Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nakažený PowerShell.exe

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
501.st
Návštěvník
Návštěvník
Příspěvky: 2
Registrován: 28 kvě 2017 13:39

Nakažený PowerShell.exe

#1 Příspěvek od 501.st »

Dobrý den,

stáhnul jsem špatný soubor a dostal se mi do NB trojský kůn. Momentálně způsobuje to, že spustí PowerShell.exe a zabírá 20% CPU. AVAST mi nahlásil IDP.ALEXA.51 hodil napadený soubor do truhly a za +-20 vteřin se znovu obnovil a spustil PowerShell.exe a dokola. AVAST jsem vymazal a nainstaloval ESET, ten mi hlásí odstranění souboru a zablokování hrozby 2x MSIL/Bladabindi.HR a MSIL/Agent.RRN, ale proces PowerShell.exe běží dál, pokud ho manuálně ukončim přes Task Manager, tak se zase do 20 vteřin obnoví. Už jsem zkoušel fakt všechno a jsem tak zoufalej, že používám Nástroj pro odstranění škodlivého softwaru systému Microsoft. Jsem z toho fakt špatnej budu rád za každou radu. :cry:

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2017
Ran by xXx_MLG_M8_xXx (administrator) on MSIMOFO (27-05-2017 11:12:14)
Running from D:\Stahovani
Loaded Profiles: xXx_MLG_M8_xXx (Available Profiles: xXx_MLG_M8_xXx)
Platform: Windows 8.1 (Update) (X64) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5572\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8839\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8839\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8839\Battle.net Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\Users\xXx_MLG_M8_xXx\Desktop\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-04-16] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3165814091-316560637-3126155356-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-03] (Piriform Ltd)
HKU\S-1-5-21-3165814091-316560637-3126155356-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-07] (Disc Soft Ltd)
HKU\S-1-5-21-3165814091-316560637-3126155356-1001\...\Run: [Steam] => D:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2017-03-15]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 77.236.192.150 77.236.192.130
Tcpip\..\Interfaces\{601C1FEE-05CF-4BB6-ACDB-774047716A91}: [DhcpNameServer] 77.236.192.150 77.236.192.130

Internet Explorer:
==================
HKU\S-1-5-21-3165814091-316560637-3126155356-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ql5fcd8q.default
FF ProfilePath: C:\Users\xXx_MLG_M8_xXx\AppData\Roaming\Mozilla\Firefox\Profiles\ql5fcd8q.default [2017-05-27]
FF Homepage: Mozilla\Firefox\Profiles\ql5fcd8q.default -> hxxps://www.seznam.cz/
FF Extension: (Dark Background and Light Text) - C:\Users\xXx_MLG_M8_xXx\AppData\Roaming\Mozilla\Firefox\Profiles\ql5fcd8q.default\Extensions\jid1-QoFqdK4qzUfGWQ@jetpack.xpi [2017-05-09]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-02-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-02-23] (Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-07] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2836296 2017-05-26] (ESET)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [124520 2016-04-16] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-17] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-03-17] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-17] (NVIDIA Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [142408 2015-09-16] (Rivet Networks, LLC.)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-10-28] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1448248 2014-11-26] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-03-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-03-15] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132272 2017-05-26] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [106768 2017-05-26] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15488 2016-08-08] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180544 2017-05-26] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [49672 2017-05-26] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [77616 2017-05-26] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [96856 2017-05-26] (ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [230128 2016-04-16] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [157752 2015-09-03] (Qualcomm Atheros, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2017-05-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-05-27] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-27] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-27] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93624 2017-05-27] (Malwarebytes)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew02.sys [3495192 2014-10-16] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-03-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-03-17] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-03-17] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-10-08] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-27 11:12 - 2017-05-27 11:12 - 00000000 ____D C:\FRST
2017-05-27 10:21 - 2017-05-27 10:22 - 00093624 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-27 10:21 - 2017-05-27 10:21 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-27 10:21 - 2017-05-27 10:21 - 00187320 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-05-27 10:21 - 2017-05-27 10:21 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-27 10:21 - 2017-05-27 10:21 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-27 10:21 - 2017-05-27 10:21 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-27 10:21 - 2017-05-27 10:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-27 10:21 - 2017-05-27 10:21 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-27 10:21 - 2017-05-09 16:37 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-26 20:24 - 2017-05-26 21:49 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\Documents\Overwatch
2017-05-26 19:54 - 2017-05-26 19:54 - 00000888 _____ C:\Users\Public\Desktop\Overwatch.lnk
2017-05-26 19:54 - 2017-05-26 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-05-26 19:35 - 2017-05-26 20:24 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-05-26 16:46 - 2017-05-26 16:46 - 00012578 _____ C:\Users\xXx_MLG_M8_xXx\Documents\cc_20170526_164641.reg
2017-05-26 16:35 - 2017-05-26 16:35 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-05-26 16:33 - 2017-05-26 16:33 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Local\ESET
2017-05-26 16:29 - 2017-05-26 16:29 - 00002043 _____ C:\Users\Public\Desktop\ESET Ochrana bankovnictví a online plateb.lnk
2017-05-26 16:28 - 2017-05-26 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-05-26 16:28 - 2017-05-26 16:28 - 00000000 ____D C:\ProgramData\ESET
2017-05-26 16:28 - 2017-05-26 16:28 - 00000000 ____D C:\Program Files\ESET
2017-05-26 14:52 - 2017-05-26 14:54 - 00356234 _____ C:\Windows\ntbtlog.txt
2017-05-26 14:21 - 2017-05-26 14:21 - 00003912 _____ C:\Windows\System32\Tasks\cupdate
2017-05-25 15:05 - 2017-05-25 15:05 - 21198312 _____ C:\Users\xXx_MLG_M8_xXx\Documents\sg03.sav
2017-05-23 21:26 - 2017-05-24 15:47 - 58640061 _____ C:\Users\xXx_MLG_M8_xXx\Documents\sg02.sav
2017-05-22 13:42 - 2017-05-23 21:26 - 58162784 _____ C:\Users\xXx_MLG_M8_xXx\Documents\sg01.sav
2017-05-21 18:53 - 2017-05-22 03:06 - 56348975 _____ C:\Users\xXx_MLG_M8_xXx\Documents\sg00.sav
2017-05-21 17:42 - 2017-05-21 17:42 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\Documents\Mount&Blade Warband Savegames
2017-05-21 17:16 - 2017-05-21 17:16 - 00000745 _____ C:\Users\xXx_MLG_M8_xXx\Desktop\Mount&Blade Warband.lnk
2017-05-21 17:16 - 2017-05-21 17:16 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2017-05-21 17:14 - 2017-05-21 18:14 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\Documents\Mount&Blade Warband
2017-05-21 17:07 - 2012-07-06 15:18 - 00198656 _____ (Appspeed Inc.) C:\Windows\SysWOW64\SkinMagic.dll
2017-05-21 17:05 - 2017-05-21 17:01 - 00798720 _____ (Firelight Technologies) C:\Windows\SysWOW64\fmodex.dll
2017-05-21 16:40 - 2017-05-21 16:40 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Roaming\Mount&Blade Warband
2017-05-21 16:39 - 2017-05-21 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount&Blade Warband
2017-05-13 10:29 - 2017-03-30 15:15 - 00678592 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-05-13 10:29 - 2017-03-30 15:15 - 00536768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-05-13 10:28 - 2017-03-30 15:15 - 00875712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-05-13 10:28 - 2017-03-30 15:15 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-05-12 18:10 - 2017-05-12 18:10 - 00001041 _____ C:\Users\xXx_MLG_M8_xXx\Desktop\HEROES3.lnk
2017-05-10 10:45 - 2017-04-28 23:15 - 07444824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 10:45 - 2017-04-26 16:06 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 10:45 - 2017-04-16 12:23 - 02176584 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2017-05-10 10:45 - 2017-04-16 12:23 - 01662096 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 10:45 - 2017-04-16 12:23 - 01063464 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2017-05-10 10:45 - 2017-04-16 12:18 - 01135288 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 10:45 - 2017-04-16 12:18 - 00803192 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 10:45 - 2017-04-16 11:07 - 01566032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2017-05-10 10:45 - 2017-04-16 11:07 - 01213792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 10:45 - 2017-04-16 11:07 - 00548032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2017-05-10 10:45 - 2017-04-16 11:05 - 00612096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 10:45 - 2017-04-16 10:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 10:45 - 2017-04-16 10:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 10:45 - 2017-04-16 10:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 10:45 - 2017-04-16 10:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 10:45 - 2017-04-16 10:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 10:45 - 2017-04-16 10:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 10:45 - 2017-04-16 10:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 10:45 - 2017-04-16 10:16 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 10:45 - 2017-04-16 10:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 10:45 - 2017-04-16 10:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 10:45 - 2017-04-16 10:02 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-05-10 10:45 - 2017-04-16 10:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 10:45 - 2017-04-16 10:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 10:45 - 2017-04-16 10:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 10:45 - 2017-04-16 09:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 10:45 - 2017-04-16 09:52 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-05-10 10:45 - 2017-04-16 09:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 10:45 - 2017-04-16 09:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 10:45 - 2017-04-16 09:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 10:45 - 2017-04-16 09:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 10:45 - 2017-04-16 09:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 10:45 - 2017-04-16 09:40 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 10:45 - 2017-04-16 09:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 10:45 - 2017-04-16 09:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 10:45 - 2017-04-16 09:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 10:45 - 2017-04-16 09:23 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-05-10 10:45 - 2017-04-16 09:22 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 10:45 - 2017-04-16 09:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 10:45 - 2017-04-16 09:17 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-05-10 10:45 - 2017-04-16 09:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 10:45 - 2017-04-16 09:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 10:45 - 2017-04-16 09:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 10:45 - 2017-04-16 09:10 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 10:45 - 2017-04-16 09:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 10:45 - 2017-04-16 09:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 10:45 - 2017-04-16 09:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 10:45 - 2017-04-16 09:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2017-05-10 10:45 - 2017-04-16 08:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 10:45 - 2017-04-16 08:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 10:45 - 2017-04-16 08:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 10:45 - 2017-04-16 08:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 10:45 - 2017-04-16 08:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 10:45 - 2017-04-16 08:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 10:45 - 2017-04-10 00:00 - 01548640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 10:45 - 2017-04-10 00:00 - 00388448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 10:45 - 2017-04-08 01:20 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 10:45 - 2017-04-07 15:56 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 10:45 - 2017-04-02 18:41 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 10:45 - 2017-04-02 18:41 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 10:45 - 2017-04-01 01:16 - 01968408 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 10:45 - 2017-03-31 23:59 - 01612504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 10:45 - 2017-03-13 18:38 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2017-05-10 10:45 - 2017-03-13 18:29 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-05-10 10:45 - 2017-03-13 18:25 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-05-10 10:45 - 2017-03-13 18:13 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmitomi.dll
2017-05-10 10:45 - 2017-03-13 18:07 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-05-10 10:45 - 2017-03-13 18:06 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-05-10 10:45 - 2017-03-11 21:34 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 10:45 - 2017-03-11 21:32 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 10:45 - 2017-03-11 21:32 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 10:45 - 2017-03-11 20:49 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 10:45 - 2017-03-11 19:58 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 10:45 - 2017-03-11 19:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 10:45 - 2017-03-11 01:38 - 02017624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-05-10 10:45 - 2017-03-11 01:38 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-05-10 10:45 - 2017-03-09 22:52 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2017-05-10 10:45 - 2017-03-09 21:17 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2017-05-10 10:45 - 2017-03-08 04:44 - 00448285 _____ C:\Windows\system32\ApnDatabase.xml
2017-05-09 12:40 - 1997-06-02 12:32 - 00314880 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2017-05-07 16:05 - 2017-05-07 16:05 - 00001930 _____ C:\Users\Public\Desktop\DOSBox 0.74.lnk
2017-05-07 16:05 - 2017-05-07 16:05 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Local\DOSBox
2017-05-07 16:05 - 2017-05-07 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2017-05-07 16:05 - 2017-05-07 16:05 - 00000000 ____D C:\Program Files (x86)\DOSBox-0.74
2017-05-04 14:35 - 2017-05-04 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
2017-05-04 14:34 - 2017-05-04 15:05 - 00000721 _____ C:\Users\xXx_MLG_M8_xXx\Desktop\Play Star Wars Jedi Knight Jedi Academy.lnk
2017-05-02 13:22 - 2017-05-02 13:22 - 00000132 _____ C:\Users\xXx_MLG_M8_xXx\AppData\Roaming\Filtr IIIExport Adobe CS6 – předvolby

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-27 11:05 - 2017-03-16 00:39 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Local\Battle.net
2017-05-27 10:53 - 2017-03-15 12:17 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\LocalLow\Mozilla
2017-05-27 10:51 - 2017-03-15 11:39 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Local\Packages
2017-05-27 10:16 - 2017-04-02 15:24 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Local\Adobe
2017-05-27 10:15 - 2017-03-16 00:39 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-27 09:48 - 2017-03-15 12:02 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-27 09:46 - 2017-03-15 12:29 - 00000000 __SHD C:\Users\xXx_MLG_M8_xXx\IntelGraphicsProfiles
2017-05-26 22:39 - 2017-03-15 12:05 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3165814091-316560637-3126155356-1001
2017-05-26 22:16 - 2017-03-15 13:27 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Roaming\uTorrent
2017-05-26 22:12 - 2017-03-15 14:09 - 00739908 _____ C:\Windows\system32\perfh005.dat
2017-05-26 22:12 - 2017-03-15 14:09 - 00151614 _____ C:\Windows\system32\perfc005.dat
2017-05-26 22:12 - 2017-03-15 11:49 - 01745984 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-26 22:12 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-05-26 22:01 - 2017-03-15 12:39 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Roaming\vlc
2017-05-26 16:39 - 2017-03-15 13:26 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-26 16:39 - 2017-03-15 13:25 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-26 16:39 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-26 16:33 - 2016-08-08 10:19 - 00180544 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2017-05-26 16:33 - 2016-08-08 10:19 - 00132272 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2017-05-26 16:33 - 2016-08-08 10:19 - 00106768 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys
2017-05-26 16:33 - 2016-08-08 10:19 - 00096856 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2017-05-26 16:33 - 2016-08-08 10:19 - 00077616 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2017-05-26 16:33 - 2016-08-08 10:19 - 00049672 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2017-05-26 16:29 - 2013-08-22 17:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-05-26 14:42 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-26 14:22 - 2017-03-15 11:39 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Roaming\Adobe
2017-05-26 14:21 - 2017-03-21 13:11 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Local\CrashDumps
2017-05-23 19:53 - 2017-03-31 10:10 - 00000000 ____D C:\Windows\system32\MRT
2017-05-23 19:52 - 2017-03-31 10:09 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-14 10:56 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-05-13 10:34 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-13 10:29 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-05-12 18:06 - 2017-04-02 18:32 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll
2017-05-12 18:06 - 2017-04-02 18:32 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll
2017-05-12 18:06 - 2017-04-02 18:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
2017-05-12 18:06 - 2017-04-02 18:31 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll
2017-05-12 18:06 - 2013-08-22 13:22 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2017-05-12 18:06 - 2013-08-22 13:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2017-05-12 18:06 - 2013-08-22 13:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2017-05-12 18:06 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll
2017-05-12 18:06 - 2013-08-22 13:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll
2017-05-12 18:06 - 2013-08-22 05:56 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2017-05-12 18:06 - 2013-08-22 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2017-05-12 18:06 - 2013-08-22 05:51 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll
2017-05-12 18:06 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll
2017-05-12 18:06 - 2013-08-22 05:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll
2017-05-12 09:51 - 2013-08-22 16:44 - 05034424 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 21:44 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-10 10:37 - 2017-03-29 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-05-09 18:23 - 2017-04-02 15:25 - 00004408 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-09 18:23 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-09 18:23 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-08 09:59 - 2017-03-15 12:55 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-07 16:05 - 2017-03-15 11:39 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Local\VirtualStore
2017-05-05 09:45 - 2013-08-22 15:25 - 00000167 _____ C:\Windows\win.ini
2017-05-04 14:34 - 2017-03-15 12:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-04 14:33 - 2017-03-15 13:28 - 00000000 ____D C:\Users\xXx_MLG_M8_xXx\AppData\Roaming\DAEMON Tools Lite
2017-04-29 00:44 - 2017-04-03 12:35 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-29 00:44 - 2017-04-03 12:35 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-05-02 13:22 - 2017-05-02 13:22 - 0000132 _____ () C:\Users\xXx_MLG_M8_xXx\AppData\Roaming\Filtr IIIExport Adobe CS6 – předvolby
2017-03-15 12:57 - 2017-03-15 12:57 - 0000000 _____ () C:\Users\xXx_MLG_M8_xXx\AppData\Local\Driver_LOM_8161Present.flag
2017-03-15 13:00 - 2017-03-15 13:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-05-21 16:40 - 2017-05-21 16:40 - 0165992 _____ () C:\Users\xXx_MLG_M8_xXx\AppData\Local\Temp\_inst1.exe
2017-05-21 16:41 - 2017-05-21 16:41 - 0165992 _____ () C:\Users\xXx_MLG_M8_xXx\AppData\Local\Temp\_inst2.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-26 11:41

==================== End of FRST.txt ============================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119670
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nakažený PowerShell.exe

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utiltu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
501.st
Návštěvník
Návštěvník
Příspěvky: 2
Registrován: 28 kvě 2017 13:39

Re: Nakažený PowerShell.exe

#3 Příspěvek od 501.st »

Omlouvám se, ale neuvědomil jsem si, že jsem si udělal bitovou kopii. Vše už je v pořádku. Děkuji.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119670
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nakažený PowerShell.exe

#4 Příspěvek od Rudy »

OK, není zač. :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“