pomoc z malwarami

[konrad28 0]

Miałem walkę z padającym pc, udało się uratować stary system jednak przywlokło się do mnie sporo syfu. Antywirusy i antymalware nie dają sobie rady. Co jest widoczne to coś co podszywa się pod przeglądarki.

Logi z FRST:

FRST http://www.wklejto.pl/283689

Addition http://www.wklejto.pl/283688

Shortcut http://www.wklejto.pl/283687

 

Z góry dzięki za pomoc

[Gość]

1. Przez Panel Sterowania spróbuj odinstalować AlphaGo oraz initialpage123 - Uninstall.

 

2. Addition.txt i Shortcut.txt zostały źle wklejone na wklejto.pl (nie ma w nich znaków (\) w ścieżkach dostępu przez co są nieużyteczne). W tym serwisie trzeba "wklejać" sam tekst (zawartość) loga a nie plik jako taki.

[konrad28 0]

poprawione

addition http://www.wklejto.pl/283727

shortcut http://wklejto.pl/283730

[Gość]

1. Przez Panel Sterowania spróbuj odinstalować AlphaGo oraz initialpage123 - Uninstall.

Nadal to jest zainstalowane.

 

Uruchom FRST a następnie (poprzez skrót klawiszowy CTRL + Y) otwórz notatnik. Wklej w nim poniższe:

 

CustomCLSID: HKU\S-1-5-21-1605185544-2035233537-2952663895-1000_Classes\CLSID\{FB147A05-B933-2663-5834-7E03041099470}\InprocServer32 -> Brak ścieżki do pliku
Task: {121122CA-1A85-479E-99DC-500A03D1C118} - System32\Tasks\{F9EBC9F4-73C4-4C79-A915-05946C55FEEA} => pcalua.exe -a "D:\lot\PPJOY 64bit install\PPJOY 64bit install\Setup.exe" -d "D:\lot\PPJOY 64bit install\PPJOY 64bit install"
Task: {1BC07BAB-86AB-40CC-B924-5D931D8C85DB} - System32\Tasks\{2E18F026-AD4C-4F95-B014-571C538340C5} => pcalua.exe -a C:\Users\kobza\Downloads\TagesSetup(1).exe -d C:\Users\kobza\Downloads
Task: {1F874310-C045-48DB-85A9-A0CF4F0B3F0F} - System32\Tasks\Drgitrevush Log => C:\Program Files (x86)\Rehakgekity\yaupdcache.exe [2017-05-25] ()
Task: {209BE95B-F9EB-4D0E-8471-069CDBF71499} - System32\Tasks\{CB5A19E4-B802-410E-9E4D-38F45F0BFD42} => pcalua.exe -a H:\skyrim\SpeedTouchUSB-3.0.1.0.12.exe -d H:\skyrim
Task: {293504F3-7925-495C-83FA-DD01EE3D152B} - System32\Tasks\{04D498E6-825D-43B0-9DAA-3C15C14C8B3A} => pcalua.exe -a C:\Users\kobza\Downloads\ESETUninstaller.exe -d C:\Users\kobza\Downloads
Task: {2E013C00-C022-4DA4-B5DE-DA7B62A43993} - System32\Tasks\{FE4487AE-98C0-4EF4-88CE-6DA9C1F85A2F} => pcalua.exe -a L:\ruter\Autorun.exe -d L:\ruter
Task: {38247A06-23AB-4CE2-8AED-DDF9E5CA27F9} - System32\Tasks\{79E7A631-3725-4FFD-982E-46580D6572C7} => pcalua.exe -a C:\Users\kobza\Downloads\Flash_Disinfector_www.INSTALKI.pl.exe -d C:\Users\kobza\Downloads
Task: {6E2976D0-3F64-4878-91D8-3F9AB203A709} - System32\Tasks\{AE53DCDB-E83F-442E-93F7-513D6026E673} => pcalua.exe -a "C:\Users\kobza\Downloads\Nowy folder (4)\accelfix.exe" -d "C:\Users\kobza\Downloads\Nowy folder (4)"
Task: {6FF0F255-9C0D-4DEC-A7A1-A2BFF1C35A4A} - System32\Tasks\{8D3F1744-2575-4436-9FB0-25D79E1D657B} => pcalua.exe -a L:\SpeedTouchUSB-3.0.1.0.12.exe -d L:\
Task: {75F942FE-3621-47F2-9593-813BBE500742} - System32\Tasks\{07BA5130-70DC-45CA-8A64-6CD4B43B9B75} => pcalua.exe -a "C:\Users\kobza\Desktop\hujhhuj\Nowy folder (2)\Nowy folder\ZTEZXDSL852_rohs\setup.exe" -d "C:\Users\kobza\Desktop\hujhhuj\Nowy folder (2)\Nowy folder\ZTEZXDSL852_rohs"
Task: {7637F45D-3145-45FE-AEB8-0D427D91FAD4} - System32\Tasks\{67652164-DF44-4656-9B35-03351B73A234} => pcalua.exe -a H:\skyrim\SpeedTouchUSB-3.0.1.0.12.exe -d H:\skyrim
Task: {7EDBF382-1059-4C3E-AA27-847302A6EDC9} - System32\Tasks\{59463248-48F1-418E-BB7B-BE5D0AC1EBBB} => pcalua.exe -a H:\SpeedTouch330_for_Vista\setup.exe -d H:\SpeedTouch330_for_Vista
Task: {9E036F48-0E1F-46C1-B22B-E5DAB6E1488D} - System32\Tasks\Microsoft\Windows\DeviceSettings\Dicuiedghersapy => msiexec.exe /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/occup.php?p=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739&d=20170525 /q <==== UWAGA
Task: {A4ADFBE9-8C30-4B88-9549-1A1DAEF4EC80} - System32\Tasks\{A7F58A7A-D614-4CD5-BD2B-9ECC3C9B713C} => pcalua.exe -a "M:\SteamLibrary\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "M:\SteamLibrary\steamapps\common\Left 4 Dead 2" -c /register
Task: {A583DF36-86FF-457C-AA48-CB441A16BCAD} - System32\Tasks\{5D8C3BDD-7047-43EF-8CDA-C07AC2506CBA} => M:\Aslains_XVM_WoT_Modpack_Installer_v.4.6.4_910.exe 
Task: {B65A4322-4BE7-4882-8CDB-1CE43F9A7689} - System32\Tasks\{78AAAC45-D84B-4532-ABB5-B5785870D983} => pcalua.exe -a C:\Users\kobza\Downloads\jre-8u40-windows-i586.exe -d C:\Users\kobza\Downloads
Task: {C98A3496-34B5-49F9-9AA6-F55E6029E74B} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2013\bdproductdata.exe
Task: {D0660161-E151-44B0-AB30-31CA2302FC28} - System32\Tasks\{77D1DA27-00C2-4C93-BEA6-F34DD02805C6} => pcalua.exe -a "C:\Program Files (x86)\Antares Audio Technologies\unins000.exe"
Task: {DFA1488E-34C1-4BBE-996E-09382F326EDF} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-17] () <==== UWAGA
Task: {E06322F4-9F29-4C7B-84BD-AEC0D31130CF} - System32\Tasks\{CA87715E-1D0B-45F9-A42F-5DCA3A926ABD} => pcalua.exe -a "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\ApplicationInstaller.exe" -d "C:\Users\kobza\Desktop\popiel dno\Nowy folder\r4wttgr\edsim51di" -c "C:\Users\kobza\Desktop\popiel dno\Nowy folder\r4wttgr\edsim51di\edsim51di.jar"
Task: {E690CA6F-6F29-4BED-A8E4-87D5CC2725C5} - \Windows Update Check - 0x0E7302EC -> Brak pliku <==== UWAGA
Task: {FDB0BAA1-B70A-4290-B171-3F32EE7F8F74} - \TotalEdit -> Brak pliku <==== UWAGA
RemoveDirectory: C:\Program Files (x86)\MIO
RemoveDirectory: C:\Program Files (x86)\Bangtony
RemoveDirectory: C:\Program Files (x86)\Firefox
C:\Users\kobza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BigFarm.lnk
C:\Users\kobza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\big_bang_empire.lnk
C:\Users\kobza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9679ee63aaa796a2\Google Chrome.lnk
C:\Users\kobza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
C:\Users\kobza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
C:\Users\kobza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
C:\Users\kobza\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk
FirewallRules: [{CBFCE882-2129-483C-B7DA-42B220279F41}] => (Allow) C:\Program Files (x86)\Bangtony\Application\chrome.exe
FirewallRules: [{24BC2E4F-135E-409C-B2CA-7809FE4E8CFF}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{E0361560-0EF4-4BD8-9147-E7B3BA76AE09}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1605185544-2035233537-2952663895-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-1605185544-2035233537-2952663895-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-21-1605185544-2035233537-2952663895-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ourluckysites.com/?type=hp&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1605185544-2035233537-2952663895-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739
FF Homepage: Mozilla\Firefox\Profiles\1soy9e18.default -> hxxp://www.ourluckysites.com/?type=hp&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739
FF NetworkProxy: Mozilla\Firefox\Profiles\1soy9e18.default -> gopher", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\1soy9e18.default -> gopher_port", 0
FF NetworkProxy: Mozilla\Firefox\Profiles\1soy9e18.default -> share_proxy_settings", true
FF NetworkProxy: Mozilla\Firefox\Profiles\1soy9e18.default -> type", 0
FF SearchPlugin: C:\Users\kobza\AppData\Roaming\Mozilla\Firefox\Profiles\1soy9e18.default\searchplugins\9s5m2cix.xml [2017-05-25]
FF SearchPlugin: C:\Users\kobza\AppData\Roaming\Mozilla\Firefox\Profiles\1soy9e18.default\searchplugins\ourluckysites.xml [2017-05-26]
FF SearchPlugin: C:\Users\kobza\AppData\Roaming\Mozilla\Firefox\Profiles\1soy9e18.default\searchplugins\wykoppl---linki.xml [2015-12-14]
FF user.js: detected! => C:\Users\kobza\AppData\Roaming\Firefox\Firefox\Profiles\1soy9e18.default\user.js [2017-05-26]
FF NetworkProxy: Firefox\Firefox\Profiles\1soy9e18.default -> gopher", ""
FF NetworkProxy: Firefox\Firefox\Profiles\1soy9e18.default -> gopher_port", 0
FF NetworkProxy: Firefox\Firefox\Profiles\1soy9e18.default -> share_proxy_settings", true
FF NetworkProxy: Firefox\Firefox\Profiles\1soy9e18.default -> type", 0
FF Extension: (SimilarWeb) - C:\Users\kobza\AppData\Roaming\Firefox\Firefox\Profiles\1soy9e18.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-05-27] [brak podpisu cyfrowego]
FF Extension: (HSearch) - C:\Users\kobza\AppData\Roaming\Firefox\Firefox\Profiles\1soy9e18.default\Extensions\@E97YHOMI-FU8L-IM23-VUT9-RVDZT7M8XL8H.xpi [2017-05-27] [brak podpisu cyfrowego]
FF SearchPlugin: C:\Users\kobza\AppData\Roaming\Firefox\Firefox\Profiles\1soy9e18.default\searchplugins\9s5m2cix.xml [2017-05-25]
FF SearchPlugin: C:\Users\kobza\AppData\Roaming\Firefox\Firefox\Profiles\1soy9e18.default\searchplugins\ourluckysites.xml [2017-05-26]
FF SearchPlugin: C:\Users\kobza\AppData\Roaming\Firefox\Firefox\Profiles\1soy9e18.default\searchplugins\startsearch.xml [2017-05-27]
FF SearchPlugin: C:\Users\kobza\AppData\Roaming\Firefox\Firefox\Profiles\1soy9e18.default\searchplugins\wykoppl---linki.xml [2015-12-14]
FF HKU\S-1-5-21-1605185544-2035233537-2952663895-1000\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files (x86)\copernic\desktopsearch4\firefoxconnector => nie znaleziono
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [brak pliku]
FF Plugin: @microsoft.com/GENUINE -> disabled [brak pliku]
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [brak pliku]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll [brak pliku]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [brak pliku]
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Users\kobza\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [brak pliku]
FF Plugin HKU\S-1-5-21-1605185544-2035233537-2952663895-1000: @acestream.net/acestreamplugin,version=3.1.16 -> C:\Users\kobza\AppData\Roaming\ACEStream\player\npace_plugin.dll [brak pliku]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <nie znaleziono>
CHR HKU\S-1-5-21-1605185544-2035233537-2952663895-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files (x86)\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx <nie znaleziono>
CHR HKU\S-1-5-21-1605185544-2035233537-2952663895-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (Fast search) - C:\Users\kobza\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2017-05-25]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.ourluckysites.com/?type=sc&ts=1495789655&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=che0812&uid=WDCXWD5000AAKX-003CA0_WD-WMAYUA56273962739
S2 BIT; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== UWAGA (ServiceDLL nie znaleziono)
S2 BIT; C:\windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== UWAGA (ServiceDLL nie znaleziono)
R2 DsSvc; C:\ProgramData\Package Cache\{00C5024D-925C-4E9E-A8E6-F9B84ABE0DA0}\packages\Win81_SDK\9bcb3fab78e80d68be28892ea7ad46c3.msp:dp [210946 ] () [brak podpisu cyfrowego] <==== UWAGA
R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [101528 2017-05-27] () <==== UWAGA
S2 snare; C:\Users\Default\AppData\Local\snare\Snare.dll [898048 2017-05-25] (IntertSect Alliance Pty Ltd) [brak podpisu cyfrowego] <==== UWAGA
S2 terana; C:\Users\kobza\AppData\Local\terana\terana.dll [908288 2017-05-26] (IntertSect Alliance Pty Ltd) [brak podpisu cyfrowego] <==== UWAGA
S2 WinSAPSvc; C:\windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== UWAGA (ServiceDLL nie znaleziono)
S2 WinSAPSvc; C:\windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) <==== UWAGA (ServiceDLL nie znaleziono)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 gzflt; Brak ImagePath
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
2017-05-27 15:23 - 2017-05-27 15:23 - 00000000 ____D C:\Users\kobza\AppData\Local\Firefox
2017-05-27 15:21 - 2017-05-27 15:21 - 00001934 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-27 15:21 - 2017-05-27 15:21 - 00000000 ____D C:\Users\kobza\AppData\Roaming\Firefox
2017-05-27 14:38 - 2017-05-27 14:38 - 00000000 ____D C:\Users\Public\Documents\Google
2017-05-27 14:38 - 2017-05-27 14:38 - 00000000 ____D C:\Users\kobza\AppData\Local\Bangtony
2017-05-27 14:32 - 2017-05-29 23:31 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-05-27 14:32 - 2017-05-29 22:54 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-05-27 14:31 - 2017-05-27 14:31 - 00000000 ____D C:\Program Files (x86)\Default Company Name
2017-05-25 10:49 - 2017-05-27 12:12 - 00000000 ____D C:\Program Files (x86)\Coicersyghermutain
2017-05-25 10:49 - 2017-05-25 10:50 - 00000000 ____D C:\Users\kobza\AppData\Local\Mihatgrerwidom
2017-05-25 18:49 - 2017-05-27 15:21 - 00000000 ____D C:\Users\kobza\AppData\Roaming\WinSAPSvc
2017-05-25 18:49 - 2017-05-26 14:09 - 00000000 ____D C:\Cosusp
2017-05-25 18:49 - 2017-05-25 18:49 - 00000000 ____D C:\Users\kobza\AppData\Local\snare
2017-05-25 10:46 - 2017-05-25 10:46 - 00073216 _____ C:\Windows\taskmgr.exe
2017-05-25 10:45 - 2017-05-27 12:13 - 00000000 ____D C:\Program Files (x86)\Rehakgekity
2017-05-25 10:45 - 2017-05-26 13:43 - 00000000 ____D C:\Program Files (x86)\Drgitrevush Log
2017-05-25 10:45 - 2017-05-26 11:01 - 00005591 _____ C:\ProgramData\log.ewbt
2017-05-25 10:45 - 2017-05-26 11:01 - 00000128 _____ C:\ProgramData\log.ewbb
2017-05-25 18:52 - 2017-05-25 18:52 - 00000000 ____D C:\Users\Default\AppData\Local\snare
2017-05-25 18:52 - 2017-05-25 18:52 - 00000000 ____D C:\Users\Default User\AppData\Local\snare
2017-05-25 18:51 - 2017-05-27 15:19 - 00000000 ____D C:\ProgramData\BIT
2017-05-25 10:45 - 2017-05-25 10:56 - 00000000 ____D C:\Users\kobza\AppData\Roaming\Mujuied
2017-05-25 10:45 - 2017-05-25 10:49 - 00000000 ____D C:\Users\kobza\AppData\Local\Omlefiposy
Hosts:
EmptyTemp:

 

Poprzez skrót klawiszowy Ctlr + S zapisz zmiany w notatniku a następnie w FRST kliknij na Napraw. Na zakończenie naprawy wymagany restart systemu.

[konrad28 0]

initialpage123 - Uninstall nie można tego usunąć zarówna przez dodaj/usuń jak i ccleaner

[Gość]

Wykonaj naprawę w FRST a po restarcie zrób nowe logi.

[konrad28 0]

logi po naprawie

FRST http://wklejto.pl/283750

Addition http://www.wklejto.pl/283751

Shortcut http://www.wklejto.pl/283752

[Gość]

Uruchom FRST a następnie (poprzez skrót klawiszowy CTRL + Y) otwórz notatnik. Wklej w nim poniższe:

 

CloseProcesses:
() C:\Windows\KMS-R@1n.exe
Task: {3C319715-A038-4935-AD60-41A5D73E5AD2} - System32\Tasks\R@1n-KMS\Office15ProPlus => wmic
HKLM\...\Providers\9s5m2cix: C:\Program Files (x86)\Drgitrevush Log\local64spl.dll
ShellExecuteHooks: Brak nazwy - {8F294F68-3EB8-11E7-AD15-64006A5CFC23} - C:\Users\kobza\AppData\Roaming\Mujuied\Reisaward.dll -> Brak pliku
U3 gzflt; Brak ImagePath
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0E9D32A0-0C48-467D-9DD8-AD7EFBF8C191}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0E9D32A0-0C48-467D-9DD8-AD7EFBF8C191}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9BBBE122-1B73-4032-9818-BD5B2BEEA66D}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BBBE122-1B73-4032-9818-BD5B2BEEA66D}
2017-05-26 11:06 - 2017-05-26 11:06 - 00000000 ____D C:\Users\kobza\AppData\Local\terana
2017-05-25 19:19 - 2017-05-25 19:19 - 00000000 ____D C:\Users\kobza\AppData\Local\bdch
2017-05-25 11:28 - 2017-05-25 11:28 - 00000000 ____D C:\Users\kobza\AppData\Local\mpress
2017-05-25 10:46 - 2017-05-27 12:11 - 00000000 ____D C:\Users\kobza\AppData\Roaming\ServerTest
2017-05-25 10:46 - 2017-05-25 10:46 - 00073216 _____ C:\Windows\taskmgr.exe
EmptyTemp:

 

Poprzez skrót klawiszowy Ctrl + S zapisz zmiany w notatniku a następnie w FRST kliknij na Napraw. Na zakończenie naprawy wymagany restart systemu.

Napisz czy po restarcie problem ustąpił, a jeśli nie, jakiej dotyczy przeglądarki.

[konrad28 0]

ok, chyba jest ok, dzięki za pomoc