Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Dns Unlocker - jak usunąć?

yuukson 15 Sty 2016 14:12 1383 9
  • CControls
  • #2 15 Sty 2016 14:33
    Acorus 20
    Spec od komputerów

    Odinstaluj Adobe Reader 7.0 - Polish, ASUS WebStorage, Picexa, SN.Sustainer 1.80, SupTab, SW-Sustainer 1.80, Trend Micro Titanium Internet Security, WinZipper. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {2E16E342-A09F-4F34-B872-2B24FED7247A} - System32\Tasks\Superclean => c:\programdata\{183f137f-d7c9-8e4a-183f-f137fd7c4dff}\hqghumeaylnlf.exe <==== UWAGA
    Task: {438D6E4E-846B-4C68-BC4A-8049BCFF11DC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1832683961-2475020214-2828143404-1001UA => C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-24] (Facebook Inc.)
    Task: {8A324062-50FF-45CB-884D-BDEB4848B08D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1832683961-2475020214-2828143404-1001Core => C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-24] (Facebook Inc.)
    Task: {95371260-CBFD-4BAB-9ACB-88F9FE7913BB} - System32\Tasks\Safesoft Protector Task => C:\Program Files (x86)\Safesoft Protector\sswworker.exe [2015-09-18] (Chrome Soft) <==== UWAGA
    Task: {E6D1C420-FF7B-4B3B-90F4-F103C332811A} - System32\Tasks\Malware Cleaner => C:\Users\xxx\AppData\Roaming\E12C.tmp.exe [2015-08-23] () <==== UWAGA
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1832683961-2475020214-2828143404-1001Core.job => C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1832683961-2475020214-2828143404-1001UA.job => C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{183f137f-d7c9-8e4a-183f-f137fd7c4dff}\hqghumeaylnlf.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7
    ShortcutWithArgument: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7
    ShortcutWithArgument: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1...7021&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7




    ShortcutWithArgument: C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.omniboxes.com/?type=sc&ts=1447...7173&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.omniboxes.com/?type=sc&ts=1447...7173&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7
    HKU\S-1-5-21-1832683961-2475020214-2828143404-1001\...\Run: [Facebook Update] => C:\Users\xxx\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-03-24] (Facebook Inc.)
    HKU\S-1-5-21-1832683961-2475020214-2828143404-1001\...\Run: [WinFL] => wscript.exe //B "C:\Users\xxx\AppData\Roaming\WinFL.vbs"
    AppInit_DLLs-x32: c:\progra~2\sn0310~1.boo => c:\Program Files (x86)\SN.Booster [4296192 2014-04-12] ()
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    Tcpip\..\Interfaces\{0594FD69-CD8C-4B5E-8548-B3859BA462AB}: [NameServer] 199.203.131.145,82.163.143.167
    Tcpip\..\Interfaces\{BAF4AF8B-52C8-4C59-BA9C-23FDAF9611B3}: [NameServer] 199.203.131.145,82.163.143.167
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...2253&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1...2253&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...2253&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...2253&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://yoursites123.com/web?type=ds&ts=14...p;uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1435609488&a...;z=79394f87c8367a90aca1843gdz3c8wcq9e8t2zcteo
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1435609488&a...;z=79394f87c8367a90aca1843gdz3c8wcq9e8t2zcteo
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1435609488&a...;z=79394f87c8367a90aca1843gdz3c8wcq9e8t2zcteo
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1435609488&a...;z=79394f87c8367a90aca1843gdz3c8wcq9e8t2zcteo
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.v9.com?type=hp&ts=1435609488&a...;z=79394f87c8367a90aca1843gdz3c8wcq9e8t2zcteo
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com?type=hp&ts=1435609488&a...;z=79394f87c8367a90aca1843gdz3c8wcq9e8t2zcteo
    HKU\S-1-5-21-1832683961-2475020214-2828143404-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&am...p;uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7&q={searchTerms}
    HKU\S-1-5-21-1832683961-2475020214-2828143404-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://gosearch.me/?u=b254f59637d8791ab31ac9...817&c=pbbt&src=hp&inst=1452628350
    HKU\S-1-5-21-1832683961-2475020214-2828143404-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1...2253&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7
    HKU\S-1-5-21-1832683961-2475020214-2828143404-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&am...p;uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7&q={searchTerms}
    URLSearchHook: HKLM-x32 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll Brak pliku
    URLSearchHook: HKU\S-1-5-21-1832683961-2475020214-2828143404-1001 - uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll Brak pliku
    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts...p;uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://gosearch.me/?q={searchTerms}&u=b254f59637d8791ab31ac9b15b8cf817&c=pbbt&src=srch&inst=1452628350
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://gosearch.me/?q={searchTerms}&u=b254f59637d8791ab31ac9b15b8cf817&c=pbbt&src=srch&inst=1452628350
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14234989...p;uid=st9500325as_s2wbrsw7xxxxs2wbrsw7&q={searchTerms}
    SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchsun.info/?l=1&q={searchTerms}&pid=724&r=2014/04/12&hid=6128000589285827082&lg=EN&cc=PL
    SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14234989...p;uid=st9500325as_s2wbrsw7xxxxs2wbrsw7&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://www.v9.com/web?type=ds&ts=14234989...p;uid=st9500325as_s2wbrsw7xxxxs2wbrsw7&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1832683961-2475020214-2828143404-1001 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://gosearch.me/?q={searchTerms}&u=b254f59637d8791ab31ac9b15b8cf817&c=pbbt&src=srch&inst=1452628350
    SearchScopes: HKU\S-1-5-21-1832683961-2475020214-2828143404-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1832683961-2475020214-2828143404-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1832683961-2475020214-2828143404-1001 -> {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = hxxps://gosearch.me/?q={searchTerms}&u=b254f59637d8791ab31ac9b15b8cf817&c=pbbt&src=srch&inst=1452628350
    SearchScopes: HKU\S-1-5-21-1832683961-2475020214-2828143404-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1832683961-2475020214-2828143404-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&ut...G6A&ts=1420373293&type=default&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7
    FF NewTab: hxxps://gosearch.me/?u=b254f59637d8791ab31ac9...817&c=pbbt&src=hp&inst=1452801147
    FF DefaultSearchEngine: yoursites123
    FF SearchEngineOrder.1: V9
    FF SelectedSearchEngine: yoursites123
    FF Homepage: hxxps://gosearch.me/?u=b254f59637d8791ab31ac9...817&c=pbbt&src=hp&inst=1452801147
    FF NetworkProxy: "no_proxies_on", "https://gosearch.me/?u=b254f59637d8791ab31ac9b15b8cf817&c=pbbt&src=hp&inst=1450875892"
    FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a1sj70fr.default\searchplugins\search.xml [2016-01-12]
    FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a1sj70fr.default\searchplugins\V9.xml [2015-12-10]
    FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a1sj70fr.default\searchplugins\WebSearch.xml [2014-07-08]
    FF SearchPlugin: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a1sj70fr.default\searchplugins\yoursites123.xml [2016-01-12]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\GoSearch.xml [2016-01-14]
    FF Extension: Default NewTab - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a1sj70fr.default\Extensions\default_newtabff@gmail.com [2016-01-12] [Brak podpisu cyfrowego]
    FF Extension: FirefixTab - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\a1sj70fr.default\Extensions\deskCutv2@gmail.com [2015-12-31] [Brak podpisu cyfrowego]
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1...2253&uid=ST9500325AS_S2WBRSW7XXXXS2WBRSW7
    CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
    CHR StartupUrls: Default -> "hxxps://gosearch.me/?u=b254f59637d8791ab31ac9b15b8cf817&c=pbbt&src=hp&inst=1452628350"
    R2 IhPul; C:\Users\xxx\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
    R2 Live Malware Protection; C:\Windows\mlwps.exe [242688 2015-08-23] (SecureSoft) [Brak podpisu cyfrowego] <==== UWAGA
    R2 WdMan; C:\ProgramData\MWdMM\WdMan.exe [326656 2016-01-07] (TU-Funs LIMITED) [Brak podpisu cyfrowego]
    S2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [706736 2015-08-24] (Taiwan Shui Mu Chih Ching Technology Limited) <==== UWAGA
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
    2016-01-12 09:04 - 2016-01-12 09:05 - 00000000 ____D C:\ProgramData\MWdMM
    2015-12-25 12:00 - 2015-12-25 12:01 - 00000000 ____D C:\ProgramData\pWdMp
    2015-12-25 11:58 - 2015-12-25 11:58 - 02770376 _____ (iBank) C:\Program Files (x86)\SSFK.exe
    2015-12-24 18:51 - 2016-01-15 13:23 - 00000000 ____D C:\Program Files (x86)\Picexa
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Pokaż nowy raport z FRST bez Addition i Shortcut.

    0
  • CControls
  • #4 15 Sty 2016 20:00
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    S

    Cytat:
    earchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO-x32: Brak nazwy -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> Brak pliku
    FF NewTab: hxxps://gosearch.me/?u=b254f59637d8791ab31ac9...817&c=pbbt&src=hp&inst=1452801147
    FF DefaultSearchEngine: yoursites123
    FF SearchEngineOrder.1: V9
    FF SelectedSearchEngine: yoursites123
    FF Homepage: hxxps://gosearch.me/?u=b254f59637d8791ab31ac9...817&c=pbbt&src=hp&inst=1452801147
    FF NetworkProxy: "no_proxies_on", "https://gosearch.me/?u=b254f59637d8791ab31ac9b15b8cf817&c=pbbt&src=hp&inst=1450875892"
    CHR Extension: (Prezentacje Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Dokumenty Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Dysk Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Arkusze Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR HKLM\...\Chrome\Extension: [aaaaahlfahldnilidgnlikdckbfehhca] - hxxps://clients2.google.com/service/update2/crx
    2016-01-15 17:12 - 2016-01-15 17:18 - 00000000 ____D C:\AdwCleaner
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #6 16 Sty 2016 09:27
    Acorus 20
    Spec od komputerów

    Nic nie zrobiłeś. Pokaż log z usuwania.

    0
  • #8 16 Sty 2016 16:49
    Acorus 20
    Spec od komputerów

    Pokaż nowy raport z FRST bez Addition i Shortcut.

    0
  • #10 16 Sty 2016 17:35
    Kolobos
    Spec od komputerów

    Wykonaj: https://support.mozilla.org/pl/kb/przywracanie-domyslnych-ustawien-firefoksa-latwe-r

    Do tego wykonaj taki fixlist.txt:
    HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    HKU\S-1-5-21-1832683961-2475020214-2828143404-1001\...\Run: [Background] => wscript.exe //B "C:\Users\xxx\AppData\Roaming\Background.vbs"
    HKU\S-1-5-21-1832683961-2475020214-2828143404-1001\...\MountPoints2: {3d8493a3-99e4-11e2-a8d2-0008ca32d90b} - H:\setup.exe
    HKU\S-1-5-21-1832683961-2475020214-2828143404-1001\...\MountPoints2: {4ec7e632-85cd-11e3-8168-0008ca32d90b} - J:\LGAutoRun.exe
    HKU\S-1-5-21-1832683961-2475020214-2828143404-1001\...\MountPoints2: {ac75a435-33ff-11e2-ab63-0008ca32d90b} - F:\setup.exe
    HKU\S-1-5-21-1832683961-2475020214-2828143404-1001\...\MountPoints2: {ac842648-ef00-11e2-9e6a-0008ca32d90b} - G:\LGAutoRun.exe
    Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adtray.lnk [2016-01-16]
    ShortcutTarget: adtray.lnk -> C:\Users\xxx\AppData\Roaming\adtray.exe (ftp)
    Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Background.vbs [2015-12-30] ()
    Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WEBADD.lnk [2016-01-16]
    ShortcutTarget: WEBADD.lnk -> C:\Users\xxx\AppData\Roaming\WEBADD.exe (VSIXInstaller)
    Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinFL.vbs [2015-10-28] ()
    Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wlanconnect.lnk [2016-01-05]
    Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WmInstaller.lnk [2016-01-05]
    CHR Extension: (Prezentacje Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Dokumenty Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Dysk Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR Extension: (Arkusze Google) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== UWAGA
    CHR HKLM\...\Chrome\Extension: [noajmlkipclmeolfcnflkjhijkigpfjh] - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx <nie znaleziono>
    2016-01-15 16:58 - 2016-01-15 16:58 - 00000001 _____ C:\Windows\SysWOW64\pl.html
    2015-12-23 20:55 - 2015-12-30 17:02 - 00000000 _____ C:\Users\xxx\AppData\Roaming\Background.vbs
    2015-12-21 18:08 - 2015-12-21 18:08 - 05565160 _____ C:\Users\xxx\AppData\Roaming\WmInstaller.vbs
    2016-01-14 10:58 - 2015-09-05 21:16 - 00003896 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1441484156
    2014-10-24 15:22 - 2014-10-24 15:22 - 0000120 _____ () C:\Users\xxx\AppData\Roaming\2aa895b4.dat
    2015-10-11 16:41 - 2015-10-11 16:41 - 0114688 _____ (ftp) C:\Users\xxx\AppData\Roaming\adtray.exe
    2015-05-15 19:20 - 2015-07-22 20:47 - 0000024 _____ () C:\Users\xxx\AppData\Roaming\appdataFr25.bin
    2015-01-21 20:42 - 2015-03-08 20:31 - 0000020 _____ () C:\Users\xxx\AppData\Roaming\appdataFr3.bin
    2015-12-23 20:55 - 2015-12-30 17:02 - 0000000 _____ () C:\Users\xxx\AppData\Roaming\Background.vbs
    2013-08-01 13:57 - 2013-08-01 13:57 - 0000109 _____ () C:\Users\xxx\AppData\Roaming\banned-ips.txt
    2013-08-01 13:57 - 2013-08-01 13:57 - 0000109 _____ () C:\Users\xxx\AppData\Roaming\banned-players.txt
    2015-11-09 18:24 - 2015-11-09 18:24 - 0000690 _____ () C:\Users\xxx\AppData\Roaming\chrome.vbs
    2014-04-16 19:24 - 2014-04-16 19:24 - 0000110 _____ () C:\Users\xxx\AppData\Roaming\default.pls
    2015-08-23 19:49 - 2015-08-23 19:50 - 0803840 _____ () C:\Users\xxx\AppData\Roaming\E12C.tmp.exe
    2015-10-11 16:38 - 2015-10-11 20:14 - 0017408 _____ (last) C:\Users\xxx\AppData\Roaming\last.exe
    2013-08-01 13:56 - 2013-07-08 20:15 - 6530107 _____ () C:\Users\xxx\AppData\Roaming\minecraft_server.1.6.2.exe
    2013-08-01 13:56 - 2013-07-08 20:15 - 6134331 _____ () C:\Users\xxx\AppData\Roaming\minecraft_server.1.6.2.jar
    2015-09-23 18:33 - 2015-09-23 18:33 - 0027136 _____ (old) C:\Users\xxx\AppData\Roaming\old.exe
    2013-08-01 13:57 - 2013-08-01 13:57 - 0000000 _____ () C:\Users\xxx\AppData\Roaming\ops.txt
    2013-08-01 13:57 - 2013-08-01 13:57 - 0001291 _____ () C:\Users\xxx\AppData\Roaming\server.log
    2013-08-01 13:57 - 2013-08-01 13:57 - 0000514 _____ () C:\Users\xxx\AppData\Roaming\server.properties
    2015-12-12 19:36 - 2015-12-12 19:36 - 0109056 _____ (VSIXInstaller) C:\Users\xxx\AppData\Roaming\WEBADD.exe
    2013-08-01 13:57 - 2013-08-01 13:57 - 0000000 _____ () C:\Users\xxx\AppData\Roaming\white-list.txt
    2015-09-18 20:22 - 2015-10-28 20:23 - 0000000 _____ () C:\Users\xxx\AppData\Roaming\WinFL.vbs
    2014-03-21 16:57 - 2014-03-21 16:57 - 0000600 _____ () C:\Users\xxx\AppData\Roaming\winscp.rnd
    2015-09-22 19:46 - 2015-09-22 19:46 - 4885572 _____ () C:\Users\xxx\AppData\Roaming\wlanconnect.vbs
    2015-12-21 18:08 - 2015-12-21 18:08 - 5565160 _____ () C:\Users\xxx\AppData\Roaming\WmInstaller.vbs

    0