Prośba o sprawdzenie logów - "bombelek instaluje gry"

[bartek19933]

Dobry wieczór. W wyniku dostępu niepowołanego "bombelka" do komputera zainstalowane zostały różne gry z internetu na komputerze. Przeszukałem dysk za pomocą Malwarebytes oraz Avast - coś tam znalazły i usunęły, ale nie jestem pewien czy coś tam jeszcze nie zostało.

Bardzo proszę o przejrzenie logów z FRST oraz dalsze instrukcje.

 

Z góry dziękuję i pozdrawiam

Addition.txt FRST.txt

[Illidan]

Uruchom FRST. Skopiuj zawartość podaną niżej i nigdzie nie wklejaj-FRST sam znajdzie "fixlist" w schowku systemowym.

 

Spoiler

Start::
HKU\S-1-5-21-1226891696-4256230774-3255337818-1001\...\Run: [MicrosoftEdgeAutoLaunch_B70AD30C0F2B6F60C74A4DA2800D990C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start (No File)
HKU\S-1-5-21-1226891696-4256230774-3255337818-1001\...\Run: [AMDNoiseSuppression] => "C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe" (No File)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {7A39F359-89EC-4E17-913D-A6D91768F901} - System32\Tasks\Opera GX scheduled Autoupdate 1740219436 => C:\Users\EGO-DĘBINA\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe  --scheduledtask --bypasslauncher $(Arg0) (No File)
S4 QHActiveDefense; "C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe" [X]
S4 QHProtected; "C:\Program Files (x86)\360\Total Security\safemon\WscReg.exe" [X]
R3 360AvFlt; system32\DRIVERS\360AvFlt.sys [X]
R3 360Box64; system32\DRIVERS\360Box64.sys [X]
U3 aswBcc; no ImagePath
U3 Avast Business Console Client Antivirus Service; no ImagePath
AlternateDataStreams: C:\Windows:nlsPreferences [0]
SearchScopes: HKU\S-1-5-21-1226891696-4256230774-3255337818-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FirewallRules: [UDP Query User{7E013CA6-98B1-47A7-ADEC-9EA5C8EEB2C9}D:\steam\steamapps\common\ea sports fc 24\fc24.exe] => (Allow) D:\steam\steamapps\common\ea sports fc 24\fc24.exe => No File
FirewallRules: [TCP Query User{5E427947-351E-4FF6-B5FB-657D30DA635D}D:\steam\steamapps\common\ea sports fc 24\fc24.exe] => (Allow) D:\steam\steamapps\common\ea sports fc 24\fc24.exe => No File
FirewallRules: [{DCD82927-22B8-41BC-B8DA-43A9F0A7BB2D}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [{DDBFC107-F45C-4A10-87D8-B6F0BF457CBB}] => (Allow) D:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe => No File
FirewallRules: [UDP Query User{ACE96902-C858-4C1A-B97E-C39C5C1082DA}D:\steam\steamapps\common\battlefield 1\bf1.exe] => (Block) D:\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [TCP Query User{8E83C908-902C-4529-831C-265A46DE0370}D:\steam\steamapps\common\battlefield 1\bf1.exe] => (Block) D:\steam\steamapps\common\battlefield 1\bf1.exe => No File
FirewallRules: [UDP Query User{798F4F78-962E-40F9-8247-D0781FCFF1BF}D:\steam\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) D:\steam\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [TCP Query User{1178FA5E-E708-4B67-A5B9-A75509D936C7}D:\steam\steamapps\common\need for speed payback\needforspeedpayback.exe] => (Allow) D:\steam\steamapps\common\need for speed payback\needforspeedpayback.exe => No File
FirewallRules: [UDP Query User{BBDC4357-E5E1-42E3-8662-B204453CEBBA}D:\steam\steamapps\common\need for speed heat\needforspeedheat.exe] => (Allow) D:\steam\steamapps\common\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [TCP Query User{D8498632-5829-4A8C-89BD-798AC96C4289}D:\steam\steamapps\common\need for speed heat\needforspeedheat.exe] => (Allow) D:\steam\steamapps\common\need for speed heat\needforspeedheat.exe => No File
FirewallRules: [UDP Query User{53A0C531-3375-4628-849C-35E283BA9F83}D:\steam\steamapps\common\need for speed(tm) most wanted\nfs13.exe] => (Allow) D:\steam\steamapps\common\need for speed(tm) most wanted\nfs13.exe => No File
FirewallRules: [TCP Query User{E6A5C35F-FBF5-4CE4-83DF-B8CF6E447FD4}D:\steam\steamapps\common\need for speed(tm) most wanted\nfs13.exe] => (Allow) D:\steam\steamapps\common\need for speed(tm) most wanted\nfs13.exe => No File
FirewallRules: [{1781311A-E9D2-49C3-BD4A-0891DB5E28A6}] => (Allow) C:\Users\EGO-DĘBINA\AppData\Local\Kingsoft\WPS Office\12.2.0.13110\office6\promecefpluginhost.exe => No File
FirewallRules: [{29DF030E-5FEB-496B-BB4F-1BCA4071B5E2}] => (Allow) C:\Users\EGO-DĘBINA\AppData\Local\Kingsoft\WPS Office\12.2.0.13110\office6\wpscloudsvr.exe => No File
FirewallRules: [{3AB3A975-A608-41D4-994B-011A12439559}] => (Allow) C:\Users\EGO-DĘBINA\AppData\Local\Kingsoft\WPS Office\12.2.0.13110\office6\wps.exe => No File
FirewallRules: [{D5CED4D0-5B28-4FA2-BE83-1F822F432A1F}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{56160008-699F-442C-AD6A-74EDBDB56F40}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe => No File
FirewallRules: [{83D6E0FE-988A-4151-9216-32FBD4121BC8}] => (Allow) D:\Steam\steamapps\common\Serious Sam 4\Bin\x64\Sam4_Unrestricted.exe => No File
FirewallRules: [{74304480-5DC8-4E0C-A7B8-F58F1841E1FD}] => (Allow) D:\Steam\steamapps\common\Serious Sam 4\Bin\x64\Sam4_Unrestricted.exe => No File
FirewallRules: [{DDFB772C-2F5C-45B5-8C29-E28FF55FBF89}] => (Allow) D:\Steam\steamapps\common\Serious Sam 4\Bin\x64\Sam4.exe => No File
FirewallRules: [{392AF571-F49E-42FA-A533-0E5C933DFBD6}] => (Allow) D:\Steam\steamapps\common\Serious Sam 4\Bin\x64\Sam4.exe => No File
FirewallRules: [{FE6DB9B0-8235-4669-A707-3C03CC60305F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light 2\ph\work\bin\x64\DyingLightGame_x64_rwdi.exe => No File
FirewallRules: [{AA508072-55C0-4AB4-AAE4-F24929DA8A44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dying Light 2\ph\work\bin\x64\DyingLightGame_x64_rwdi.exe => No File
FirewallRules: [{70F05CE9-1F80-4175-AAFD-DC387DA35471}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 4\Bin\x64\Sam4_Unrestricted.exe => No File
FirewallRules: [{282DCB9A-3781-4D88-A357-1A6545002E8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 4\Bin\x64\Sam4_Unrestricted.exe => No File
FirewallRules: [{28436076-236E-404A-9C62-D6C78D85A067}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 4\Bin\x64\Sam4.exe => No File
FirewallRules: [{63E0F379-11D1-4547-8FDB-0EEAF46B07DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 4\Bin\x64\Sam4.exe => No File
FirewallRules: [{E712A356-10F2-4247-A163-7ADD49F0DFF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Armageddon\WA.exe => No File
FirewallRules: [{A3C48902-F288-4AE2-A238-9E78BD2BE4D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Worms Armageddon\WA.exe => No File
FirewallRules: [{831CFB16-24EC-4C8F-A78F-BC93B1283A4C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{D79111DE-24FA-4BDE-9917-C1D5ACC118D6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{89214139-7923-4017-851D-204DE3B2C898}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{EA6425EF-18EC-47E5-9B2B-8CEA564C76F5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{EC24D7C2-E032-4AE5-BF2D-9A5DB517474E}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe => No File
FirewallRules: [{538DAF13-D468-444D-8B50-A188FDD98EED}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe => No File
FirewallRules: [{38F2E7AB-B12C-4CFC-AB99-DB164D5E9AFF}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe => No File
FirewallRules: [{C5867A2E-F3A6-4345-9A41-0E24E2080CD3}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe => No File
FirewallRules: [{958158F3-EC80-47D3-8AB0-94D250490E8B}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe => No File
FirewallRules: [{BD9BBBCF-301B-4B53-9EC9-A7E1C3B946D3}] => (Allow) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe => No File
FirewallRules: [{96584651-D3E3-4B18-BE2A-AB9B989F1B80}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~2\Rtldhcp.exe => No File
FirewallRules: [{0849A6E8-1990-4058-8848-5F0D0DB04EEF}] => (Allow) C:\PROGRA~2\REALTEK\USBWIR~2\RtWlan.exe => No File
FirewallRules: [{F5D9DC79-6563-4CAF-8655-DF646B783915}] => (Allow) C:\Users\EGO-DĘBINA\AppData\Local\Programs\Opera GX\opera.exe => No File
CreateRestorePoint:
EmptyTemp:
End::

 

Fixlist przeznaczona tylko dla autora tematu!

W FRST kliknij opcję "Napraw" (Fix). Pokaż raport  "fixlog.txt", który otrzymasz po restarcie komputera. Pobierz też darmowy "ADWCleaner" i tak samo, skanowanie, usuwanie jeśli coś zostanie wykryte, pokaż raport z usuwania.

[bartek19933]

Zrobione, dziękuję.

 

Fixlog w załączniku. Było tam coś niebezpiecznego?

Wszystko robiłem w normalnym trybie (nie awaryjnym), czy ma to znaczenie?

Fixlog.txt

[Illidan]

Nie, ogólnie sporo śmieci, pozostałości po nieistniejących już aplikacjach. Wszystko dobrze zrobiłeś i wszystko zostało usunięte.

Ok, jak jest spoko to usuń FRST i kwarantanne z:

C:\\FRST

Pokaż jeszcze log z "AdwCleaner".