Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Proszę o sprawdzenie logów z frst.

jaxsg 06 Wrz 2018 17:34 87 3
  • #2 06 Wrz 2018 17:55
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Booking.com version 1.1.0.5019
    ByteFence Anti-Malware
    globalupdate Helper

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {1CDEE4A7-2FCB-4A53-AE93-EB66A0225BDD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {49BAB080-2B11-42F3-BC89-8FB4D7360DFB} - System32\Tasks\{AD62BCEC-643B-4AFA-B2D0-E1D272E2FF49} => "c:\windows\system32\launchwinapp.exe" hxxp://www.skype.com/go/downloading?source=li...taller&ver=7.23.0.105&LastError=12007
    Task: {4F7B4032-4F59-4800-BD22-A02182218E4B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {50A73459-B035-4BF0-A504-C47341233A10} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {5833C9AB-7421-499A-8DC9-4CCF4CF90258} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {5D748AE2-2BFB-489B-8DD2-86B795AD48B8} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2018-05-29] (Byte Technologies LLC) <==== UWAGA
    Task: {5DE165CF-CDF7-4ECA-8FC9-459E6C85108A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {6B5AAD24-82EF-43F6-B9C4-44034FC01F77} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {719B1F4E-33CA-4AB9-AE68-B2406A73A82F} - System32\Tasks\{C04EDD81-22AB-4909-81B8-C461BCBA6213} => C:\WINDOWS\system32\pcalua.exe -a E:\autoplay.exe -d E:\
    Task: {907D41FE-2CE1-4C9D-ADB2-59950E26A728} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {A6EBB8C9-20FA-4883-8C88-29F2C123CF8A} - System32\Tasks\ByteFence => c:\program files\bytefence\ByteFence.exe [2018-05-29] (Byte Technologies LLC) <==== UWAGA
    Task: {ACB87D87-9E24-414B-88AA-1039AD58DE16} - System32\Tasks\{BAFE467B-D65C-45EF-AB2C-BAAA86BE247B} => "c:\windows\system32\launchwinapp.exe" hxxp://www.skype.com/go/downloading?source=li...taller&ver=7.23.0.105&LastError=12007
    Task: {C7CF11BD-B543-4318-88E4-7421C9CA11FE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {D79099A3-6768-4CE0-9DB5-C4BF9F728EC0} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku <==== UWAGA
    Task: {D8AF5EEB-1CC2-46A9-905A-A7F772C38A49} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Małgosia) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe




    Task: {E1134FF5-7A8C-4B6A-9DA7-7533CBB71FFD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {E8DAA031-BA4B-4E09-95A4-B376F59CD2A7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {F9DCFAD6-E7F8-4992-8652-968C5EC4FED3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Małgosia).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    2018-05-27 16:54 - 2018-05-27 16:54 - 000821528 _____ () c:\program files\bytefence\x64\rsLggrServer_x64.dll
    Hosts:
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFenceService.exe
    (Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
    (Byte Technologies LLC.) C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
    (Byte Technologies LLC) C:\Program Files\ByteFence\ByteFence.exe
    HKU\S-1-5-21-2985516516-3773070661-1144529853-1000\...\MountPoints2: {3d1372c1-b979-11e7-8dee-c018856a3fce} - "H:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2985516516-3773070661-1144529853-1000\...\MountPoints2: {b39a7429-a369-11e8-8e11-c018856a3fce} - "F:\HiSuiteDownLoader.exe"
    FF Homepage: Mozilla\Firefox\Profiles\xcqqysys.default -> moz-extension://209d3b5c-5a80-41fb-845e-a2e1c2ad6c9b/dynamicHomePage.html
    FF HomepageOverride: Mozilla\Firefox\Profiles\xcqqysys.default -> Enabled: _f7Members_(malpa)download.smsfrombrowser.com
    FF NewTabOverride: Mozilla\Firefox\Profiles\xcqqysys.default -> Enabled: _f7Members_(malpa)download.smsfrombrowser.com
    FF Extension: (SMSfromBrowser) - C:\Users\Małgosia\AppData\Roaming\Mozilla\Firefox\Profiles\xcqqysys.default\Extensions\_f7Members_@download.smsfrombrowser.com.xpi [2018-08-12]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    R2 ByteFenceService; c:\program files\bytefence\ByteFenceService.exe [157000 2018-05-29] (Byte Technologies LLC)
    R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [297288 2018-04-11] (Byte Technologies LLC.)
    2018-09-06 12:19 - 2018-09-06 12:19 - 062186048 _____ (Skype Technologies S.A.) C:\Users\Małgosia\Downloads\Skype-8.29.0.50(2).exe
    2018-09-05 19:32 - 2018-09-05 19:33 - 062186048 _____ (Skype Technologies S.A.) C:\Users\Małgosia\Downloads\Skype-8.29.0.50(1).exe
    2018-08-24 19:19 - 2018-08-24 19:19 - 000739896 _____ (Roblox Corporation) C:\Users\Małgosia\Downloads\RobloxPlayerLauncher(2).exe
    2018-09-06 17:14 - 2016-03-13 15:09 - 000000000 ____D C:\Program Files\ByteFence
    2018-09-06 17:02 - 2015-08-25 15:21 - 000000370 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Małgosia).job
    2018-09-05 20:57 - 2018-07-11 22:15 - 000002778 _____ C:\WINDOWS\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Małgosia)
    2018-09-05 20:57 - 2018-07-11 22:15 - 000002680 _____ C:\WINDOWS\System32\Tasks\ByteFence Scan
    2018-09-05 20:57 - 2018-07-11 22:15 - 000002536 _____ C:\WINDOWS\System32\Tasks\ByteFence
    2018-09-05 20:57 - 2018-07-11 22:15 - 000002268 _____ C:\WINDOWS\System32\Tasks\{BAFE467B-D65C-45EF-AB2C-BAAA86BE247B}
    2018-09-05 20:57 - 2018-07-11 22:15 - 000002268 _____ C:\WINDOWS\System32\Tasks\{AD62BCEC-643B-4AFA-B2D0-E1D272E2FF49}
    2018-09-05 20:57 - 2018-07-11 22:15 - 000002188 _____ C:\WINDOWS\System32\Tasks\{C04EDD81-22AB-4909-81B8-C461BCBA6213}
    2015-04-14 18:28 - 2015-04-14 18:28 - 000004387 _____ () C:\Users\Małgosia\AppData\Roaming\TQuLqi0

    Po wykonaniu usun katalog C:\FRST.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    ahttp://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #3 06 Wrz 2018 19:56
    jaxsg
    Poziom 15  

    Zrobiłem wszystko o co prosiłeś. Można zamknać?

    0
  • Pomocny post
    #4 06 Wrz 2018 20:13
    Kolobos
    Spec od komputerów

    Jezeli wszystko juz dziala poprawnie to tak.

    0