Widze, lubisz instalowac rozne badziewia, odinstaluj:
CCleaner
Combo Cleaner
Driver Easy 5.6.12
Registry Life
Registry Repair 5.0.1.122
Reset Windows Update Tool
WebAdvisor firmy McAfee
Do tego jeszcze infekujesz system.
Wykonaj Fixlist.txt dla FRST:
CloseProcesses:
(Konstantin Polyakov IP -> Chemtable Software) C:\Program Files\Registry Life\StartupCheckingService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-2388786912-4040164835-783909869-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35144320 2021-08-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2388786912-4040164835-783909869-1001\...\Run: [Opera GX Browser Assistant] => D:\Users\Tadeu\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2388786912-4040164835-783909869-1001\...\Run: [Opera Browser Assistant] => C:\Users\Tadeu\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4094672 2021-08-25] (Opera Software AS -> Opera Software)
GroupPolicy: Ograniczenia ? <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
Task: {18221BA7-25AF-45DF-9EE1-A074B30F5C72} - System32\Tasks\Opera scheduled assistant Autoupdate 1554007896 => C:\Users\Tadeu\AppData\Local\Programs\Opera\launcher.exe [41907408 2021-08-25] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Tadeu\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {23E61C71-85CA-4765-9A81-DF90BD84C473} - System32\Tasks\Opera GX scheduled Autoupdate 1562870117 => D:\Users\Tadeu\AppData\Local\Programs\Opera GX\launcher.exe [3774160 2021-08-25] (Opera Software AS -> Opera Software)
Task: {27C02A52-E765-4FDF-8A20-5F11D6EF07DF} - System32\Tasks\Opera scheduled Autoupdate 1537443300 => C:\Users\Tadeu\AppData\Local\Programs\Opera\launcher.exe [41907408 2021-08-25] (Opera Software AS -> Opera Software)
Task: {3A2A87B6-B8B4-43BD-B199-4B09699BE74B} - System32\Tasks\Driver Easy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe [3617760 2019-07-05] (Easeware Technology Limited -> Easeware)
Task: {42B7E967-E1CE-4A56-A34D-61B03B05F683} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1617037534 => D:\Users\Tadeu\AppData\Local\Programs\Opera GX\launcher.exe [3774160 2021-08-25] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="D:\Users\Tadeu\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {8312377C-2B4C-47D1-824D-1DDC605250FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29211264 2021-08-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {9A383944-1AF0-4B90-B1DA-3B3DC8806928} - System32\Tasks\CCleanerSkipUAC - Tadeu => C:\Program Files\CCleaner\CCleaner.exe [29211264 2021-08-16]
Task: {E3C53DAE-3744-42FA-BE3B-DDDF1B1A0258} - System32\Tasks\Firefox Default Browser Agent 26CD186E3A4C9147 => C:\Users\Tadeu\AppData\Roaming\dsfawtd [4419176 2021-08-27] (Microsoft Windows -> Microsoft Corporation) <==== UWAGA
C:\Users\Tadeu\AppData\Roaming\dsfawtd
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
R2 Chemtable Startup Checking; C:\Program Files\Registry Life\StartupCheckingService.exe [9924368 2019-10-29] (Konstantin Polyakov IP -> Chemtable Software)
S3 ComboCleaner.Guard; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.Guard.exe [142976 2021-08-20] (RCS LT, UAB -> RCS LT)
S3 ComboCleaner.WinService; C:\Program Files (x86)\Combo Cleaner\ComboCleaner.WinService.exe [150656 2021-08-20] (RCS LT, UAB -> RCS LT)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [977824 2021-08-23] (McAfee, LLC -> McAfee, LLC)
R2 WinDivert1.2; C:\windows\system32\drivers\WinDivert64.sys [37552 2018-09-25] (Nemea Mjukvaruutveckling AB -> Basil)
2021-09-08 21:30 - 2021-09-08 21:30 - 000000000 ____D C:\Users\Tadeu\AppData\Roaming\GlarySoft
2021-09-08 21:29 - 2021-09-08 21:29 - 006406968 _____ (Glarysoft Ltd) C:\Users\Tadeu\Downloads\rrsetup.exe
2021-09-08 21:29 - 2021-09-08 21:29 - 000001325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk
2021-09-08 21:29 - 2021-09-08 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2021-09-08 21:29 - 2021-09-08 21:29 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2021-09-08 21:20 - 2021-09-08 21:20 - 000001007 _____ C:\Users\Public\Desktop\Registry Life.lnk
2021-09-08 21:20 - 2021-09-08 21:20 - 000000000 ____D C:\Users\Tadeu\AppData\Roaming\ChemTable Software
2021-09-08 21:20 - 2021-09-08 21:20 - 000000000 ____D C:\Users\Tadeu\AppData\Local\ChemTable Software
2021-09-08 21:20 - 2021-09-08 21:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Life
2021-09-08 21:20 - 2021-09-08 21:20 - 000000000 ____D C:\ProgramData\Chemtable Software
2021-09-08 21:20 - 2021-09-08 21:20 - 000000000 ____D C:\Program Files\Registry Life
2021-09-08 21:17 - 2021-09-08 21:17 - 051737712 _____ (IObit ) C:\Users\Tadeu\Downloads\advanced-systemcare-pro-14-5-0-290.exe
2021-09-07 21:11 - 2021-09-08 22:14 - 000000000 ____D C:\Program Files (x86)\Combo Cleaner
2021-09-07 21:11 - 2021-09-07 21:11 - 000001966 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Combo Cleaner.lnk
2021-09-07 21:11 - 2021-09-07 21:11 - 000000000 ____D C:\Users\Tadeu\AppData\Local\RCS_LT
2021-09-07 18:46 - 2021-09-07 18:46 - 000002904 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Tadeu
2021-09-07 18:15 - 2021-09-07 18:38 - 000000000 ___HD C:\Users\Tadeu\AppData\Roaming\WinHost
2021-09-07 18:15 - 2021-09-07 18:15 - 000171344 ____C C:\Users\Tadeu\AppData\LocalLow\8y1aFETqeK8.zip
2021-09-07 18:14 - 2021-09-07 18:25 - 000003728 _____ C:\WINDOWS\system32\Tasks\Firefox Default Browser Agent 26CD186E3A4C9147
2021-09-07 18:13 - 2021-09-07 18:39 - 000000000 ___HD C:\WINDOWS\rss
2021-09-07 18:12 - 2021-09-07 18:38 - 000000000 ___DC C:\Users\Tadeu\AppData\LocalLow\aD1rF3aM8r
2021-09-07 18:12 - 2021-09-07 18:24 - 006826592 ____N C:\WINDOWS\system32\Drivers\mZ7s0TKrb.sys
2021-09-07 18:12 - 2021-09-07 18:12 - 000108032 ____C (adfasdas) C:\Users\Tadeu\Documents\nkFNgG7H8zB9bur6s4E2TE4f.exe
2021-09-07 18:11 - 2021-09-07 18:38 - 000000000 ____D C:\Users\Tadeu\AppData\Roaming\wushup
2021-09-07 18:11 - 2021-09-07 18:11 - 000000000 ____D C:\Users\Tadeu\AppData\Roaming\Telson
2021-09-07 18:11 - 2021-09-07 18:11 - 000000000 ____D C:\Users\Tadeu\AppData\Local\Yandex
2021-09-07 18:11 - 2021-09-07 18:11 - 000000000 ____D C:\Users\Tadeu\AppData\Local\Downloaded Installations
2021-09-07 18:10 - 2021-09-07 18:38 - 000000000 ____D C:\Program Files (x86)\PowerControl
2021-09-07 18:10 - 2021-09-07 18:38 - 000000000 ____D C:\Program Files (x86)\Company
2021-09-07 18:10 - 2021-09-07 18:25 - 000003638 _____ C:\WINDOWS\system32\Tasks\PowerControl HR
2021-09-07 18:10 - 2021-09-07 18:25 - 000003382 _____ C:\WINDOWS\system32\Tasks\PowerControl LG
2021-09-07 18:10 - 2021-09-07 18:16 - 000000000 ____D C:\ProgramData\OBA23T5WFCTJUBJCLLDB5EXF4
2021-09-07 18:10 - 2021-09-07 18:10 - 000000278 ____C C:\Users\Tadeu\Documents\NcwnOSd4rFQ7hMTmBWL_AhwW.exe
2021-09-07 18:09 - 2021-09-07 18:09 - 000000223 ____C C:\Users\Tadeu\Documents\2kOj0nAfBskbiu4KntHyerTP.exe
2021-09-07 18:09 - 2021-09-07 18:09 - 000000000 ____D C:\Program Files (x86)\Versium Research
2021-09-07 18:08 - 2021-09-08 14:21 - 000000000 ____D C:\Users\Tadeu\AppData\Local\netinfoapp
2021-09-07 18:08 - 2021-09-07 18:08 - 000000000 ____D C:\Users\Tadeu\AppData\Local\AdvinstAnalytics
2021-08-27 21:21 - 2021-08-27 21:21 - 004419176 ___SH (Microsoft Corporation) C:\Users\Tadeu\AppData\Roaming\dsfawtd
2021-08-27 21:21 - 2021-08-27 21:21 - 000008226 ___SH C:\Users\Tadeu\AppData\Roaming\cgtubig
2021-08-24 09:30 - 2021-08-24 09:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2020-05-24 08:09 - 2020-06-04 19:41 - 000009913 _____ () C:\Program Files (x86)\INSTALL.LOG
2020-05-24 08:09 - 2001-05-24 12:59 - 000162304 _____ () C:\Program Files (x86)\UNWISE.EXE
2021-08-27 21:21 - 2021-08-27 21:21 - 000008226 ___SH () C:\Users\Tadeu\AppData\Roaming\cgtubig
2021-08-27 21:21 - 2021-08-27 21:21 - 004419176 ___SH (Microsoft Corporation) C:\Users\Tadeu\AppData\Roaming\dsfawtd
2021-09-07 18:24 C:\WINDOWS\system32\Drivers\mZ7s0TKrb.sys
Po wykonaniu zrob pelny skan przy pomocy mbam oraz adwclenaer i usun to co wykryja oraz zamiesc nowe logi z FRST, ze skanowania.
