Prosze o sprawdzenie logów.

**Posty:** 25 · przez **emillo2502** 11 Sty 2018, 22:17

Włączają mi się same przęglądarki(internet explorer i chrome) Mozilla sama została usunięta.Nie mogę włączyć Addcleanera.
OTL

OTL.Txt: (232.3 KiB) Ściągnięto 163 razy

FRST

Addition.txt: (61.26 KiB) Ściągnięto 160 razy

FRST.txt: (68.78 KiB) Ściągnięto 153 razy

Shortcut.txt: (57.13 KiB) Ściągnięto 158 razy

**Posty:** 4765 · przez **ordynat** 12 Sty 2018, 00:11

Cała masa Trojanów!

Daję do usuwania niektóre skróty, bo przekierowują do C:\Users\Emil\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <==== Cyrillic
(nawet nie wiem, co to jest)

1) Otwórz Notatnik i wklej w nim:

Task: {29051D00-7149-4190-A39A-408471507535} - System32\Tasks\Stealth DVD CAP => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Stealth DVD CAP\Stealth DVD CAP.dll",kwHRDFVZv <==== UWAGA
Task: {2C5C1222-890B-412A-B33A-AE9BF4E89861} - System32\Tasks\Windows_Antimalware_Host_Systm => C:\ProgramData\MicrosoftCorporation\Windows\System32\Isass.exe [2018-01-07] () <==== UWAGA
C:\ProgramData\MicrosoftCorporation\Windows\System32\Isass.exe
Task: {32D9EA24-DBD3-490B-8BB3-9256DCD4625D} - System32\Tasks\updater => C:\Program Files (x86)\System Native\Main Services\updater.exe [2018-01-11] (System Native)
C:\Program Files (x86)\System Native\Main Services\updater.exe
Task: {463522C4-491E-4455-81A4-7F01DE5CFB32} - System32\Tasks\GoogleUpdateSecurityTaskMachine_MX => C:\Users\Emil\AppData\Roaming\a24c60a98566473689914b92d2deb455\chipset.exe exec hide KHSROETVBO.cmd <==== UWAGA
Task: {46E76D9D-9917-410E-BE8C-84C99B388966} - System32\Tasks\GoogleUpdateSecurityTaskMachine_SX => C:\Users\Emil\AppData\Local\2cda02a9b4a4450ea4f1fa26062432c0\chipset.exe exec hide MFENJGMVYD.cmd <==== UWAGA
Task: {57302AB6-0210-48A9-9731-9818D2CE7FE3} - System32\Tasks\GoogleUpdateSecurityTaskMachine_RT => C:\ProgramData\6ec3b6ea51d848de8cc33c2633d67fab\chipset.exe exec hide ANKBEWXKFS.cmd <==== UWAGA
Task: {61221346-3516-453F-8275-E5A74CA17015} - System32\Tasks\GoogleUpdateSecurityTaskMachine_ZU => C:\Users\Emil\AppData\Local\Temp\da0e921fef8648f0b5e1b0b3e7313444\chipset.exe exec hide GVBAHLLKME.cmd <==== UWAGA
RemoveDirectory: C:\ProgramData\6ec3b6ea51d848de8cc33c2633d67fab
RemoveDirectory: C:\Users\Emil\AppData\Local\2cda02a9b4a4450ea4f1fa26062432c0
RemoveDirectory: C:\Users\Emil\AppData\Roaming\a24c60a98566473689914b92d2deb455
RemoveDirectory: C:\Users\Emil\AppData\Local\Temp\da0e921fef8648f0b5e1b0b3e7313444
VirusTotal: C:\ProgramData\WindowsAppCertification\checker.vbs
Task: {86AF2712-D834-456B-9AD4-DEEFCB037FF4} - System32\Tasks\Guard => C:\Program Files (x86)\System Native\Main Services\Guard.exe [2018-01-11] ()
C:\Program Files (x86)\System Native\Main Services\Guard.exe
Task: {98DC0050-D5AF-4446-AA73-0C4F8DB71E76} - System32\Tasks\LaCieS => C:\Disk\WebService.exe [2017-11-22] (TODO: <Company name>)
C:\Disk
Task: {B9BA01EF-C0A3-400D-AB7C-AEC20F92B2AC} - System32\Tasks\GoogleUpdateSecurityTaskMachine_YD => C:\Users\Emil\AppData\Local\Temp\76e207fce95e49449ef04c1659849c71\chipset.exe exec hide XSSOFOQIQD.cmd <==== UWAGA
Task: {C5346CF9-760C-4435-BF59-9A6DA74FFB45} - System32\Tasks\GoogleUpdateSecurityTaskMachine_SU => C:\Users\Emil\AppData\Local\0d2f45a02ee74fd08591c902e0dc7f13\chipset.exe exec hide EHKHGRZHJP.cmd <==== UWAGA
RemoveDirectory: C:\Users\Emil\AppData\Local\Temp\76e207fce95e49449ef04c1659849c71
RemoveDirectory: C:\Users\Emil\AppData\Local\0d2f45a02ee74fd08591c902e0dc7f13
Task: {C87B6080-531E-4C1F-A049-5266C40147C5} - System32\Tasks\GoogleUpdateSecurityTaskMachine_PZ => C:\ProgramData\ec57d713389349cd991cb44f5558bc29\chipset.exe exec hide JZQCCHADFX.cmd <==== UWAGA
Task: {CB0C7963-E76F-4F87-AA4F-2A8C8622BC03} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HO => C:\Users\Emil\AppData\Local\be39ff99d26045ceb00a639d305fc110\chipset.exe exec hide ICTJNXEXDP.cmd <==== UWAGA
Task: {CB5CE9C8-F380-46F8-BBEC-F4912BCFB0BA} - System32\Tasks\SMS-it => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\SMS-it\SMS-it.dll",tTwRcFMe <==== UWAGA
Task: {E23A6F4E-5DCC-47E0-8397-F9B794420D65} - System32\Tasks\GoogleUpdateSecurityTaskMachine_SM => C:\Users\Emil\AppData\Roaming\36690210ce554bccbb15f3a03c356936\chipset.exe exec hide DTSZWBLGDJ.cmd <==== UWAGA
RemoveDirectory: C:\ProgramData\ec57d713389349cd991cb44f5558bc29
RemoveDirectory: C:\Users\Emil\AppData\Roaming\36690210ce554bccbb15f3a03c356936
RemoveDirectory: C:\Program Files\SMS-it
RemoveDirectory: C:\Users\Emil\AppData\Local\be39ff99d26045ceb00a639d305fc110
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
Task: {F68E47E6-405F-45A2-B984-B9AC6A4049B1} - System32\Tasks\GoogleUpdateSecurityTaskMachine_XM => C:\Users\Emil\AppData\Local\Temp\aa4cc716d4214bb98531e0097d47c2bc\chipset.exe exec hide SMWFCLLFVE.cmd <==== UWAGA
RemoveDirectory: C:\Users\Emil\AppData\Local\Temp\aa4cc716d4214bb98531e0097d47c2bc
C:\Users\Emil\Desktop\Сrоssout Lаuncher.lnk
C:\Users\Emil\AppData\Roaming\Browsers
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Сrоssout Lаunсhеr.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Eхplorer.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WаrThunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfоx.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk
C:\Users\Public\Desktop\DАЕMОN Tools Litе.lnk
C:\Users\Public\Desktop\Gооglе Сhrome.lnk
C:\Users\Public\Desktop\Маfia 2.lnk
ShortcutWithArgument: C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://go.playmmogames.com/aff_c?offer_id=698&aff_id=1034&source=1&click_id=e2fe395430f173bfde38c2993e006e118be6b507
2018-01-07 17:38 - 2018-01-07 17:38 - 001530880 _____ () C:\ProgramData\MicrosoftCorporation\Windows\System32\Isass.exe
2018-01-07 17:40 - 2018-01-07 17:38 - 001530880 _____ () C:\ProgramData\MicrosoftCorporation\Windows\Helpers\SecurityHeaIthService.exe
2018-01-07 17:40 - 2018-01-07 17:38 - 001530880 _____ () C:\ProgramData\MicrosoftCorporation\Windows\Helpers\SystemldleProcess.exe
2018-01-07 17:40 - 2018-01-07 17:38 - 001530880 _____ () C:\ProgramData\MicrosoftCorporation\Windows\Helpers\winIogon.exe
2017-12-29 13:28 - 2017-12-29 13:28 - 000071680 _____ () C:\Users\Emil\AppData\Roaming\threatdatabase\tdget.exe
RemoveDirectory: C:\ProgramData\7e7df1772d1f4cd885a7d9ce653aa23d
RemoveDirectory: C:\Users\Emil\AppData\Roaming\38dd125d8db246e386be0acbeba8774a
RemoveDirectory: C:\Users\Emil\AppData\Roaming\a24c60a98566473689914b92d2deb455
HKLM\...\Run: [gplyra] => C:\Users\Emil\AppData\Roaming\gplyra\gplyra.exe <==== UWAGA
HKLM\...\Run: [s9z2jUbcJm] => C:\Program Files\GnappltlpGnFgr0a\.s9zappltlps9z.vbs [168 2018-01-07] ()
RemoveDirectory: C:\Program Files\GnappltlpGnFgr0a
RemoveDirectory: C:\Users\Emil\AppData\Roaming\gplyra
VirusTotal: C:\Users\Emil\AppData\Local\PCBooster\booster.exe
HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id_CNSSZRYNWG.exe] => C:\Program Files\Reference Assemblies\UIWMVTOCRZ\CNSSZRYNWG.exe [397824 2018-01-07] ()
HKLM\...\RunOnce: [LAPTOP-PH67M221] => C:\Windows\Temp\g7F86.tmp.exe <==== UWAGA
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== UWAGA
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
C:\Program Files\Reference Assemblies\UIWMVTOCRZ
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [BROTNEHTDJ.exe] => C:\Users\Emil\AppData\Local\Temp\IMHJKPDVQI\BROTNEHTDJ.exe [833024 2018-01-07] (@7NuXELGn) <==== UWAGA
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [Windows_Antimalware_Host_Syst] => C:\ProgramData\MicrosoftCorporation\Windows\System32\Isass.exe [1530880 2018-01-07] () <==== UWAGA
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [amWGnEEh3.exe] => C:\Users\Emil\AppData\Local\4b98d3ba4c83472f8169f86e74ea282b\amWGnEEh3.exe [934912 2018-01-07] (PfQuvaMuc)
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [2btmOe6V.exe] => C:\Users\Emil\AppData\Local\59d421e89e4c4d25b48e599eea0a7e21\2btmOe6V.exe [847360 2018-01-07] (vS)
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [ANKBEWXKFS.exe] => C:\ProgramData\6ec3b6ea51d848de8cc33c2633d67fab\ANKBEWXKFS.exe [847360 2018-01-07] (vS)
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [MFENJGMVYD.exe] => C:\Users\Emil\AppData\Local\2cda02a9b4a4450ea4f1fa26062432c0\MFENJGMVYD.exe [934912 2018-01-07] (PfQuvaMuc)
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [tw4lOEdC.exe] => C:\Users\Emil\AppData\Roaming\f4d4e9ac35464628b73ebf783e9e8de7\tw4lOEdC.exe [771072 2018-01-09] (BXQY)
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [Pw3tv7vkPXSek.exe] => C:\Users\Emil\AppData\Local\b6cd4f467a024ab883ab51df93c83807\Pw3tv7vkPXSek.exe [513024 2018-01-09] (rc56o)
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [cMOM5JjL0e.exe] => C:\Users\Emil\AppData\Local\Temp\f57b2aaddbaa4a8f99f0c50378bfbd4c\cMOM5JjL0e.exe [570880 2018-01-11] () <==== UWAGA
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [gYaKxviEI0kY.exe] => C:\ProgramData\7e7df1772d1f4cd885a7d9ce653aa23d\gYaKxviEI0kY.exe [503808 2018-01-11] ()
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [QKBGVKRULN.exe] => C:\Users\Emil\AppData\Roaming\38dd125d8db246e386be0acbeba8774a\QKBGVKRULN.exe [570880 2018-01-11] ()
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [KHSROETVBO.exe] => C:\Users\Emil\AppData\Roaming\a24c60a98566473689914b92d2deb455\KHSROETVBO.exe [503808 2018-01-11] ()
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\RunOnce: [Hl2wKl1.exe] => C:\Users\Emil\AppData\Local\Temp\ec690784937e49439e15daf6c01e6f9d\Hl2wKl1.exe [545792 2018-01-11] () <==== UWAGA
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\RunOnce: [PWSNXNCTGV.exe] => C:\ProgramData\10452c2e1ef9406bbbd7577b7491c94b\PWSNXNCTGV.exe [545792 2018-01-11] () <==== UWAGA
C:\Users\Emil\AppData\Local\4b98d3ba4c83472f8169f86e74ea282b
C:\Users\Emil\AppData\Local\59d421e89e4c4d25b48e599eea0a7e21
C:\ProgramData\6ec3b6ea51d848de8cc33c2633d67fab
C:\Users\Emil\AppData\Local\2cda02a9b4a4450ea4f1fa26062432c0
C:\Users\Emil\AppData\Roaming\f4d4e9ac35464628b73ebf783e9e8de7
C:\Users\Emil\AppData\Local\b6cd4f467a024ab883ab51df93c83807
C:\ProgramData\7e7df1772d1f4cd885a7d9ce653aa23d
C:\Users\Emil\AppData\Roaming\38dd125d8db246e386be0acbeba8774a
C:\Users\Emil\AppData\Roaming\a24c60a98566473689914b92d2deb455
C:\ProgramData\10452c2e1ef9406bbbd7577b7491c94b
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\.s9zappltlps9z.vbs [2018-01-07] ()
Startup: C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Isass.lnk [2018-01-07]
ShortcutTarget: Isass.lnk -> C:\ProgramData\MicrosoftCorporation\Windows\System32\Isass.exe ()
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
GroupPolicy\User: Ograniczenia <==== UWAGA
CHR Extension: (Tiempo en colombia en vivo) - C:\Users\Emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbhodkgjhojjjggokjjlbccecdhkjjgl [2018-01-07]
CHR Extension: (Quick Searcher) - C:\Users\Emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-01-07]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
S3 updater; C:\Program Files (x86)\System Native\Main Services\updater.exe [571648 2018-01-11] (System Native)
S3 aswHdsKe; \??\C:\WINDOWS\system32\drivers\aswHdsKe.sys [X]
2018-01-07 17:39 - 2018-01-07 17:39 - 000000000 ____D C:\ProgramData\cece003e-32e5-1
2018-01-07 17:39 - 2018-01-07 17:39 - 000000000 ____D C:\ProgramData\cece003e-0f25-0
2018-01-07 17:38 - 2018-01-07 20:33 - 000930816 _____ C:\Users\Emil\AppData\Local\po.db
2018-01-07 17:38 - 2018-01-07 17:50 - 000000004 _____ C:\ProgramData\lock.dat
2018-01-07 17:38 - 2018-01-07 17:38 - 000140800 _____ C:\Users\Emil\AppData\Local\installer.dat
2018-01-07 17:38 - 2018-01-07 17:38 - 000011568 _____ C:\Users\Emil\AppData\Local\InstallationConfiguration.xml
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
Task: {011C9248-C9B7-4D39-A475-B50801E77F28} - System32\Tasks\Microsoft\Windows\Application Experience\Threat Base Loader => C:\Users\Emil\AppData\Roaming\\threatdatabase\\tdget.exe [2017-12-29] ()
C:\Users\Emil\AppData\Roaming\\threatdatabase\\tdget.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\Emil\Downloads
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Powstanie plik fixlog.txt.
Daj ten log.

2) Zrób nowe logi FRST.
przed skanem zaznacz: Additional.txt Shortcut.txt,
.

Autor postu otrzymał pochwałę

**Posty:** 25 · przez **emillo2502** 13 Sty 2018, 13:26

Fixlog.txt: (38.55 KiB) Ściągnięto 153 razy

FRST.txt: (97.48 KiB) Ściągnięto 222 razy

Shortcut.txt: (55.13 KiB) Ściągnięto 153 razy

Addition.txt: (49.03 KiB) Ściągnięto 149 razy

**Posty:** 4765 · przez **ordynat** 13 Sty 2018, 14:27

Sytuacja jest zła.
Masz tego Trojana: https://vms.drweb.com/virus/?i=15868885&lng=en
On ściąga inne Trojany, i na dodatek wyłączył Certyfikaty wszystkich programów ochronnych, więc one nie mogą działać.

1) Otwórz Notatnik i wklej w nim:

C:\Users\Emil\AppData\Local\PCBooster\booster.exe
RemoveDirectory: C:\Users\Emil\AppData\Local\PCBooster
Task: {0F55FD5F-2C68-41A8-B88C-9EE66FBE00E4} - \updater -> Brak pliku <==== UWAGA
Task: {2A2A1F3D-EABB-4925-9D15-DB1FB0F5CD25} - System32\Tasks\GTA V DarkKeys => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\GTA V DarkKeys\GTA V DarkKeys.dll",MmwZeFGqUpZC <==== UWAGA
Task: {4A114F0F-B95D-46DD-A4D6-1F42C311FED5} - \Stealth DVD CAP -> Brak pliku <==== UWAGA
Task: {83BB6A74-6AAD-42D9-8FD7-A0D396D3E56C} - \Guard -> Brak pliku <==== UWAGA
Task: {8442763F-92D9-47B2-878F-48D04F80A5B1} - System32\Tasks\GoogleUpdateSecurityTaskMachine_JC => C:\Users\Emil\AppData\Roaming\f11d0f03a4d044248fe2bc1573200167\chipset.exe exec hide TSFVNBJDUY.cmd <==== UWAGA
RemoveDirectory: C:\Users\Emil\AppData\Roaming\f11d0f03a4d044248fe2bc1573200167
Task: {A1AE8AC0-2D9D-47C8-9BA8-429384B48264} - System32\Tasks\GoogleUpdateSecurityTaskMachine_IU => C:\Users\Emil\AppData\Local\d3561c3a8e6f415dabf8e4de2b866b83\chipset.exe exec hide DIQWLQEWIK.cmd <==== UWAGA
Task: {A3E0BDBE-DCC7-42F4-B793-E9B58EA83AE5} - System32\Tasks\GoogleUpdateSecurityTaskMachine_FG => C:\Users\Emil\AppData\Roaming\38dd125d8db246e386be0acbeba8774a\chipset.exe exec hide QKBGVKRULN.cmd <==== UWAGA
Task: {AAFF5F57-8E61-4532-9FF5-D12CFDD4A38E} - System32\Tasks\GoogleUpdateSecurityTaskMachine_LS => C:\ProgramData\10452c2e1ef9406bbbd7577b7491c94b\chipset.exe exec hide PWSNXNCTGV.cmd <==== UWAGA
RemoveDirectory: C:\Users\Emil\AppData\Local\d3561c3a8e6f415dabf8e4de2b866b83
RemoveDirectory: C:\ProgramData\10452c2e1ef9406bbbd7577b7491c94b
RemoveDirectory: C:\Users\Emil\AppData\Roaming\38dd125d8db246e386be0acbeba8774a
Task: {CB9600F7-63B7-421F-B6C9-6A10396D5DD4} - \SMS-it -> Brak pliku <==== UWAGA
Task: {F4C4F9E9-55E4-4BC5-A30D-50AA46C5E3BA} - System32\Tasks\Edittor => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Edittor\Edittor.dll",zkyAhNAzDBK <==== UWAGA
RemoveDirectory: C:\Program Files\Edittor
Task: {427C8AE3-2ECD-4F72-B5E5-9F559F406A02} - System32\Tasks\Audio Recorder for MS Backup => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Audio Recorder for MS Backup\Audio Recorder for MS Backup.dll",FYUVpMvOELz <==== UWAGA
C:\Users\Emil\Desktop\Сrоssout Lаuncher.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Сrоssout Lаunсhеr.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Eхplorer.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WаrThunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk
C:\Users\Public\Desktop\DАЕMОN Tools Litе.lnk
C:\Users\Public\Desktop\Gооglе Сhrome.lnk
C:\Users\Public\Desktop\Маfia 2.lnk
RemoveDirectory: C:\Users\Emil\AppData\Roaming\Browsers
RemoveDirectory: C:\ProgramData\36bf245a8192469d8fea834f91665f1c
RemoveDirectory: C:\Users\Emil\AppData\Roaming\e841298c61b949b987693a38cc561b17
HKLM-x32\...\Run: [booster] => C:\Users\Emil\AppData\Local\PCBooster\booster.exe [852992 2018-01-07] (www.xmrig.com)
HKLM\...\RunOnce: [LAPTOP-PH67M221] => C:\WINDOWS\TEMP\g8570.tmp.exe [209408 2018-01-13] () <==== UWAGA
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [XSSOFOQIQD.exe] => C:\Users\Emil\AppData\Local\Temp\76e207fce95e49449ef04c1659849c71\XSSOFOQIQD.exe <==== UWAGA
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [TSFVNBJDUY.exe] => C:\Users\Emil\AppData\Roaming\f11d0f03a4d044248fe2bc1573200167\TSFVNBJDUY.exe [570880 2018-01-11] ()
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [1offb84.exe] => C:\ProgramData\36bf245a8192469d8fea834f91665f1c\1offb84.exe [1577984 2018-01-12] ()
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [DEEsvTMqr5.exe] => C:\Users\Emil\AppData\Roaming\e841298c61b949b987693a38cc561b17\DEEsvTMqr5.exe [523264 2018-01-12] ()
HKU\S-1-5-21-2400838556-3398951076-1685541893-1001\...\Run: [BROTNEHTDJ.exe] => C:\Users\Emil\AppData\Local\Temp\IMHJKPDVQI\BROTNEHTDJ.exe <==== UWAGA
GroupPolicy: Ograniczenia <==== UWAGA
2018-01-07 20:36 - 2018-01-07 20:36 - 000000000 ____D C:\Users\Emil\AppData\Local\SystemHealer
2018-01-07 20:36 - 2018-01-07 20:36 - 000000000 ____D C:\ProgramData\9f36251e-2241-1
2018-01-07 20:36 - 2018-01-07 20:36 - 000000000 ____D C:\ProgramData\9f36251e-2175-0
2018-01-07 20:34 - 2018-01-07 20:34 - 000000000 ____D C:\Users\Emil\AppData\Roaming\5a86b393bd42451c81677c26628c68c1
2018-01-07 20:32 - 2018-01-07 20:32 - 000000000 ____D C:\Users\Emil\AppData\Roaming\3frl1wuqkcr
2018-01-07 17:41 - 2018-01-07 17:41 - 000000000 ____D C:\Windat
2018-01-07 17:37 - 2018-01-07 17:37 - 000000000 ____D C:\Users\Emil\AppData\Roaming\2qoursnbewd
HOSTS:
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\Emil\Downloads
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

2) Spróbuj ściągnąć i użyć MBAM http://www.programosy.pl/program,malwarebytes-anti-malware.html
Najprawdopodobniej to się nie uda.

3) Zrób nowe logi FRST.
.

Autor postu otrzymał pochwałę

**Posty:** 25 · przez **emillo2502** 13 Sty 2018, 23:26

Addition.txt: (50.1 KiB) Ściągnięto 154 razy

Fixlog.txt: (26.25 KiB) Ściągnięto 146 razy

FRST.txt: (96.44 KiB) Ściągnięto 160 razy

Shortcut.txt: (55.13 KiB) Ściągnięto 147 razy

**Posty:** 4765 · przez **ordynat** 14 Sty 2018, 09:52

1) Spróbuj odinstalować ten program:

Main Services (HKLM-x32\...\{9A9DEF90-72CE-43F8-A995-E42DCB0D5EA1}) (Version: 1.2.9 - System Native) Hidden <==== UWAGA

2) Otwórz Notatnik i wklej w nim:

DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A9DEF90-72CE-43F8-A995-E42DCB0D5EA1}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A9DEF90-72CE-43F8-A995-E42DCB0D5EA1}
Task: {3A29E5A8-6548-4229-A4B7-30E9863CEDED} - System32\Tasks\GTA V DarkKeys => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\GTA V DarkKeys\GTA V DarkKeys.dll",MmwZeFGqUpZC <==== UWAGA
Task: {4A114F0F-B95D-46DD-A4D6-1F42C311FED5} - \Stealth DVD CAP -> Brak pliku <==== UWAGA
Task: {CB9600F7-63B7-421F-B6C9-6A10396D5DD4} - \SMS-it -> Brak pliku <==== UWAGA
Task: {F4C4F9E9-55E4-4BC5-A30D-50AA46C5E3BA} - \Edittor -> Brak pliku <==== UWAGA
C:\Users\Emil\Desktop\Сrоssout Lаuncher.lnk
RemoveDirectory: C:\Users\Emil\AppData\Roaming\Browsers
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Сrоssout Lаunсhеr.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Eхplorer.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WаrThunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk
C:\Users\Public\Desktop\DАЕMОN Tools Litе.lnk
C:\Users\Public\Desktop\Gооglе Сhrome.lnk
C:\Users\Public\Desktop\Маfia 2.lnk
C:\WINDOWS\TEMP\g490C.tmp.exe
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
HKLM\...\Run: [MRT] => C:\WINDOWS\system32\MRT-KB890830.exe [129365736 2018-01-12] (Microsoft Corporation)
HKLM\...\RunOnce: [LAPTOP-PH67M221] => C:\WINDOWS\TEMP\g3600.tmp.exe [209408 2018-01-13] () <==== UWAGA
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
GroupPolicy: Ograniczenia <==== UWAGA
S2 service_box.exe; C:\Program Files (x86)\System Native\Main Services\service_box.exe [8254376 2018-01-10] (www.somedomainthatnotexists.com) <==== UWAGA
RemoveDirectory: C:\Program Files (x86)\System Native
C:\WINDOWS\System32\Tasks\GTA V DarkKeys
C:\ProgramData\8ace5c0b87164e18a896c5799d988edc
RemoveDirectory: C:\Users\Emil\AppData\Roaming\System Native
RemoveDirectory: C:\ProgramData\dahhService
RemoveDirectory: C:\Users\Emil\AppData\Local\AdService
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Villаgers and Hеrоes.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cattle and Crops\Cattle and Crops - Launcher.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Ваttlе.net.lnk
C:\Users\Emil\Desktop\Сrоssout Lаuncher.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Сrоssout Lаunсhеr.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Eхplorer.lnk
C:\Users\Public\Desktop\Маfia 2.lnk
InternetURL: C:\Users\Emil\AppData\Local\Crossout\doc\game_website_ru.url -> URL: hxxp://crossout.ru/ru/
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść e folderze C:\Users\Emil\Downloads

3) Wejdź w Tryb Awaryjny:

Tryb awaryjny Windows 10:
przycisk Start > Ustawienia > Aktualizacja i zabezpieczenia > Odzyskiwanie > Uruchamianie zaawansowane > Uruchom teraz > system zrestartuje i pojawi się ekan z opcjami > Ustawienia zaawansowane > Ustawienia uruchamiania > Tryb awaryjny

4) Uruchom FRST i kliknij przycisk Fix (NAPRAW).

5) Zrób nowe logi FRST.
.

Autor postu otrzymał pochwałę

**Posty:** 25 · przez **emillo2502** 14 Sty 2018, 14:31

Addition.txt: (43.63 KiB) Ściągnięto 159 razy

Fixlog.txt: (19.64 KiB) Ściągnięto 152 razy

FRST.txt: (83.94 KiB) Ściągnięto 157 razy

Shortcut.txt: (54.87 KiB) Ściągnięto 164 razy

**Posty:** 4765 · przez **ordynat** 14 Sty 2018, 16:42

Jest trochę lepiej.

1) Otwórz Notatnik i wklej w nim:

Task: {3A29E5A8-6548-4229-A4B7-30E9863CEDED} - \GTA V DarkKeys -> Brak pliku <==== UWAGA
C:\Users\Emil\Desktop\Сrоssout Lаuncher.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Сrоssout Lаunсhеr.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Eхplorer.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WаrThunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfоx.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk
C:\Users\Public\Desktop\DАЕMОN Tools Litе.lnk
C:\Users\Public\Desktop\Gооglе Сhrome.lnk
C:\Users\Public\Desktop\Маfia 2.lnk
RemoveDirectory: C:\Users\Emil\AppData\Roaming\Browsers
KLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
GroupPolicy: Ograniczenia <==== UWAGA
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\Emil\Downloads
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

2) Masz MBAM - użyj go (teraz już powinien zadziałać)

3) Zrób nowe logi FRST - już bez Shortcut.
.

Autor postu otrzymał pochwałę

**Posty:** 25 · przez **emillo2502** 14 Sty 2018, 17:56

MBAM i Adwcleaner dalej nie działa

Addition.txt: (45.63 KiB) Ściągnięto 159 razy

FRST.txt: (88.44 KiB) Ściągnięto 153 razy

**Posty:** 4765 · przez **ordynat** 14 Sty 2018, 19:38

MBAM i Adwcleaner dalej nie działa

Nie działają, bo znów ich Certyfikaty wyłączyła infekcja.

Jednym słowem: bez użycia MBAM nie da się usunąć infekcji, ale MBAM nie da się użyć, bo jest infekcja - kółko się zamyka.

1) Otwórz Notatnik i wklej w nim:

HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
CHR Extension: (Quick Searcher) - C:\Users\Emil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-01-07]
C:\Users\Emil\AppData\Roaming\xtexCalculator.exe
RemoveDirectory: C:\ProgramData\{4FCEED6C-B7D9-405B-A844-C3DBF418BF87}
RemoveDirectory: C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAABF70B8}
RemoveDirectory: C:\ProgramData\MicrosoftCorporation
RemoveDirectory: C:\Program Files (x86)\Multitimer
RemoveDirectory: C:\Users\Emil\AppData\Roaming\Arkei-2153855b-801c-48e4-a6be-aa69cea0ada4
RemoveDirectory: C:\Users\Emil\AppData\Roaming\Browsers
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\xtexCalculator.lnk
C:\Users\Emil\Desktop\Сrоssout Lаuncher.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Сrоssout Lаunсhеr.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Eхplorer.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WаrThunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfоx.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk
C:\Users\Public\Desktop\DАЕMОN Tools Litе.lnk
C:\Users\Public\Desktop\Gооglе Сhrome.lnk
C:\Users\Public\Desktop\Маfia 2.lnk
HOSTS:
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\Emil\Downloads

2) Wejdź w Tryb Awaryjny

3) Uruchom FRST i kliknij przycisk Fix (NAPRAW).

4) Zrób nowe logi FRST.
.

Autor postu otrzymał pochwałę

**Posty:** 25 · przez **emillo2502** 14 Sty 2018, 22:13

Adwc i MBAM udało sie włączyć

Addition.txt: (46.93 KiB) Ściągnięto 160 razy

FRST.txt: (83.89 KiB) Ściągnięto 156 razy

Shortcut.txt: (54.73 KiB) Ściągnięto 150 razy

**Posty:** 4765 · przez **ordynat** 15 Sty 2018, 00:01

Shortcut: C:\Users\Emil\Desktop\Сrоssout Lаuncher.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Сrоssout Lаunсhеr.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Eхplorer.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WаrThunder.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfоx.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\DАЕMОN Tools Litе.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.rehcnualtd.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrome.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Маfia 2.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <==== Cyrillic

Te skróty nadal kierują na C:\Users\Emil\AppData\Roaming\Browsers\exe.rehcnualtd.bat
Co wykrył/usunął Adw-Cleaner?

**Posty:** 25 · przez **emillo2502** 15 Sty 2018, 20:05

cały czas coś wykrywa.teraz 3 elementy znalazł.wczoraj 37.PUP.Optional.Legacy, PUP.Optional.DiskPower, PUP.Optional.WeatherAlerts

**Posty:** 4765 · przez **ordynat** 15 Sty 2018, 20:28

Podaj ścieżki i nazwy plików, które wykrywa Adw-Cleaner.

Zrób nowe logi FRST

**Posty:** 261 · przez **AdamPL234** 16 Sty 2018, 09:09

Moim zdaniem, jest to bardzo poważna infekcja połączona między pobieraniem oprogramowania scareware/rogueware, a wirusem polimorficznym który infekuje wybrane przez jego elementy i wyłącza certyfikaty antywirusowe by zapobiec detekcji przez sygnaturę. Zalecam dodatkowy skan z Ultra Adware Killer i zobaczyć co on znajdzie, nawet skan z Zemany nie zaszkodzi. Jest to podobnie Trojan Vundo w zupełnie innej nazwie.

**Posty:** 25 · przez **emillo2502** 20 Sty 2018, 22:25

Addition.txt: (52.48 KiB) Ściągnięto 150 razy

FRST.txt: (86.61 KiB) Ściągnięto 161 razy

Shortcut.txt: (54.93 KiB) Ściągnięto 154 razy

**Posty:** 4765 · przez **ordynat** 20 Sty 2018, 23:23

Otwórz Notatnik i wklej w nim:

C:\Users\Emil\Desktop\Сrоssout Lаuncher.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Сrоssout Lаunсhеr.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Eхplorer.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WаrThunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfоx.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk
C:\Users\Public\Desktop\DАЕMОN Tools Litе.lnk
C:\Users\Public\Desktop\Gооglе Сhrome.lnk
C:\Users\Public\Desktop\Маfia 2.lnk
RemoveDirectory: C:\Users\Emil\AppData\Roaming\Browsers
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Villаgers and Hеrоes.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Vеgаs World.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DАEМON Тoоls Lite.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Crossout Website.lnk
C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WаrThunder.lnk
C:\Users\Public\Desktop\DАЕMОN Tools Litе.lnk
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\Emil\Downloads
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

Zrób nowe logi FRST.
.

**Posty:** 25 · przez **emillo2502** 21 Sty 2018, 00:04

Addition.txt: (51.77 KiB) Ściągnięto 154 razy

FRST.txt: (85.46 KiB) Ściągnięto 153 razy

Shortcut.txt: (54.33 KiB) Ściągnięto 157 razy

**Posty:** 4765 · przez **ordynat** 21 Sty 2018, 09:04

Shortcut: C:\Users\Emil\Desktop\Сrоssout Lаuncher.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WаrТhunder.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crossout\Сrоssout Lаunсhеr.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Eхplorer.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WаrThunder.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfoх.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Emil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Мozilla Firеfоx.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.xoferif.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gоogle Сhrоmе.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\DАЕMОN Tools Litе.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.rehcnualtd.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrome.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Маfia 2.lnk -> C:\Users\Emil\AppData\Roaming\Browsers\exe.rehcnual.bat (Brak pliku) <==== Cyrillic

Te skróty dalej są fałszywe, przekierowują do "Browsers".

Powtórz usuwanie, ale w Trybie Awaryjnym
Tryb awaryjny Windows 10:
przycisk Start > Ustawienia > Aktualizacja i zabezpieczenia > Odzyskiwanie > Uruchamianie zaawansowane > Uruchom teraz > system zrestartuje i pojawi się ekan z opcjami > Ustawienia zaawansowane > Ustawienia uruchamiania > Tryb awaryjny

Masz MBAM, więc dodatkowo przeskanuj nim komputer.
Podaj mi, co wykrył i usunął.

Potem zrób nowe logi FRST

Kto jest na forum