Problem z evo gen/

Dla specjalistów Bezpieczeństwo
#1

Wklejam logi z programu first nie mogę uruchomić programu topnetinfo i nie mogę pobrać pliku np. first.exe jak działa avast. od razu plik jest usunięty.

FRST.txt

Addition.txt

#2

Pobierz na pulpit AdwCleaner: https://toolslib.net/downloads/

Po uruchomieniu wykonaj polecenia szukaj i usuń. Po restarcie przygotuj aktualne raporty FRST i Addition.

#3

Otwórz Notatnik i wklej:

Hosts:
HKU\S-1-5-19\...\RunOnce: [_nltide_3] = rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] = rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-73586283-682003330-1177238915-1001\...\MountPoints2: {63c05782-537e-11e3-883b-f0a691563076} - J:\AutoRun.exe
HKU\S-1-5-21-73586283-682003330-1177238915-1001\...\MountPoints2: {63c05783-537e-11e3-883b-f0a691563076} - J:\AutoRun.exe
HKU\S-1-5-21-73586283-682003330-1177238915-1001\...\MountPoints2: {e9648901-0120-11e4-86c7-d40a41321b5c} - J:\AutoRun.exe
HKU\S-1-5-21-73586283-682003330-1177238915-1001\...\MountPoints2: {e9648904-0120-11e4-86c7-d40a41321b5c} - J:\AutoRun.exe
HKU\S-1-5-18\...\RunOnce: [_nltide_3] = rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
ProxyServer: http=http://127.0.0.1:9880
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - 66AEB28DCCEAFC48A6D4E46683B859E3 URL = http://search.babylon.com/?q={searchTerms}affID=117023tt=0313_2babsrc=SP_ssmntrId=609db5af000000000000f4ec3883c7a8
SearchScopes: HKCU - {A8105727-97B2-4B68-8BA5-57150A17B1B3} URL = http://eseeky.com/ws/?source=728386ab?tbp=rboxtoolbarid=baseu=f8ed773a1bc8761f434e4a22c3827e93cc314920q={searchTerms}
CHR HKLM\...\Chrome\Extension: [fkmkpnjoioaielnmocemighdcejngela] - C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\EpuapSign.crx [2012-11-08]
S4 ALG; %SystemRoot%\System32\alg.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S4 Update Surftastic; "C:\Program Files\Surftastic\updateSurftastic.exe" [X]
S4 WinRST; C:\Program Files\WinRST\WinRST.exe [X]
S3 HWIONT; \\C:\Documents and Settings\SysOp\Pulpit\Nowy folder (7)\HWIONT.sys [X]
S4 IntelIde; No ImagePath
2014-11-01 13:03 - 2014-02-24 20:19 - 00000000 ____ D () C:\AdwCleaner
C:\Documents and Settings\SysOp\librtmp.dll
C:\Documents and Settings\SysOp\rtmpdump.exe
C:\Documents and Settings\SysOp\rtmpgw.exe
C:\Documents and Settings\SysOp\rtmpsrv-vlc.exe
C:\Documents and Settings\SysOp\rtmpsrv.exe
C:\Documents and Settings\SysOp\rtmpsuck.exe
C:\Documents and Settings\SysOp\weeb.tv by miszczu.bat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.