Skocz do zawartości

Po usunięciu wirusów windows się nie uruchamia


Rekomendowane odpowiedzi

Witam, poproszono mnie o sprawdzenie komputera w celu usunięcia wirusów. Po uruchomieniu wyskakiwało okno z błędem ...vbs (niestety nie zrobiłem screena, ale chyba lokalizacja byla z autostartu), Avast co jakiś czas komunikował o znalezionym wirusie, backdoor itp, Po przeskanowaniu niby wszystko naprawił, lecz po jakimś czasie znów pojawiły się komunikaty. Ściągnąłem program Dr. Web Cureit, znalazł ok 30 wirusów. Po przeniesieniu ich do kwarantanny (pomijając pliki Lavasoft - odinstalowałem program) wymagany był restart. Po ponownym uruchomieniu od razu wyskoczył komunikat Trwa diagnozowanie systemu i ze nie można naprawić systemu. Nie działa tryb awaryjny, aktualnie pisze spod Hiren’s BootCD PE. Logi z FRST wykonałem dopiero spod HBCD.

W załącznikach logi od Cureit i FRST, dodałbym jeszcze z avasta, ale nie wiem który.
Windows 10
Z góry dziękuję za pomoc.

FRST_17-11-2021 23.51.37.txt cureit.txt

Edit.
Uruchomił się Windows, zrobiłem skanowanie dysku pod czy nie posiada błędów, możne to pomogło. Mogę zrobić nowe logi jak potrzeba. Załączyłem błąd, ktory wyskakiwał

588vbs.jpg
Odnośnik do komentarza
Pomoc jest darmowa, ale proszę rozważ przekazanie dotacji na utrzymanie serwisu: klik.

Masz infekcję typu RANSOMWARE - wszystkie Twoje pliki mające w w nawie dodatek irfk nie nadają się już do niczego, są zakodowane.


Uruchom FRST.
Skopiuj to poniższe: (ale nigdzie nie wklejaj tego!)

Spoiler

START::

HKU\48607\...\Run: [qpyizhzm] => "C:\Users\48607\mrqoekti.exe" (No File)
HKU\Default\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File)
C:\Users\48607\mrqoekti.exe
HKU\48607\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File)
Task: {1B4B3D75-8C6A-4874-BAA5-3C20F34BC248} - System32\Tasks\Firefox Default Browser Agent 8609518ECBEF10C9 => C:\Users\48607\AppData\Roaming\gictead.exe (No File) <==== ATTENTION
Task: {76AD6414-C1CA-4856-BD22-B0156D4B6172} - System32\Tasks\Opera scheduled Autoupdate 1631214923 => C:\Users\48607\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {AD06763C-A366-4B35-A384-F3BB1B5A1F68} - System32\Tasks\Firefox Default Browser Agent 2377BC8CC93ED2E5 => C:\Users\48607\AppData\Roaming\ijctead.exe (No File) <==== ATTENTION
Task: {E335A5FA-A106-4FA1-A278-E4F29D81B552} - System32\Tasks\Firefox Default Browser Agent 6EB9C032415C933F => C:\Users\48607\AppData\Roaming\arctead.exe (No File) <==== ATTENTION
Task: {F3ADC431-8775-4990-A7D7-E28EB343B9B3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1138517282-2312738049-3737462855-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
S2 HPPrintScanDoctorService; "C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe" [X]
S1 ncijozdb; \??\C:\WINDOWS\system32\drivers\ncijozdb.sys [X]
C:\Windows\Minidump\111121-11781-01.dmp
RemoveDirectory: C:\sh5ldr
RemoveDirectory: C:\Program Files\EnigmaSoft
RemoveDirectory: C:\ProgramData\KNI6N1OGDHHL4IUTOH153TPAK
2021-11-07 13:12 - 2021-11-07 13:13 - 000000000 ____D C:\Users\48607\AppData\LocalLow\hC6_zT4pC2
2021-11-07 13:12 - 2021-11-07 13:12 - 000000000 ____D C:\Users\48607\AppData\Roaming\mwanza
2021-11-07 13:12 - 2021-11-07 13:12 - 000000000 ____D C:\Users\48607\AppData\LocalLow\iT6tF6rB9
2021-11-07 13:10 - 2021-11-07 13:14 - 011343182 _____ C:\Users\48607\mrqoekti.exe.irfk
2021-11-07 13:10 - 2021-11-07 13:14 - 000413006 _____ C:\Users\48607\Documents\9E_HDyXn4fOaGxukEDwZib3e.exe.irfk
2021-11-07 13:10 - 2021-11-07 13:11 - 000000000 ____D C:\Users\48607\AppData\Roaming\warmded
2021-11-07 13:10 - 2021-11-07 13:10 - 000000000 ____D C:\ProgramData\DW12EXI4JWL9HNO9NSPL9KVG2
2021-11-07 13:10 - 2021-11-07 13:10 - 000000000 ____D C:\ProgramData\5Q1KZE2W5LBAFRCQDP6BJQOJ6
2021-11-07 13:09 - 2021-11-07 13:09 - 000046488 _____ C:\END
2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\ProgramData\Y6OKL7UQNILX3ATNZKE9MWLX8
2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\ProgramData\LYUW1LLM6B5FTFJDNI2WCDTP2
2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\ProgramData\743LZ40W3KGMC8HQK1LUT2K3U
2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\Program Files (x86)\Company
2021-11-07 13:14 - 2021-10-01 17:13 - 004319922 _____ C:\Users\48607\Documents\animations and stuff.rbxl.irfk
2021-11-07 13:14 - 2021-09-10 16:28 - 004624246 _____ C:\Users\48607\Documents\hKOYR7c_Fs0roY3BPyTQ9HvC.exe.irfk
2021-11-07 13:14 - 2021-09-10 16:28 - 001282017 _____ C:\Users\48607\Documents\98iuEMkvE8X7KWiPc3gBq1kk.exe.irfk
2021-11-07 13:14 - 2021-09-10 16:28 - 000389454 _____ C:\Users\48607\Documents\3q0NlQESK4zOi7u2F8MgPrNe.exe.irfk
2021-11-07 13:14 - 2021-09-10 16:28 - 000143694 _____ C:\Users\48607\Documents\9Iu2l_rZy7NUaPvPD3cYbeDO.exe.irfk
2021-11-07 13:14 - 2021-09-10 16:28 - 000101710 _____ C:\Users\48607\Documents\cDDedwaMAb90hEV4wW7a5vAB.exe.irfk
2021-11-07 13:14 - 2021-09-10 15:28 - 004624246 _____ C:\Users\48607\Documents\6eko4OZ8_BkX1443tATgnFCr.exe.irfk
2021-11-07 13:14 - 2021-09-10 15:28 - 001282017 _____ C:\Users\48607\Documents\YrWnNYTlbZXgSJu8TSYLXT4y.exe.irfk
2021-11-07 13:14 - 2021-09-10 15:28 - 000389454 _____ C:\Users\48607\Documents\4nxYl0aMaqwT6llcyvPjad2J.exe.irfk
2021-11-07 13:14 - 2021-09-10 15:28 - 000143694 _____ C:\Users\48607\Documents\4Ifnzenp2KMbSpnw_ar8Cy6S.exe.irfk
2021-11-07 13:14 - 2021-09-10 14:28 - 004624246 _____ C:\Users\48607\Documents\mgdXjYsp5sRJCFbGtOd3wATX.exe.irfk
2021-11-07 13:14 - 2021-09-10 14:28 - 001282017 _____ C:\Users\48607\Documents\Or4U__6bjkJIvTBQVDUE55s1.exe.irfk
2021-11-07 13:14 - 2021-09-10 14:28 - 000389454 _____ C:\Users\48607\Documents\KDM9Tuie6zvcLWewBuwTyR_5.exe.irfk
2021-11-07 13:14 - 2021-09-10 14:28 - 000143694 _____ C:\Users\48607\Documents\DhXsSkepWqsfyc3o9IvIKGds.exe.irfk
2021-11-07 13:14 - 2021-09-10 13:28 - 004624246 _____ C:\Users\48607\Documents\7NYxlOYE1tQA97Uvo9h1WQYy.exe.irfk
2021-11-07 13:14 - 2021-09-10 13:28 - 001282017 _____ C:\Users\48607\Documents\vmFniKuu3qd68m4NECB3HWay.exe.irfk
2021-11-07 13:14 - 2021-09-10 13:28 - 000389454 _____ C:\Users\48607\Documents\hdCnr2R3KeSi60pD43mx_wI3.exe.irfk
2021-11-07 13:14 - 2021-09-10 13:28 - 000143694 _____ C:\Users\48607\Documents\6Z1h8fe0fSt5N70aKTyz2Qkx.exe.irfk
2021-11-07 13:14 - 2021-09-10 12:28 - 004624246 _____ C:\Users\48607\Documents\4ik8w3NegJkp9vfyS0CqsU79.exe.irfk
2021-11-07 13:14 - 2021-09-10 12:28 - 001282017 _____ C:\Users\48607\Documents\U7Wl8GrlfBaYFerppo_kPPDV.exe.irfk
2021-11-07 13:14 - 2021-09-10 12:28 - 000389454 _____ C:\Users\48607\Documents\rOYcFEQetaGN9jdFrzXgfTZd.exe.irfk
2021-11-07 13:14 - 2021-09-10 12:28 - 000143694 _____ C:\Users\48607\Documents\fYNeGOCTOIpJETAFVuwEgXhT.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:22 - 004624246 _____ C:\Users\48607\Documents\2YZ2olAggnVD91XwoKbVu0s1.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:22 - 001282017 _____ C:\Users\48607\Documents\ZHCc1TvfmHPqoWQ3GRu4nb8F.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:22 - 000389454 _____ C:\Users\48607\Documents\gQi_71oRM0NMyU8Nezjpbydd.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:22 - 000161614 _____ C:\Users\48607\Documents\oLoxEEZHnqlhoiTnrbg0vQaj.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:00 - 004624246 _____ C:\Users\48607\Documents\cqxUkUu506jaFePH9F5uJjKQ.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:00 - 001282017 _____ C:\Users\48607\Documents\dWAxJ7Cb4JRTrqs6DtHVXlq_.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:00 - 000389454 _____ C:\Users\48607\Documents\GGzfwcEWH7fChZKnlN7hj9nY.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:00 - 000161614 _____ C:\Users\48607\Documents\zZRek_oWQ7mCTyiC8x3Avg0y.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 018212810 _____ C:\Users\48607\Documents\5pRFI1iJU7LNxaey6qSq_zQx.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 004624246 _____ C:\Users\48607\Documents\xPXI0Q0ch0pLVt8UJBRgs4OZ.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 003826774 _____ C:\Users\48607\Documents\uDHBuMyMCTftti598n93voau.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 002652758 _____ C:\Users\48607\Documents\a5A1efImA27XwXZlcy8HTjch.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 001633614 _____ C:\Users\48607\Documents\qT3dWYBP7ZsuOrwW4ZcUbjl6.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 001282017 _____ C:\Users\48607\Documents\D5h07l37kYqaIzizaXY0U5yo.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 000933710 _____ C:\Users\48607\Documents\BVBLHqBQH0SeQDgaotgcNOg5.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 000389454 _____ C:\Users\48607\Documents\R3sTXL24aXhOGwIl2k2gUAL0.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 000161614 _____ C:\Users\48607\Documents\TgKi_o8zbJVjhyZMhj5hAEHl.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 004624246 _____ C:\Users\48607\Documents\K7bMBOUJOBJPOJZY5r5X9IUq.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 002949206 _____ C:\Users\48607\Documents\RvcaGChbxbA7LVG98evYo0BY.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 001408334 _____ C:\Users\48607\Documents\7dbYr83sOnl33DP40W9GAtJt.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 001258504 _____ C:\Users\48607\Documents\KsWkiUhk3eFHnIs5od0q82Qe.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000445262 _____ C:\Users\48607\Documents\CiqkqAYpWm04eR4PdiCLcMCv.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000442702 _____ C:\Users\48607\Documents\atNQshrod5pAVfXUwZLGRpFI.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000412494 _____ C:\Users\48607\Documents\1v3p855kQzxbFpR5nbihTBzS.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000403790 _____ C:\Users\48607\Documents\pBZrzRw_j75g6J_lf6HnWaFW.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000325454 _____ C:\Users\48607\Documents\nV5chtbzMf_qkKo_rVEQJcfO.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000323918 _____ C:\Users\48607\Documents\fzDK7gywKUTXF52bO5kUixaf.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000299342 _____ C:\Users\48607\Documents\GlEoi7mMRJzyG7mrG2Ts9JNk.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000256334 _____ C:\Users\48607\Documents\3vTX3rWaYTISfBNrePsakGQT.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000158542 _____ C:\Users\48607\Documents\Ydq_sdYeUKkSuherc55Clfft.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000101710 _____ C:\Users\48607\Documents\wzv59SGUEPAvbQRJA8Klbw6S.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000000607 _____ C:\Users\48607\Documents\wgkf3QaM2sm3uxJcyVwwONNK.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000000557 _____ C:\Users\48607\Documents\acqFcB2MEguqzvX5KFJkmQgl.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:46 - 002652758 _____ C:\Users\48607\Documents\MA1Y1ChuZ5FU2jq8bEoPDYa3.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:46 - 001258504 _____ C:\Users\48607\Documents\ugFoHfO3S19Hc1qV63VegYDS.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:46 - 000933710 _____ C:\Users\48607\Documents\NeWeM3QNbTvSCaiJrZBwuXIZ.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:46 - 000226671 _____ C:\Users\48607\AppData\LocalLow\u4fPNLfK0oZ.zip.irfk
2021-11-07 13:14 - 2021-09-09 18:46 - 000000557 _____ C:\Users\48607\Documents\nB0FdiwuR5Xm0Ol6_Q89fSHE.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:45 - 004624246 _____ C:\Users\48607\Documents\eJZ1xC3nBWAHmaq1wc7zO1bq.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:45 - 000403790 _____ C:\Users\48607\Documents\CNbU6aYEOYpFd47ANVaq_Xe0.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:45 - 000299342 _____ C:\Users\48607\Documents\RbNWkZEeUO_Eb1BlTotRFyRk.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:45 - 000101710 _____ C:\Users\48607\Documents\BLftkPOzhMuSiummnVob6NWy.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:45 - 000000607 _____ C:\Users\48607\Documents\JlzCUbDcHhEsrVKksGlLvtVb.exe.irfk
2021-11-07 13:14 - 2021-09-04 11:56 - 001352252 _____ C:\Users\48607\Documents\project bbb.rbxl.irfk
2021-11-07 13:14 - 2021-08-21 19:18 - 004597146 _____ C:\Users\48607\Documents\AFK UNTIL SOMEONE DONATES ME SOMETHING.rbxl.irfk
2021-11-07 13:14 - 2021-08-19 12:16 - 003645594 _____ C:\Users\48607\Documents\untitled.blend.irfk
2021-11-07 13:14 - 2021-08-10 14:02 - 006079293 _____ C:\Users\48607\Documents\Untitled Game.rbxl.irfk
2021-11-07 13:14 - 2021-08-04 20:11 - 000579835 _____ C:\Users\48607\Documents\sadas.rbxl.irfk
2021-11-07 13:14 - 2021-08-01 12:39 - 000643918 _____ C:\Users\48607\Documents\7za.exe.irfk
2021-11-07 13:14 - 2021-07-28 11:38 - 005397325 _____ C:\Users\48607\Documents\Upcomming.rbxl.irfk
2021-11-07 13:14 - 2021-07-26 19:03 - 000676295 _____ C:\Users\48607\Documents\Testing.rbxl.irfk
2021-11-07 13:14 - 2021-07-21 13:02 - 003705179 _____ C:\Users\48607\Documents\d.rbxl.irfk
2021-11-07 13:14 - 2021-07-01 19:12 - 002210832 _____ C:\Users\48607\Documents\rayk.rbxl.irfk
2021-11-07 13:14 - 2021-07-01 07:12 - 003266300 _____ C:\Users\48607\Documents\j.rbxl.irfk
2021-11-07 13:14 - 2021-06-30 11:32 - 007135305 _____ C:\Users\48607\Documents\important fe gun kit edits.rbxl.irfk
2021-11-07 13:14 - 2021-06-27 19:28 - 000030196 _____ C:\Users\48607\Documents\adsasd.rbxl.irfk
2021-11-07 13:14 - 2021-06-26 21:10 - 006498188 _____ C:\Users\48607\Documents\t.rbxl.irfk
2021-11-07 13:14 - 2021-06-20 09:52 - 003389320 _____ C:\Users\48607\Documents\gqebt.rbxl.irfk
2021-11-07 13:14 - 2021-06-17 19:07 - 002364519 _____ C:\Users\48607\Documents\dsaewvqefwdwer adfs dfscxdgtrdgtrxdgtrxdgtrxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxgxddgtrxdgx.rbxl.irfk
2021-11-07 13:14 - 2021-05-21 12:37 - 004412161 _____ C:\Users\48607\Documents\boulevard.rbxl.irfk
2021-11-07 13:14 - 2021-05-19 16:32 - 007279988 _____ C:\Users\48607\Documents\adfvsafwsf.rbxl.irfk
2021-11-07 13:14 - 2021-05-01 10:23 - 007030032 _____ C:\Users\48607\Documents\cringility.rbxl.irfk
2021-11-07 13:14 - 2021-04-16 13:41 - 000194488 _____ C:\Users\48607\Documents\c.rbxl.irfk
2021-11-07 13:14 - 2021-04-10 12:25 - 000022836 _____ C:\Users\48607\Documents\music etc.rbxl.irfk
2021-11-07 13:14 - 2021-04-09 16:46 - 007129394 _____ C:\Users\48607\Documents\trash.rbxl.irfk
2021-11-07 13:14 - 2021-04-01 20:05 - 002145388 _____ C:\Users\48607\Documents\Zombie Nation remake.rbxl.irfk
2021-11-07 13:14 - 2021-03-31 17:03 - 001231361 _____ C:\Users\48607\Documents\public dev server.rbxl.irfk
2021-11-07 13:14 - 2021-03-29 14:54 - 010221017 _____ C:\Users\48607\Documents\fjdhgcjkjgkhjgd important.rbxl.irfk
2021-11-07 13:14 - 2021-03-20 14:17 - 000025376 _____ C:\Users\48607\Documents\making icons etc.rbxl.irfk
2021-11-07 13:14 - 2021-03-14 10:55 - 000000375 _____ C:\Users\48607\Documents\my notepad.txt.irfk
2021-11-07 13:14 - 2021-03-13 16:40 - 001181084 _____ C:\Users\48607\Documents\gdsfsad.rbxl.irfk
2021-11-07 13:14 - 2021-03-06 21:38 - 008828325 _____ C:\Users\48607\Documents\sasdads.rbxl.irfk
2021-11-07 13:14 - 2021-02-28 18:04 - 000000000 ___RD C:\Users\48607\Documents\Scanned Documents
2021-11-07 13:14 - 2021-02-27 10:26 - 000911619 _____ C:\Users\48607\Documents\gggg.rbxl.irfk
2021-11-07 13:14 - 2021-02-14 10:00 - 001051264 _____ C:\Users\48607\Documents\chris gfvffdf.rbxl.irfk
2021-11-07 13:14 - 2021-02-06 12:20 - 000022775 _____ C:\Users\48607\Documents\tests.rbxl.irfk
2021-11-07 13:14 - 2021-01-30 12:49 - 000021816 _____ C:\Users\48607\Documents\dssgffsfg.rbxl.irfk
2021-11-07 13:14 - 2021-01-27 17:52 - 000278451 _____ C:\Users\48607\Documents\FFDSGG.rbxl.irfk
2021-11-07 13:14 - 2021-01-24 20:23 - 000021821 _____ C:\Users\48607\Documents\Baseplate.rbxl.irfk
2021-11-07 13:14 - 2021-01-17 18:36 - 000735474 _____ C:\Users\48607\Documents\project buh.rbxl.irfk
2021-11-07 13:14 - 2021-01-04 19:53 - 000023337 _____ C:\Users\48607\Documents\models.rbxl.irfk
2021-11-07 13:14 - 2020-12-22 14:27 - 001920686 _____ C:\Users\48607\Documents\yes fre rake models go brrrr.rbxl.irfk
2021-11-07 13:14 - 2020-10-24 14:50 - 007574053 _____ C:\Users\48607\Documents\L4D2.rbxl.irfk
2021-11-07 13:14 - 2020-09-18 12:30 - 000000588 _____ C:\Users\48607\AppData\LocalLow\rbxcsettings.rbx.irfk
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:
END::

W FRST kliknij na Fix (NAPRAW).

 

Zrób nowe logi FRST.

 

jessi

 

Odnośnik do komentarza

Witam, nie wiem czy dobrze zrozumiałem. Miałem skopiować to co podałaś i nie wklejać do FRST tylko dać FIX ?

Jesli tak to tak zrobiłem. Powstał plik Fixlog, ale jest pusty, więc go nie załączyłem. Podczas nowego  skanowania FRST , Avast z około 30 razy informował o znalezionych wirusach i trojanach..

 

 

FRST.txt Shortcut.txt Shortcut.txt

Edytowane przez davcom
Dwa razy wkleiły sie załączniki
Odnośnik do komentarza
Cytat

Dwa razy wkleiły sie załączniki

A teraz nie ma żadnego


 

Cytat

 

Miałem skopiować to co podałaś i nie wklejać do FRST tylko dać FIX ?

Jesli tak to tak zrobiłem. Powstał plik Fixlog, ale jest pusty,

 

No to najprawdopodobniej  coś poszło "nie tak".

Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.
Otworzy się Notatnik - wklej do niego:

Spoiler

HKU\48607\...\Run: [qpyizhzm] => "C:\Users\48607\mrqoekti.exe" (No File)
HKU\Default\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File)
C:\Users\48607\mrqoekti.exe
HKU\48607\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File)
Task: {1B4B3D75-8C6A-4874-BAA5-3C20F34BC248} - System32\Tasks\Firefox Default Browser Agent 8609518ECBEF10C9 => C:\Users\48607\AppData\Roaming\gictead.exe (No File) <==== ATTENTION
Task: {76AD6414-C1CA-4856-BD22-B0156D4B6172} - System32\Tasks\Opera scheduled Autoupdate 1631214923 => C:\Users\48607\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {AD06763C-A366-4B35-A384-F3BB1B5A1F68} - System32\Tasks\Firefox Default Browser Agent 2377BC8CC93ED2E5 => C:\Users\48607\AppData\Roaming\ijctead.exe (No File) <==== ATTENTION
Task: {E335A5FA-A106-4FA1-A278-E4F29D81B552} - System32\Tasks\Firefox Default Browser Agent 6EB9C032415C933F => C:\Users\48607\AppData\Roaming\arctead.exe (No File) <==== ATTENTION
Task: {F3ADC431-8775-4990-A7D7-E28EB343B9B3} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1138517282-2312738049-3737462855-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (No File)
S2 HPPrintScanDoctorService; "C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe" [X]
S1 ncijozdb; \??\C:\WINDOWS\system32\drivers\ncijozdb.sys [X]
C:\Windows\Minidump\111121-11781-01.dmp
RemoveDirectory: C:\sh5ldr
RemoveDirectory: C:\Program Files\EnigmaSoft
RemoveDirectory: C:\ProgramData\KNI6N1OGDHHL4IUTOH153TPAK
2021-11-07 13:12 - 2021-11-07 13:13 - 000000000 ____D C:\Users\48607\AppData\LocalLow\hC6_zT4pC2
2021-11-07 13:12 - 2021-11-07 13:12 - 000000000 ____D C:\Users\48607\AppData\Roaming\mwanza
2021-11-07 13:12 - 2021-11-07 13:12 - 000000000 ____D C:\Users\48607\AppData\LocalLow\iT6tF6rB9
2021-11-07 13:10 - 2021-11-07 13:14 - 011343182 _____ C:\Users\48607\mrqoekti.exe.irfk
2021-11-07 13:10 - 2021-11-07 13:14 - 000413006 _____ C:\Users\48607\Documents\9E_HDyXn4fOaGxukEDwZib3e.exe.irfk
2021-11-07 13:10 - 2021-11-07 13:11 - 000000000 ____D C:\Users\48607\AppData\Roaming\warmded
2021-11-07 13:10 - 2021-11-07 13:10 - 000000000 ____D C:\ProgramData\DW12EXI4JWL9HNO9NSPL9KVG2
2021-11-07 13:10 - 2021-11-07 13:10 - 000000000 ____D C:\ProgramData\5Q1KZE2W5LBAFRCQDP6BJQOJ6
2021-11-07 13:09 - 2021-11-07 13:09 - 000046488 _____ C:\END
2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\ProgramData\Y6OKL7UQNILX3ATNZKE9MWLX8
2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\ProgramData\LYUW1LLM6B5FTFJDNI2WCDTP2
2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\ProgramData\743LZ40W3KGMC8HQK1LUT2K3U
2021-11-07 13:09 - 2021-11-07 13:09 - 000000000 ____D C:\Program Files (x86)\Company
2021-11-07 13:14 - 2021-10-01 17:13 - 004319922 _____ C:\Users\48607\Documents\animations and stuff.rbxl.irfk
2021-11-07 13:14 - 2021-09-10 16:28 - 004624246 _____ C:\Users\48607\Documents\hKOYR7c_Fs0roY3BPyTQ9HvC.exe.irfk
2021-11-07 13:14 - 2021-09-10 16:28 - 001282017 _____ C:\Users\48607\Documents\98iuEMkvE8X7KWiPc3gBq1kk.exe.irfk
2021-11-07 13:14 - 2021-09-10 16:28 - 000389454 _____ C:\Users\48607\Documents\3q0NlQESK4zOi7u2F8MgPrNe.exe.irfk
2021-11-07 13:14 - 2021-09-10 16:28 - 000143694 _____ C:\Users\48607\Documents\9Iu2l_rZy7NUaPvPD3cYbeDO.exe.irfk
2021-11-07 13:14 - 2021-09-10 16:28 - 000101710 _____ C:\Users\48607\Documents\cDDedwaMAb90hEV4wW7a5vAB.exe.irfk
2021-11-07 13:14 - 2021-09-10 15:28 - 004624246 _____ C:\Users\48607\Documents\6eko4OZ8_BkX1443tATgnFCr.exe.irfk
2021-11-07 13:14 - 2021-09-10 15:28 - 001282017 _____ C:\Users\48607\Documents\YrWnNYTlbZXgSJu8TSYLXT4y.exe.irfk
2021-11-07 13:14 - 2021-09-10 15:28 - 000389454 _____ C:\Users\48607\Documents\4nxYl0aMaqwT6llcyvPjad2J.exe.irfk
2021-11-07 13:14 - 2021-09-10 15:28 - 000143694 _____ C:\Users\48607\Documents\4Ifnzenp2KMbSpnw_ar8Cy6S.exe.irfk
2021-11-07 13:14 - 2021-09-10 14:28 - 004624246 _____ C:\Users\48607\Documents\mgdXjYsp5sRJCFbGtOd3wATX.exe.irfk
2021-11-07 13:14 - 2021-09-10 14:28 - 001282017 _____ C:\Users\48607\Documents\Or4U__6bjkJIvTBQVDUE55s1.exe.irfk
2021-11-07 13:14 - 2021-09-10 14:28 - 000389454 _____ C:\Users\48607\Documents\KDM9Tuie6zvcLWewBuwTyR_5.exe.irfk
2021-11-07 13:14 - 2021-09-10 14:28 - 000143694 _____ C:\Users\48607\Documents\DhXsSkepWqsfyc3o9IvIKGds.exe.irfk
2021-11-07 13:14 - 2021-09-10 13:28 - 004624246 _____ C:\Users\48607\Documents\7NYxlOYE1tQA97Uvo9h1WQYy.exe.irfk
2021-11-07 13:14 - 2021-09-10 13:28 - 001282017 _____ C:\Users\48607\Documents\vmFniKuu3qd68m4NECB3HWay.exe.irfk
2021-11-07 13:14 - 2021-09-10 13:28 - 000389454 _____ C:\Users\48607\Documents\hdCnr2R3KeSi60pD43mx_wI3.exe.irfk
2021-11-07 13:14 - 2021-09-10 13:28 - 000143694 _____ C:\Users\48607\Documents\6Z1h8fe0fSt5N70aKTyz2Qkx.exe.irfk
2021-11-07 13:14 - 2021-09-10 12:28 - 004624246 _____ C:\Users\48607\Documents\4ik8w3NegJkp9vfyS0CqsU79.exe.irfk
2021-11-07 13:14 - 2021-09-10 12:28 - 001282017 _____ C:\Users\48607\Documents\U7Wl8GrlfBaYFerppo_kPPDV.exe.irfk
2021-11-07 13:14 - 2021-09-10 12:28 - 000389454 _____ C:\Users\48607\Documents\rOYcFEQetaGN9jdFrzXgfTZd.exe.irfk
2021-11-07 13:14 - 2021-09-10 12:28 - 000143694 _____ C:\Users\48607\Documents\fYNeGOCTOIpJETAFVuwEgXhT.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:22 - 004624246 _____ C:\Users\48607\Documents\2YZ2olAggnVD91XwoKbVu0s1.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:22 - 001282017 _____ C:\Users\48607\Documents\ZHCc1TvfmHPqoWQ3GRu4nb8F.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:22 - 000389454 _____ C:\Users\48607\Documents\gQi_71oRM0NMyU8Nezjpbydd.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:22 - 000161614 _____ C:\Users\48607\Documents\oLoxEEZHnqlhoiTnrbg0vQaj.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:00 - 004624246 _____ C:\Users\48607\Documents\cqxUkUu506jaFePH9F5uJjKQ.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:00 - 001282017 _____ C:\Users\48607\Documents\dWAxJ7Cb4JRTrqs6DtHVXlq_.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:00 - 000389454 _____ C:\Users\48607\Documents\GGzfwcEWH7fChZKnlN7hj9nY.exe.irfk
2021-11-07 13:14 - 2021-09-09 19:00 - 000161614 _____ C:\Users\48607\Documents\zZRek_oWQ7mCTyiC8x3Avg0y.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 018212810 _____ C:\Users\48607\Documents\5pRFI1iJU7LNxaey6qSq_zQx.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 004624246 _____ C:\Users\48607\Documents\xPXI0Q0ch0pLVt8UJBRgs4OZ.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 003826774 _____ C:\Users\48607\Documents\uDHBuMyMCTftti598n93voau.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 002652758 _____ C:\Users\48607\Documents\a5A1efImA27XwXZlcy8HTjch.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 001633614 _____ C:\Users\48607\Documents\qT3dWYBP7ZsuOrwW4ZcUbjl6.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 001282017 _____ C:\Users\48607\Documents\D5h07l37kYqaIzizaXY0U5yo.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 000933710 _____ C:\Users\48607\Documents\BVBLHqBQH0SeQDgaotgcNOg5.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 000389454 _____ C:\Users\48607\Documents\R3sTXL24aXhOGwIl2k2gUAL0.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:53 - 000161614 _____ C:\Users\48607\Documents\TgKi_o8zbJVjhyZMhj5hAEHl.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 004624246 _____ C:\Users\48607\Documents\K7bMBOUJOBJPOJZY5r5X9IUq.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 002949206 _____ C:\Users\48607\Documents\RvcaGChbxbA7LVG98evYo0BY.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 001408334 _____ C:\Users\48607\Documents\7dbYr83sOnl33DP40W9GAtJt.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 001258504 _____ C:\Users\48607\Documents\KsWkiUhk3eFHnIs5od0q82Qe.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000445262 _____ C:\Users\48607\Documents\CiqkqAYpWm04eR4PdiCLcMCv.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000442702 _____ C:\Users\48607\Documents\atNQshrod5pAVfXUwZLGRpFI.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000412494 _____ C:\Users\48607\Documents\1v3p855kQzxbFpR5nbihTBzS.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000403790 _____ C:\Users\48607\Documents\pBZrzRw_j75g6J_lf6HnWaFW.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000325454 _____ C:\Users\48607\Documents\nV5chtbzMf_qkKo_rVEQJcfO.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000323918 _____ C:\Users\48607\Documents\fzDK7gywKUTXF52bO5kUixaf.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000299342 _____ C:\Users\48607\Documents\GlEoi7mMRJzyG7mrG2Ts9JNk.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000256334 _____ C:\Users\48607\Documents\3vTX3rWaYTISfBNrePsakGQT.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000158542 _____ C:\Users\48607\Documents\Ydq_sdYeUKkSuherc55Clfft.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000101710 _____ C:\Users\48607\Documents\wzv59SGUEPAvbQRJA8Klbw6S.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000000607 _____ C:\Users\48607\Documents\wgkf3QaM2sm3uxJcyVwwONNK.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:52 - 000000557 _____ C:\Users\48607\Documents\acqFcB2MEguqzvX5KFJkmQgl.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:46 - 002652758 _____ C:\Users\48607\Documents\MA1Y1ChuZ5FU2jq8bEoPDYa3.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:46 - 001258504 _____ C:\Users\48607\Documents\ugFoHfO3S19Hc1qV63VegYDS.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:46 - 000933710 _____ C:\Users\48607\Documents\NeWeM3QNbTvSCaiJrZBwuXIZ.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:46 - 000226671 _____ C:\Users\48607\AppData\LocalLow\u4fPNLfK0oZ.zip.irfk
2021-11-07 13:14 - 2021-09-09 18:46 - 000000557 _____ C:\Users\48607\Documents\nB0FdiwuR5Xm0Ol6_Q89fSHE.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:45 - 004624246 _____ C:\Users\48607\Documents\eJZ1xC3nBWAHmaq1wc7zO1bq.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:45 - 000403790 _____ C:\Users\48607\Documents\CNbU6aYEOYpFd47ANVaq_Xe0.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:45 - 000299342 _____ C:\Users\48607\Documents\RbNWkZEeUO_Eb1BlTotRFyRk.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:45 - 000101710 _____ C:\Users\48607\Documents\BLftkPOzhMuSiummnVob6NWy.exe.irfk
2021-11-07 13:14 - 2021-09-09 18:45 - 000000607 _____ C:\Users\48607\Documents\JlzCUbDcHhEsrVKksGlLvtVb.exe.irfk
2021-11-07 13:14 - 2021-09-04 11:56 - 001352252 _____ C:\Users\48607\Documents\project bbb.rbxl.irfk
2021-11-07 13:14 - 2021-08-21 19:18 - 004597146 _____ C:\Users\48607\Documents\AFK UNTIL SOMEONE DONATES ME SOMETHING.rbxl.irfk
2021-11-07 13:14 - 2021-08-19 12:16 - 003645594 _____ C:\Users\48607\Documents\untitled.blend.irfk
2021-11-07 13:14 - 2021-08-10 14:02 - 006079293 _____ C:\Users\48607\Documents\Untitled Game.rbxl.irfk
2021-11-07 13:14 - 2021-08-04 20:11 - 000579835 _____ C:\Users\48607\Documents\sadas.rbxl.irfk
2021-11-07 13:14 - 2021-08-01 12:39 - 000643918 _____ C:\Users\48607\Documents\7za.exe.irfk
2021-11-07 13:14 - 2021-07-28 11:38 - 005397325 _____ C:\Users\48607\Documents\Upcomming.rbxl.irfk
2021-11-07 13:14 - 2021-07-26 19:03 - 000676295 _____ C:\Users\48607\Documents\Testing.rbxl.irfk
2021-11-07 13:14 - 2021-07-21 13:02 - 003705179 _____ C:\Users\48607\Documents\d.rbxl.irfk
2021-11-07 13:14 - 2021-07-01 19:12 - 002210832 _____ C:\Users\48607\Documents\rayk.rbxl.irfk
2021-11-07 13:14 - 2021-07-01 07:12 - 003266300 _____ C:\Users\48607\Documents\j.rbxl.irfk
2021-11-07 13:14 - 2021-06-30 11:32 - 007135305 _____ C:\Users\48607\Documents\important fe gun kit edits.rbxl.irfk
2021-11-07 13:14 - 2021-06-27 19:28 - 000030196 _____ C:\Users\48607\Documents\adsasd.rbxl.irfk
2021-11-07 13:14 - 2021-06-26 21:10 - 006498188 _____ C:\Users\48607\Documents\t.rbxl.irfk
2021-11-07 13:14 - 2021-06-20 09:52 - 003389320 _____ C:\Users\48607\Documents\gqebt.rbxl.irfk
2021-11-07 13:14 - 2021-06-17 19:07 - 002364519 _____ C:\Users\48607\Documents\dsaewvqefwdwer adfs dfscxdgtrdgtrxdgtrxdgtrxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxgxddgtrxdgx.rbxl.irfk
2021-11-07 13:14 - 2021-05-21 12:37 - 004412161 _____ C:\Users\48607\Documents\boulevard.rbxl.irfk
2021-11-07 13:14 - 2021-05-19 16:32 - 007279988 _____ C:\Users\48607\Documents\adfvsafwsf.rbxl.irfk
2021-11-07 13:14 - 2021-05-01 10:23 - 007030032 _____ C:\Users\48607\Documents\cringility.rbxl.irfk
2021-11-07 13:14 - 2021-04-16 13:41 - 000194488 _____ C:\Users\48607\Documents\c.rbxl.irfk
2021-11-07 13:14 - 2021-04-10 12:25 - 000022836 _____ C:\Users\48607\Documents\music etc.rbxl.irfk
2021-11-07 13:14 - 2021-04-09 16:46 - 007129394 _____ C:\Users\48607\Documents\trash.rbxl.irfk
2021-11-07 13:14 - 2021-04-01 20:05 - 002145388 _____ C:\Users\48607\Documents\Zombie Nation remake.rbxl.irfk
2021-11-07 13:14 - 2021-03-31 17:03 - 001231361 _____ C:\Users\48607\Documents\public dev server.rbxl.irfk
2021-11-07 13:14 - 2021-03-29 14:54 - 010221017 _____ C:\Users\48607\Documents\fjdhgcjkjgkhjgd important.rbxl.irfk
2021-11-07 13:14 - 2021-03-20 14:17 - 000025376 _____ C:\Users\48607\Documents\making icons etc.rbxl.irfk
2021-11-07 13:14 - 2021-03-14 10:55 - 000000375 _____ C:\Users\48607\Documents\my notepad.txt.irfk
2021-11-07 13:14 - 2021-03-13 16:40 - 001181084 _____ C:\Users\48607\Documents\gdsfsad.rbxl.irfk
2021-11-07 13:14 - 2021-03-06 21:38 - 008828325 _____ C:\Users\48607\Documents\sasdads.rbxl.irfk
2021-11-07 13:14 - 2021-02-28 18:04 - 000000000 ___RD C:\Users\48607\Documents\Scanned Documents
2021-11-07 13:14 - 2021-02-27 10:26 - 000911619 _____ C:\Users\48607\Documents\gggg.rbxl.irfk
2021-11-07 13:14 - 2021-02-14 10:00 - 001051264 _____ C:\Users\48607\Documents\chris gfvffdf.rbxl.irfk
2021-11-07 13:14 - 2021-02-06 12:20 - 000022775 _____ C:\Users\48607\Documents\tests.rbxl.irfk
2021-11-07 13:14 - 2021-01-30 12:49 - 000021816 _____ C:\Users\48607\Documents\dssgffsfg.rbxl.irfk
2021-11-07 13:14 - 2021-01-27 17:52 - 000278451 _____ C:\Users\48607\Documents\FFDSGG.rbxl.irfk
2021-11-07 13:14 - 2021-01-24 20:23 - 000021821 _____ C:\Users\48607\Documents\Baseplate.rbxl.irfk
2021-11-07 13:14 - 2021-01-17 18:36 - 000735474 _____ C:\Users\48607\Documents\project buh.rbxl.irfk
2021-11-07 13:14 - 2021-01-04 19:53 - 000023337 _____ C:\Users\48607\Documents\models.rbxl.irfk
2021-11-07 13:14 - 2020-12-22 14:27 - 001920686 _____ C:\Users\48607\Documents\yes fre rake models go brrrr.rbxl.irfk
2021-11-07 13:14 - 2020-10-24 14:50 - 007574053 _____ C:\Users\48607\Documents\L4D2.rbxl.irfk
2021-11-07 13:14 - 2020-09-18 12:30 - 000000588 _____ C:\Users\48607\AppData\LocalLow\rbxcsettings.rbx.irfk
Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}
EmptyTemp:

Na klawiaturze naciśnij jednocześnie CTRL + S.
W FRST kliknij na Fix (NAPRAW).

 

jessi

Odnośnik do komentarza

Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.
Otworzy się Notatnik - wklej do niego:

Spoiler

C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk
C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk
C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt (No File)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt (No File)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk
HKU\S-1-5-19\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File)
HKU\S-1-5-20\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File)
HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HpseuHostLauncher.exe (No File)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (No File)
HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No File)
HKU\S-1-5-21-1138517282-2312738049-3737462855-1001\...\Run: [qpyizhzm] => "C:\Users\48607\mrqoekti.exe" (No File)
C:\Users\48607\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\588.vbs
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FirewallRules: [{D52DA396-1A91-4FEF-854C-CE70E8A7410B}] => (Allow) C:\Windows\System\svchost.exe => No File
FirewallRules: [{0510F687-FA1C-4787-9682-BEC0C041C256}] => (Allow) C:\Windows\System\svchost.exe => No File
FirewallRules: [{08F0C9E8-32D9-48D0-AC0A-9792A80E20C9}] => (Allow) C:\Windows\System\svchost.exe => No File
FirewallRules: [{C15F792B-22C4-4031-85EB-217A1DC3256E}] => (Allow) C:\Windows\System\svchost.exe => No File
FirewallRules: [{5CE91919-9E5E-4ECB-BAF1-70F7DB51A1DA}] => (Allow) C:\Windows\System\svchost.exe => No File
FirewallRules: [{9ACDFF1D-E005-45B8-B589-DBE8CADA6556}] => (Allow) C:\Windows\System\svchost.exe => No File
FirewallRules: [{7BD44FF4-07E2-4EBF-B931-49E74507ECB8}] => (Allow) C:\Windows\System\svchost.exe => No File
FirewallRules: [{C35ACD1D-123A-4ED6-83F9-E1E2E143AE0B}] => (Allow) C:\Windows\System\svchost.exe => No File
Reg: reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv /s
Reg: reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv /s
Reboot:

Na klawiaturze naciśnij jednocześnie CTRL + S.
W FRST kliknij na Fix (NAPRAW).

 

jessi

Odnośnik do komentarza

Uruchom FRST. Na klawiaturze naciśnij jednocześnie CTRL+Y.
Otworzy się Notatnik - wklej do niego:

Spoiler

StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv\Parameters]
"ServiceDll"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,75,00,61,00,75,00,65,00,6e,00,67,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceMain"="WUServiceMain"
"ServiceDllUnloadOnStop"=dword:00000001
EndRegedit:
Reboot:

Na klawiaturze naciśnij jednocześnie CTRL + S.
W FRST kliknij na Fix (NAPRAW).

 

Zrób nowy log z FSS.

 

jessi

Odnośnik do komentarza

Jeśli chcesz dodać odpowiedź, zaloguj się lub zarejestruj nowe konto

Jedynie zarejestrowani użytkownicy mogą komentować zawartość tej strony.

Zarejestruj nowe konto

Załóż nowe konto. To bardzo proste!

Zarejestruj się

Zaloguj się

Posiadasz już konto? Zaloguj się poniżej.

Zaloguj się
  • Ostatnio przeglądający   0 użytkowników

    • Brak zarejestrowanych użytkowników przeglądających tę stronę.
×
×
  • Dodaj nową pozycję...