C:\Program Files\TNHQ172O0H\trz2F60.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-0E8T8.tmp\vop4atospps.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\5iw4ugwnbqr\k4aurqwnilg.exe
    () C:\Users\Krystian\AppData\Roaming\Sound Volume Control\trz8805.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-VJTT6.tmp\a0ralyvzxj0.tmp
    () C:\Users\Krystian\AppData\Local\Temp\is-0ABDJ.tmp\k4aurqwnilg.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\y2meitt0eoy\z4sccvpfgk2.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-5UB28.tmp\z4sccvpfgk2.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\pgdh3sz2ff3\3afsljhnykk.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-I3NLS.tmp\3afsljhnykk.tmp
    () C:\Program Files\YUKAH6JL2J\trz4842.tmp
    () C:\Program Files\JSK7DDHXGC\trzB6C5.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\mutdbhxi4u5\u5rhkik5g3t.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-QDRPN.tmp\u5rhkik5g3t.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\cuxcttqc1wm\hwwstlbad44.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-SKD4K.tmp\hwwstlbad44.tmp
    ( ) C:\Users\Krystian\AppData\Roaming\ih0qbyougdg\lqpky0wgbpd.exe
    () C:\Users\Krystian\AppData\Local\Temp\is-V9A7A.tmp\lqpky0wgbpd.tmp
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [Chromium] => c:\users\krystian\appdata\local\chromium\application\chrome.exe [829440 2017-02-15] (The Chromium Authors)
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [CFHHVPB3MMHSMKL] => "C:\Program Files\ShutdownTime\5KNM9.exe"
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [6130397] => C:\Users\Krystian\AppData\Roaming\vn5ore5qh1u\mst2wfrbsxy.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [4302732] => C:\Users\Krystian\AppData\Roaming\5vrgko1aggj\lf3b04nhlaz.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [9334011] => C:\Users\Krystian\AppData\Roaming\q3grss2lgtt\c2bwbaii5tx.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [4663922] => C:\Users\Krystian\AppData\Roaming\51qxfykflxe\gxbhy5id1vg.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [338736] => C:\Users\Krystian\AppData\Roaming\ln4cspchslz\wjemx44cv0b.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [7240867] => C:\Users\Krystian\AppData\Roaming\xagde1qfmvu\rjulemurojt.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [844545] => C:\Users\Krystian\AppData\Roaming\g2cyqlm2pvh\aes0lvzuuro.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [2541033] => C:\Users\Krystian\AppData\Roaming\kwpxbqnrupi\g5mrktd3bpc.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [M4TA69JKUAVEPEZ] => C:\Program Files\T26MO6VNVI\T26MO6VNV.exe [860160 2018-08-07] (66CL3)
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [7351332] => C:\Users\Krystian\AppData\Roaming\izmnih5dbfz\ctizkmkzh3r.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [8831556] => C:\Users\Krystian\AppData\Roaming\lwblnuvdvsk\lavqx2dlwyx.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [984002] => C:\Users\Krystian\AppData\Roaming\rooqlc5rlrv\2izupks2gkw.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [5679518] => C:\Users\Krystian\AppData\Roaming\o5l1lu55r2a\vop4atospps.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [7566048] => C:\Users\Krystian\AppData\Roaming\5iw4ugwnbqr\k4aurqwnilg.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [4399691] => C:\Users\Krystian\AppData\Roaming\pgdh3sz2ff3\3afsljhnykk.exe [604338 2018-08-07] ( )
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\CurrentVersion\Windows: [Load] C:\Users\Krystian\AppData\Local\Temp\LASM\LASM.exe.lnk <==== UWAGA
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\MountPoints2: F - F:\starter.exe
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\MountPoints2: G - G:\starter.exe
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\MountPoints2: K - K:\setup.exe
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\MountPoints2: {a2071362-8f58-11e7-bec1-002354ba4d41} - G:\setup.exe
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\MountPoints2: {fd5eab29-8a4d-11e7-bedc-002354ba4d41} - F:\setup.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2018-08-07]
    ShortcutTarget: $McRebootA5E6DEAA56$.lnk -> (Brak pliku)
    Startup: C:\Users\Krystian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound Volume Control.lnk [2018-08-07]
    ShortcutTarget: Sound Volume Control.lnk -> C:\Users\Krystian\AppData\Roaming\Sound Volume Control\sndvol.exe (Brak pliku)
    Startup: C:\Users\Krystian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ujwfarbw.lnk [2018-08-07]
    BootExecute: autocheck autochk * avgBoot.exe /M:1035a2513 /dir:"C:\Program Files\AVG\Antivirus"
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...Lgb2dYDIkVO1MJv3PKC07UBQfYN5E52sPV3vzL&q={searchTerms}
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...lFRxIY52TqbI3xtB0UJ-xr4OVlXzTpr3zNGjCN65af62q
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKLM -> DefaultScope - brak wartości
    CHR DefaultSearchURL: Default -> hxxp://play.eanswers.com/go/?category=web&s=zids&vert=games&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> gamingZone
    CHR DefaultSuggestURL: Default -> hxxp://sug.eanswers.com/search/index_sg.php?q={searchTerms}
    CHR Extension: (gamingZone Search) - C:\Users\Krystian\AppData\Local\Google\Chrome\User Data\Default\Extensions\feloobpiglbhpjlmoggmaabbdiiecgcc [2017-09-01]
    CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-946821340-2043373988-4048337920-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
    S2 0117401533655281mcinstcleanup; C:\Users\Krystian\AppData\Local\Temp\011740~1.EXE [1031928 2018-07-25] (McAfee, Inc.) <==== UWAGA
    S2 svionfug; C:\Windows\system32\svionfug\sefzuqro.exe [0 ] () <==== UWAGA (zerobajtowy plik/folder)
    S4 mfesapsn; \??\C:\Program Files\McAfee\SiteAdvisor\mfesapsn.sys [X]
    S0 mv61xx; system32\DRIVERS\mv61xx.sys [X]
    S1 powzip; \SystemRoot\System32\drivers\powzip.sys [X]
    2018-08-07 16:52 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\PK2WA01XR7
    2018-08-07 16:51 - 2018-08-07 17:11 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\cuxcttqc1wm
    2018-08-07 16:51 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\mutdbhxi4u5
    2018-08-07 16:51 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\ih0qbyougdg
    2018-08-07 16:51 - 2018-08-07 17:09 - 000000000 ____D C:\Program Files\JTZ2UW43XW
    2018-08-07 16:50 - 2018-08-07 17:12 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\y2meitt0eoy
    2018-08-07 16:50 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\YUKAH6JL2J
    2018-08-07 16:50 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\JSK7DDHXGC
    2018-08-07 16:50 - 2018-08-07 16:50 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\pgdh3sz2ff3
    2018-08-07 16:49 - 2018-08-07 16:49 - 000000000 ____D C:\Users\Krystian\AppData\LocalLow\uTorrent
    2018-08-07 16:45 - 2018-08-07 16:46 - 000000000 ____D C:\Program Files\VHNHJTXVIC
    2018-08-07 16:45 - 2018-08-07 16:45 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\5iw4ugwnbqr
    2018-08-07 16:17 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\TNHQ172O0H
    2018-08-07 16:03 - 2018-08-07 17:11 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\ax5h4y1nuoh
    2018-08-07 16:03 - 2018-08-07 16:03 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\o5l1lu55r2a
    2018-08-07 15:49 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\KR8AZW6Y6T
    2018-08-07 15:49 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\9OYGZJEGMB
    2018-08-07 15:48 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\eeyaywavyt4
    2018-08-07 15:48 - 2018-08-07 15:48 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\rooqlc5rlrv
    2018-08-07 15:47 - 2018-08-07 17:11 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\hddumfxp3zn
    2018-08-07 14:16 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\WFOGWWGW1C
    2018-08-07 14:15 - 2018-08-07 17:12 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\vkxqaesuxzw
    2018-08-07 14:15 - 2018-08-07 17:09 - 000000000 ____D C:\Program Files\F0QSPO0UKA
    2018-08-07 14:14 - 2018-08-07 17:12 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\uezpbisyqnk
    2018-08-07 14:14 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\D57U1BD8V8
    2018-08-07 14:13 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\LUSTNNAEFP
    2018-08-07 14:13 - 2018-08-07 14:13 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\lwblnuvdvsk
    2018-08-07 14:13 - 2018-08-07 14:13 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\izmnih5dbfz
    2018-08-07 14:12 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\0rrt0vxgeh5
    2018-08-07 14:02 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\NIE3Q9HAUE
    2018-08-07 14:02 - 2018-08-07 14:02 - 000000000 ____D C:\Program Files\T26MO6VNVI
    2018-08-07 14:01 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\iv0gzd1svpe
    2018-08-07 14:01 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\gx5jsv3qgu2
    2018-08-07 14:01 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\550441vm0xs
    2018-08-07 13:53 - 2018-08-07 13:53 - 000000000 ____D C:\Program Files\GFM4VKKOD8
    2018-08-07 13:52 - 2018-08-07 17:12 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\yabdirtsffu
    2018-08-07 13:52 - 2018-08-07 17:12 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\rtzjr21k02p
    2018-08-07 13:51 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\yck5epzpf03
    2018-08-07 13:45 - 2018-08-07 13:46 - 000000000 ____D C:\AdwCleaner
    2018-08-07 13:03 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\gllm4o2clny
    2018-08-07 13:03 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\5YTP6WTEBZ
    2018-08-07 13:03 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\48BACULKXA
    2018-08-07 13:03 - 2018-08-07 13:03 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\kwpxbqnrupi
    2018-08-07 12:56 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\M90WBOYFSM
    2018-08-07 12:56 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\18MWECH4JJ
    2018-08-07 12:55 - 2018-08-07 17:11 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\hfvofqwa23i
    2018-08-07 12:55 - 2018-08-07 12:55 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\xagde1qfmvu
    2018-08-07 12:55 - 2018-08-07 12:55 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\g2cyqlm2pvh
    2018-08-07 12:54 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\XYZQ88DQFC
    2018-08-07 12:52 - 2018-08-07 17:11 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\0ikngh4nj4a
    2018-08-07 12:52 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\KAMLEN0XJS
    2018-08-07 12:51 - 2018-08-07 17:11 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\bw34o2wojdl
    2018-08-07 12:51 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\35qhr1pegm1
    2018-08-07 12:38 - 2018-08-07 17:11 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\ehv43kavy0a
    2018-08-07 12:38 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\Q7WKCH8RFT
    2018-08-07 12:37 - 2018-08-07 17:11 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\etspstxkh4k
    2018-08-07 12:37 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\QCOGVX86S0
    2018-08-07 12:37 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\KVC2YL0F56
    2018-08-07 12:37 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\3VXB46AEVG
    2018-08-07 12:37 - 2018-08-07 12:37 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\q3grss2lgtt
    2018-08-07 12:37 - 2018-08-07 12:37 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\ln4cspchslz
    2018-08-07 12:37 - 2018-08-07 12:37 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\51qxfykflxe
    2018-08-07 12:29 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\477XJ02KM6
    2018-08-07 12:28 - 2018-08-07 17:12 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\oaw430ygt23
    2018-08-07 12:28 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\murex2ou0el
    2018-08-07 12:28 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\asjihf3j4rh
    2018-08-07 12:28 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\V0OQUPYMDX
    2018-08-07 12:28 - 2018-08-07 17:08 - 000000000 ____D C:\Program Files\K2P1QQWJW3
    2018-08-07 12:28 - 2018-08-07 12:28 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\vn5ore5qh1u
    2018-08-07 12:28 - 2018-08-07 12:28 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\5vrgko1aggj
    2018-08-07 12:27 - 2018-08-07 17:10 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\Sound Volume Control
    2018-08-07 12:27 - 2018-08-07 12:39 - 000000000 ____D C:\Program Files\Multitimer
    2018-08-07 12:27 - 2018-08-07 12:27 - 000000000 ____D C:\Windows\system32\svionfug
    2018-08-07 12:27 - 2018-08-07 12:27 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\1337
    2018-08-07 12:26 - 2018-08-07 17:09 - 000000000 ____D C:\Program Files\Fear
    2018-08-07 12:22 - 2018-08-07 12:22 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
    2018-08-07 12:21 - 2018-08-07 12:41 - 000000000 ____D C:\Program Files\Common Files\Quois
    2018-08-07 12:21 - 2018-08-07 12:21 - 007769088 _____ C:\Users\Krystian\AppData\Local\agent.dat
    2018-08-07 12:21 - 2018-08-07 12:21 - 002019777 _____ C:\Users\Krystian\AppData\Local\Zimtam.tst
    2018-08-07 12:21 - 2018-08-07 12:21 - 001895382 _____ C:\Users\Krystian\AppData\Local\Lotmatdox.bin
    2018-08-07 12:21 - 2018-08-07 12:21 - 000278510 _____ C:\Users\Krystian\AppData\Local\Inch-In.tst
    2018-08-07 12:21 - 2018-08-07 12:21 - 000126464 _____ C:\Users\Krystian\AppData\Local\noah.dat
    2018-08-07 12:21 - 2018-08-07 12:21 - 000070896 _____ C:\Users\Krystian\AppData\Local\Config.xml
    2018-08-07 12:21 - 2018-08-07 12:21 - 000005568 _____ C:\Users\Krystian\AppData\Local\md.xml
    2018-08-07 12:21 - 2018-08-07 12:17 - 002294272 _____ (TODO: <Company name>) C:\Users\Krystian\AppData\Local\Zimtam.exe
    2018-08-07 12:21 - 2018-08-07 12:17 - 002294272 _____ (TODO: <Company name>) C:\Users\Krystian\AppData\Local\Inch-In.exe
    2018-08-07 12:18 - 2018-08-07 12:41 - 001413120 _____ C:\Users\Krystian\AppData\Local\sham.db
    2018-08-07 12:18 - 2018-08-07 12:18 - 000140800 _____ C:\Users\Krystian\AppData\Local\installer.dat
    2018-08-07 12:15 - 2018-08-07 12:16 - 000923561 _____ C:\Users\Krystian\Downloads\Reimage Repair Reg Patch.zip
    2018-08-06 16:55 - 2018-08-06 16:55 - 002484800 _____ ( ) C:\Users\Krystian\Downloads\Realtek High Definition Audio Codecs R2.82_2460563876.exe
    2018-08-06 16:51 - 2018-08-06 16:52 - 002441040 _____ (Tapotipe ) C:\Users\Krystian\Downloads\pobierz_Realtek_high_definition_audio_windows_10-8.1-8-7-vista_(32-bit)_VR2.82_3934234309.exe
    2018-08-07 17:10 - 2018-04-01 09:10 - 000000000 ____D C:\ProgramData\{C8340D57-4276-8791-C4B0-19D35EF2921D}
    2018-07-25 10:12 - 2017-10-17 19:59 - 000000000 ____D C:\Program Files\McAfee
    2017-08-26 12:44 - 2017-08-26 12:44 - 007649280 _____ () C:\Program Files\GUT6D53.tmp
    2017-09-02 13:20 - 2017-09-02 13:20 - 000879096 _____ () C:\Users\Krystian\AppData\Roaming\ab775287ab8f8c9c1152df2bb537eee7.exe
    2017-10-02 17:38 - 2017-11-04 09:37 - 000000208 _____ () C:\Users\Krystian\AppData\Roaming\WB.CFG
    2018-08-07 12:21 - 2018-08-07 12:21 - 007769088 _____ () C:\Users\Krystian\AppData\Local\agent.dat
    2018-08-07 12:21 - 2018-08-07 12:21 - 000070896 _____ () C:\Users\Krystian\AppData\Local\Config.xml
    2018-08-07 12:21 - 2018-08-07 12:17 - 002294272 _____ (TODO: <Company name>) C:\Users\Krystian\AppData\Local\Inch-In.exe
    2018-08-07 12:21 - 2018-08-07 12:21 - 000278510 _____ () C:\Users\Krystian\AppData\Local\Inch-In.tst
    2018-08-07 12:18 - 2018-08-07 12:18 - 000140800 _____ () C:\Users\Krystian\AppData\Local\installer.dat
    2018-08-07 12:21 - 2018-08-07 12:21 - 001895382 _____ () C:\Users\Krystian\AppData\Local\Lotmatdox.bin
    2018-08-07 12:21 - 2018-08-07 12:21 - 000005568 _____ () C:\Users\Krystian\AppData\Local\md.xml
    2018-08-07 12:21 - 2018-08-07 12:21 - 000126464 _____ () C:\Users\Krystian\AppData\Local\noah.dat
    2018-01-24 14:00 - 2018-01-24 14:00 - 000003026 _____ () C:\Users\Krystian\AppData\Local\recently-used.xbel
    2017-08-27 03:24 - 2017-08-27 03:24 - 000000017 _____ () C:\Users\Krystian\AppData\Local\resmon.resmoncfg
    2018-08-07 12:18 - 2018-08-07 12:41 - 001413120 _____ () C:\Users\Krystian\AppData\Local\sham.db
    2018-08-07 12:21 - 2018-08-07 12:21 - 000032038 _____ () C:\Users\Krystian\AppData\Local\uninstall_temp.ico
    2018-08-07 12:21 - 2018-08-07 12:17 - 002294272 _____ (TODO: <Company name>) C:\Users\Krystian\AppData\Local\Zimtam.exe
    2018-08-07 12:21 - 2018-08-07 12:21 - 002019777 _____ () C:\Users\Krystian\AppData\Local\Zimtam.tst
    2018-04-23 19:22 - 2018-04-23 19:22 - 000000000 _____ () C:\Users\Krystian\AppData\Local\{983AE11E-6939-42E0-B62B-88C1C1CE62FB}
    C:\Windows\System32\lastpass_1337.exe
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    1
  • #4 07 Sie 2018 18:29
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    CloseProcesses:
    () C:\Users\Krystian\AppData\Roaming\WinServices\vstools.exe
    HKU\S-1-5-21-946821340-2043373988-4048337920-1000\...\Run: [WinWOW64Services] => C:\Users\Krystian\AppData\Roaming\WinServices\vstools.exe [340480 2018-08-07] ()
    2018-08-07 17:34 - 2018-08-07 18:19 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\WinServices
    2018-08-07 17:34 - 2018-08-07 17:34 - 000000000 ____D C:\Users\Krystian\AppData\Roaming\MediaCache
    Task: {9A46DF6F-ABAC-4817-BB3E-C1C2B69196EF} - System32\Tasks\WinWOW64Services => wscript.exe "C:\Users\Krystian\AppData\Roaming\MediaCache\35FD.vbs"

    Po wykonaniu zamiesc nowe logi, ze skanowania.

    Zrob tez pelny skan przy pomocy mbam:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #6 07 Sie 2018 18:44
    Kolobos
    Spec od komputerów

    Wyglada ok, usun katalog C:\FRST i to wszystko.

    0
  • #7 07 Sie 2018 18:45
    DeadFill23
    Poziom 2  

    okej dzięki za pomoc

    0