Conder píše:(pre druhy NTB - PATO-PC - TOSHIBA SATELLITE L750)
Poprosim aj o log z AdwCleaneru
Otvor poznamkovy blok (Win+R -> notepad -> enter)
- Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:
Kód: Vybrat vše
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\ProgramData\{08D3CDB0-8291-4776-0457-D9349E1552FA}
Folder: C:\Users\Pato\AppData\Roaming\crowminio
Folder: C:\Users\Pato\AppData\Roaming\01F11E~1
File: C:\Users\Pato\AppData\Local\chromium\Application\chrome.exe
File: C:\Users\Pato\AppData\Roaming\crowminio\Besocufa.exe
CMD: type "C:\ProgramData\{08D3CDB0-8291-4776-0457-D9349E1552FA}\dito.txt"
Task: {5A8C6961-2B4C-473D-A2D6-F188A161266C} - System32\Tasks\Chromium lidel => "wscript.exe" "C:\ProgramData\{08D3CDB0-8291-4776-0457-D9349E1552FA}\dito.txt" "68747470733a2f2f64326234366537617832617466692e636c6f756466726f6e742e6e6574" "//B" "//E:jscript" "--IsErIk" <==== ATTENTION
Task: {BF0BD7E5-6A26-4367-B5FF-750D46BC5253} - System32\Tasks\Besocufa\{1B7E8DE7-F3C7-2C28-6813-6B1B1FB58322} => C:\Users\Pato\AppData\Roaming\crowminio\Besocufa.exe [110592 2013-04-22] () [File not signed]
Task: {CB3803C5-C7CC-4244-8988-552A0B6DF5B9} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: C:\Windows\Tasks\{01F11EFA-5B0D-ECDC-FD3A-05C1BF188832}.job => C:\Users\Pato\AppData\Roaming\01F11E~1\kagadak.exe <==== ATTENTION
ProxyEnable: [S-1-5-21-2930219675-3888109823-3098542891-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2930219675-3888109823-3098542891-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
ManualProxies: 1http=127.0.0.1:8877;https=127.0.0.1:8877
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/***
HKU\S-1-5-21-2930219675-3888109823-3098542891-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/***
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2930219675-3888109823-3098542891-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchURL: Default -> hxxp://selected-search.com/search?q={searchTerms}&
CHR DefaultSearchKeyword: Default -> ss
CHR HKLM\...\Chrome\Extension: [afgeoapebnkefelmpoepnmjiflidjjce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2930219675-3888109823-3098542891-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [afgeoapebnkefelmpoepnmjiflidjjce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [afgeoapebnkefelmpoepnmjiflidjjce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
2019-04-17 07:09 - 2019-04-17 07:09 - 000232000 _____ () C:\Users\Pato\AppData\Roaming\Kidenenaraka
2019-05-03 08:09 - 2019-05-03 08:09 - 000269272 _____ () C:\Users\Pato\AppData\Roaming\Mitehereg
2019-04-25 07:09 - 2019-04-25 07:09 - 000147593 _____ () C:\Users\Pato\AppData\Roaming\Refaboreru
2018-05-28 08:09 - 2019-06-21 08:13 - 000000361 _____ () C:\Users\Pato\AppData\Roaming\WB.CFG
C:\ProgramData\{08D3CDB0-8291-4776-0457-D9349E1552FA}
C:\Users\Pato\AppData\Roaming\crowminio
C:\Users\Pato\AppData\Roaming\01F11E~1
RemoveProxy:
Hosts:
EmptyTemp:
End
- Uloz na plochu s nazvom fixlist.txt
- Spusti znovu FRST a klikni na Fix
- Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
- Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2019
Ran by Pato (27-06-2019 14:33:16) Run:2
Running from C:\Users\Pato\Desktop
Loaded Profiles: Pato (Available Profiles: Pato)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
PowerShell: Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum
Folder: C:\ProgramData\{08D3CDB0-8291-4776-0457-D9349E1552FA}
Folder: C:\Users\Pato\AppData\Roaming\crowminio
Folder: C:\Users\Pato\AppData\Roaming\01F11E~1
File: C:\Users\Pato\AppData\Local\chromium\Application\chrome.exe
File: C:\Users\Pato\AppData\Roaming\crowminio\Besocufa.exe
CMD: type "C:\ProgramData\{08D3CDB0-8291-4776-0457-D9349E1552FA}\dito.txt"
Task: {5A8C6961-2B4C-473D-A2D6-F188A161266C} - System32\Tasks\Chromium lidel => "wscript.exe" "C:\ProgramData\{08D3CDB0-8291-4776-0457-D9349E1552FA}\dito.txt" "68747470733a2f2f64326234366537617832617466692e636c6f756466726f6e742e6e6574" "//B" "//E:jscript" "--IsErIk" <==== ATTENTION
Task: {BF0BD7E5-6A26-4367-B5FF-750D46BC5253} - System32\Tasks\Besocufa\{1B7E8DE7-F3C7-2C28-6813-6B1B1FB58322} => C:\Users\Pato\AppData\Roaming\crowminio\Besocufa.exe [110592 2013-04-22] () [File not signed]
Task: {CB3803C5-C7CC-4244-8988-552A0B6DF5B9} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: C:\Windows\Tasks\{01F11EFA-5B0D-ECDC-FD3A-05C1BF188832}.job => C:\Users\Pato\AppData\Roaming\01F11E~1\kagadak.exe <==== ATTENTION
ProxyEnable: [S-1-5-21-2930219675-3888109823-3098542891-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-2930219675-3888109823-3098542891-1000] => http=127.0.0.1:8877;https=127.0.0.1:8877
ManualProxies: 1http=127.0.0.1:8877;https=127.0.0.1:8877
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/***
HKU\S-1-5-21-2930219675-3888109823-3098542891-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://no.search.yahoo.com/***
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2930219675-3888109823-3098542891-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchURL: Default -> hxxp://selected-search.com/search?q={searchTerms}&
CHR DefaultSearchKeyword: Default -> ss
CHR HKLM\...\Chrome\Extension: [afgeoapebnkefelmpoepnmjiflidjjce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2930219675-3888109823-3098542891-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [afgeoapebnkefelmpoepnmjiflidjjce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [afgeoapebnkefelmpoepnmjiflidjjce] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
2019-04-17 07:09 - 2019-04-17 07:09 - 000232000 _____ () C:\Users\Pato\AppData\Roaming\Kidenenaraka
2019-05-03 08:09 - 2019-05-03 08:09 - 000269272 _____ () C:\Users\Pato\AppData\Roaming\Mitehereg
2019-04-25 07:09 - 2019-04-25 07:09 - 000147593 _____ () C:\Users\Pato\AppData\Roaming\Refaboreru
2018-05-28 08:09 - 2019-06-21 08:13 - 000000361 _____ () C:\Users\Pato\AppData\Roaming\WB.CFG
C:\ProgramData\{08D3CDB0-8291-4776-0457-D9349E1552FA}
C:\Users\Pato\AppData\Roaming\crowminio
C:\Users\Pato\AppData\Roaming\01F11E~1
RemoveProxy:
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
========= Get-ChildItem -Path "$ENV:USERPROFILE\Desktop" -Recurse -Force | Measure-Object -Property Length -Sum =========
Count : 96
Average :
Sum : 443992627
Maximum :
Minimum :
Property : Length
========= End of Powershell: =========
========================= Folder: C:\ProgramData\{08D3CDB0-8291-4776-0457-D9349E1552FA} ========================
not found.
====== End of Folder: ======
========================= Folder: C:\Users\Pato\AppData\Roaming\crowminio ========================
not found.
====== End of Folder: ======
========================= Folder: C:\Users\Pato\AppData\Roaming\01F11E~1 ========================
not found.
====== End of Folder: ======
========================= File: C:\Users\Pato\AppData\Local\chromium\Application\chrome.exe ========================
C:\Users\Pato\AppData\Local\chromium\Application\chrome.exe
File not signed
MD5: F19BC66A6506DC298622CB397DD2044C
Creation and modification date: 2018-05-27 14:15 - 2017-02-15 08:30
Size: 000829440
Attributes: ----A
Company Name: The Chromium Authors
Internal Name: chrome_exe
Original Name: chrome.exe
Product: Chromium
Description: Chromium
File Version: 58.0.3014.0
Product Version: 58.0.3014.0
Copyright: Copyright 2016 The Chromium Authors. All rights reserved.
VirusTotal:
https://www.virustotal.com/file/586fea1 ... 561183295/
====== End of File: ======
========================= File: C:\Users\Pato\AppData\Roaming\crowminio\Besocufa.exe ========================
"C:\Users\Pato\AppData\Roaming\crowminio\Besocufa.exe" => not found
====== End of File: ======
========= type "C:\ProgramData\{08D3CDB0-8291-4776-0457-D9349E1552FA}\dito.txt" =========
Syst‚m nem“§e n jsś zadanŁ cestu.
========= End of CMD: =========
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A8C6961-2B4C-473D-A2D6-F188A161266C}" => not found
"C:\Windows\System32\Tasks\Chromium lidel" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium lidel" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF0BD7E5-6A26-4367-B5FF-750D46BC5253}" => not found
"C:\Windows\System32\Tasks\Besocufa\{1B7E8DE7-F3C7-2C28-6813-6B1B1FB58322}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Besocufa\{1B7E8DE7-F3C7-2C28-6813-6B1B1FB58322}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB3803C5-C7CC-4244-8988-552A0B6DF5B9}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => not found
"C:\Windows\Tasks\{01F11EFA-5B0D-ECDC-FD3A-05C1BF188832}.job" => not found
"HKU\S-1-5-21-2930219675-3888109823-3098542891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\S-1-5-21-2930219675-3888109823-3098542891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => not found
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2930219675-3888109823-3098542891-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
"HKU\S-1-5-21-2930219675-3888109823-3098542891-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => not found
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => not found
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => not found
"Chrome DefaultSearchURL" => not found
"Chrome DefaultSearchKeyword" => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\afgeoapebnkefelmpoepnmjiflidjjce => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
HKU\S-1-5-21-2930219675-3888109823-3098542891-1000\SOFTWARE\Google\Chrome\Extensions\afgeoapebnkefelmpoepnmjiflidjjce => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\afgeoapebnkefelmpoepnmjiflidjjce => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho => not found
"C:\Users\Pato\AppData\Roaming\Kidenenaraka" => not found
"C:\Users\Pato\AppData\Roaming\Mitehereg" => not found
"C:\Users\Pato\AppData\Roaming\Refaboreru" => not found
"C:\Users\Pato\AppData\Roaming\WB.CFG" => not found
"C:\ProgramData\{08D3CDB0-8291-4776-0457-D9349E1552FA}" => not found
"C:\Users\Pato\AppData\Roaming\crowminio" => not found
"C:\Users\Pato\AppData\Roaming\01F11E~1" => not found
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2930219675-3888109823-3098542891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-2930219675-3888109823-3098542891-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
========= End of RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4872020 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 6048691 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Pato => 2569023 B
RecycleBin => 1102382 B
EmptyTemp: => 21.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:34:47 ====