Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Ads by Albireo - jak usunąć?

yybb 17 Kwi 2016 19:36 1293 4
  • #1 17 Kwi 2016 19:36
    yybb
    Poziom 2  

    Na wszystkich przeglądarkach wyskakują mi reklamy, nowe okna itp. Nie mogę usunąć wirusa ani przez AdwCleaner'a ani przez Malwarebytes Anti-Malware, próbowałam jeszcze kilku i też nic. Dlatego zwracam się z prośbą o pomoc, przeskanowałam przez Farbar Recovery Scan Tool i mam takie coś:

    0 4
  • #2 17 Kwi 2016 20:09
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {7362E50C-5A3A-4DC4-B882-ACD7B7513070} - System32\Tasks\Teurmulj => C:\PROGRA~1\RODLEQ~1\Guohka.bat <==== UWAGA
    Task: {96B0ACD0-D439-4824-B2C4-9BDACDDAF450} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-03-07] (UCWeb Inc)
    Task: {A97A0233-FC45-482F-BE89-0DE81702B4E9} - System32\Tasks\{469FA011-806E-D36E-1EE0-1BC4983F56AF} => C:\Users\Domowy\AppData\Roaming\{469FA~1\UPDATE~1.EXE
    Task: C:\Windows\Tasks\{469FA011-806E-D36E-1EE0-1BC4983F56AF}.job => C:\Users\Domowy\AppData\Roaming\{469FA~1\UPDATE~1.EXE
    ShortcutWithArgument: C:\Users\Domowy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\Domowy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\Public\Desktop\World of Warcraft.lnk -> D:\wow\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment) -> hxxp://www.yeabests.cc/
    Hosts:
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
    HKU\S-1-5-21-3517841691-2690594236-2042592838-1000\...\Run: [BingSvc] => C:\Users\Domowy\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-02] (© 2015 Microsoft Corporation)
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =




    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKU\S-1-5-21-3517841691-2690594236-2042592838-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
    HKU\S-1-5-21-3517841691-2690594236-2042592838-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF NewTab: hxxp://www-searching.com/?site=shyosffdefault...l8172bk,0aeb7123-5401-40ff-aacd-d0fe10015117,,
    FF DefaultSearchEngine: Search Module
    FF Homepage: search.mpc.am
    CHR HomePage: Default -> hxxp://www-searching.com/?s=g49zamobl8172bk,0aeb7123-5401-40ff-aacd-d0fe10015117,&prd=smw
    CHR StartupUrls: Default -> "hxxp://www-searching.com/?s=g49zamobl8172bk,0aeb7123-5401-40ff-aacd-d0fe10015117,&prd=smw"
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=g49zam...01-40ff-aacd-d0fe10015117,&prd=smw&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3517841691-2690594236-2042592838-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-04-16 12:18 - 2016-04-16 12:18 - 00000000 __SHD C:\found.002
    2016-04-16 03:03 - 2016-04-16 03:03 - 00000000 ____D C:\Windows\system32\leec
    2016-04-15 01:58 - 2016-04-15 01:58 - 00000000 ____D C:\Windows\system32\otal
    2016-04-14 17:22 - 2016-04-14 17:22 - 00000000 ____D C:\Windows\system32\ykow
    2016-04-14 04:58 - 2016-04-14 04:58 - 00000000 ____D C:\Windows\system32\not
    2016-04-13 15:44 - 2016-04-13 15:44 - 00000000 ____D C:\Users\Domowy\AppData\Roaming\MPC-HC
    2016-04-13 15:42 - 2016-04-14 04:42 - 00000278 _____ C:\Windows\Tasks\{469FA011-806E-D36E-1EE0-1BC4983F56AF}.job
    2016-04-13 15:42 - 2016-04-13 15:42 - 06505472 _____ C:\Users\Domowy\AppData\Roaming\agent.dat
    2016-04-13 15:42 - 2016-04-13 15:42 - 01932216 _____ C:\Users\Domowy\AppData\Roaming\Cantrax.bin
    2016-04-13 15:42 - 2016-04-13 15:42 - 01627008 _____ C:\Users\Domowy\AppData\Roaming\Zaamphase.tst
    2016-04-13 15:42 - 2016-04-13 15:42 - 00018432 _____ C:\Users\Domowy\AppData\Roaming\Main.dat
    2016-04-13 15:42 - 2016-04-13 15:42 - 00003574 _____ C:\Windows\System32\Tasks\klcp_update
    2016-04-13 15:42 - 2016-04-13 15:42 - 00003222 _____ C:\Windows\System32\Tasks\{469FA011-806E-D36E-1EE0-1BC4983F56AF}
    2016-04-09 18:23 - 2016-04-17 17:53 - 00000000 ____D C:\AdwCleaner
    2016-04-09 17:59 - 2016-04-13 12:20 - 00000458 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2016-04-09 17:59 - 2016-04-12 14:50 - 00003446 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2016-04-09 17:59 - 2016-04-09 18:27 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2016-04-09 17:59 - 2016-04-09 17:59 - 00000000 ____D C:\Users\Domowy\AppData\Local\UCBrowser
    2016-04-09 17:57 - 2016-04-17 18:25 - 00000000 ____D C:\Users\Domowy\AppData\Roaming\DiuiAgyomk
    2016-04-09 17:57 - 2016-04-17 18:21 - 00000000 ____D C:\Users\Domowy\AppData\Roaming\Macfuttidv
    2016-04-09 17:57 - 2016-04-09 18:27 - 00000000 ____D C:\Users\Domowy\AppData\Local\app
    2016-04-09 17:56 - 2016-04-17 18:25 - 00000000 ____D C:\Users\Domowy\AppData\Roaming\Fiifphm
    2016-04-09 17:56 - 2016-04-17 18:21 - 00000000 ____D C:\Users\Domowy\AppData\LocalLow\Company
    2016-04-09 17:56 - 2016-04-09 17:57 - 00000000 ____D C:\Users\Domowy\AppData\Local\Tempfolder
    2016-04-09 17:56 - 2016-04-09 17:56 - 00003340 _____ C:\Windows\System32\Tasks\Teurmulj
    2016-04-09 17:56 - 2016-04-09 17:56 - 00000000 ____D C:\Users\Domowy\AppData\Roaming\gplyra
    2016-04-09 17:56 - 2016-04-09 17:56 - 00000000 ____D C:\uninst
    2016-04-09 17:56 - 2016-04-09 17:56 - 00000000 ____D C:\Program Files (x86)\badu
    2016-04-13 15:42 - 2016-04-13 15:42 - 6505472 _____ () C:\Users\Domowy\AppData\Roaming\agent.dat
    2016-04-13 15:42 - 2016-04-13 15:42 - 1932216 _____ () C:\Users\Domowy\AppData\Roaming\Cantrax.bin
    2016-04-09 18:19 - 2016-04-09 18:19 - 0005120 _____ () C:\Users\Domowy\AppData\Roaming\GiftBag.db
    2016-04-13 15:41 - 2016-04-13 15:41 - 0127488 _____ () C:\Users\Domowy\AppData\Roaming\Installer.dat
    2016-04-13 15:42 - 2016-04-13 15:42 - 0018432 _____ () C:\Users\Domowy\AppData\Roaming\Main.dat
    2016-04-14 17:56 - 2016-04-14 17:56 - 0000000 _____ () C:\Users\Domowy\AppData\Roaming\svrupg.exe
    C:\ProgramData\hp.exe
    C:\ProgramData\testLive.exe
    C:\Windows\Tasks\{469FA011-806E-D36E-1EE0-1BC4983F56AF}.job
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    1
  • #3 17 Kwi 2016 20:10
    Kolobos
    Spec od komputerów

    Fixlist.txt dla FRST:
    Task: {7362E50C-5A3A-4DC4-B882-ACD7B7513070} - System32\Tasks\Teurmulj => C:\PROGRA~1\RODLEQ~1\Guohka.bat <==== UWAGA
    Task: {96B0ACD0-D439-4824-B2C4-9BDACDDAF450} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-03-07] (UCWeb Inc)
    Task: {A1BFC23B-7852-4D7C-A9C9-F574624F9064} - System32\Tasks\{06003856-F9E6-49C6-A039-676B5D7F1E6E} => C:\Users\Domowy\Desktop\Metin5 S1\Graj_W_Metin5.exe [2014-12-06] ()
    Task: {A97A0233-FC45-482F-BE89-0DE81702B4E9} - System32\Tasks\{469FA011-806E-D36E-1EE0-1BC4983F56AF} => C:\Users\Domowy\AppData\Roaming\{469FA~1\UPDATE~1.EXE
    Task: {BFAD83A1-E17F-447C-84EF-0E298FA7929C} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
    Task: {ED270D26-1255-412D-8A86-F7F6E18DCE4E} - System32\Tasks\{6A449929-7AF8-4A42-85A7-1641F8947AAC} => C:\Users\Domowy\Desktop\Metin5 S1\Graj_W_Metin5.exe [2014-12-06] ()
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe
    Task: C:\Windows\Tasks\{469FA011-806E-D36E-1EE0-1BC4983F56AF}.job => C:\Users\Domowy\AppData\Roaming\{469FA~1\UPDATE~1.EXE
    ShortcutWithArgument: C:\Users\Domowy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\Domowy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeabests.cc/
    ShortcutWithArgument: C:\Users\Public\Desktop\World of Warcraft.lnk -> D:\wow\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment) -> hxxp://www.yeabests.cc/
    2016-04-09 18:19 - 2016-04-07 18:45 - 01852928 _____ () C:\ProgramData\testLive.exe
    Hosts:
    (© 2015 Microsoft Corporation) C:\Users\Domowy\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    () C:\ProgramData\testLive.exe
    HKU\S-1-5-21-3517841691-2690594236-2042592838-1000\...\Run: [BingSvc] => C:\Users\Domowy\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-02] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-3517841691-2690594236-2042592838-1000\...\Run: [testLive] => C:\ProgramData\testLive.exe [1852928 2016-04-07] ()
    HKU\S-1-5-21-3517841691-2690594236-2042592838-1000\...\MountPoints2: {180590a3-fd8a-11e5-aa5d-50e549a26820} - H:\TombRaider.exe
    HKU\S-1-5-21-3517841691-2690594236-2042592838-1000\...\MountPoints2: {cf5f1871-00a8-11e6-9b60-50e549a26820} - G:\setup.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-02-02] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => Brak pliku
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    SearchScopes: HKLM -> DefaultScope - brak wartości
    FF NewTab: hxxp://www-searching.com/?site=shyosffdefault...l8172bk,0aeb7123-5401-40ff-aacd-d0fe10015117,,
    FF DefaultSearchEngine: Search Module
    FF Homepage: search.mpc.am
    FF SearchPlugin: C:\Users\Domowy\AppData\Roaming\Mozilla\Firefox\Profiles\YgSq0DhB.default\searchplugins\google-avast.xml [2016-04-14]
    CHR HomePage: Default -> hxxp://www-searching.com/?s=g49zamobl8172bk,0aeb7123-5401-40ff-aacd-d0fe10015117,&prd=smw
    CHR StartupUrls: Default -> "hxxp://www-searching.com/?s=g49zamobl8172bk,0aeb7123-5401-40ff-aacd-d0fe10015117,&prd=smw"
    CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=g49zam...01-40ff-aacd-d0fe10015117,&prd=smw&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> www-searching.com
    CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3517841691-2690594236-2042592838-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-04-17 14:37 - 2016-04-17 14:37 - 00987728 _____ (Google Inc.) C:\Users\Domowy\Downloads\ChromeSetup(3).exe
    2016-04-17 13:32 - 2016-04-17 13:32 - 00987728 _____ (Google Inc.) C:\Users\Domowy\Downloads\ChromeSetup(2).exe
    2016-04-17 13:05 - 2016-04-17 13:31 - 00987728 _____ (Google Inc.) C:\Users\Domowy\Downloads\ChromeSetup(1).exe
    C:\Windows\system32\lhse
    2016-04-17 01:12 - 2016-04-17 01:12 - 00000000 ____D C:\Windows\system32\wiru
    2016-04-16 12:18 - 2016-04-16 12:18 - 00000000 __SHD C:\found.002
    2016-04-16 03:03 - 2016-04-16 03:03 - 00000000 ____D C:\Windows\system32\leec
    2016-04-15 01:58 - 2016-04-15 01:58 - 00000000 ____D C:\Windows\system32\otal
    2016-04-14 17:56 - 2016-04-14 17:56 - 00000000 _____ C:\Users\Domowy\AppData\Roaming\svrupg.exe
    2016-04-14 17:22 - 2016-04-14 17:22 - 00000000 ____D C:\Windows\system32\ykow
    2016-04-14 04:58 - 2016-04-14 04:58 - 00000000 ____D C:\Windows\system32\not
    2016-04-13 15:42 - 2016-04-14 04:42 - 00000278 _____ C:\Windows\Tasks\{469FA011-806E-D36E-1EE0-1BC4983F56AF}.job
    2016-04-13 15:42 - 2016-04-13 15:42 - 06505472 _____ C:\Users\Domowy\AppData\Roaming\agent.dat
    2016-04-13 15:42 - 2016-04-13 15:42 - 01932216 _____ C:\Users\Domowy\AppData\Roaming\Cantrax.bin
    2016-04-13 15:42 - 2016-04-13 15:42 - 01627008 _____ C:\Users\Domowy\AppData\Roaming\Zaamphase.tst
    2016-04-13 15:42 - 2016-04-13 15:42 - 00018432 _____ C:\Users\Domowy\AppData\Roaming\Main.dat
    2016-04-13 15:42 - 2016-04-13 15:42 - 00003574 _____ C:\Windows\System32\Tasks\klcp_update
    2016-04-13 15:42 - 2016-04-13 15:42 - 00003222 _____ C:\Windows\System32\Tasks\{469FA011-806E-D36E-1EE0-1BC4983F56AF}
    2016-04-13 15:42 - 2016-04-13 15:42 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
    2016-04-13 15:41 - 2016-04-13 15:41 - 00127488 _____ C:\Users\Domowy\AppData\Roaming\Installer.dat
    2016-04-12 02:42 - 2016-04-12 02:42 - 00000000 ____D C:\Windows\system32\ogo
    2016-04-11 14:22 - 2016-04-11 14:22 - 00000000 ____D C:\Windows\system32\feka
    2016-04-11 01:55 - 2016-04-11 01:55 - 00000000 ____D C:\Windows\system32\ogu
    2016-04-10 02:32 - 2016-04-10 02:32 - 00000000 ____D C:\Windows\system32\yazo
    2016-04-10 02:32 - 2016-04-10 02:32 - 00000000 ____D C:\Windows\system32\ilow
    2016-04-09 19:19 - 2016-04-12 14:56 - 00000000 ____D C:\Users\Domowy\AppData\Roaming\MCorp
    2016-04-09 18:23 - 2016-04-17 17:53 - 00000000 ____D C:\AdwCleaner
    2016-04-09 18:19 - 2016-04-09 18:19 - 00005120 _____ C:\Users\Domowy\AppData\Roaming\GiftBag.db
    2016-04-09 18:19 - 2016-04-07 18:45 - 01852928 _____ C:\ProgramData\testLive.exe
    2016-04-09 18:19 - 2016-04-06 00:37 - 00114176 _____ C:\ProgramData\hp.exe
    2016-04-09 17:59 - 2016-04-13 12:20 - 00000458 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2016-04-09 17:59 - 2016-04-12 14:50 - 00003446 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
    2016-04-09 17:59 - 2016-04-09 18:27 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2016-04-09 17:59 - 2016-04-09 17:59 - 00000000 ____D C:\Users\Domowy\AppData\Local\UCBrowser
    2016-04-09 17:57 - 2016-04-17 18:25 - 00000000 ____D C:\Users\Domowy\AppData\Roaming\DiuiAgyomk
    2016-04-09 17:57 - 2016-04-17 18:21 - 00000000 ____D C:\Users\Domowy\AppData\Roaming\Macfuttidv
    2016-04-09 17:57 - 2016-04-09 18:27 - 00000000 ____D C:\Users\Domowy\AppData\Local\app
    2016-04-09 17:56 - 2016-04-17 18:25 - 00000000 ____D C:\Users\Domowy\AppData\Roaming\Fiifphm
    2016-04-09 17:56 - 2016-04-17 18:21 - 00000000 ____D C:\Users\Domowy\AppData\LocalLow\Company
    2016-04-09 17:56 - 2016-04-09 17:57 - 00000000 ____D C:\Users\Domowy\AppData\Local\Tempfolder
    2016-04-09 17:56 - 2016-04-09 17:56 - 00003340 _____ C:\Windows\System32\Tasks\Teurmulj
    2016-04-09 17:56 - 2016-04-09 17:56 - 00000000 ____D C:\Users\Domowy\AppData\Roaming\gplyra
    2016-04-09 17:56 - 2016-04-09 17:56 - 00000000 ____D C:\uninst
    2016-04-09 17:56 - 2016-04-09 17:56 - 00000000 ____D C:\Program Files (x86)\badu
    2016-04-09 17:47 - 2016-04-09 17:49 - 00000000 ____D C:\Users\Domowy\AppData\Roaming\vnlgp
    2016-04-06 15:09 - 2016-04-06 15:09 - 00694272 _____ C:\Windows\system32\bi.exe
    2016-04-12 14:51 - 2016-03-14 15:55 - 00000000 __SHD C:\found.001
    2016-04-12 14:51 - 2016-03-03 13:56 - 00000000 __SHD C:\found.000
    2016-04-13 15:42 - 2016-04-13 15:42 - 6505472 _____ () C:\Users\Domowy\AppData\Roaming\agent.dat
    2016-04-13 15:42 - 2016-04-13 15:42 - 1932216 _____ () C:\Users\Domowy\AppData\Roaming\Cantrax.bin
    2016-04-09 18:19 - 2016-04-09 18:19 - 0005120 _____ () C:\Users\Domowy\AppData\Roaming\GiftBag.db
    2016-04-13 15:41 - 2016-04-13 15:41 - 0127488 _____ () C:\Users\Domowy\AppData\Roaming\Installer.dat
    2016-04-13 15:42 - 2016-04-13 15:42 - 0018432 _____ () C:\Users\Domowy\AppData\Roaming\Main.dat
    2016-04-14 17:56 - 2016-04-14 17:56 - 0000000 _____ () C:\Users\Domowy\AppData\Roaming\svrupg.exe
    2016-02-02 23:09 - 2016-02-02 23:09 - 0000046 _____ () C:\Users\Domowy\AppData\Roaming\WB.CFG
    2016-04-13 15:42 - 2016-04-13 15:42 - 1627008 _____ () C:\Users\Domowy\AppData\Roaming\Zaamphase.tst
    2016-04-09 18:19 - 2016-04-07 18:45 - 1852928 _____ () C:\ProgramData\testLive.exe
    2016-04-10 14:41 - 2016-04-15 10:14 - 0000000 _____ () C:\ProgramData\webad.xml
    2016-04-10 16:00 - 2016-04-10 16:00 - 0000161 _____ () C:\ProgramData\xcgui_debug.txt
    EmptyTemp:

    Po wykonaniu uzyj RepairDns: https://www.elektroda.pl/rtvforum/download.php?id=731083 i zamiesc log, ktory sie utworzy.

    1
  • #4 17 Kwi 2016 20:49
    yybb
    Poziom 2  

    Dziękuję, zrobiłam tak jak w pierwszej odpowiedzi i jest ok :D.

    0
  • #5 17 Kwi 2016 20:56
    Kolobos
    Spec od komputerów

    Wykonaj to co podalem, @Acorus 20 nawet nie zwrocil uwagi na zainfekowany plik dnsapi.dll.

    0