Logi z FRST i problem z wirusem

xpower29 · 4 Listopad 2017 17:42

Witam.
Złapałem jakiegoś wirusa. Od samego startu systemu włączają sie reklamy i nie da sie ich zatrzymać ani wyłączyć. Okno przeglądarki samo sie otwiera i nie da sie normalnie pracować na komputerze. Czytałem troche i znalazłem informacje o programie FRST ale nie potrafie zrobić loga fixlist.txt i tutaj moja prośba… czy ktoś mógłby na to spojrzeć i mi pomóc?
Byłbym bardzo wdzięczny. Dodam że skanowałem ADWCleanerem i usunąłem co znalazło. Udało sie tym sposobem załatwić sprawe z tzw snapdo bo od tego sie zaczeło. Zauważyłem jeszcze że podczas startu systemu uruchamia sie proces nheqminer.exe przez który zużycie procesora wzrasta niemalże do 100%.

Z góry dziękuję za pomoc i pozdrawiam.

edit.
Z tego co jeszcze zauważyłem to Menadżer zadań pokazuje otwarcie kilku jakichś aplikacji. Wyszukałem je w trybie online i wyskoczyło mi w google: “Online-Guardian.exe Application (32 bity)”

FRST.txt (57,8 KB)

xpower29 · 4 Listopad 2017 17:43

Addition.txt (40,9 KB)

xpower29 · 4 Listopad 2017 17:44

Shortcut.txt (37,5 KB)

Atis · 4 Listopad 2017 19:06

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

CloseProcesses:
HKLM\...\RunOnce: [Lahin_Raw_barra_al3eb_b3id_LXOAKPYEVU.exe] => C:\Program Files\Windows Portable Devices\JYNIMKUXWL\LXOAKPYEVU.exe [252416 2017-11-04] ()
C:\Program Files\Windows Portable Devices\JYNIMKUXWL
HKLM\...\RunOnce: [LENOVO-PC] => C:\WINDOWS\TEMP\gB934.tmp.exe [212992 2017-11-04] () <==== UWAGA
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [CzTbIHnzA9hPDN.exe] => C:\ProgramData\1bd3b1bc4598447680ebbde1bced0749\CzTbIHnzA9hPDN.exe [100352 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [SIRXCSFWXU.exe] => C:\Program Files\Lenovo\YPCXNKVIIU\SIRXCSFWXU.exe [604160 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [WsfzMrmbWqxE.exe] => C:\Users\Lenovo\AppData\Local\96675a0ed46f4a8089a18de3f0162ccd\WsfzMrmbWqxE.exe [495616 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [7aYrW1bS.exe] => C:\Users\Lenovo\AppData\Local\Temp\db07967f5636447da6244a51cbb9ab34\7aYrW1bS.exe -r1_1 -r2_2 <==== UWAGA
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [08Rp5Ct.exe] => C:\Users\Lenovo\AppData\Local\Temp\48004d07e07c4ca1bec8d457e554a21a\08Rp5Ct.exe -r1_1 -r2_2 <==== UWAGA
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [8X5Hnkt.exe] => C:\Users\Lenovo\AppData\Roaming\1bb2967306c94912a0a1463cdb22b24e\8X5Hnkt.exe [495616 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [EHIGGHMJHR.exe] => C:\Users\Lenovo\AppData\Local\637fa43c7f4249a3a159d385a653ae36\EHIGGHMJHR.exe [495616 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [i4yIT7qFe.exe] => C:\Users\Lenovo\AppData\Roaming\4c22fc5aa0ea460895690527c67966b4\i4yIT7qFe.exe [495616 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [Ag2pItAiLl.exe] => C:\Users\Lenovo\AppData\Roaming\a5320dab2dfe4a09af12ab45db8a577b\Ag2pItAiLl.exe [100352 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [UVPcQJqHwT8R.exe] => C:\Users\Lenovo\AppData\Local\a5704132dbc242199aadd4c0cd60b6a1\UVPcQJqHwT8R.exe [495616 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [UhUHhBB.exe] => C:\Users\Lenovo\AppData\Local\Temp\d939d80708574dd28bc29f03b7176592\UhUHhBB.exe [100352 2017-11-04] () <==== UWAGA
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [yECrRCuKs.exe] => C:\Users\Lenovo\AppData\Local\5fa829469ece4658bba65da7d5fe62db\yECrRCuKs.exe [495616 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [fchjgFH1r93E64.exe] => C:\Users\Lenovo\AppData\Local\2406009f302646728782e51a3ada3639\fchjgFH1r93E64.exe [100352 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [i87gQmJTr7Jsgs.exe] => C:\ProgramData\7effa37aee9045d681974ff271c2c785\i87gQmJTr7Jsgs.exe [495616 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\Run: [emceJmE.exe] => C:\Users\Lenovo\AppData\Local\c6053ac501104bddbadec4a08eacd3ab\emceJmE.exe [100352 2017-11-04] ()
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\...\RunOnce: [yPkf5oBU.exe] => C:\Users\Lenovo\AppData\Local\Temp\7fe05a7a02e34743ac1b1649858f82d8\yPkf5oBU.exe [750592 2017-11-04] () <==== UWAGA
GroupPolicy: Ograniczenia - Chrome <==== UWAGA
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWuxkYK9BNIFBtjCgQsNc2DsPw5H3FN8HJfyZNIqSlbVa2EsgRp0qt9MicHBiNkA41BdQCzDjCJj-vUYBsg9etr-UniWwm10lEcsAiEOqTyN4R64TTJ6c-yJ6_uVUYZSEnFUHKWuRS7fZQvQd2VclAme_eFwF9YjCk90Njechy&q={searchTerms}
HKU\S-1-5-21-4275313654-3992359934-3247212209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\ZfJRwqLPhIE\t1U2AJ7.dll [2017-11-04] ()
BHO-x32: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\ZfJRwqLPhIE\kUyAeMEpi.dll [2017-11-04] ()
FF Homepage: Mozilla\Firefox\Profiles\lg5nc79f.default -> C:\ProgramData\Plusdaxs\ff.HP
FF NewTab: Mozilla\Firefox\Profiles\lg5nc79f.default -> C:\ProgramData\Plusdaxs\ff.NT
CHR HKLM-x32\...\Chrome\Extension: [iinglghmhcgdgjjlafobajghjamdchik] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (0) - C:\Users\Lenovo\AppData\Roaming\Opera Software\Opera Stable\Extensions\llkfnldljepopholdohmfjjlofppajii [2017-11-04]
R2 aaafService_170683859; C:\ProgramData\aaaeService\aaafService_170683859.exe [1187840 2017-10-28] (Piriform Ltd) [Brak podpisu cyfrowego]
R2 AdsService; C:\Users\Lenovo\AppData\Local\AdService\AdService.dll [781312 2017-11-04] () [Brak podpisu cyfrowego]
S1 wfcre; system32\drivers\wfcre.sys [X]
2017-11-04 18:13 - 2017-11-04 18:20 - 000000000 ____D C:\Users\Lenovo\AppData\LocalLow\CelGrfgXIrZdI
2017-11-04 18:05 - 2017-11-04 18:05 - 000000000 ____D C:\Users\Lenovo\AppData\Local\c6053ac501104bddbadec4a08eacd3ab
2017-11-04 18:05 - 2017-11-04 18:05 - 000000000 ____D C:\ProgramData\7effa37aee9045d681974ff271c2c785
2017-11-04 15:18 - 2017-11-04 15:18 - 000000000 ____D C:\Users\Lenovo\AppData\Local\5fa829469ece4658bba65da7d5fe62db
2017-11-04 15:18 - 2017-11-04 15:18 - 000000000 ____D C:\Users\Lenovo\AppData\Local\2406009f302646728782e51a3ada3639
2017-11-04 15:18 - 2017-11-04 15:18 - 000000000 ____D C:\ProgramData\Microleaves
2017-11-04 15:18 - 2017-11-04 15:18 - 000000000 ____D C:\ProgramData\23901b6d16074041b1a9a1dbf5909330
2017-11-04 15:15 - 2017-11-04 15:15 - 000000000 ____D C:\Program Files (x86)\zTWnHlzwjSUn
2017-11-04 15:15 - 2017-11-04 15:15 - 000000000 ____D C:\Program Files (x86)\ZfJRwqLPhIE
2017-11-04 15:15 - 2017-11-04 15:15 - 000000000 ____D C:\Program Files (x86)\Microleaves
2017-11-04 15:15 - 2017-11-04 15:15 - 000000000 ____D C:\Program Files (x86)\JIdcnntTvnKU2
2017-11-04 15:14 - 2017-11-04 18:04 - 000000310 _____ C:\WINDOWS\Tasks\PjDfytumxbayONn.job
2017-11-04 15:14 - 2017-11-04 15:15 - 000000000 ____D C:\Program Files (x86)\kqEuPYMaU
2017-11-04 15:14 - 2017-11-04 15:14 - 000002564 _____ C:\WINDOWS\System32\Tasks\PjDfytumxbayONn
2017-11-04 15:14 - 2017-11-04 15:14 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\3fc307fd16a14d68b9840e4738b2b75b
2017-11-04 15:14 - 2017-11-04 15:14 - 000000000 ____D C:\Users\Lenovo\AppData\Local\a5704132dbc242199aadd4c0cd60b6a1
2017-11-04 14:57 - 2017-11-04 14:57 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\Microleaves
2017-11-04 14:57 - 2017-11-04 14:57 - 000000000 ____D C:\Users\Lenovo\AppData\Local\AdvinstAnalytics
2017-11-04 14:56 - 2017-11-04 14:56 - 000000000 ____D C:\Users\Lenovo\AppData\Local\AdService
2017-11-04 14:55 - 2017-11-04 14:55 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\a5320dab2dfe4a09af12ab45db8a577b
2017-11-04 14:55 - 2017-11-04 14:55 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\4c22fc5aa0ea460895690527c67966b4
2017-11-04 14:55 - 2017-11-04 14:55 - 000000000 ____D C:\ProgramData\d75c55e3151d4747b72e09fd7b41e0c8
2017-11-04 13:56 - 2017-11-04 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\1bb2967306c94912a0a1463cdb22b24e
2017-11-04 13:56 - 2017-11-04 13:56 - 000000000 ____D C:\Users\Lenovo\AppData\Local\99aa11468a0948e889a548ba46977c07
2017-11-04 13:49 - 2017-11-04 14:53 - 000000000 ____D C:\AdwCleaner
2017-11-04 13:42 - 2017-11-04 13:42 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\f02432e6eac145f69f408bd6d83d9c06
2017-11-04 13:42 - 2017-11-04 13:42 - 000000000 ____D C:\Users\Lenovo\AppData\Local\96675a0ed46f4a8089a18de3f0162ccd
2017-11-04 12:57 - 2017-11-04 13:57 - 000000000 ____D C:\Users\Lenovo\AppData\Local\637fa43c7f4249a3a159d385a653ae36
2017-11-04 12:57 - 2017-11-04 12:58 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\25095e31ec704f3fbe26fc4ef9e9d6b3
2017-11-04 12:57 - 2017-11-04 12:58 - 000000000 ____D C:\ProgramData\e2914989cb9d45bdb529aafc94e3b6d0
2017-11-04 12:57 - 2017-11-04 12:57 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\bdb66d2a3b34410aa323cfc16712732c
2017-11-04 12:57 - 2017-11-04 12:57 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\4ffee7c7ec92436392b41183d3920218
2017-11-04 12:57 - 2017-11-04 12:57 - 000000000 ____D C:\Users\Lenovo\AppData\Roaming\153643ec2afd4760ad9237425665db93
2017-11-04 12:57 - 2017-11-04 12:57 - 000000000 ____D C:\Users\Lenovo\AppData\Local\7ddfb6b82228492fa4d5d8c3e9155b96
2017-11-04 12:57 - 2017-11-04 12:57 - 000000000 ____D C:\Users\Lenovo\AppData\Local\6b9c9655b2c546419b8d9211543cfdd5
2017-11-04 12:57 - 2017-11-04 12:57 - 000000000 ____D C:\ProgramData\1bd3b1bc4598447680ebbde1bced0749
2017-11-04 12:56 - 2017-11-04 12:56 - 000000000 ____D C:\Windat
2017-11-04 12:52 - 2017-11-04 12:52 - 007334400 _____ () C:\Users\Lenovo\AppData\Local\agent.dat
2017-11-04 12:52 - 2017-11-04 12:52 - 000070800 _____ () C:\Users\Lenovo\AppData\Local\Config.xml
2017-11-04 12:52 - 2017-11-04 12:52 - 000278509 _____ () C:\Users\Lenovo\AppData\Local\Geocom.bin
2017-11-04 12:51 - 2017-11-04 12:51 - 000140800 _____ () C:\Users\Lenovo\AppData\Local\installer.dat
2017-11-04 12:52 - 2017-11-04 12:52 - 000136808 _____ () C:\Users\Lenovo\AppData\Local\Matlux.bin
2017-11-04 12:52 - 2017-11-04 12:52 - 000005568 _____ () C:\Users\Lenovo\AppData\Local\md.xml
2017-11-04 12:52 - 2017-11-04 12:51 - 002198528 _____ (TODO: <Company name>) C:\Users\Lenovo\AppData\Local\NimCore.exe
2017-11-04 12:52 - 2017-11-04 12:52 - 001900432 _____ () C:\Users\Lenovo\AppData\Local\NimCore.tst
2017-11-04 12:52 - 2017-11-04 12:52 - 000126464 _____ () C:\Users\Lenovo\AppData\Local\noah.dat
2017-11-04 12:52 - 2017-11-04 12:52 - 001895382 _____ () C:\Users\Lenovo\AppData\Local\Soft-Tam.bin
2017-11-04 12:53 - 2017-11-04 12:53 - 000001150 _____ () C:\Users\Lenovo\AppData\Local\uninstall_temp.ico
2014-01-27 04:03 - 2014-01-27 04:03 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-10-30 13:20 - 2017-11-04 18:08 - 000000032 _____ () C:\ProgramData\rwi.faaa2017-11-04 12:52 - 2017-11-04 12:52 - 007334400 _____ () C:\Users\Lenovo\AppData\Local\agent.dat
2017-11-04 12:52 - 2017-11-04 12:52 - 000070800 _____ () C:\Users\Lenovo\AppData\Local\Config.xml
2017-11-04 12:52 - 2017-11-04 12:52 - 000278509 _____ () C:\Users\Lenovo\AppData\Local\Geocom.bin
2017-11-04 12:51 - 2017-11-04 12:51 - 000140800 _____ () C:\Users\Lenovo\AppData\Local\installer.dat
2017-11-04 12:52 - 2017-11-04 12:52 - 000136808 _____ () C:\Users\Lenovo\AppData\Local\Matlux.bin
2017-11-04 12:52 - 2017-11-04 12:52 - 000005568 _____ () C:\Users\Lenovo\AppData\Local\md.xml
2017-11-04 12:52 - 2017-11-04 12:51 - 002198528 _____ (TODO: <Company name>) C:\Users\Lenovo\AppData\Local\NimCore.exe
2017-11-04 12:52 - 2017-11-04 12:52 - 001900432 _____ () C:\Users\Lenovo\AppData\Local\NimCore.tst
2017-11-04 12:52 - 2017-11-04 12:52 - 000126464 _____ () C:\Users\Lenovo\AppData\Local\noah.dat
2017-11-04 12:52 - 2017-11-04 12:52 - 001895382 _____ () C:\Users\Lenovo\AppData\Local\Soft-Tam.bin
2017-11-04 12:53 - 2017-11-04 12:53 - 000001150 _____ () C:\Users\Lenovo\AppData\Local\uninstall_temp.ico
2017-10-30 13:20 - 2017-11-04 18:08 - 000000032 _____ () C:\ProgramData\rwi.faaa
Task: {05D8F756-3C35-4369-B694-2214D089B227} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {06EE4479-F3ED-4BD2-81B3-60E86D2DDB1F} - System32\Tasks\zjwPaeaadZaNwF => rundll32 "C:\Program Files (x86)\JIdcnntTvnKU2\tCbTbPIgvUiYt.dll",#1
Task: {08237F30-D9AD-4445-8818-0DA74827144F} - System32\Tasks\GoogleUpdateSecurityTaskMachine_SZ => C:\Users\Lenovo\AppData\Roaming\bdb66d2a3b34410aa323cfc16712732c\chipset.exe exec hide WAARBVHPKA.cmd  <==== UWAGA
Task: {20D8049F-5412-4F1B-B517-0798484C31E7} - System32\Tasks\GoogleUpdateSecurityTaskMachine_MV => C:\Users\Lenovo\AppData\Roaming\25095e31ec704f3fbe26fc4ef9e9d6b3\chipset.exe exec hide LFURNYEWEY.cmd  <==== UWAGA
Task: {2763F10D-A5FE-4468-9A3B-399BFBD98959} - System32\Tasks\Eloc Video Converter => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Eloc Video Converter\Eloc Video Converter.dll",XiRNht <==== UWAGA
Task: {316C6D4F-25FB-42A1-93E2-6E247E01244E} - System32\Tasks\Knowledge Burner => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Knowledge Burner\Knowledge Burner.dll",FtBaCaFzy <==== UWAGA
Task: {3D28135E-CEDC-48E5-A32F-1003EEEAA719} - System32\Tasks\PriceBlady => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\PriceBlady\PriceBlady.dll",OJsPQdwaRNdn <==== UWAGA
Task: {3E136670-129F-41FE-AFAF-D5D1CF0A2051} - System32\Tasks\eBook => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\eBook\eBook.dll",XYUIuy <==== UWAGA
Task: {481F4894-16A1-4D62-B43C-D0F7AB956472} - System32\Tasks\Microsoft\Windows\Multimedia\Logon => C:\Users\Lenovo\AppData\Roaming\Windows_x64_nheqminer-5c\Zcash.exe [2017-11-04] ()
Task: {53F0EF33-D056-44D1-9999-C8105E214AFC} - System32\Tasks\GoogleUpdateSecurityTaskMachine_MS => C:\Users\Lenovo\AppData\Local\637fa43c7f4249a3a159d385a653ae36\chipset.exe exec hide EHIGGHMJHR.cmd  <==== UWAGA
Task: {5728487A-9901-4FFF-A39B-B8980E87682D} - System32\Tasks\BarControl 3GP-2000 => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\BarControl 3GP-2000\BarControl 3GP-2000.dll",AneTWuSic <==== UWAGA
Task: {8236B796-B54A-41AC-87C9-FE4CC9EDF70A} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {893E66AA-CAF2-42AD-86FC-F28EEA333DEA} - System32\Tasks\Cham Video Converter => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Cham Video Converter\Cham Video Converter.dll",XCBKVxyyRAfr <==== UWAGA
Task: {8E52ACF1-A623-44E6-996F-2494AF8C37B7} - System32\Tasks\GoogleUpdateSecurityTaskMachine_BU => C:\Users\Lenovo\AppData\Roaming\153643ec2afd4760ad9237425665db93\chipset.exe exec hide WXYRDKTNPB.cmd  <==== UWAGA
Task: {99323F68-98B3-4859-B81C-6DAA98F837B8} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {D179DB3C-5179-41C8-91DE-250406ECBE25} - System32\Tasks\Online Application V2G5 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {D22B91A3-4E26-4BEA-A493-9CB36127944C} - System32\Tasks\Online Application V2G4 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {D96ADC78-AA27-4DF3-9037-81BECD9629EE} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UD => C:\ProgramData\e2914989cb9d45bdb529aafc94e3b6d0\chipset.exe exec hide BNGIOSMFNH.cmd  <==== UWAGA
Task: {E003407D-9983-4C8F-9EF4-2A339E96BB31} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-11-02] (Microleaves) <==== UWAGA
Task: {ED9E32D1-D2FA-4A9D-B90D-FCC40BD848F8} - System32\Tasks\PjDfytumxbayONn => rundll32 "C:\Program Files (x86)\kqEuPYMaU\CTPgUY.dll",#1
Task: {FB5E35AC-3955-457E-A6AB-5899665339CE} - System32\Tasks\PjDfytumxbayONn2 => rundll32 "C:\Program Files (x86)\kqEuPYMaU\CTPgUY.dll",#1
Task: {FE352EAB-D643-458F-9563-D5D453EB9AFF} - System32\Tasks\Online Application V2G6 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-11-02] () <==== UWAGA
Task: {FF0B4A2C-9E4B-451B-A423-DD7BEF2FDED7} - System32\Tasks\GoogleUpdateSecurityTaskMachine_JR => C:\Users\Lenovo\AppData\Roaming\4ffee7c7ec92436392b41183d3920218\chipset.exe exec hide WXIFZYVQHC.cmd  <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G4.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G5.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Online Application V2G6.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\PjDfytumxbayONn.job => C:\Program Files (x86)\kqEuPYMaU\CTPgUY.dll
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
Shortcut: C:\Users\Lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
Hosts:
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.
Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.

xpower29 · 4 Listopad 2017 22:16

A więc w pierwszej kolejności dziekuje za szybką odpowiedź
Zrobiłem jak pisałeś i podziałało. Puki co wszystko działa jak należy reklamy sie nie włączają a w zadaniach nie ma żadnych podejrzanych procesów. Fixlog i nowy skan FRST w załączniku. Jeszcze raz dzięki !

Fixlog.txt (50,6 KB)

edit
A tak na marginesie… Istnieje jakiś w miarę jasny poradnik jak stworzyć takiego fixlist.txt? Całkiem przydatny program

xpower29 · 4 Listopad 2017 22:17

FRST.txt (37,9 KB)

Atis · 4 Listopad 2017 22:29

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist:

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\ProgramData\Temp
DeleteQuarantine:

Uruchom FRST i kliknij Napraw (Fix). Później skasuj folder C:\FRST
Czyszczenie folderów Przywracania systemu

FRST - Tutorial obsługi Farbar Recovery Scan Tool