Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Adware, Spy wirusy - Ciagle wyskakiwanie reklam, wlaczanie sie programow

mariorules 04 Mar 2016 11:37 741 10
  • #1 04 Mar 2016 11:37
    mariorules
    Poziom 9  

    Witam serdecznie. Sciagnalem jakis program z internetu i po odpaleniu stracilem kontrole nad komputerem. Czy moglby mi ktos pomoc? Co robic?

    0 10
  • #4 04 Mar 2016 12:17
    Kolobos
    Spec od komputerów

    W Msconfig wlacz to co wylaczyles:
    MSCONFIG\startupreg: baiduAnTray => "C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\baiduAnTray.exe" -stmd=3
    MSCONFIG\startupreg: cessrs.exe -start => C:\Users\Kuronome\AppData\Roaming\UPUpdata\cessrs.exe -start
    MSCONFIG\startupreg: LightGate => c:\programdata\lightgate.exe
    MSCONFIG\startupreg: MTview => C:\Program Files (x86)\MTV20160128\MTView.exe -mini
    MSCONFIG\startupreg: setup => C:\Users\Kuronome\AppData\Local\Temp\setup.exe /start

    Uruchom system w trybie awaryjnym.
    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    Task: {0305CAD6-B8E4-4E47-BB9E-64E1A7C4C359} - System32\Tasks\Ribde => C:\PROGRA~1\SHOPPE~1\Irohmile.bat
    Task: {4901BC54-1A04-49CC-9FEC-81A4FF7EBE8E} - System32\Tasks\{D9FEFD19-87B4-4A0D-B43D-9BE1114A0FDF} => pcalua.exe -a "C:\Program Files (x86)\MKJogo\MK IM\Bin\uInst.exe"
    Task: {C52ED263-E9AB-45D2-8F13-2B5DDE9A1383} - System32\Tasks\{6072C8F6-4C8D-4138-AA53-A6F323CAACD2} => pcalua.exe -a C:\Users\Kuronome\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe -c /uninstall
    Task: {CBE976FA-B6D6-4D09-8748-47BDBD23262F} - System32\Tasks\Aagoau => C:\PROGRA~1\GROOVE~1\Gojsa.bat
    ShortcutWithArgument: C:\Users\Kuronome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Kuronome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Kuronome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/
    2016-03-04 10:06 - 2016-03-04 10:06 - 00316232 _____ () C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BDMFrameWork.dll




    2016-03-04 10:07 - 2015-12-09 10:23 - 00142216 _____ () C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.521\dynplugins\BrowserProbe.dll
    2016-03-04 10:07 - 2015-04-24 10:33 - 00076680 ____N () C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.521\dynplugins\BbSavior.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00108896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMAntiInject.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\zlib.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\sqlite.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\tinyxml.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
    2016-03-04 10:10 - 2016-02-19 17:36 - 00065008 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
    2016-03-04 10:10 - 2016-02-27 23:55 - 00036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\oDayProtect.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00121184 _____ () c:\program files (x86)\tencent\qqpcmgr\11.3.17201.218\qmrtpcontroller.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00162144 _____ () c:\program files (x86)\tencent\qqpcmgr\11.3.17201.218\qmhipslogpolicy.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\libexpatw.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\GF.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\xGraphic32.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\arkGraphic.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\jgImage.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\libpng.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\libjpegturbo.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\jgIOStub.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\xImage.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00076128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\MemDefrag.dll
    2016-03-04 10:10 - 2016-01-18 18:26 - 00260448 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00248160 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMWlanMacDll.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00379232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\DlForQd.dll
    2016-03-04 10:06 - 2016-03-04 10:06 - 00279368 _____ () C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BDMCommon.dll
    2016-03-04 10:06 - 2016-03-04 10:06 - 00295752 _____ () C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\FTSOManager\BDMSOLiveAccDataMgr.dll
    2016-03-04 10:06 - 2016-03-04 10:06 - 00062280 _____ () C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\FTSOManager\BDMNetMonMgrDll.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\zlib.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\libexpatw.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\tinyxml.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\GF.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\xGraphic32.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\arkGraphic.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\jgImage.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\libpng.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\libjpegturbo.dll
    2016-03-04 10:10 - 2016-03-04 10:10 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\jgIOStub.dll
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    IE trusted site: HKU\S-1-5-21-3271477722-2397108661-1363472217-1000\...\baidu.com -> hxxp://baidu.com
    CMD: fltmc instances
    Hosts:
    (百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHips.exe
    (百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BaiduAnSvc.exe
    (百度在线网络技术(北京)有限公司) C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.521\BaiduProtect.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe
    (百度在线网络技术(北京)有限公司) C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BaiduAnTray.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\plugins\QMNetMon\QQPCNetFlow.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRealTimeSpeedup.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMDeskTopGC.exe
    (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMDL.exe
    HKLM\...\Run: [baiduAnTray] => C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\baiduAnTray.exe [2921368 2016-03-04] (百度在线网络技术(北京)有限公司)
    HKLM-x32\...\Run: [BaiduAnTray] => C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BaiduAnTray.exe [2921368 2016-03-04] (百度在线网络技术(北京)有限公司)
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTRAY.EXE [355296 2016-03-04] (Tencent)
    HKU\S-1-5-21-3271477722-2397108661-1363472217-1000\...\MountPoints2: {8217dda5-ba9a-11e5-8f74-d8cb8a1baa34} - E:\autorun.exe
    HKU\S-1-5-21-3271477722-2397108661-1363472217-1000\...\MountPoints2: {afe7c98f-23ff-11e5-b236-806e6f6e6963} - D:\DVDSetup.exe
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMGCShellExt64.dll [2016-03-04] (Tencent)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSWebMon64.dat [2016-03-04] (Tencent)
    BHO-x32: WebMonBHO -> {15DEE173-1BE9-4424-81E0-58A87076E9B1} -> C:\Program Files (x86)\Common Files\Baidu\WebSafe\WebMonBHO.dll [2016-03-04] (百度在线网络技术(北京)有限公司)
    FF Homepage: hxxp://www.istartpageing.com/?type=hp&ts=1457...e&uid=ST1000DM003-1ER162_Z4Y4V2N5XXXXZ4Y4V2N5
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\npQMExtensionsMozilla.dll [2016-03-04] (Tencent Technology (Shenzhen) Company Limited)
    FF SearchPlugin: C:\Users\Kuronome\AppData\Roaming\Mozilla\Firefox\Profiles\efmlfbyx.default\searchplugins\wwwcdapl.xml [2015-08-20]
    FF Extension: Wooden Seal 1.0.1 - C:\Users\Kuronome\AppData\Roaming\Mozilla\Firefox\Profiles\efmlfbyx.default\Extensions\{f364e2f0-37f3-4395-8a5b-b5a46259ee75}.xpi [2016-03-02] [Brak podpisu cyfrowego]
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...B-OaAPaZC88OpLNPE5jQJEaPQg2ZGftGGzpBWZUWtG0pr
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ZCJPs1xsED2YixyJR8aVeVihuQODr_DXdcv12Xo4Eh&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR Extension: (电脑管家上网防护) - C:\Users\Kuronome\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-03-04]
    R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.1.0.733\BaiduHips.exe [64008 2016-03-04] (百度在线网络技术(北京)有限公司)
    R2 BDMRTP; C:\Program Files (x86)\BaiduAn3.0\BaiduAn\3.0.0.3971\BaiduAnSvc.exe [1047048 2016-03-04] (百度在线网络技术(北京)有限公司)
    R2 BDSGRTP; C:\Program Files (x86)\Common Files\Baidu\BaiduProtect1.3\1.3.0.521\BaiduProtect.exe [1915496 2016-03-04] (百度在线网络技术(北京)有限公司)
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe [301728 2016-03-04] (Tencent)
    U2 QQRepair2345; C:\Windows\GJFix\QQRepair2345 [129504 2016-03-04] ()
    S2 GoogleChromeUpService; C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51477 /local:br [X]
    R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [174416 2016-03-04] (Baidu)
    R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [190280 2016-03-04] (Baidu)
    R1 bd0004; C:\Windows\System32\DRIVERS\bd0004.sys [168776 2016-03-04] (Baidu)
    R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [141128 2016-03-04] (Baidu Technology)
    R2 BDArKit; C:\Windows\SysWOW64\DRIVERS\BDArKit.sys [152392 2016-03-04] (Baidu Technology)
    R2 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103240 2016-03-04] (Baidu)
    R2 BDMNetMon; C:\Windows\System32\DRIVERS\BDMNetMon.sys [227656 2016-03-04] (Baidu)
    R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [52040 2016-03-04] (Baidu)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUdisk64.sys [184536 2016-03-02] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQSysMonX64.sys [138552 2016-03-04] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\softaal64.sys [35128 2016-03-04] (Tencent)
    R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [89464 2016-03-04] (Tencent)
    R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [131896 2016-03-04] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-03-04] (电脑管家)
    R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSDefenseBT64.sys [28984 2016-03-04] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [48440 2016-01-14] ()
    R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45368 2015-12-28] (电脑管家)
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSSysKit64.sys [87352 2016-03-04] (电脑管家)
    S1 BDAntiExp; system32\DRIVERS\BDAntiExp.sys [X]
    S1 BDEnhanceBoost; system32\drivers\BDEnhanceBoost.sys [X]
    S1 bsdriver; \??\C:\Windows\system32\drivers\bsdriver.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    R1 SRepairDrv; \??\C:\Windows\GJFix\SRepairDrv [X]
    2016-03-04 11:56 - 2016-03-04 11:56 - 00000000 ____D C:\AdwCleaner
    2016-03-04 11:27 - 2016-03-04 11:27 - 00078624 _____ C:\Users\Kuronome\AppData\Roaming\435554.exe
    2016-03-04 10:25 - 2016-03-04 10:25 - 00000000 ____D C:\Users\Kuronome\AppData\Roaming\talimama
    2016-03-04 10:18 - 2016-01-14 10:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    2016-03-04 10:16 - 2016-03-04 10:16 - 00005120 _____ C:\Users\Kuronome\AppData\Roaming\GiftBag.db
    2016-03-04 10:16 - 2016-03-04 10:10 - 00152392 _____ (Baidu Technology) C:\Windows\SysWOW64\Drivers\BDArKit.sys
    2016-03-04 10:15 - 2016-03-04 11:32 - 00000000 ____D C:\Windows\GJFix
    2016-03-04 10:15 - 2016-03-04 11:31 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-03-04 10:15 - 2016-03-04 10:15 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-03-04 10:15 - 2016-03-04 10:10 - 00131896 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2016-03-04 10:15 - 2016-03-04 10:10 - 00089464 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-03-04 10:15 - 2016-03-04 10:10 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\tfsfltX64.sys
    2016-03-04 10:15 - 2015-12-28 16:34 - 00045368 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2016-03-04 10:11 - 2016-03-04 10:11 - 00002226 _____ C:\Users\Public\Desktop\软件管理.lnk
    2016-03-04 10:11 - 2016-03-04 10:11 - 00002201 _____ C:\Users\Public\Desktop\电脑管家.lnk
    2016-03-04 10:11 - 2016-03-04 10:11 - 00000000 ____D C:\Users\Kuronome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-03-04 10:11 - 2016-03-04 10:11 - 00000000 _____ C:\Users\Kuronome\Desktop\$电脑管家-清理垃圾$.qmgc
    2016-03-04 10:09 - 2016-03-04 11:53 - 00000000 ____D C:\Users\Kuronome\AppData\Roaming\Tencent
    2016-03-04 10:09 - 2016-03-04 10:18 - 00000000 ____D C:\ProgramData\Tencent
    2016-03-04 10:09 - 2016-03-04 10:09 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-03-04 10:07 - 2016-03-04 11:26 - 00000000 ____D C:\ProgramData\WindowsMsg
    2016-03-04 10:07 - 2016-03-04 10:28 - 00000000 ____D C:\Program Files (x86)\osTip
    2016-03-04 10:07 - 2016-03-04 10:07 - 00168776 _____ (Baidu) C:\Windows\system32\Drivers\bd0004.sys
    2016-03-04 10:07 - 2016-03-04 10:07 - 00041800 _____ (Baidu) C:\Windows\system32\bd64_x64.dll
    2016-03-04 10:07 - 2016-03-04 10:07 - 00039056 _____ (Baidu) C:\Windows\system32\bd64_x86.dll
    2016-03-04 10:07 - 2016-03-04 10:06 - 00052040 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
    2016-03-04 10:06 - 2016-03-04 11:23 - 00000000 ____D C:\ProgramData\Windows Update
    2016-03-04 10:06 - 2016-03-04 10:07 - 00141128 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.sys
    2016-03-04 10:06 - 2016-03-04 10:06 - 00227656 _____ (Baidu) C:\Windows\system32\Drivers\BDMNetMon.sys
    2016-03-04 10:06 - 2016-03-04 10:06 - 00190280 _____ (Baidu) C:\Windows\system32\Drivers\bd0002.sys
    2016-03-04 10:06 - 2016-03-04 10:06 - 00174416 _____ (Baidu) C:\Windows\system32\Drivers\bd0001.sys
    2016-03-04 10:06 - 2016-03-04 10:06 - 00103240 _____ (Baidu) C:\Windows\system32\Drivers\BDDefense.sys
    2016-03-04 10:06 - 2016-03-04 10:06 - 00011639 _____ C:\ProgramData\webad.xml
    2016-03-04 10:06 - 2016-03-04 10:06 - 00001631 ____R C:\Yeabeats Browser.lnk
    2016-03-04 10:06 - 2016-03-04 10:06 - 00001218 _____ C:\Users\Public\Desktop\百度卫士-软件管理.lnk
    2016-03-04 10:06 - 2016-03-04 10:06 - 00001163 _____ C:\Users\Public\Desktop\百度卫士.lnk
    2016-03-04 10:06 - 2016-03-04 10:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度卫士
    2016-03-04 10:06 - 2016-03-04 10:06 - 00000000 ____D C:\Program Files (x86)\BaiduAn3.0
    2016-03-04 10:06 - 2015-12-04 16:14 - 01081344 _____ C:\ProgramData\LightGate.exe
    2016-03-04 10:06 - 2015-11-25 18:31 - 01100288 _____ C:\ProgramData\HomePage.exe
    2016-03-04 10:05 - 2016-03-04 11:29 - 00000000 ____D C:\Users\Kuronome\AppData\Roaming\UPUpdata
    2016-03-04 10:03 - 2016-03-04 11:23 - 00000000 ____D C:\Users\Kuronome\AppData\Roaming\IeceuBudoeei
    2016-03-04 10:03 - 2016-03-04 10:03 - 00003342 _____ C:\Windows\System32\Tasks\Aagoau
    2016-03-04 10:03 - 2016-03-04 10:03 - 00000000 ____D C:\Windows\system32\vez
    2016-03-04 10:03 - 2016-03-04 10:03 - 00000000 _____ C:\Windows\SysWOW64\Number of results
    2016-03-04 09:18 - 2016-03-04 09:24 - 00000000 ____D C:\Users\Kuronome\AppData\Roaming\systweak
    2016-03-04 09:12 - 2016-03-04 10:23 - 00000000 ____D C:\Users\Kuronome\AppData\LocalLow\Company
    2016-03-04 09:12 - 2016-03-04 10:18 - 00000000 ____D C:\Users\Kuronome\AppData\Roaming\NiidjeGafphus
    2016-03-04 09:12 - 2016-03-04 10:04 - 00000000 ____D C:\Users\Kuronome\AppData\Local\Tempfolder
    2016-03-04 09:12 - 2016-03-04 09:12 - 00003348 _____ C:\Windows\System32\Tasks\Ribde
    2016-03-04 09:12 - 2016-03-04 09:12 - 00000000 ____D C:\Windows\system32\tadg
    2016-03-04 09:12 - 2016-03-04 09:12 - 00000000 ____D C:\uninst
    2016-03-04 09:05 - 2016-03-04 10:17 - 00000000 ____D C:\Users\Kuronome\AppData\Roaming\Baidu
    2016-03-04 09:05 - 2016-03-04 10:07 - 00000000 ____D C:\ProgramData\Baidu
    2016-03-04 09:05 - 2016-03-04 10:05 - 00000000 ____D C:\Program Files (x86)\Baidu
    2016-03-04 09:04 - 2016-03-04 09:17 - 00000000 ____D C:\ProgramData\BOINC
    2016-03-04 09:04 - 2016-03-04 09:16 - 00000000 ____D C:\Program Files (x86)\MTV20160128
    2016-03-04 09:02 - 2016-03-04 09:02 - 00041472 _____ C:\Users\Kuronome\AppData\Local\Vilaex.dat
    2016-03-04 09:02 - 2016-03-04 09:02 - 00000187 _____ C:\Users\Kuronome\AppData\Local\Vilaex.exe.config
    2016-03-04 09:01 - 2016-03-04 09:01 - 08037888 _____ C:\Users\Kuronome\AppData\Roaming\agent.dat
    2016-03-04 09:01 - 2016-03-04 09:01 - 01900898 _____ C:\Users\Kuronome\AppData\Roaming\HotDonin.tst
    2016-03-04 09:01 - 2016-03-04 09:01 - 00018432 _____ C:\Users\Kuronome\AppData\Roaming\Main.dat
    2016-03-04 09:00 - 2016-03-04 09:00 - 00127488 _____ C:\Users\Kuronome\AppData\Roaming\Installer.dat
    2016-03-04 09:00 - 2016-03-04 09:00 - 00072801 _____ C:\Users\Kuronome\AppData\Roaming\JobSailfan.tst
    2016-03-04 11:27 - 2016-03-04 11:27 - 0078624 _____ () C:\Users\Kuronome\AppData\Roaming\435554.exe
    2016-03-04 09:01 - 2016-03-04 09:01 - 8037888 _____ () C:\Users\Kuronome\AppData\Roaming\agent.dat
    2016-03-04 10:16 - 2016-03-04 10:16 - 0005120 _____ () C:\Users\Kuronome\AppData\Roaming\GiftBag.db
    2016-03-04 09:01 - 2016-03-04 09:01 - 1900898 _____ () C:\Users\Kuronome\AppData\Roaming\HotDonin.tst
    2016-03-04 09:00 - 2016-03-04 09:00 - 0127488 _____ () C:\Users\Kuronome\AppData\Roaming\Installer.dat
    2016-03-04 09:00 - 2016-03-04 09:00 - 0072801 _____ () C:\Users\Kuronome\AppData\Roaming\JobSailfan.tst
    2016-03-04 09:01 - 2016-03-04 09:01 - 0018432 _____ () C:\Users\Kuronome\AppData\Roaming\Main.dat
    2016-03-04 09:02 - 2016-03-04 09:02 - 0041472 _____ () C:\Users\Kuronome\AppData\Local\Vilaex.dat
    2016-03-04 09:02 - 2016-03-04 09:02 - 0000187 _____ () C:\Users\Kuronome\AppData\Local\Vilaex.exe.config
    2016-03-04 10:06 - 2015-11-25 18:31 - 1100288 _____ () C:\ProgramData\HomePage.exe
    2016-03-04 10:06 - 2015-12-04 16:14 - 1081344 _____ () C:\ProgramData\LightGate.exe
    2016-03-04 10:06 - 2016-03-04 10:06 - 0011639 _____ () C:\ProgramData\webad.xml
    EmptyTemp:

    W FRST wybierz Napraw.

    Uzyj https://www.elektroda.pl/rtvforum/download.php?id=731083 i zamiesc w zalaczniku log, ktory sie utworzy.

    Zamiesc tez nowe logi z FRST, ze skanowania.

    0
  • #5 04 Mar 2016 13:43
    mariorules
    Poziom 9  

    Juz wrzucam. Cos spieprzlem i nie mialem neta przez chwile ale juz wszystko ok. Logi pod spodem :

    Moderowany przez RADU23:

    Proszę o nie używanie wulgaryzmów.
    3.1.13. Dbaj o poprawność językową, zachowuj zasady netykiety. Nie wysyłaj wiadomości, które trudno jest przeczytać i zrozumieć co druga strona miała tak naprawdę na myśli.

    0
  • #6 04 Mar 2016 14:03
    Kolobos
    Spec od komputerów

    FRST jest pusty, chyba widzisz.

    Zamiesc fixlog.txt z wykonania poprzedniego fixlist.txt oraz nowy log z FRST, tym razem caly.

    0
  • #8 04 Mar 2016 14:41
    Kolobos
    Spec od komputerów

    Zainstaluj: https://support.microsoft.com/pl-pl/kb/2545227

    Nowy Fixlist.txt dla FRST:
    HKLM-x32\...\Run: [setup] => C:\Users\Kuronome\AppData\Local\Temp\setup.exe /start <===== UWAGA
    HKLM-x32\...\Run: [MTview] => C:\Program Files (x86)\MTV20160128\MTView.exe -mini
    HKLM-x32\...\Run: [LightGate] => c:\programdata\lightgate.exe
    HKLM-x32\...\Run: [cessrs.exe -start] => C:\Users\Kuronome\AppData\Roaming\UPUpdata\cessrs.exe -start
    S2 QQRepair1662; "C:\Windows\GJFix\QQRepair1662" [X]
    U5 BDMWrench; C:\Windows\System32\Drivers\BDMWrench.sys [56648 2016-03-04] (Baidu)
    S2 BDSafeBrowser; \??\C:\Windows\system32\drivers\BDSafeBrowser.sys [X]
    C:\Windows\System32\Drivers\BDMWrench.sys
    2016-03-04 12:21 - 2016-03-04 10:07 - 00056648 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench.sys
    EmptyTemp:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST.

    Ta infekcja psuje czasmi ustawienia dzwieku/sterowniki, sprawdz czy dzwiek dziala w grach, na yt, mp3, filmy itd. (czesc moze dzialac).

    0
  • Pomocny post
    #10 04 Mar 2016 15:25
    Kolobos
    Spec od komputerów

    Jeszcze taki Fixlist.txt dla FRST:
    Task: {747F5DDE-E21F-4DB4-8433-3475203B8633} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-02-11] (Overwolf LTD)

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #11 04 Mar 2016 15:33
    mariorules
    Poziom 9  

    Super dzięki wielkie za poświęcony czas. Pozdrawiam gorąco.

    0