Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Infekcja - Reklamy i zaszyfrowane pliki.

Tranrek 04 Mar 2016 17:19 900 13
  • #1 04 Mar 2016 17:19
    Tranrek
    Poziom 4  

    Witam. Gdy dzisiaj uruchomiłem swój komputer zastanowiło mnie, gdzie się podziały wszystkie moje pliki (muzyka itp.). Jak otworzyłem folder zawierający śnieżki muzyki okazało się, że wszystkie te pliki zostały podmienione, lub zastąpione.

    Nie dość, ze pliki na komputerze to i przeglądarka wariuje i odtwarza mi automatycznie strony reklamowe i różne odnośniki URL na tekstach.

    Na samym końcu jest jeszcze jeden problem, który mnie najbardziej martwi. Jest nim problem związany z uruchomieniem programów, gier etc. Gdy uruchamiam daną grę wyskakuje mi komunikat związany z aktualizacją, lub błędem Adobe AIR. Lecz jestem pewien, ze jest on najnowszy i nigdy nie miałem z tym problemu, ale jak wcześniej pisałem od rana się z tym borykam. Również zastanowiło mnie powstanie plików internetowych o nazwie "RAD_DECRYPT_FILES"
    .Proszę o szybką i skuteczną pomoc, ponieważ sam tego problemu nie potrafię rozwiązać.

    0 13
  • CControls
  • #3 05 Mar 2016 09:59
    Tranrek
    Poziom 4  

    SS z plikami, które zostały podmienione.
    Infekcja - Reklamy i zaszyfrowane pliki.

    SS z reklamami (dodam, że używałem programu adwcleaner i nic nie pomogło)
    Infekcja - Reklamy i zaszyfrowane pliki.

    Na sam dodatek, gdy uruchamiam swój komputer wyświetlają mi się automatycznie ta strona:
    Infekcja - Reklamy i zaszyfrowane pliki.
    Infekcja - Reklamy i zaszyfrowane pliki.

    W załącznikach zamieściłem LOGI

    0
  • Pomocny post
    #4 05 Mar 2016 10:55
    Kolobos
    Spec od komputerów

    O plikach mozesz juz zapomniec, nie da sie ich odszyfrowac. Na przyszlosc bardziej uwazaj co robisz i nie infekuj komputera.

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie przegladarki.

    Uzyj http://nicolascoolman.com/download/repairdns/?wpdmdl=729 i zamiesc w zalaczniku log, ktory sie utworzy po uzyciu.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:

    Spoiler:
    Task: {3715F8BB-BF27-42C2-BD41-B7E5132CA29C} - System32\Tasks\{1D94B386-F2AB-4EAC-BC76-A815B173DA7B} => pcalua.exe -a "D:\Everest\EVEREST Home Edition\everest.exe" -d C:\Users\Tolditopigus\Desktop
    Task: {4C4FDDA5-3B78-4E00-893B-25B9BC150080} - System32\Tasks\{292DE614-CE2E-4E3C-AE1E-04D2C2AC8CDC} => pcalua.exe -a C:\Users\Tolditopigus\Desktop\Intel_Graphics_V815101851_XPVistaWin7\Intel_Graphics_V815101851_XPVistaWin7\Windows7\64bit\Setup.exe -d C:\Users\Tolditopigus\Desktop\Intel_Graphics_V815101851_XPVistaWin7\Intel_Graphics_V815101851_XPVistaWin7\Windows7\64bit
    Task: {59F78513-5000-4DE1-BB22-53C6179B3C5B} - System32\Tasks\{310E502B-A693-4569-9B38-112071937B4A} => pcalua.exe -a C:\Users\Tolditopigus\Desktop\Intel_Graphics_V815101851_XPVistaWin7\Intel_Graphics_V815101851_XPVistaWin7\Windows7\64bit\Graphics\igxpun.exe -d C:\Users\Tolditopigus\Desktop\Intel_Graphics_V815101851_XPVistaWin7\Intel_Graphics_V815101851_XPVistaWin7\Windows7\64bit\Graphics
    Task: {70CB1139-8026-4C45-A8BF-97A83B1EA096} - System32\Tasks\{F682561B-189E-4DA3-896C-03C3AB9C0817} => pcalua.exe -a C:\Users\Tolditopigus\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=face
    Task: {7F0C2F6F-8511-4D80-8CC3-564DF5665DEB} - System32\Tasks\{6F76CD5B-6693-4ACA-8363-925F5B131C75} => pcalua.exe -a "C:\Program Files\Common Files\Overbam\uninstall.exe" -c shuz -f "C:\Program Files\Common Files\Overbam\uninstall.dat" -a uninstallme 6A2842FD-4112-4586-9822-8EFE137B44BB DeviceId=5b379fb3-1fa9-509f-09d4-a727f84e9f13 BarcodeId=50081004 ChannelId=4 DistributerName=APSFIMonetizer
    Task: {C3B11965-B74D-4450-B041-FAC17F6370DF} - System32\Tasks\Zikle => C:\PROGRA~1\SHOPPE~1\Tonoicuo.bat
    Task: {D1FC4373-4C04-4501-9ADF-3A236AC0518D} - System32\Tasks\{E2C2B1F3-D7BB-4814-AEE2-5D9461E200E6} => pcalua.exe -a C:\Users\Tolditopigus\Desktop\Intel_Graphics_V815101851_XPVistaWin7\Intel_Graphics_V815101851_XPVistaWin7\Windows7\32bit\Graphics\TVWSetup.exe -d C:\Users\Tolditopigus\Desktop\Intel_Graphics_V815101851_XPVistaWin7\Intel_Graphics_V815101851_XPVistaWin7\Windows7\32bit\Graphics
    Task: {D3608B6A-2E1E-46CD-B23F-818DE382E495} - System32\Tasks\{80D789DD-7737-480F-815C-6E83AA1C4C02} => pcalua.exe -a C:\Users\Tolditopigus\Desktop\Intel_Graphics_V815101851_XPVistaWin7\Intel_Graphics_V815101851_XPVistaWin7\Windows7\32bit\Graphics\igxpun.exe -d C:\Users\Tolditopigus\Desktop\Intel_Graphics_V815101851_XPVistaWin7\Intel_Graphics_V815101851_XPVistaWin7\Windows7\32bit\Graphics




    Task: {FFD62F54-7362-42BE-822D-6B14E294C80F} - System32\Tasks\{D2779586-5293-4333-B333-7A1ACA645AB2} => pcalua.exe -a C:\Users\Tolditopigus\AppData\Roaming\istartpageing\UninstallManager.exe -c -ptid=cmi
    ShortcutWithArgument: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartpageing.com/?type=sc&ts=1456...id=WDCXWD7500AALX-009BA0_WD-WCATR593820338203
    ShortcutWithArgument: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartpageing.com/?type=sc&ts=1456...id=WDCXWD7500AALX-009BA0_WD-WCATR593820338203
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.istartpageing.com/?type=sc&ts=1456...id=WDCXWD7500AALX-009BA0_WD-WCATR593820338203
    2016-02-21 18:20 - 2016-02-21 18:18 - 00667136 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe
    2016-02-21 18:20 - 2016-02-22 03:27 - 00384512 _____ () C:\Program Files\SFK\SSFK.exe
    2016-02-21 12:44 - 2016-02-21 12:45 - 00416256 _____ () C:\Program Files\709B8740-1456055050-11D5-923C-14DAE9E14953\hnsw5D4E.tmp
    2016-02-21 12:44 - 2016-02-21 12:44 - 00307712 _____ () C:\Program Files\709B8740-1456055050-11D5-923C-14DAE9E14953\jnsgF778.tmp
    AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{05046398-d890-11e5-804d-14dae9e14953} [20]
    AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{05046399-d890-11e5-804d-14dae9e14953} [31]
    AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{d9380eed-d890-11e5-931a-14dae9e14953} [20]
    AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{d9380eee-d890-11e5-931a-14dae9e14953} [31]
    AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{d9380ef1-d890-11e5-931a-14dae9e14953} [20]
    AlternateDataStreams: C:\Windows\system32\Drivers\sdfhgdf.sys:{d9380ef2-d890-11e5-931a-14dae9e14953} [31]
    Hosts:
    () C:\ProgramData\CloudPrinter\CloudPrinter.exe
    () C:\Program Files\SFK\SSFK.exe
    () C:\Program Files\709B8740-1456055050-11D5-923C-14DAE9E14953\hnsw5D4E.tmp
    () C:\Program Files\709B8740-1456055050-11D5-923C-14DAE9E14953\jnsgF778.tmp
    HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
    HKLM\...\Run: [Sound+] => "C:\Program Files\Sound+\Sound+.exe"
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_1A7BBFFA9.html [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_1A7BBFFA9.png [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_2A7BBFFA9.html [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_2A7BBFFA9.png [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_3A7BBFFA9.html [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_3A7BBFFA9.png [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_4A7BBFFA9.html [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_4A7BBFFA9.png [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_5A7BBFFA9.html [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_5A7BBFFA9.png [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_6A7BBFFA9.html [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_6A7BBFFA9.png [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_7A7BBFFA9.html [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_7A7BBFFA9.png [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_8A7BBFFA9.html [2016-03-04] ()
    Startup: C:\Users\Tolditopigus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_FILE_8A7BBFFA9.png [2016-03-04] ()
    Tcpip\..\Interfaces\{1f658ec2-2f1d-11de-b08e-806e6f6e6963}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{9978730F-AEF4-4ADF-84E3-74F455110B53}: [NameServer] 104.197.191.4
    HKU\S-1-5-21-2856147712-829217737-436710228-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...u-YUc4jXj17_58n8bQ87247ss2qU7kBIMz7D4Xpg,,&q={searchTerms}
    HKU\S-1-5-21-2856147712-829217737-436710228-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...BycvhiZliNSfPaHbM64Tf04foncSqbDbyE-JXAXo7Dw,,,,
    HKU\S-1-5-21-2856147712-829217737-436710228-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...u-YUc4jXj17_58n8bQ87247ss2qU7kBIMz7D4Xpg,,&q={searchTerms}
    HKU\S-1-5-21-2856147712-829217737-436710228-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...u-YUc4jXj17_58n8bQ87247ss2qU7kBIMz7D4Xpg,,&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...u-YUc4jXj17_58n8bQ87247ss2qU7kBIMz7D4Xpg,,&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2856147712-829217737-436710228-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...u-YUc4jXj17_58n8bQ87247ss2qU7kBIMz7D4Xpg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2856147712-829217737-436710228-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...u-YUc4jXj17_58n8bQ87247ss2qU7kBIMz7D4Xpg,,&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartpageing.com/?type=sc&ts=1456...id=WDCXWD7500AALX-009BA0_WD-WCATR593820338203
    CHR HomePage: Default -> hxxp://www.yoursearching.com/?type=hp&ts=1456...id=WDCXWD7500AALX-009BA0_WD-WCATR593820338203
    CHR StartupUrls: Default -> "hxxp://www.yoursearching.com/?type=hp&ts=1456759946&z=c099cfcd35254a783e7f647gbz7w0qam9w5tet6z1q&from=brd&uid=WDCXWD7500AALX-009BA0_WD-WCATR593820338203"
    CHR DefaultSearchURL: Default -> hxxp://yoursearching.com/web?type=ds&ts=14567...WDCXWD7500AALX-009BA0_WD-WCATR593820338203&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> yoursearching
    StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.istartpageing.com/?type=sc&ts=1456...id=WDCXWD7500AALX-009BA0_WD-WCATR593820338203
    R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [667136 2016-02-21] () [Brak podpisu cyfrowego]
    R2 SSFK; C:\Program Files\SFK\SSFK.exe [384512 2016-02-22] () [Brak podpisu cyfrowego]
    R2 wucotusy; C:\Program Files\709B8740-1456055050-11D5-923C-14DAE9E14953\hnsw5D4E.tmp [416256 2016-02-21] () [Brak podpisu cyfrowego]
    R2 zutuzuni; C:\Program Files\709B8740-1456055050-11D5-923C-14DAE9E14953\jnsgF778.tmp [307712 2016-02-21] () [Brak podpisu cyfrowego]
    S2 lehibexezbt; C:\Program Files\709B8740-1456055050-11D5-923C-14DAE9E14953\knsjCB.tmp [X]
    S2 Util Wooden Seal; "C:\Program Files\Wooden Seal\bin\utilWoodenSeal.exe" [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    2016-03-04 17:00 - 2016-03-04 17:02 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Tolditopigus\Downloads\SpyHunter-Installer (1).exe
    2016-03-04 16:40 - 2016-03-04 16:40 - 00001306 _____ C:\Users\Tolditopigus\RAD_DECRYPT_FILES.txt
    2016-03-04 16:40 - 2016-03-04 16:40 - 00001306 _____ C:\Users\Tolditopigus\Downloads\RAD_DECRYPT_FILES.txt
    2016-03-04 16:40 - 2016-03-04 16:40 - 00001306 _____ C:\ProgramData\RAD_DECRYPT_FILES.txt
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\HELP_FILE_8A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\HELP_FILE_7A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\HELP_FILE_6A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\HELP_FILE_5A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\HELP_FILE_4A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\HELP_FILE_3A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\HELP_FILE_2A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\HELP_FILE_1A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\Downloads\HELP_FILE_8A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\Downloads\HELP_FILE_7A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\Downloads\HELP_FILE_6A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\Downloads\HELP_FILE_5A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\Downloads\HELP_FILE_4A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\Downloads\HELP_FILE_3A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\Downloads\HELP_FILE_2A7BBFFA9.html
    2016-03-04 14:53 - 2016-03-04 14:53 - 00003153 _____ C:\Users\Tolditopigus\Downloads\HELP_FILE_1A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_8A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_7A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_6A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_5A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_4A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_3A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_2A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_1A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\LocalLow\HELP_FILE_8A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\LocalLow\HELP_FILE_7A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\LocalLow\HELP_FILE_6A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\LocalLow\HELP_FILE_5A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\LocalLow\HELP_FILE_4A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\LocalLow\HELP_FILE_3A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\LocalLow\HELP_FILE_2A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\LocalLow\HELP_FILE_1A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Local\HELP_FILE_8A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Local\HELP_FILE_7A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Local\HELP_FILE_6A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Local\HELP_FILE_5A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Local\HELP_FILE_4A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Local\HELP_FILE_3A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Local\HELP_FILE_2A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\Local\HELP_FILE_1A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\HELP_FILE_8A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\HELP_FILE_7A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\HELP_FILE_6A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\HELP_FILE_5A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\HELP_FILE_4A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\HELP_FILE_3A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\HELP_FILE_2A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 00003153 _____ C:\Users\Tolditopigus\AppData\HELP_FILE_1A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 00003153 _____ C:\ProgramData\HELP_FILE_8A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 00003153 _____ C:\ProgramData\HELP_FILE_7A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 00003153 _____ C:\ProgramData\HELP_FILE_6A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 00003153 _____ C:\ProgramData\HELP_FILE_5A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 00003153 _____ C:\ProgramData\HELP_FILE_4A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 00003153 _____ C:\ProgramData\HELP_FILE_3A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 00003153 _____ C:\ProgramData\HELP_FILE_2A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 00003153 _____ C:\ProgramData\HELP_FILE_1A7BBFFA9.html
    2016-03-02 18:09 - 2016-03-02 18:09 - 00000000 ____D C:\Users\Tolditopigus\AppData\Local\rec_pl_214
    2016-03-02 14:28 - 2016-03-04 16:49 - 00000000 ____D C:\Program Files\CleanBrowser
    2016-02-29 16:32 - 2016-03-04 16:50 - 00000000 ____D C:\ProgramData\5WdM5
    2016-02-22 16:41 - 2016-02-22 16:41 - 00000000 ____D C:\ProgramData\iWdMi
    2016-02-22 16:39 - 2016-03-04 16:55 - 00000000 ____D C:\Users\Tolditopigus\AppData\Roaming\istartpageing
    2016-02-21 18:28 - 2016-02-21 18:31 - 00000000 ____D C:\Users\Tolditopigus\AppData\Roaming\systweak
    2016-02-21 18:28 - 2015-11-20 19:27 - 00017840 _____ () C:\Windows\system32\roboot.exe
    2016-02-21 18:21 - 2016-02-21 18:21 - 07951360 _____ C:\Users\Tolditopigus\AppData\Roaming\agent.dat
    2016-02-21 18:21 - 2016-02-21 18:21 - 01881945 _____ C:\Users\Tolditopigus\AppData\Roaming\Volttom.tst
    2016-02-21 18:21 - 2016-02-21 18:21 - 00126464 _____ C:\Users\Tolditopigus\AppData\Roaming\noah.dat
    2016-02-21 18:21 - 2016-02-21 18:21 - 00063696 _____ C:\Users\Tolditopigus\AppData\Roaming\Config.xml
    2016-02-21 18:21 - 2016-02-21 18:21 - 00018432 _____ C:\Users\Tolditopigus\AppData\Roaming\Main.dat
    2016-02-21 18:21 - 2016-02-21 18:21 - 00002401 _____ C:\Windows\system32\findit.xml
    2016-02-21 18:21 - 2016-02-21 18:21 - 00000000 ____D C:\ProgramData\Solotoughs
    2016-02-21 18:20 - 2016-03-05 09:41 - 00000000 ____D C:\Program Files\SFK
    2016-02-21 18:20 - 2016-02-29 16:32 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    2016-02-21 18:20 - 2016-02-21 18:21 - 00005568 _____ C:\Users\Tolditopigus\AppData\Roaming\md.xml
    2016-02-21 18:20 - 2016-02-21 18:21 - 00000000 ____D C:\ProgramData\aWdMa
    2016-02-21 18:20 - 2016-02-21 18:20 - 00126464 _____ C:\Users\Tolditopigus\AppData\Roaming\lobby.dat
    2016-02-21 18:20 - 2016-02-21 18:20 - 00072717 _____ C:\Users\Tolditopigus\AppData\Roaming\Subtip.tst
    2016-02-21 18:20 - 2016-02-21 18:20 - 00054272 _____ C:\Users\Tolditopigus\AppData\Roaming\ApplicationHosting.dat
    2016-02-21 18:20 - 2016-02-21 18:20 - 00000000 ____D C:\ProgramData\CloudPrinter
    2016-02-21 18:20 - 2016-02-21 18:18 - 00667136 _____ C:\Users\Tolditopigus\AppData\Roaming\Volttom.exe
    2016-02-21 18:20 - 2016-02-21 18:18 - 00667136 _____ C:\Users\Tolditopigus\AppData\Roaming\Subtip.exe
    2016-02-21 18:19 - 2016-03-04 15:04 - 00000000 ____D C:\Users\Tolditopigus\AppData\Roaming\yoursearching
    2016-02-21 18:19 - 2016-02-21 18:19 - 00848437 _____ C:\Users\Tolditopigus\AppData\Roaming\Matstock.bin
    2016-02-21 17:48 - 2016-02-21 17:48 - 00000000 ____D C:\Program Files\Enigma Software Group
    2016-02-21 17:47 - 2016-02-21 17:47 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Tolditopigus\Downloads\SpyHunter-Installer.exe
    2016-02-21 17:41 - 2016-03-04 16:49 - 00000000 ____D C:\AdwCleaner
    2016-02-21 13:59 - 2016-03-04 16:50 - 00000000 ____D C:\Users\Tolditopigus\AppData\Roaming\GogguDodg
    2016-02-21 13:59 - 2016-03-04 10:34 - 00000000 ____D C:\Users\Tolditopigus\AppData\LocalLow\Company
    2016-02-21 13:59 - 2016-02-21 14:32 - 00000000 ____D C:\Program Files\shopperz210220161110
    2016-02-21 13:59 - 2016-02-21 14:00 - 00000000 ____D C:\Users\Tolditopigus\AppData\Local\Tempfolder
    2016-02-21 13:59 - 2016-02-21 13:59 - 00000000 ____D C:\Windows\system32\bij
    2016-02-21 13:59 - 2016-02-21 13:59 - 00000000 ____D C:\uninst
    2016-02-21 12:46 - 2016-02-21 12:47 - 00019624 _____ (Corporation) C:\Windows\system32\Drivers\sdfhgdf.sys
    2016-02-21 12:44 - 2016-02-23 22:06 - 00000000 ____D C:\Program Files\709B8740-1456055050-11D5-923C-14DAE9E14953
    2016-02-21 10:13 - 2016-02-21 13:59 - 00049408 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
    2016-02-21 18:21 - 2016-02-21 18:21 - 7951360 _____ () C:\Users\Tolditopigus\AppData\Roaming\agent.dat
    2016-02-21 18:20 - 2016-02-21 18:20 - 0054272 _____ () C:\Users\Tolditopigus\AppData\Roaming\ApplicationHosting.dat
    2016-02-21 18:21 - 2016-02-21 18:21 - 0063696 _____ () C:\Users\Tolditopigus\AppData\Roaming\Config.xml
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_1A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_1A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_2A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_2A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_3A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_3A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_4A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_4A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_5A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_5A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_6A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_6A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_7A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_7A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_8A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Roaming\HELP_FILE_8A7BBFFA9.png
    2016-02-21 13:23 - 2016-02-21 18:18 - 0015984 _____ () C:\Users\Tolditopigus\AppData\Roaming\InstallationConfiguration.xml
    2016-02-21 13:23 - 2016-02-21 18:18 - 0126976 _____ () C:\Users\Tolditopigus\AppData\Roaming\Installer.dat
    2016-02-21 18:20 - 2016-02-21 18:20 - 0126464 _____ () C:\Users\Tolditopigus\AppData\Roaming\lobby.dat
    2016-02-21 18:21 - 2016-02-21 18:21 - 0018432 _____ () C:\Users\Tolditopigus\AppData\Roaming\Main.dat
    2016-02-21 18:19 - 2016-02-21 18:19 - 0848437 _____ () C:\Users\Tolditopigus\AppData\Roaming\Matstock.bin
    2016-02-21 18:20 - 2016-02-21 18:21 - 0005568 _____ () C:\Users\Tolditopigus\AppData\Roaming\md.xml
    2016-02-21 18:21 - 2016-02-21 18:21 - 0126464 _____ () C:\Users\Tolditopigus\AppData\Roaming\noah.dat
    2016-02-21 18:20 - 2016-02-21 18:18 - 0667136 _____ () C:\Users\Tolditopigus\AppData\Roaming\Subtip.exe
    2016-02-21 18:20 - 2016-02-21 18:20 - 0072717 _____ () C:\Users\Tolditopigus\AppData\Roaming\Subtip.tst
    2016-02-21 18:21 - 2016-02-21 18:21 - 0032038 _____ () C:\Users\Tolditopigus\AppData\Roaming\uninstall_temp.ico
    2016-02-21 18:20 - 2016-02-21 18:18 - 0667136 _____ () C:\Users\Tolditopigus\AppData\Roaming\Volttom.exe
    2016-02-21 18:21 - 2016-02-21 18:21 - 1881945 _____ () C:\Users\Tolditopigus\AppData\Roaming\Volttom.tst
    2016-03-04 16:41 - 2016-03-04 16:41 - 0240118 _____ () C:\Users\Tolditopigus\AppData\Roaming\wallpaper.wall
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_1A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_1A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_2A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_2A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_3A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_3A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_4A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_4A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_5A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_5A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_6A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_6A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_7A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_7A7BBFFA9.png
    2016-03-04 10:34 - 2016-03-04 10:34 - 0003153 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_8A7BBFFA9.html
    2016-03-04 10:34 - 2016-03-04 10:34 - 0114901 _____ () C:\Users\Tolditopigus\AppData\Local\HELP_FILE_8A7BBFFA9.png
    2016-03-04 10:33 - 2016-03-04 10:33 - 0003153 _____ () C:\ProgramData\HELP_FILE_1A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 0114901 _____ () C:\ProgramData\HELP_FILE_1A7BBFFA9.png
    2016-03-04 10:33 - 2016-03-04 10:33 - 0003153 _____ () C:\ProgramData\HELP_FILE_2A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 0114901 _____ () C:\ProgramData\HELP_FILE_2A7BBFFA9.png
    2016-03-04 10:33 - 2016-03-04 10:33 - 0003153 _____ () C:\ProgramData\HELP_FILE_3A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 0114901 _____ () C:\ProgramData\HELP_FILE_3A7BBFFA9.png
    2016-03-04 10:33 - 2016-03-04 10:33 - 0003153 _____ () C:\ProgramData\HELP_FILE_4A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 0114901 _____ () C:\ProgramData\HELP_FILE_4A7BBFFA9.png
    2016-03-04 10:33 - 2016-03-04 10:33 - 0003153 _____ () C:\ProgramData\HELP_FILE_5A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 0114901 _____ () C:\ProgramData\HELP_FILE_5A7BBFFA9.png
    2016-03-04 10:33 - 2016-03-04 10:33 - 0003153 _____ () C:\ProgramData\HELP_FILE_6A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 0114901 _____ () C:\ProgramData\HELP_FILE_6A7BBFFA9.png
    2016-03-04 10:33 - 2016-03-04 10:33 - 0003153 _____ () C:\ProgramData\HELP_FILE_7A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 0114901 _____ () C:\ProgramData\HELP_FILE_7A7BBFFA9.png
    2016-03-04 10:33 - 2016-03-04 10:33 - 0003153 _____ () C:\ProgramData\HELP_FILE_8A7BBFFA9.html
    2016-03-04 10:33 - 2016-03-04 10:33 - 0114901 _____ () C:\ProgramData\HELP_FILE_8A7BBFFA9.png
    2016-03-04 16:40 - 2016-03-04 16:40 - 0001306 _____ () C:\ProgramData\RAD_DECRYPT_FILES.txt
    C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:


    W FRST wybierz Napraw.

    Uzyj https://www.elektroda.pl/rtvforum/download.php?id=731083 i zamiesc log, ktory sie utworzy.

    Do tego nowe logi z FRST, ze skanowania.

    0
  • CControls
  • #7 06 Mar 2016 21:50
    Tranrek
    Poziom 4  

    I zrobiłem nowe logi. Chyba, ze zrobiłem coś zle.

    Co do linków, wszystko zrobiłem, ale 2 plik wywala mi błąd:
    Infekcja - Reklamy i zaszyfrowane pliki.

    0
  • #8 06 Mar 2016 21:57
    Kolobos
    Spec od komputerów

    Zamiesciles RepairDNS.txt oraz Fixlog.txt, a miales zamiescic jeszcze nowe logi ze skanowania frst.txt oraz addition.txt.

    Sprobuj uruchomic fix w trybie awaryjnym lub z prawami administratora.

    0
  • Pomocny post
    #10 06 Mar 2016 22:24
    Kolobos
    Spec od komputerów

    Wykonaj taki fixlist.txt:
    Hosts:

    Usun katalog C:\FRST i to wszystko.

    0
  • #11 06 Mar 2016 22:34
    Tranrek
    Poziom 4  

    Przepraszam, ale nwm czy dobrze rozumiem. Mam wykonac plik tekstowy o takim rozszerzeniu i nazwie, czy skan? I nie rozumiem również tego "Hosts:

    Co do plików, które pobrałem nadal nie działa ten jeden. Próbowałem i jako administrator i w trybie awaryjnym. Ten sam błąd wyskakuje nadal.

    0
  • Pomocny post
    #12 06 Mar 2016 22:39
    Kolobos
    Spec od komputerów

    Utworz nowy fixlist.txt z zawartoscia:
    Hosts:

    W FRST wybierz Napraw.

    0
  • #13 06 Mar 2016 22:44
    Tranrek
    Poziom 4  

    I usnąłem katalog C:\FRST. Jeżeli to wszystko, to bardzo dziękuję za pomoc.

    0