Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

[Rozwiązano] Prośba o analizę logów FRST

Husaria2 19 Paź 2018 22:20 141 7
  • #1 19 Paź 2018 22:20
    Husaria2
    Poziom 9  

    Witam, serdecznie proszę jakąś dobrą dusze o analizę tych logów bo dla mnie to czarna magia. Klasyka chyba w tym subforum - otwierają się nowe okna przeglądarki i zżera CPU . Z góry dziękuje i pozdrawiam!

    0 7
  • Pomocny post
    #2 20 Paź 2018 01:29
    krzychupar
    Poziom 40  

    Odinstaluj:

    RunBooster
    YoutubeAdBlock

    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    Task: {13A91224-77B1-4F64-8D86-76CA3A4AE68F} - System32\Tasks\RunBoosterUpdateTask => C:\Program Files\RunBooster\RunBoosterUpdateTask64.exe [2018-10-19] (SkyNET Corporation) <==== UWAGA
    Task: {2D6DB5AF-4F85-4EF4-9E6C-840041098379} - System32\Tasks\qZkEPNCGHOoYARSao2 => rundll32 "C:\Program Files (x86)\NOOfCcUskYMcdeyIflR\zeuzZRm.dll",#1
    Task: {2F32D531-E7F4-4A7B-AE0B-ABD4664E7995} - System32\Tasks\GItHvXoKUgtwAW => rundll32 "C:\Program Files (x86)\pObWEjsjndqU2\MKDUFJOjTeBSJ.dll",#1
    Task: {347395CC-0B50-475C-96F8-EB19558271E3} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {3AB55330-492C-4603-B9CD-1D33AA86C105} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {50F19C9D-2795-47BF-BE55-BF0E9ADFCE0E} - System32\Tasks\RzmVfSQvlkpVqKr2 => rundll32 "C:\Program Files (x86)\deoRkBcMU\KUJjeS.dll",#1
    Task: {5745ED6B-71A5-4A5B-ADAA-2FE4DAACECA1} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {63BAAD2C-0977-42AD-B864-03B4B606C2F4} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {7005EF73-07C9-47CE-BC6F-F2E55AE12D6A} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {776DDC38-C29F-4068-8804-1ECABB3DC015} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
    Task: {8D7BF671-22D5-4FB3-BD93-D929288C5887} - System32\Tasks\zkqtSUqvflBJtZIfTnB2 => rundll32 "C:\Program Files (x86)\YaNQOzjyhjQoC\kvzDCqf.dll",#1
    Task: {D14EDF1A-AB28-452F-A610-6D39360D04E4} - System32\Tasks\SVC Update => C:\Windows\explorer.exe "hxxp://lktoday.ru" <==== UWAGA
    Task: {E08A61DD-0BE2-4DEA-9859-A4C37D4C5E6E} - System32\Tasks\Opera scheduled Autoupdate 1531838638 => C:\Program Files\Opera\launcher.exe [2018-10-17] (Opera Software)
    Task: {EC78950C-B170-4BD6-A4BB-23CFB54E7CBC} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA




    Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-4055689081-536607644-1389942840-1001\...\MountPoints2: {2a386b05-89bd-11e8-819a-94de80c40fb5} - "I:\setup.exe"
    GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA
    HKU\S-1-5-21-4055689081-536607644-1389942840-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...YQc7eOht5wnydjfo7D6dCTU3mcJltZwMFgvaAo&q={searchTerms}
    HKU\S-1-5-21-4055689081-536607644-1389942840-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...ZKSOeLvZdFlVELQoHibYceBZ1q7BMBfWnPvca9QIjwWNB
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...YQc7eOht5wnydjfo7D6dCTU3mcJltZwMFgvaAo&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4055689081-536607644-1389942840-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...YQc7eOht5wnydjfo7D6dCTU3mcJltZwMFgvaAo&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4055689081-536607644-1389942840-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...YQc7eOht5wnydjfo7D6dCTU3mcJltZwMFgvaAo&q={searchTerms}
    BHO: YoutubeAdBlock -> {4380B7D5-B068-48A8-9012-70B2490292FB} -> C:\Program Files (x86)\vTGTErrEdIE\tvd13gAt.dll [2018-10-19] ()
    BHO-x32: YoutubeAdBlock -> {4380B7D5-B068-48A8-9012-70B2490292FB} -> C:\Program Files (x86)\vTGTErrEdIE\kSAKfatJ4.dll [2018-10-19] ()
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Dawid\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnpbnmjmgabkfemdehelbgdppngihhg [2018-10-19] [UpdateUrl: hxxps://clients88.google.com/service/update2/crx] <==== UWAGA
    R2 CRMSvc; C:\Users\Dawid\AppData\Roaming\CRMSvc\CRMSvc.exe [1414144 2018-10-19] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 EventSvc; C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego] <==== UWAGA
    R2 PowerSvc; C:\ProgramData\Microsoft\Windows\Power\PowerSvc.exe [6406448 2018-06-25] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 RunBooster; C:\Program Files\RunBooster\RunBoosterService64.exe [286720 2018-10-19] (SkyNET Corporation) [Brak podpisu cyfrowego] <==== UWAGA
    2018-10-19 21:45 - 2018-10-19 21:58 - 000000000 ____D C:\ProgramData\zVmiMcGqez
    2018-10-19 21:44 - 2018-10-19 21:50 - 000000000 ____D C:\Program Files\R9IV6629VQ
    2018-10-19 21:44 - 2018-10-19 21:44 - 000000000 ____D C:\Users\Dawid\AppData\Roaming\pjdzomzfbe4
    2018-10-19 21:42 - 2018-10-19 21:42 - 000003212 _____ C:\Windows\System32\Tasks\GItHvXoKUgtwAW
    2018-10-19 21:42 - 2018-10-19 21:42 - 000003208 __RSH C:\ProgramData\ntuser.pol
    2018-10-19 21:42 - 2018-10-19 21:42 - 000003044 _____ C:\Windows\System32\Tasks\LgUiZWCNTEYJs2
    2018-10-19 21:42 - 2018-10-19 21:42 - 000003034 _____ C:\Windows\System32\Tasks\qZkEPNCGHOoYARSao2
    2018-10-19 21:42 - 2018-10-19 21:42 - 000003026 _____ C:\Windows\System32\Tasks\zkqtSUqvflBJtZIfTnB2
    2018-10-19 21:42 - 2018-10-19 21:42 - 000003008 _____ C:\Windows\System32\Tasks\RzmVfSQvlkpVqKr2
    2018-10-19 21:42 - 2018-10-19 21:42 - 000000000 ____D C:\Users\Dawid\AppData\Roaming\klgknfaldho
    2018-10-19 21:42 - 2018-10-19 21:42 - 000000000 ____D C:\Users\Dawid\AppData\Roaming\CRMSvc
    2018-10-19 21:42 - 2018-10-19 21:42 - 000000000 ____D C:\ProgramData\CvclQZOtucyvVSVB
    2018-10-19 21:42 - 2018-10-19 21:42 - 000000000 ____D C:\Program Files\RunBooster
    2018-10-19 21:42 - 2018-10-19 21:42 - 000000000 ____D C:\Program Files (x86)\YaNQOzjyhjQoC
    2018-10-19 21:42 - 2018-10-19 21:42 - 000000000 ____D C:\Program Files (x86)\vTGTErrEdIE
    2018-10-19 21:42 - 2018-10-19 21:42 - 000000000 ____D C:\Program Files (x86)\pObWEjsjndqU2
    2018-10-19 21:42 - 2018-10-19 21:42 - 000000000 ____D C:\Program Files (x86)\NOOfCcUskYMcdeyIflR
    2018-10-19 21:42 - 2018-10-19 21:42 - 000000000 ____D C:\Program Files (x86)\deoRkBcMU
    2018-10-19 21:42 - 2018-10-19 21:42 - 000000000 ____D C:\Program Files (x86)\DdJDUMRiVWUn
    2018-10-19 21:41 - 2018-10-19 21:41 - 000000000 ____D C:\ProgramData\Quoteexs
    2018-10-19 21:40 - 2018-10-19 22:03 - 000000000 ____D C:\ProgramData\Quoteex
    2018-10-19 21:40 - 2018-10-19 21:43 - 001413120 _____ C:\Users\Dawid\AppData\Local\sham.db
    2018-10-19 21:40 - 2018-10-19 21:43 - 000016416 _____ C:\Users\Dawid\AppData\Local\InstallationConfiguration.xml
    2018-10-19 21:40 - 2018-10-19 21:40 - 007793152 _____ C:\Users\Dawid\AppData\Local\agent.dat
    2018-10-19 21:40 - 2018-10-19 21:40 - 002300928 _____ C:\Users\Dawid\AppData\Local\Physjoycof.exe
    2018-10-19 21:40 - 2018-10-19 21:40 - 002300928 _____ C:\Users\Dawid\AppData\Local\DonIt.exe
    2018-10-19 21:40 - 2018-10-19 21:40 - 002018920 _____ C:\Users\Dawid\AppData\Local\DonIt.tst
    2018-10-19 21:40 - 2018-10-19 21:40 - 000278510 _____ C:\Users\Dawid\AppData\Local\Physjoycof.tst
    2018-10-19 21:40 - 2018-10-19 21:40 - 000140800 _____ C:\Users\Dawid\AppData\Local\installer.dat
    2018-10-19 21:40 - 2018-10-19 21:40 - 000126464 _____ C:\Users\Dawid\AppData\Local\noah.dat
    2018-10-19 21:40 - 2018-10-19 21:40 - 000070896 _____ C:\Users\Dawid\AppData\Local\Config.xml
    2018-10-19 21:40 - 2018-10-19 21:40 - 000018432 _____ C:\Users\Dawid\AppData\Local\Main.dat
    2018-10-19 21:40 - 2018-10-19 21:40 - 000005568 _____ C:\Users\Dawid\AppData\Local\md.xml
    2018-10-19 21:40 - 2018-10-19 21:43 - 000016416 _____ () C:\Users\Dawid\AppData\Local\InstallationConfiguration.xml
    2018-10-19 21:40 - 2018-10-19 21:40 - 000140800 _____ () C:\Users\Dawid\AppData\Local\installer.dat
    2018-10-19 21:41 - 2018-10-19 21:41 - 001895384 _____ () C:\Users\Dawid\AppData\Local\LatIn.bin
    2018-10-19 21:41 - 2018-10-19 21:41 - 000032038 _____ () C:\Users\Dawid\AppData\Local\uninstall_temp.ico
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #4 20 Paź 2018 13:11
    krzychupar
    Poziom 40  

    Wykonaj jeszcze taki fixlist:
    Otwórz notatnik systemowy i wklej:

    CloseProcesses:
    Hosts:
    HKU\S-1-5-21-4055689081-536607644-1389942840-1001\...\Run: [Blogger] => C:\ProgramData\Blogger\Blogger.exe //ctbgvrfertgyhhtrfedtgyunytrftgyhujyhtrfftgyhumnybtvrcev5b7uny6t5rrftyuiimunytrertyubtvr
    HKU\S-1-5-21-4055689081-536607644-1389942840-1001\...\MountPoints2: {2a386b05-89bd-11e8-819a-94de80c40fb5} - "I:\setup.exe"
    AppInit_DLLs: C:\ProgramData\Quoteex\Don-Home.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Quoteex\Villalam.dll => Brak pliku
    InternetURL: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BznMMQqmAG.url ->
    S1 adtfjakm; \??\C:\Windows\system32\drivers\adtfjakm.sys [X]
    S1 afkqlduz; \??\C:\Windows\system32\drivers\afkqlduz.sys [X]
    S1 agoosxuq; \??\C:\Windows\system32\drivers\agoosxuq.sys [X]
    S1 ahzcldzg; \??\C:\Windows\system32\drivers\ahzcldzg.sys [X]
    S1 akljuipt; \??\C:\Windows\system32\drivers\akljuipt.sys [X]
    S1 alrcjrcs; \??\C:\Windows\system32\drivers\alrcjrcs.sys [X]
    S1 amuadrtg; \??\C:\Windows\system32\drivers\amuadrtg.sys [X]
    S1 anmsehhc; \??\C:\Windows\system32\drivers\anmsehhc.sys [X]
    S1 aselsxny; \??\C:\Windows\system32\drivers\aselsxny.sys [X]
    S1 avfyafgx; \??\C:\Windows\system32\drivers\avfyafgx.sys [X]
    S1 azppthjn; \??\C:\Windows\system32\drivers\azppthjn.sys [X]
    S1 bdwonare; \??\C:\Windows\system32\drivers\bdwonare.sys [X]
    S1 binzptgp; \??\C:\Windows\system32\drivers\binzptgp.sys [X]
    S1 blpbsnsd; \??\C:\Windows\system32\drivers\blpbsnsd.sys [X]
    S1 bmjuipyt; \??\C:\Windows\system32\drivers\bmjuipyt.sys [X]
    S1 bnvfmoun; \??\C:\Windows\system32\drivers\bnvfmoun.sys [X]
    S1 bocwilyk; \??\C:\Windows\system32\drivers\bocwilyk.sys [X]
    S1 bpbodghq; \??\C:\Windows\system32\drivers\bpbodghq.sys [X]
    S1 bwcrxgtv; \??\C:\Windows\system32\drivers\bwcrxgtv.sys [X]
    S1 bxfvzqet; \??\C:\Windows\system32\drivers\bxfvzqet.sys [X]
    S1 bxzodtbp; \??\C:\Windows\system32\drivers\bxzodtbp.sys [X]
    S1 caqznmjg; \??\C:\Windows\system32\drivers\caqznmjg.sys [X]
    S1 cfkocgqf; \??\C:\Windows\system32\drivers\cfkocgqf.sys [X]
    S1 cqkrmfpf; \??\C:\Windows\system32\drivers\cqkrmfpf.sys [X]
    S1 cshmlddn; \??\C:\Windows\system32\drivers\cshmlddn.sys [X]
    S1 cstexfxf; \??\C:\Windows\system32\drivers\cstexfxf.sys [X]
    S1 cunqahxe; \??\C:\Windows\system32\drivers\cunqahxe.sys [X]
    S1 cylrpbkl; \??\C:\Windows\system32\drivers\cylrpbkl.sys [X]
    S1 ddgopbpe; \??\C:\Windows\system32\drivers\ddgopbpe.sys [X]
    S1 dfmmyxou; \??\C:\Windows\system32\drivers\dfmmyxou.sys [X]
    S1 dioakcux; \??\C:\Windows\system32\drivers\dioakcux.sys [X]
    S1 dkvyvwwn; \??\C:\Windows\system32\drivers\dkvyvwwn.sys [X]
    S1 dmclwakm; \??\C:\Windows\system32\drivers\dmclwakm.sys [X]
    S1 eatbbrxk; \??\C:\Windows\system32\drivers\eatbbrxk.sys [X]
    S1 efycqcnq; \??\C:\Windows\system32\drivers\efycqcnq.sys [X]
    S1 eikslfyt; \??\C:\Windows\system32\drivers\eikslfyt.sys [X]
    S1 eszprtmb; \??\C:\Windows\system32\drivers\eszprtmb.sys [X]
    S1 exgnzqri; \??\C:\Windows\system32\drivers\exgnzqri.sys [X]
    S1 fbqlwenn; \??\C:\Windows\system32\drivers\fbqlwenn.sys [X]
    S1 fcknattn; \??\C:\Windows\system32\drivers\fcknattn.sys [X]
    S1 fhfbtejg; \??\C:\Windows\system32\drivers\fhfbtejg.sys [X]
    S1 fpvdyfqo; \??\C:\Windows\system32\drivers\fpvdyfqo.sys [X]
    S1 frfmrqfo; \??\C:\Windows\system32\drivers\frfmrqfo.sys [X]
    S1 fzdxayax; \??\C:\Windows\system32\drivers\fzdxayax.sys [X]
    S1 gawpumfn; \??\C:\Windows\system32\drivers\gawpumfn.sys [X]
    S1 ghidofcs; \??\C:\Windows\system32\drivers\ghidofcs.sys [X]
    S1 gjibqfzz; \??\C:\Windows\system32\drivers\gjibqfzz.sys [X]
    S1 goyukxig; \??\C:\Windows\system32\drivers\goyukxig.sys [X]
    S1 gpjghnld; \??\C:\Windows\system32\drivers\gpjghnld.sys [X]
    S1 grgpeqzk; \??\C:\Windows\system32\drivers\grgpeqzk.sys [X]
    S1 hciegfrf; \??\C:\Windows\system32\drivers\hciegfrf.sys [X]
    S1 hihhpexa; \??\C:\Windows\system32\drivers\hihhpexa.sys [X]
    S1 hmazitfv; \??\C:\Windows\system32\drivers\hmazitfv.sys [X]
    S1 hmtbixct; \??\C:\Windows\system32\drivers\hmtbixct.sys [X]
    S1 hnwlktvw; \??\C:\Windows\system32\drivers\hnwlktvw.sys [X]
    S1 hxzqqpyu; \??\C:\Windows\system32\drivers\hxzqqpyu.sys [X]
    S1 icsilmuq; \??\C:\Windows\system32\drivers\icsilmuq.sys [X]
    S1 ifbbrdbl; \??\C:\Windows\system32\drivers\ifbbrdbl.sys [X]
    S1 ifpeeisg; \??\C:\Windows\system32\drivers\ifpeeisg.sys [X]
    S1 iggdosrv; \??\C:\Windows\system32\drivers\iggdosrv.sys [X]
    S1 ijxhgjbz; \??\C:\Windows\system32\drivers\ijxhgjbz.sys [X]
    S1 ipsblnai; \??\C:\Windows\system32\drivers\ipsblnai.sys [X]
    S1 ispahswk; \??\C:\Windows\system32\drivers\ispahswk.sys [X]
    S1 itghmjyz; \??\C:\Windows\system32\drivers\itghmjyz.sys [X]
    S1 jcequwbm; \??\C:\Windows\system32\drivers\jcequwbm.sys [X]
    S1 jdxqrsea; \??\C:\Windows\system32\drivers\jdxqrsea.sys [X]
    S1 jfapappm; \??\C:\Windows\system32\drivers\jfapappm.sys [X]
    S1 jmtpxylh; \??\C:\Windows\system32\drivers\jmtpxylh.sys [X]
    S1 jopzfsqq; \??\C:\Windows\system32\drivers\jopzfsqq.sys [X]
    S1 jpumphgd; \??\C:\Windows\system32\drivers\jpumphgd.sys [X]
    S1 juljmtes; \??\C:\Windows\system32\drivers\juljmtes.sys [X]
    S1 jwjghgra; \??\C:\Windows\system32\drivers\jwjghgra.sys [X]
    S1 jzwjpgyy; \??\C:\Windows\system32\drivers\jzwjpgyy.sys [X]
    S1 kfwjesez; \??\C:\Windows\system32\drivers\kfwjesez.sys [X]
    S1 kgeeddkj; \??\C:\Windows\system32\drivers\kgeeddkj.sys [X]
    S1 kjdivscg; \??\C:\Windows\system32\drivers\kjdivscg.sys [X]
    S1 kqgotbyv; \??\C:\Windows\system32\drivers\kqgotbyv.sys [X]
    S1 kqukjkrn; \??\C:\Windows\system32\drivers\kqukjkrn.sys [X]
    S1 kzndcljj; \??\C:\Windows\system32\drivers\kzndcljj.sys [X]
    S1 lbtlgwvi; \??\C:\Windows\system32\drivers\lbtlgwvi.sys [X]
    S1 lgewgejr; \??\C:\Windows\system32\drivers\lgewgejr.sys [X]
    S1 ljnfumds; \??\C:\Windows\system32\drivers\ljnfumds.sys [X]
    S1 lkyuyteu; \??\C:\Windows\system32\drivers\lkyuyteu.sys [X]
    S1 llmvpyos; \??\C:\Windows\system32\drivers\llmvpyos.sys [X]
    S1 lqaatgph; \??\C:\Windows\system32\drivers\lqaatgph.sys [X]
    S1 lqbllroq; \??\C:\Windows\system32\drivers\lqbllroq.sys [X]
    S1 lrimemex; \??\C:\Windows\system32\drivers\lrimemex.sys [X]
    S1 lrxlnwqf; \??\C:\Windows\system32\drivers\lrxlnwqf.sys [X]
    S1 lsmffcoc; \??\C:\Windows\system32\drivers\lsmffcoc.sys [X]
    S1 luicxjvu; \??\C:\Windows\system32\drivers\luicxjvu.sys [X]
    S1 mazqwibg; \??\C:\Windows\system32\drivers\mazqwibg.sys [X]
    S1 mgmdcise; \??\C:\Windows\system32\drivers\mgmdcise.sys [X]
    S1 mocbemwg; \??\C:\Windows\system32\drivers\mocbemwg.sys [X]
    S1 mogubadu; \??\C:\Windows\system32\drivers\mogubadu.sys [X]
    S1 mqooacus; \??\C:\Windows\system32\drivers\mqooacus.sys [X]
    S1 mwjkuavk; \??\C:\Windows\system32\drivers\mwjkuavk.sys [X]
    S1 nabawolc; \??\C:\Windows\system32\drivers\nabawolc.sys [X]
    S1 ncophlep; \??\C:\Windows\system32\drivers\ncophlep.sys [X]
    S1 neriobhu; \??\C:\Windows\system32\drivers\neriobhu.sys [X]
    S1 nfdzrull; \??\C:\Windows\system32\drivers\nfdzrull.sys [X]
    S1 nfeljtdj; \??\C:\Windows\system32\drivers\nfeljtdj.sys [X]
    S1 njkjirbx; \??\C:\Windows\system32\drivers\njkjirbx.sys [X]
    S1 nkbjytlq; \??\C:\Windows\system32\drivers\nkbjytlq.sys [X]
    S1 nnlzlrjn; \??\C:\Windows\system32\drivers\nnlzlrjn.sys [X]
    S1 nwhdjddd; \??\C:\Windows\system32\drivers\nwhdjddd.sys [X]
    S1 nyiajmvi; \??\C:\Windows\system32\drivers\nyiajmvi.sys [X]
    S1 nykmzndr; \??\C:\Windows\system32\drivers\nykmzndr.sys [X]
    S1 oabruheu; \??\C:\Windows\system32\drivers\oabruheu.sys [X]
    S1 ophwbvti; \??\C:\Windows\system32\drivers\ophwbvti.sys [X]
    S1 opkfvoxr; \??\C:\Windows\system32\drivers\opkfvoxr.sys [X]
    S1 osssahnw; \??\C:\Windows\system32\drivers\osssahnw.sys [X]
    S1 owfzkmjm; \??\C:\Windows\system32\drivers\owfzkmjm.sys [X]
    S1 oxyeonzb; \??\C:\Windows\system32\drivers\oxyeonzb.sys [X]
    S1 ozpndtbt; \??\C:\Windows\system32\drivers\ozpndtbt.sys [X]
    S1 pcbogdvn; \??\C:\Windows\system32\drivers\pcbogdvn.sys [X]
    S1 pdfuawqv; \??\C:\Windows\system32\drivers\pdfuawqv.sys [X]
    S1 pjgikenf; \??\C:\Windows\system32\drivers\pjgikenf.sys [X]
    S1 poboqioj; \??\C:\Windows\system32\drivers\poboqioj.sys [X]
    S1 ptbgzffc; \??\C:\Windows\system32\drivers\ptbgzffc.sys [X]
    S1 pzdfukep; \??\C:\Windows\system32\drivers\pzdfukep.sys [X]
    S1 qdnfvgdm; \??\C:\Windows\system32\drivers\qdnfvgdm.sys [X]
    S1 qeljsmfa; \??\C:\Windows\system32\drivers\qeljsmfa.sys [X]
    S1 qkkhbqzi; \??\C:\Windows\system32\drivers\qkkhbqzi.sys [X]
    S1 qlgizbzn; \??\C:\Windows\system32\drivers\qlgizbzn.sys [X]
    S1 qsbeksqa; \??\C:\Windows\system32\drivers\qsbeksqa.sys [X]
    S1 qtfvccbe; \??\C:\Windows\system32\drivers\qtfvccbe.sys [X]
    S1 rcgkujus; \??\C:\Windows\system32\drivers\rcgkujus.sys [X]
    S1 rehviuzz; \??\C:\Windows\system32\drivers\rehviuzz.sys [X]
    S1 romszena; \??\C:\Windows\system32\drivers\romszena.sys [X]
    S1 ruhrgxng; \??\C:\Windows\system32\drivers\ruhrgxng.sys [X]
    S1 sjhlmjdg; \??\C:\Windows\system32\drivers\sjhlmjdg.sys [X]
    S1 skakqoao; \??\C:\Windows\system32\drivers\skakqoao.sys [X]
    S1 sybjrlhn; \??\C:\Windows\system32\drivers\sybjrlhn.sys [X]
    S1 tcdszmlk; \??\C:\Windows\system32\drivers\tcdszmlk.sys [X]
    S1 thhsfeda; \??\C:\Windows\system32\drivers\thhsfeda.sys [X]
    S1 thivxhnj; \??\C:\Windows\system32\drivers\thivxhnj.sys [X]
    S1 tjlzgqqe; \??\C:\Windows\system32\drivers\tjlzgqqe.sys [X]
    S1 tjodrvce; \??\C:\Windows\system32\drivers\tjodrvce.sys [X]
    S1 tlzqdgvy; \??\C:\Windows\system32\drivers\tlzqdgvy.sys [X]
    S1 tvavgpfm; \??\C:\Windows\system32\drivers\tvavgpfm.sys [X]
    S1 tvjryach; \??\C:\Windows\system32\drivers\tvjryach.sys [X]
    S1 tzhwpdyq; \??\C:\Windows\system32\drivers\tzhwpdyq.sys [X]
    S1 ubovtjnq; \??\C:\Windows\system32\drivers\ubovtjnq.sys [X]
    S1 ufotzctc; \??\C:\Windows\system32\drivers\ufotzctc.sys [X]
    S1 uhkqkefk; \??\C:\Windows\system32\drivers\uhkqkefk.sys [X]
    S1 ukryxhqf; \??\C:\Windows\system32\drivers\ukryxhqf.sys [X]
    S1 ukublawp; \??\C:\Windows\system32\drivers\ukublawp.sys [X]
    S1 umijjumu; \??\C:\Windows\system32\drivers\umijjumu.sys [X]
    S1 umuayoqg; \??\C:\Windows\system32\drivers\umuayoqg.sys [X]
    S1 uubqvinl; \??\C:\Windows\system32\drivers\uubqvinl.sys [X]
    S1 uulioicc; \??\C:\Windows\system32\drivers\uulioicc.sys [X]
    S1 uxgelzjk; \??\C:\Windows\system32\drivers\uxgelzjk.sys [X]
    S1 uxukopjk; \??\C:\Windows\system32\drivers\uxukopjk.sys [X]
    S1 uyjxamgk; \??\C:\Windows\system32\drivers\uyjxamgk.sys [X]
    S1 vaxmzfsc; \??\C:\Windows\system32\drivers\vaxmzfsc.sys [X]
    S1 vbwofehm; \??\C:\Windows\system32\drivers\vbwofehm.sys [X]
    S1 vcxndscj; \??\C:\Windows\system32\drivers\vcxndscj.sys [X]
    S1 vhbdfbvz; \??\C:\Windows\system32\drivers\vhbdfbvz.sys [X]
    S1 vkiqmgdu; \??\C:\Windows\system32\drivers\vkiqmgdu.sys [X]
    S1 vqejwqgg; \??\C:\Windows\system32\drivers\vqejwqgg.sys [X]
    S1 vtgmrpyr; \??\C:\Windows\system32\drivers\vtgmrpyr.sys [X]
    S1 vtqujwlc; \??\C:\Windows\system32\drivers\vtqujwlc.sys [X]
    S1 wjygirkk; \??\C:\Windows\system32\drivers\wjygirkk.sys [X]
    S1 wplxhpgi; \??\C:\Windows\system32\drivers\wplxhpgi.sys [X]
    S1 wsgzgjob; \??\C:\Windows\system32\drivers\wsgzgjob.sys [X]
    S1 wtdkdwhf; \??\C:\Windows\system32\drivers\wtdkdwhf.sys [X]
    S1 wupvuiii; \??\C:\Windows\system32\drivers\wupvuiii.sys [X]
    S1 wwwponde; \??\C:\Windows\system32\drivers\wwwponde.sys [X]
    S1 wxkqkrmg; \??\C:\Windows\system32\drivers\wxkqkrmg.sys [X]
    S1 wyhkcafo; \??\C:\Windows\system32\drivers\wyhkcafo.sys [X]
    S1 wykowgab; \??\C:\Windows\system32\drivers\wykowgab.sys [X]
    S1 wzecszby; \??\C:\Windows\system32\drivers\wzecszby.sys [X]
    S1 xamsdefs; \??\C:\Windows\system32\drivers\xamsdefs.sys [X]
    S1 xdliwmdm; \??\C:\Windows\system32\drivers\xdliwmdm.sys [X]
    S1 xjpwgipb; \??\C:\Windows\system32\drivers\xjpwgipb.sys [X]
    S1 xjuhqway; \??\C:\Windows\system32\drivers\xjuhqway.sys [X]
    S1 xktvroak; \??\C:\Windows\system32\drivers\xktvroak.sys [X]
    S1 xneuqzqe; \??\C:\Windows\system32\drivers\xneuqzqe.sys [X]
    S1 xoffvnbw; \??\C:\Windows\system32\drivers\xoffvnbw.sys [X]
    S1 xqhafqpq; \??\C:\Windows\system32\drivers\xqhafqpq.sys [X]
    S1 xvbpmigd; \??\C:\Windows\system32\drivers\xvbpmigd.sys [X]
    S1 xvjeepuj; \??\C:\Windows\system32\drivers\xvjeepuj.sys [X]
    S1 xyhsjgtg; \??\C:\Windows\system32\drivers\xyhsjgtg.sys [X]
    S1 yjhzulpn; \??\C:\Windows\system32\drivers\yjhzulpn.sys [X]
    S1 yjlvaudc; \??\C:\Windows\system32\drivers\yjlvaudc.sys [X]
    S1 yxhbicxv; \??\C:\Windows\system32\drivers\yxhbicxv.sys [X]
    S1 yzemrqic; \??\C:\Windows\system32\drivers\yzemrqic.sys [X]
    S1 zaybylwe; \??\C:\Windows\system32\drivers\zaybylwe.sys [X]
    S1 zdyawvaq; \??\C:\Windows\system32\drivers\zdyawvaq.sys [X]
    S1 zjsviraw; \??\C:\Windows\system32\drivers\zjsviraw.sys [X]

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #5 20 Paź 2018 13:20
    Kolobos
    Spec od komputerów

    Zgraj zakladki z Chrome o ile sa Ci potrzebne. Odinstaluj Google Chrome i zainstaluj wersje ze strony google po wykonaniu wszystkich Fixlist.

    Wykonaj Fixlist.txt dla FRST:
    Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== UWAGA
    ShortcutWithArgument: C:\Users\Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Dawid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    (CloudBees, Inc.) C:\Users\Dawid\AppData\Local\NtvHost\syssvc.exe
    (Google Chrome) C:\Users\Dawid\AppData\Local\NtvHost\native.exe
    HKU\S-1-5-21-4055689081-536607644-1389942840-1001\...\Run: [9WVAWARPARM7YP2] => "C:\Program Files\HEX9WXHWG1\HEX9WXHWG.exe"
    HKU\S-1-5-21-4055689081-536607644-1389942840-1001\...\Run: [Blogger] => C:\ProgramData\Blogger\Blogger.exe //ctbgvrfertgyhhtrfedtgyunytrftgyhujyhtrfftgyhumnybtvrcev5b7uny6t5rrftyuiimunytrertyubtvr
    HKU\S-1-5-21-4055689081-536607644-1389942840-1001\...\MountPoints2: {2a386b05-89bd-11e8-819a-94de80c40fb5} - "I:\setup.exe"
    AppInit_DLLs: C:\ProgramData\Quoteex\Don-Home.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Quoteex\Villalam.dll => Brak pliku
    InternetURL: C:\Users\Dawid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BznMMQqmAG.url ->
    R2 SysSvc; C:\Users\Dawid\AppData\Local\NtvHost\syssvc.exe [360448 2018-07-24] (CloudBees, Inc.) [Brak podpisu cyfrowego]
    2018-10-19 21:44 - 2018-10-19 21:57 - 000000000 ____D C:\Users\Dawid\AppData\Roaming\WMPNetworkAcSvc
    2018-10-19 21:44 - 2018-10-19 21:45 - 000000034 _____ C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
    2018-10-19 21:43 - 2018-10-20 12:12 - 000000000 ____D C:\Users\Dawid\AppData\Local\GoogleChromeUserData
    2018-10-19 21:43 - 2018-10-19 21:43 - 001611944 _____ (Secure Download Ltd. ) C:\Users\Dawid\Downloads\Registry_Activation
    2018-10-19 21:42 - 2018-10-20 12:06 - 000000000 ____D C:\Users\Dawid\AppData\Local\NtvHost
    2018-10-19 21:42 - 2018-10-20 12:06 - 000000000 ____D C:\Users\Dawid\AppData\Local\GoogleChromeApplication
    2018-10-19 21:41 - 2018-10-20 12:07 - 000000000 ____D C:\Program Files (x86)\Multitimer
    2018-10-19 21:41 - 2018-10-19 21:58 - 000000000 ____D C:\Program Files (x86)\Mur
    2018-10-19 21:41 - 2018-10-19 21:57 - 000000000 ____D C:\ProgramData\Logic Cramble
    2018-10-19 21:41 - 2018-10-19 21:41 - 000015606 _____ C:\Windows\SysWOW64\findit.xml
    2018-10-19 21:41 - 2018-10-19 21:41 - 000000000 ____D C:\Users\Dawid\AppData\Roaming\Mozilla
    2018-10-19 21:41 - 2018-10-19 21:41 - 000000000 ____D C:\Users\Dawid\AppData\Roaming\Microleaves
    2018-10-19 21:41 - 2018-10-19 21:41 - 000000000 ____D C:\Users\Dawid\AppData\Local\AdvinstAnalytics
    2018-10-19 21:41 - 2018-10-19 21:41 - 000000000 ____D C:\Program Files (x86)\Microleaves
    2018-10-19 21:38 - 2018-10-20 12:05 - 000000000 ____D C:\Users\Dawid\AppData\Local\MicroService
    2018-10-19 21:38 - 2018-10-20 12:00 - 000000000 ____D C:\ProgramData\Blogger
    2018-10-19 21:35 - 2018-10-19 21:35 - 000000000 ____D C:\Users\Dawid\AppData\Local\Turbo.net
    2018-10-19 21:34 - 2018-10-19 21:34 - 003229749 _____ (Piriform Ltd) C:\ProgramData\Pons.exe
    2018-10-19 21:34 - 2018-10-19 21:34 - 000000000 ____D C:\ProgramData\Tut
    2018-10-16 22:27 - 2018-10-16 22:27 - 001703164 _____ ( ) C:\Users\Dawid\Desktop\AV-Audio-Editor-41891-AsystentPobierania_1176259178.exe
    2018-10-16 21:22 - 2018-10-16 21:22 - 001703164 _____ ( ) C:\Users\Dawid\Desktop\Audacity-11826-AsystentPobierania_2107110163.exe

    Po wykonaniu odinstaluj tez Online Application
    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    Po wszystkim zamiesc nowe logi z FRST, ze skanowania.

    @krzychupar a co z tym co podalem? Takie sprawdzanie nie ma sensu skoro i tak nie usuniesz infekcji.

    0
  • Pomocny post
    #7 20 Paź 2018 14:15
    Kolobos
    Spec od komputerów

    Usun jeszcze katalogi:
    C:\AdwCleaner
    C:\Users\Dawid\AppData\Local\AdvinstAnalytics
    C:\FRST

    To wszystko.

    0
  • #8 20 Paź 2018 14:17
    Husaria2
    Poziom 9  

    Wisze wam panowie duże piwo :)

    0