Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Przeglądarka, Snapdo - logi z FRST.

boro1992 25 Mar 2016 15:22 462 2
  • CControls
  • #2 25 Mar 2016 15:45
    krzychupar
    Poziom 40  

    Odinstaluj:
    AION (HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\AION) (Version: - AION) <==== UWAGa
    SnapDo (HKLM\...\{287F18D9-6573-446A-A81E-CE8C89A2D887}) (Version: 1.0.0.0 - Resoft) <==== UWAGA
    WarThunder (HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WarThunder) (Version: - WarThunder) <==== UWAGA

    Otwórz notatnik systemowy i wklej:
    CloseProcesses:
    AV: 电脑管家系统防护 (Disabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Disabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    Task: {0C6C1659-A21D-4AAC-909D-88D9942983C2} - System32\Tasks\{2250B857-BC19-4F6D-AC4D-A893D5899955} => pcalua.exe -a E:\MAX-FX\setup\Setup.exe -d E:\MAX-FX\setup
    Task: {44A46EBB-B2DA-4BF5-88F0-EF8AA42741AA} - System32\Tasks\Chrome Cleanup Tool post reboot run => C:\Users\Gosia\AppData\Local\Temp\803B.exe <==== UWAGA
    Task: {9FBAC567-4F7B-46BC-98EA-3BE834295C3A} - System32\Tasks\{809699B8-F189-4EAF-9C4E-DFD72C18C8E0} => pcalua.exe -a "C:\Program Files\Common Files\Lightlamkix\uninstall.exe" -c shuz -f "C:\Program Files\Common Files\Lightlamkix\uninstall.dat" -a uninstallme 287F18D9-6573-446A-A81E-CE8C89A2D887 DeviceId=991becd9-dce0-d2e1-a3fb-19a51a1b23b0 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
    Task: {CB31BF8D-A448-4EA3-AA13-F87D652EE253} - System32\Tasks\AdministratorTumbleweedHorsedV2 => Rundll32.exe ImmergeAlarming.dll,main 7 1 <==== UWAGA
    Task: {D0B82F90-B280-4BE8-B83A-16DD783A74F5} - System32\Tasks\GosiaPerfectionZoologistsV2 => Rundll32.exe CrociPotters.dll,main 7 1 <==== UWAGA
    ShortcutWithArgument: C:\Users\Administrator\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe [356464 2016-03-24] (Tencent)




    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500\...\MountPoints2: E - E:\SETUP.EXE
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: E - E:\SETUP.EXE
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
    AppInit_DLLs: C:\ProgramData\Ronzap\Kaydom.dll => Brak pliku
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95144889_hao_pg
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&am...p;uid=ST9320325AS_6VD16XVCXXXX6VD16XVC&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts...=cor&uid=ST9320325AS_6VD16XVCXXXX6VD16XVC
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&am...p;uid=ST9320325AS_6VD16XVCXXXX6VD16XVC&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&am...p;uid=ST9320325AS_6VD16XVCXXXX6VD16XVC&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.gazeta.pl/0,0.html?p=156
    HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts...=cor&uid=ST9320325AS_6VD16XVCXXXX6VD16XVC
    HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&am...p;uid=ST9320325AS_6VD16XVCXXXX6VD16XVC&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95144889_hao_pg
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95144889_hao_pg
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {szukaj.gazeta.pl} URL = hxxp://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms}
    SearchScopes: HKU\S-1-5-21-3389753984-2837190305-4224700202-500 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-3389753984-2837190305-4224700202-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...TWCf4xrWfmMzpAN3lgbWULmWvaYx-7QG1DaLJOG4zhnmY
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2lp9fpDo-jb2ZBsJHncToTqx9ovAXUbxtMpzeG&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
    S2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe [301656 2016-03-24] (Tencent)
    S2 Ronzap; Brak ImagePath
    R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\QQSysMon.sys [108920 2016-03-24] (电脑管家)
    R1 TSDefenseBt; C:\windows\System32\DRIVERS\TSDefenseBt.sys [14008 2016-03-24] (Tencent)
    R0 TsFltMgr; C:\windows\System32\drivers\TsFltMgr.sys [128216 2016-03-24] (电脑管家)
    R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\TSKsp.sys [210616 2016-03-24] (电脑管家)
    R2 tsnethlp; C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\TsNetHlp.sys [43768 2016-03-24] ()
    S3 TSSK; C:\windows\System32\tssk.sys [83576 2016-03-16] (电脑管家)
    R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\TSSysKit.sys [102136 2016-03-24] (电脑管家)
    U2 IviRegMgr; Brak ImagePath
    U3 RichVideo; Brak ImagePath
    2016-03-24 01:34 - 2016-03-24 01:33 - 00014008 ____N (Tencent) C:\windows\system32\Drivers\TSDefenseBt.sys
    2016-03-24 01:34 - 2016-03-16 12:00 - 00083576 ____N (电脑管家) C:\windows\system32\TSSK.sys
    2016-03-24 01:33 - 2016-03-24 01:33 - 00150008 ____N (电脑管家) C:\windows\system32\Drivers\TFsFlt.sys
    2016-03-24 01:33 - 2016-03-24 01:33 - 00128216 ____N (电脑管家) C:\windows\system32\Drivers\TsFltMgr.sys
    2016-03-24 01:32 - 2016-03-24 01:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Tencent
    2016-03-24 01:32 - 2016-03-24 01:58 - 00000000 ____D C:\ProgramData\Tencent
    2016-03-24 01:32 - 2016-03-24 01:32 - 00000000 ____D C:\Program Files\Tencent
    2016-03-24 01:31 - 2016-03-24 01:31 - 01211964 _____ C:\Users\Administrator\Downloads\Niepotwierdzony 135833.crdownload
    2016-03-24 01:21 - 2016-03-24 01:21 - 06493696 _____ C:\Users\Administrator\AppData\Roaming\agent.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 01621131 _____ C:\Users\Administrator\AppData\Roaming\KonString.tst
    2016-03-24 01:21 - 2016-03-24 01:21 - 00848437 _____ C:\Users\Administrator\AppData\Roaming\GraveSaillam.bin
    2016-03-24 01:21 - 2016-03-24 01:21 - 00230046 _____ C:\Users\Administrator\AppData\Roaming\inst.lat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00189569 _____ () C:\Users\Administrator\AppData\Roaming\Xxx-lottone.bin
    2016-03-24 01:21 - 2016-03-24 01:21 - 00127488 _____ C:\Users\Administrator\AppData\Roaming\Installer.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00126464 _____ C:\Users\Administrator\AppData\Roaming\noah.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00126464 _____ C:\Users\Administrator\AppData\Roaming\lobby.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00072706 _____ C:\Users\Administrator\AppData\Roaming\Techair.tst
    2016-03-24 01:21 - 2016-03-24 01:21 - 00065424 _____ C:\Users\Administrator\AppData\Roaming\Config.xml
    2016-03-24 01:21 - 2016-03-24 01:21 - 00054272 _____ C:\Users\Administrator\AppData\Roaming\ApplicationHosting.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00041472 _____ C:\Users\Administrator\AppData\Local\Unojoyfix.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00018432 _____ C:\Users\Administrator\AppData\Roaming\Main.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00016992 _____ C:\Users\Administrator\AppData\Roaming\InstallationConfiguration.xml
    2016-03-24 01:21 - 2016-03-24 01:21 - 00005568 _____ C:\Users\Administrator\AppData\Roaming\md.xml
    2016-03-24 01:21 - 2016-03-24 01:21 - 00001239 _____ C:\Users\Administrator\Desktop\Random Viral.lnk
    2016-03-24 01:21 - 2016-03-24 01:21 - 00000187 _____ C:\Users\Administrator\AppData\Local\Unojoyfix.exe.config
    2016-03-24 01:21 - 2016-03-24 01:21 - 00000000 ____D C:\ProgramData\Ronzaps
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\Administrator\Downloads\
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 25 Mar 2016 15:52
    Acorus 20
    Spec od komputerów

    Odinstaluj AION, SnapDo, Adobe Reader 9.0.1 - Polish, WarThunder. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {360AEA87-7F4C-4DF9-9F0C-A1907BB1325E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3389753984-2837190305-4224700202-1004UA => C:\Users\Gosia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-05] (Facebook Inc.)
    Task: {44A46EBB-B2DA-4BF5-88F0-EF8AA42741AA} - System32\Tasks\Chrome Cleanup Tool post reboot run => C:\Users\Gosia\AppData\Local\Temp\803B.exe <==== UWAGA
    Task: {7C1B041E-1C12-4B97-B3D2-D234ACFC43CC} - System32\Tasks\Opera scheduled Autoupdate 1420900773 => C:\Program Files\Opera\launcher.exe [2016-03-14] (Opera Software)
    Task: {9FBAC567-4F7B-46BC-98EA-3BE834295C3A} - System32\Tasks\{809699B8-F189-4EAF-9C4E-DFD72C18C8E0} => pcalua.exe -a "C:\Program Files\Common Files\Lightlamkix\uninstall.exe" -c shuz -f "C:\Program Files\Common Files\Lightlamkix\uninstall.dat" -a uninstallme 287F18D9-6573-446A-A81E-CE8C89A2D887 DeviceId=991becd9-dce0-d2e1-a3fb-19a51a1b23b0 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
    Task: {CB31BF8D-A448-4EA3-AA13-F87D652EE253} - System32\Tasks\AdministratorTumbleweedHorsedV2 => Rundll32.exe ImmergeAlarming.dll,main 7 1 <==== UWAGA
    Task: {D0B82F90-B280-4BE8-B83A-16DD783A74F5} - System32\Tasks\GosiaPerfectionZoologistsV2 => Rundll32.exe CrociPotters.dll,main 7 1 <==== UWAGA
    Task: {D306DA45-980E-494F-966E-89A19F0944BA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3389753984-2837190305-4224700202-1004Core => C:\Users\Gosia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-05] (Facebook Inc.)
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3389753984-2837190305-4224700202-1004Core.job => C:\Users\Gosia\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3389753984-2837190305-4224700202-1004UA.job => C:\Users\Gosia\AppData\Local\Facebook\Update\FacebookUpdate.exe
    ShortcutWithArgument: C:\Users\Administrator\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated)
    HKLM\...\Run: [UpdateP2GShortCut] => C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-12-17] (Apple Inc.)
    HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe [356464 2016-03-24] (Tencent)
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => C:\Users\Gosia\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-05] (Facebook Inc.)
    AppInit_DLLs: C:\ProgramData\Ronzap\Kaydom.dll => Brak pliku
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update ESET's license.lnk [2015-12-30]
    ShortcutTarget: Update ESET's license.lnk -> C:\Program Files\ESET\MiNODLogin\launcher.exe (Brak pliku)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95144889_hao_pg
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&am...p;uid=ST9320325AS_6VD16XVCXXXX6VD16XVC&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts...=cor&uid=ST9320325AS_6VD16XVCXXXX6VD16XVC
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&am...p;uid=ST9320325AS_6VD16XVCXXXX6VD16XVC&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&am...p;uid=ST9320325AS_6VD16XVCXXXX6VD16XVC&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.gazeta.pl/0,0.html?p=156
    HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts...=cor&uid=ST9320325AS_6VD16XVCXXXX6VD16XVC
    HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&am...p;uid=ST9320325AS_6VD16XVCXXXX6VD16XVC&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95144889_hao_pg
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95144889_hao_pg
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...kYXAan3TTO0EEqR2s5XxOHvZxbLYgLpttv1AzK&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {szukaj.gazeta.pl} URL = hxxp://szukaj.gazeta.pl/internet/0,0.html?slowo={searchTerms}
    SearchScopes: HKU\S-1-5-21-3389753984-2837190305-4224700202-500 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-3389753984-2837190305-4224700202-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-3389753984-2837190305-4224700202-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
    Toolbar: HKU\S-1-5-21-3389753984-2837190305-4224700202-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Brak nazwy - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - Brak pliku
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...TWCf4xrWfmMzpAN3lgbWULmWvaYx-7QG1DaLJOG4zhnmY
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...2lp9fpDo-jb2ZBsJHncToTqx9ovAXUbxtMpzeG&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    S2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe [301656 2016-03-24] (Tencent)
    S2 Ronzap; Brak ImagePath
    R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\QQSysMon.sys [108920 2016-03-24] (电脑管家)
    R1 TSDefenseBt; C:\windows\System32\DRIVERS\TSDefenseBt.sys [14008 2016-03-24] (Tencent)
    R0 TsFltMgr; C:\windows\System32\drivers\TsFltMgr.sys [128216 2016-03-24] (电脑管家)
    R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\TSKsp.sys [210616 2016-03-24] (电脑管家)
    R2 tsnethlp; C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\TsNetHlp.sys [43768 2016-03-24] ()
    S3 TSSK; C:\windows\System32\tssk.sys [83576 2016-03-16] (电脑管家)
    R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\11.4.17339.217\TSSysKit.sys [102136 2016-03-24] (电脑管家)
    U2 IviRegMgr; Brak ImagePath
    U3 RichVideo; Brak ImagePath
    2016-03-24 18:01 - 2016-03-24 18:01 - 00000000 ____D C:\Users\Gosia\AppData\Roaming\Tencent
    2016-03-24 01:57 - 2016-03-24 01:57 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-03-24 01:51 - 2016-03-24 01:53 - 00000000 ____D C:\AdwCleaner
    2016-03-24 01:34 - 2016-03-24 01:34 - 00005120 _____ C:\Users\Administrator\AppData\Roaming\GiftBag.db
    2016-03-24 01:34 - 2016-03-24 01:33 - 00014008 ____N (Tencent) C:\windows\system32\Drivers\TSDefenseBt.sys
    2016-03-24 01:34 - 2016-03-16 12:00 - 00083576 ____N (电脑管家) C:\windows\system32\TSSK.sys
    2016-03-24 01:33 - 2016-03-24 01:33 - 00150008 ____N (电脑管家) C:\windows\system32\Drivers\TFsFlt.sys
    2016-03-24 01:33 - 2016-03-24 01:33 - 00128216 ____N (电脑管家) C:\windows\system32\Drivers\TsFltMgr.sys
    2016-03-24 01:32 - 2016-03-24 01:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Tencent
    2016-03-24 01:32 - 2016-03-24 01:58 - 00000000 ____D C:\ProgramData\Tencent
    2016-03-24 01:32 - 2016-03-24 01:32 - 00000000 ____D C:\Program Files\Tencent
    2016-03-24 01:21 - 2016-03-25 09:36 - 00000000 ____D C:\ProgramData\Ronzap
    2016-03-24 01:21 - 2016-03-24 01:21 - 06493696 _____ C:\Users\Administrator\AppData\Roaming\agent.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 01621131 _____ C:\Users\Administrator\AppData\Roaming\KonString.tst
    2016-03-24 01:21 - 2016-03-24 01:21 - 00848437 _____ C:\Users\Administrator\AppData\Roaming\GraveSaillam.bin
    2016-03-24 01:21 - 2016-03-24 01:21 - 00230046 _____ C:\Users\Administrator\AppData\Roaming\inst.lat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00189569 _____ () C:\Users\Administrator\AppData\Roaming\Xxx-lottone.bin
    2016-03-24 01:21 - 2016-03-24 01:21 - 00127488 _____ C:\Users\Administrator\AppData\Roaming\Installer.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00126464 _____ C:\Users\Administrator\AppData\Roaming\noah.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00126464 _____ C:\Users\Administrator\AppData\Roaming\lobby.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00072706 _____ C:\Users\Administrator\AppData\Roaming\Techair.tst
    2016-03-24 01:21 - 2016-03-24 01:21 - 00065424 _____ C:\Users\Administrator\AppData\Roaming\Config.xml
    2016-03-24 01:21 - 2016-03-24 01:21 - 00054272 _____ C:\Users\Administrator\AppData\Roaming\ApplicationHosting.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00041472 _____ C:\Users\Administrator\AppData\Local\Unojoyfix.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00018432 _____ C:\Users\Administrator\AppData\Roaming\Main.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 00016992 _____ C:\Users\Administrator\AppData\Roaming\InstallationConfiguration.xml
    2016-03-24 01:21 - 2016-03-24 01:21 - 00005568 _____ C:\Users\Administrator\AppData\Roaming\md.xml
    2016-03-24 01:21 - 2016-03-24 01:21 - 00001239 _____ C:\Users\Administrator\Desktop\Random Viral.lnk
    2016-03-24 01:21 - 2016-03-24 01:21 - 00000187 _____ C:\Users\Administrator\AppData\Local\Unojoyfix.exe.config
    2016-03-24 01:21 - 2016-03-24 01:21 - 00000000 ____D C:\ProgramData\Ronzaps
    2016-03-24 01:21 - 2016-03-24 01:21 - 00000000 ____D C:\Program Files\Common Files\Lightlamkix
    2016-03-24 01:21 - 2016-03-24 01:21 - 00000000 ____D C:\Program Files\BitTorrent
    2016-03-24 01:21 - 2016-03-24 01:19 - 01004544 _____ C:\Users\Administrator\AppData\Roaming\Techair.exe
    2016-03-24 01:21 - 2016-03-24 01:19 - 01004544 _____ C:\Users\Administrator\AppData\Roaming\KonString.exe
    2016-03-24 01:21 - 2016-03-24 01:21 - 0041472 _____ () C:\Users\Administrator\AppData\Local\Unojoyfix.dat
    2016-03-24 01:21 - 2016-03-24 01:21 - 0000187 _____ () C:\Users\Administrator\AppData\Local\Unojoyfix.exe.config
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0