Elektroda.pl
Elektroda.pl
X
SterControl
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Mpc Cleaner - Usunięcie szkodliwego programu.

aki1986 09 Maj 2016 15:43 1452 3
  • SterControl
  • #2 09 Maj 2016 15:55
    Kolobos
    Spec od komputerów

    Sam zainstalowales tego keyloggera: BlazingTools Perfect Keylogger?

    Odinstaluj:
    CleanBrowser
    comoBoss version 1.1
    Google Update Helper
    groover
    mobilepcstarterkit version 1.1
    SunnyDay

    Uruchom z prawami administratora plik C:\Program Files (x86)\MPC Cleaner\Uninstall.exe i odinstaluj MPC Cleaner.

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Uruchom system w trybie awaryjnym.
    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {52ABCE2A-6020-4AAC-B2FE-F6B421193AFD} - System32\Tasks\{07A75086-2D70-4CA2-B5EE-2C1AFA9FE6B4} => pcalua.exe -a "C:\Program Files (x86)\SpeedFan\uninstall.exe"
    Task: {747A62C9-18A9-4BD7-B844-B27BB0145BB1} - System32\Tasks\Lorckphsary Reports => C:\Program Files (x86)\Lorckphsary\lrcReportsTask.exe [2016-05-06] ()
    Task: {9BDFA0F5-F0AA-4503-B873-E12287F07B0C} - System32\Tasks\{1FA1A7C4-3DE2-4B24-9D06-9B13342E1B72} => C:\Users\JAS\AppData\Local\Temp\Rar$EXa0.731\StubInstallerCleanUp.bat [2016-05-09] () <==== UWAGA
    Task: {B05878DB-62BA-423C-A4CB-ED3E43383839} - System32\Tasks\svchost => C:\WINDOWS\Temp\20E6.tmp
    Task: {F8B72B79-CAD5-4F49-9590-591FEF64DAC1} - System32\Tasks\{49D21E80-5747-4F8C-9E45-2AF51BBB596C} => pcalua.exe -a "C:\Users\JAS\Downloads\ELITE KEYLOGGER FULL 2010.exe" -d C:\Users\JAS\Downloads
    ShortcutWithArgument: C:\Users\JAS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://mmotraffic.com/catalog/goplay/1000932/...k_id=c22395d0444601cf2cb89ba2f3c16736657794e6
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    Hosts:
    () C:\Program Files\Luonaefod\Poauwgug.exe
    () C:\Program Files\Luonaefod\Osobfikd.exe
    () C:\Program Files\Luonaefod\Osobfikd64.exe
    () C:\Program Files\Luonaefod\OvimkEbie.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe




    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMDL.exe
    (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
    () C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
    () C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
    () C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
    () C:\Program Files (x86)\CleanBrowser\app\bin\nw.exe
    () C:\Program Files (x86)\SunnyDay21\SunnyDay.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
    () C:\Program Files (x86)\comoBoss\comowin.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\QQPCNetFlow.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRealTimeSpeedup.exe
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe [362304 2016-05-09] (Tencent)
    HKLM-x32\...\Run: [sun21] => C:\Program Files (x86)\SunnyDay21\SunnyDay.exe [4333056 2016-05-08] ()
    HKLM-x32\...\Run: [comoBoss] => C:\Program Files (x86)\comoBoss\comowin.exe [4325888 2016-05-08] ()
    HKLM\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs,
    HKLM-x32\...\Winlogon: [Userinit] wscript C:\WINDOWS\run.vbs, [X]
    HKU\S-1-5-21-49447800-679507840-1060790145-1001\...\Run: [tsiVideo] => C:\WINDOWS\SysWOW64\rundll32.exe C:\Users\JAS\AppData\Local\Temp\mdi064.dll,quardin <===== UWAGA
    HKU\S-1-5-21-49447800-679507840-1060790145-1001\...\MountPoints2: {0f3fe657-bb00-11e5-bef8-bc5ff4673254} - "G:\LG_PC_Programs.exe"
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll [2016-05-09] (Tencent)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    Tcpip\..\Interfaces\{111B40F8-9883-466C-8279-8279A3928103}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{1FA75EA3-880E-4EE4-97D0-20A02439FA54}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{C0CD8B21-4FA0-471D-89B6-D9C4B2A05F10}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{C1DA2BEB-C47C-45A6-9EE6-7592A9FBD6F9}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{D92312D7-BDB5-4442-BCB4-A1B02B1A8218}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{E6775015-32D0-4BC2-91C6-E6C194B2F96A}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{E8C1BE2B-AF81-4807-9FFF-2F3738078AC9}: [NameServer] 104.197.191.4
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=92552456_hao_pg
    HKU\S-1-5-21-49447800-679507840-1060790145-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=92552456_hao_pg
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat [2016-05-09] (Tencent)
    Toolbar: HKU\S-1-5-21-49447800-679507840-1060790145-1001 -> Brak nazwy - {42309A53-03F9-4BF8-B413-8E640B034329} - Brak pliku
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\npQMExtensionsMozilla.dll [2016-05-09] (Tencent Technology (Shenzhen) Company Limited)
    FF user.js: detected! => C:\Users\JAS\AppData\Roaming\Mozilla\Firefox\Profiles\1rno6p6t.default-1440618612932\user.js [2016-05-09]
    FF SearchPlugin: C:\Users\JAS\AppData\Roaming\Mozilla\Firefox\Profiles\1rno6p6t.default-1440618612932\searchplugins\findit.xml [2016-02-21]
    CHR Extension: (SNT) - C:\Users\JAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjkknhfdcifongnmcelkhjigdhlmcnj [2014-05-18]
    R2 4C0038ED-7788-4DE6-bE7C-A75803958764; C:\Program Files\Luonaefod\Poauwgug.exe [0 ] () <==== UWAGA (zerobajtowy plik/folder)
    S2 lrcReportsService; C:\Program Files (x86)\Lorckphsary\lrcReportsService.exe [1005736 2016-05-06] ()
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-05-09] (DotC United Inc)
    R2 OvimkEbie; C:\Program Files\Luonaefod\OvimkEbie.exe [0 ] () <==== UWAGA (zerobajtowy plik/folder)
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe [313936 2016-05-09] (Tencent)
    U2 QQRepair1ef8; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair1ef8 [136512 2016-05-09] ()
    S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [140608 2016-05-09] ()
    S2 culonogi; C:\Program Files (x86)\03000200-1462785215-0500-0006-000700080009\jnsxB689.tmp [X]
    S2 Fhgaoert; "C:\Users\JAS\AppData\Roaming\KhfeAcao\Saafve.exe" -cms [X]
    S2 GoogleChromeUpService; Brak ImagePath
    S2 Luonaefod Updater; C:\Program Files\Luonaefod\Pibkh.exe [X]
    S2 mikimosuzbt; C:\Program Files (x86)\03000200-1462785215-0500-0006-000700080009\knsi9F32.tmpfs [X]
    S2 rijufoze; C:\Program Files (x86)\03000200-1462785215-0500-0006-000700080009\hnsaCBC8.tmp [X]
    S2 Uwugubezm; Brak ImagePath
    S2 zigipyro; C:\Users\JAS\AppData\Local\03000200-1462793203-0500-0006-000700080009\qnsq99E0.tmp [X]
    R5 bsdpf64; C:\Windows\System32\Drivers\bsdpf64.sys [27456 2016-05-09] () [Brak podpisu cyfrowego]
    R5 bsdpr64; C:\Windows\System32\Drivers\bsdpr64.sys [26944 2016-05-09] () [Brak podpisu cyfrowego]
    R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [65344 2016-05-09] (Windows (R) Win 7 DDK provider)
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-05-09] (DotC United Inc)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUdisk64.sys [184952 2016-04-18] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQSysMonX64.sys [154744 2016-05-09] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\softaal64.sys [44664 2016-05-09] (Tencent)
    R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [172664 2016-05-09] ()
    R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [99480 2016-05-09] (Tencent)
    R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [143992 2016-05-09] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [97400 2016-05-09] (电脑管家)
    S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSDefenseBT64.sys [28984 2016-05-09] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TsNetHlpX64.sys [57976 2016-05-09] ()
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSSysKit64.sys [96888 2016-05-09] (电脑管家)
    R5 bsdpf64; <===== UWAGA: Zablokowana usługa
    R5 bsdpr64; <===== UWAGA: Zablokowana usługa
    2016-05-09 15:13 - 2016-05-09 15:13 - 00001741 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-05-09 15:13 - 2016-05-09 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-05-09 15:12 - 2016-05-09 15:12 - 00000000 ____D C:\Users\JAS\AppData\Local\SunnyDay21
    2016-05-09 15:12 - 2016-05-09 15:12 - 00000000 ____D C:\Users\JAS\AppData\Local\csdi_monetize_220160509
    2016-05-09 15:12 - 2016-05-09 15:12 - 00000000 ____D C:\Program Files (x86)\SunnyDay21
    2016-05-09 15:12 - 2016-05-09 15:12 - 00000000 ____D C:\Program Files (x86)\comoBoss
    2016-05-09 15:09 - 2016-05-09 15:09 - 00000000 ____D C:\Users\JAS\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-05-09 11:30 - 2016-05-09 11:30 - 00000000 ____D C:\Users\JAS\AppData\Roaming\MCorp
    2016-05-09 11:27 - 2016-05-09 11:32 - 00000000 ____D C:\Users\JAS\AppData\Roaming\Tencent
    2016-05-09 11:27 - 2016-05-09 11:27 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-05-09 11:27 - 2016-05-09 11:27 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-05-09 11:27 - 2016-05-09 11:26 - 00143992 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
    2016-05-09 11:27 - 2016-05-09 11:26 - 00099480 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
    2016-05-09 11:26 - 2016-05-09 15:07 - 00000000 ____D C:\Users\JAS\AppData\Local\03000200-1462793203-0500-0006-000700080009
    2016-05-09 11:26 - 2016-05-09 15:04 - 00000000 ____D C:\ProgramData\Tencent
    2016-05-09 11:26 - 2016-05-09 11:26 - 00097400 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
    2016-05-09 11:26 - 2016-05-09 11:26 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-05-09 11:24 - 2016-05-05 09:36 - 01612800 _____ C:\ProgramData\360dlr.exe
    2016-05-09 11:24 - 2016-04-26 17:07 - 01253376 _____ (eee) C:\ProgramData\apptj.exe
    2016-05-09 11:24 - 2016-04-25 16:47 - 01266176 _____ C:\ProgramData\conhost.exe
    2016-05-09 11:24 - 2016-04-25 16:46 - 00114176 _____ C:\ProgramData\hp.exe
    2016-05-09 11:18 - 2016-05-09 11:17 - 02066432 _____ (TODO: <公司名>) C:\Users\JAS\AppData\Roaming\tasklist.exe
    2016-05-09 11:18 - 2016-05-09 08:45 - 01920000 _____ C:\ProgramData\msiql.exe
    2016-05-09 11:18 - 2016-05-03 10:40 - 01443152 _____ ( ) C:\Users\JAS\AppData\Roaming\AutoTime_51477.exe
    2016-05-09 11:17 - 2016-05-09 15:13 - 00000000 ____D C:\Users\JAS\AppData\Local\app
    2016-05-09 11:17 - 2016-04-27 14:46 - 01755136 _____ C:\Users\JAS\AppData\Roaming\service.exe
    2016-05-09 11:16 - 2016-05-09 15:07 - 00000000 ____D C:\Users\JAS\AppData\Roaming\KhfeAcao
    2016-05-09 11:16 - 2016-05-09 15:07 - 00000000 ____D C:\Users\JAS\AppData\Roaming\Gecaeogi
    2016-05-09 11:16 - 2016-05-09 15:07 - 00000000 ____D C:\Program Files\Luonaefod
    2016-05-09 11:16 - 2016-05-09 11:25 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-05-09 11:16 - 2016-05-09 11:16 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
    2016-05-09 11:16 - 2016-05-09 11:16 - 00027456 _____ C:\WINDOWS\system32\Drivers\bsdpf64.sys
    2016-05-09 11:16 - 2016-05-09 11:16 - 00026944 _____ C:\WINDOWS\system32\Drivers\bsdpr64.sys
    2016-05-09 11:16 - 2016-05-09 11:16 - 00008854 _____ C:\WINDOWS\System32\Tasks\Lorckphsary Reports
    2016-05-09 11:16 - 2016-05-09 11:16 - 00002962 _____ C:\WINDOWS\System32\Tasks\svchost
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\Users\Public\Thunder Network
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\Users\JAS\AppData\Roaming\UPUpdata
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\Users\JAS\AppData\Roaming\gplyra
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\Users\JAS\AppData\Roaming\cpuminer
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\Users\JAS\AppData\Roaming\CCACCBF1-7AB4-4CF5-B32D-668C686A539F
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\Users\JAS\AppData\LocalLow\Company
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\Users\JAS\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\Users\JAS\AppData\Local\tuto_monetize_120160508
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\Users\JAS\AppData\Local\Tempfolder
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\Users\JAS\AppData\Local\csdi_monetize_120160508
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\uninst
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\ProgramData\Thunder Network
    2016-05-09 11:16 - 2016-05-09 11:16 - 00000000 ____D C:\Program Files\LuonaefodUn
    2016-05-09 11:15 - 2016-05-09 15:07 - 00000000 ____D C:\Program Files (x86)\EasyHotspot
    2016-05-09 11:15 - 2016-05-09 11:17 - 00000000 ____D C:\Program Files (x86)\mobilepcstarterkit
    2016-05-09 11:15 - 2016-05-09 11:17 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
    2016-05-09 11:15 - 2016-05-09 11:16 - 00000000 ____D C:\Users\Public\Documents\dmp
    2016-05-09 11:15 - 2016-05-09 11:16 - 00000000 ____D C:\Program Files (x86)\Lorckphsary
    2016-05-09 11:13 - 2016-05-09 15:06 - 00000000 ____D C:\Program Files (x86)\03000200-1462785215-0500-0006-000700080009
    2016-05-09 11:13 - 2016-05-09 11:12 - 00001095 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
    2016-05-09 11:12 - 2016-05-09 11:12 - 00003442 _____ C:\WINDOWS\System32\Tasks\{1FA1A7C4-3DE2-4B24-9D06-9B13342E1B72}
    2016-04-23 17:19 - 2014-07-25 04:39 - 00293320 ____N (深圳市迅雷网络技术有限公司) C:\Users\JAS\AppData\Roaming\xldl.dll
    2016-02-21 11:37 - 2016-02-21 11:37 - 7951360 _____ () C:\Users\JAS\AppData\Roaming\agent.dat
    2016-05-09 11:18 - 2016-05-03 10:40 - 1443152 _____ ( ) C:\Users\JAS\AppData\Roaming\AutoTime_51477.exe
    2016-02-21 11:37 - 2016-02-21 11:37 - 0063696 _____ () C:\Users\JAS\AppData\Roaming\Config.xml
    2016-02-21 11:36 - 2016-02-21 11:37 - 0011472 _____ () C:\Users\JAS\AppData\Roaming\InstallationConfiguration.xml
    2016-02-21 11:36 - 2016-02-21 11:36 - 0126976 _____ () C:\Users\JAS\AppData\Roaming\Installer.dat
    2016-02-21 11:37 - 2016-02-21 11:36 - 0667136 _____ () C:\Users\JAS\AppData\Roaming\Lacof.exe
    2016-02-21 11:37 - 2016-02-21 11:37 - 1881628 _____ () C:\Users\JAS\AppData\Roaming\Lacof.tst
    2016-02-21 11:37 - 2016-02-21 11:37 - 0018432 _____ () C:\Users\JAS\AppData\Roaming\Main.dat
    2016-02-21 11:37 - 2016-02-21 11:37 - 0005568 _____ () C:\Users\JAS\AppData\Roaming\md.xml
    2016-02-21 11:37 - 2016-02-21 11:37 - 0126464 _____ () C:\Users\JAS\AppData\Roaming\noah.dat
    2016-05-09 11:17 - 2016-04-27 14:46 - 1755136 _____ () C:\Users\JAS\AppData\Roaming\service.exe
    2016-05-09 11:18 - 2016-05-09 11:17 - 2066432 _____ (TODO: <公司名>) C:\Users\JAS\AppData\Roaming\tasklist.exe
    2016-02-21 11:37 - 2016-02-21 11:37 - 0032038 _____ () C:\Users\JAS\AppData\Roaming\uninstall_temp.ico
    2014-01-02 21:02 - 2016-05-09 08:46 - 0000139 _____ () C:\Users\JAS\AppData\Roaming\WB.CFG
    2016-04-23 17:19 - 2014-07-25 04:39 - 0293320 ____N (深圳市迅雷网络技术有限公司) C:\Users\JAS\AppData\Roaming\xldl.dll
    2015-04-21 18:05 - 2015-05-05 21:29 - 0000792 _____ () C:\Users\JAS\AppData\Local\Temp-log.txt
    2016-05-09 11:24 - 2016-05-05 09:36 - 1612800 _____ () C:\ProgramData\360dlr.exe
    2016-05-09 11:24 - 2016-04-26 17:07 - 1253376 _____ (eee) C:\ProgramData\apptj.exe
    2016-05-09 11:24 - 2016-04-25 16:47 - 1266176 _____ () C:\ProgramData\conhost.exe
    2016-05-09 11:24 - 2016-04-25 16:46 - 0114176 _____ () C:\ProgramData\hp.exe
    2016-05-09 11:18 - 2016-05-09 08:45 - 1920000 _____ () C:\ProgramData\msiql.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Jezeli nic sie nie usunie to uruchom FRST z poziomu WinRe o tak: http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujących-windows/ i tam wykonaj podany Fixlist.txt

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu wszystkiego zamiesc nowe logi z FRST, ze skanowania.

    0
  • SterControl
  • #3 23 Lip 2016 14:25
    aki1986
    Poziom 4  

    Dzięki pomogło :)
    Przepraszam że tak póżno odpowiedziałem.

    0