Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

FRST - analiza logów, dużo reklam w przeglądarkach.

poldzer 28 Maj 2016 10:48 648 10
  • Pomocny post
    #2 28 Maj 2016 11:13
    Kolobos
    Spec od komputerów

    Nie uzywaj nigdy wiecej Combofix.


    Odinstaluj: Body Text Feathering

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {05D579D1-BA71-4A61-8593-53820CBF8D0A} - System32\Tasks\{A9D58AD3-65B7-4388-B052-57F3F7112B96} => C:\Users\Kuba\Desktop\IGG-Whos.Your.Daddy.v1.1.0\WhosYourDaddy.exe
    Task: {7F3D6C1E-90CF-45C2-8BDD-DD3538324A72} - System32\Tasks\{FF0DFAA8-8755-495B-8A86-EA57EE4FD8DE} => C:\Minecraft Pingwin Pack 2\Minecraft Pingwin Pack 2.exe [2013-08-03] (Pingwin Pack)
    Task: {90E2D12E-FD96-4359-A160-C564CCB82DF4} - System32\Tasks\{0E7D0A47-0409-7D79-0C11-097D0D0F1108} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand
    Task: {9BA99251-968C-4C4F-B8CC-79B7E9EA70D3} - System32\Tasks\{B3448421-2DEA-4B5F-87A2-214242C91669} => C:\Minecraft Pingwin Pack 2\Minecraft Pingwin Pack 2.exe [2013-08-03] (Pingwin Pack)
    Task: {CED8FA44-5B56-4254-B56D-EA544D015735} - System32\Tasks\{FA9E79ED-DE66-4893-A340-F96BF8A6380B} => D:\Program Files (x86)\Activision\Singularity(TM)\Binaries\Singularity.exe
    Task: {D16BDD49-0B7B-4C84-A9F4-EA7BA85F397E} - System32\Tasks\{AFDD3440-AB76-4303-B47A-F0C562FE4DA8} => C:\Minecraft Pingwin Pack 2\Minecraft Pingwin Pack 2.exe [2013-08-03] (Pingwin Pack)
    Task: {E10BE687-1158-4CDC-8A1C-B2D3A2868D92} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\178BB09CF1BA7DB3A22E8C1D9CA9CD13\Update\BrowserUpdate.exe <==== UWAGA
    Task: {F11440CC-3B6A-42E3-8911-C7BA88EBD70A} - System32\Tasks\DNS Monitoring => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~2\DNSUNL~1\DNSMON~1.DLL" <==== UWAGA
    Task: {FD905D43-23A8-4F69-AFD7-B66D54CE699B} - System32\Tasks\osTip => Rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA (yeabests)
    ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1462368106&a=1054904&src=sh&uuid=e0bff9e0-ba0f-4409-bbcf-780c0cea94e8"
    ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc




    ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.hohosearch.com/?ts=AHEqAXArA34qBk....66E24D7095963DD206&ptid=clc&mode=scrp
    ShortcutWithArgument: C:\Users\Kuba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.hohosearch.com/?ts=AHEqAXArA34qBk....66E24D7095963DD206&ptid=clc&mode=scrp
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://yeabests.cc
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    HKLM\...\batfile\DefaultIcon: %SystemRoot%\SysWow64\imageres.dll,-68 <===== UWAGA
    HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\SysWow64\imageres.dll,-68 <===== UWAGA
    IE trusted site: HKU\S-1-5-21-1371513899-3904243246-46860677-1000\...\baidu.com -> hxxp://baidu.com
    Hosts:
    (Microsoft Corporation) C:\ComboFix\CF32111.3XE
    () C:\Windows\PEV.exe
    Startup: C:\Users\jaaaa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-05-16]
    ShortcutTarget: MEGAsync.lnk -> C:\Users\Kuba\AppData\Local\MEGAsync\MEGAsync.exe (Brak pliku)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    AutoConfigURL: [S-1-5-21-1371513899-3904243246-46860677-1000] => hxxp://unstops.net/wpad.dat?ea4918ea5729617d7d5a0028b717bbb99746387
    Hosts: W pliku Hosts jest więcej niż jedno wejście. Sprawdź sekcję Hosts w Addition.txt
    Tcpip\..\Interfaces\{13892BD2-5C9B-45F0-A822-870E64AA63FF}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{38E54723-EB3A-44C4-B1A0-A9557B93889D}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{639B65F8-BC77-49D3-953D-E3537CDA5E73}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{73518678-8424-40A7-BF91-60280B4731A7}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{C1F24F1D-E9FD-45C6-B74E-0DDA47320C38}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{C4E5E702-4044-4AB4-8720-88FFDEF6902E}: [NameServer] 104.197.191.4
    ManualProxies: 0hxxp://unstops.net/wpad.dat?ea4918ea5729617d7d5a0028b717bbb99746387
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1371513899-3904243246-46860677-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am/?geo=pl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.2345.com/?34838
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=pl
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am/?geo=pl
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
    HKU\S-1-5-21-1371513899-3904243246-46860677-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1371513899-3904243246-46860677-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
    SearchScopes: HKLM -> DefaultScope {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-1371513899-3904243246-46860677-1000 -> {0644EE93-D778-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.mpc.am/index/search?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968&ie=UTF-8
    SearchScopes: HKU\S-1-5-21-1371513899-3904243246-46860677-1000 -> {2817FE29-882A-4A72-B5D9-F58D12A004D6} URL = hxxps://search.yahoo.com/search?fr=chr-greent...mp;ei=utf-8&ilc=12&type=639975&p={searchTerms}
    Toolbar: HKU\S-1-5-21-1371513899-3904243246-46860677-1000 -> Brak nazwy - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Brak pliku
    FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\npxbdcntb.dll [Brak pliku]
    S4 GoogleChromeUpSvc; C:\Users\Kuba\AppData\Roaming\svrupg.exe [0 2016-04-14] () <==== UWAGA (zerobajtowy plik/folder)
    S2 nedodilozbt; C:\Program Files (x86)\00000000-1464011038-0000-0000-D8CB8A350F82\knso7202.tmp [171520 2016-05-27] () [Brak podpisu cyfrowego]
    S2 ProntSpooler; C:\Users\Kuba\AppData\Local\Apps\2.0\abril.exe [130048 2016-04-23] () [Brak podpisu cyfrowego]
    S2 zigipyro; C:\Users\Kuba\AppData\Local\00000000-1464393151-0000-0000-D8CB8A350F82\qnse5C96.tmp [158720 2016-05-28] () [Brak podpisu cyfrowego]
    S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
    S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRtp.exe" -r [X]
    S2 WinDefend; %ProgramFiles(x86)%\Windows Defender\mpsvc.dll [X]
    R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [82240 2016-05-04] (Cherimoya Ltd)
    S2 NSHE; C:\Windows\SysWOW64\Drivers\NSHE.SYS [97792 2014-03-30] (Tecar Forum) [Brak podpisu cyfrowego]
    S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45304 2016-05-05] (电脑管家)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X]
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [X]
    S1 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S1 TsDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsDefenseBT64.sys [X]
    S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-05-28 10:34 - 2016-05-28 10:36 - 00000000 ___SD C:\ComboFix
    2016-05-28 09:59 - 2016-05-28 10:00 - 05659526 _____ (Swearware) C:\Users\Kuba\Downloads\ComboFix (1).exe
    2016-05-28 09:58 - 2016-05-28 09:59 - 05659526 ____R (Swearware) C:\Users\Kuba\Downloads\ComboFix.exe
    2016-05-23 16:16 - 2016-05-23 16:31 - 00000000 ____D C:\Users\jaaaa\AppData\LocalLow\Baidu
    2016-05-23 16:16 - 2016-05-23 16:16 - 00000000 ____D C:\Users\jaaaa\AppData\Roaming\Baidu
    2016-05-23 15:53 - 2016-05-27 21:47 - 00000000 ____D C:\Program Files (x86)\GAMI
    2016-05-23 15:53 - 2016-05-23 15:53 - 00000000 ____D C:\ProgramData\Tencent
    2016-05-23 15:52 - 2016-05-23 17:42 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\Baidu
    2016-05-23 15:52 - 2016-05-23 17:42 - 00000000 ____D C:\Users\Kuba\AppData\LocalLow\Baidu
    2016-05-23 15:52 - 2016-05-23 15:52 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\Tencent
    2016-05-23 15:52 - 2016-05-23 15:52 - 00000000 ____D C:\ProgramData\Baidu
    2016-05-23 15:52 - 2016-05-23 15:52 - 00000000 ____D C:\Program Files\Common Files\Baidu
    2016-05-23 15:47 - 2010-08-16 21:44 - 00021504 ___SH C:\Users\Kuba\Desktop\Thumbs.db
    2016-05-23 15:45 - 2016-05-23 15:53 - 00001803 _____ C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\GAMI starten.lnk
    2016-05-23 15:45 - 2016-05-23 15:53 - 00001779 _____ C:\Users\jaaaa\Desktop\GAMI.lnk
    2016-05-23 15:45 - 2016-05-23 15:53 - 00001779 _____ C:\Users\Administrator\Desktop\GAMI.lnk
    2016-05-23 15:45 - 2016-05-23 15:45 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GAMI
    2016-05-23 15:45 - 2016-05-23 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMI
    2016-05-20 12:01 - 2016-05-25 11:34 - 00000000 ____D C:\ProgramData\5winp5
    2016-05-16 22:17 - 2016-05-17 21:14 - 00000000 _____ C:\Windows\SysWOW64\tmp5.html
    2016-05-16 21:02 - 2016-05-16 21:02 - 00000000 ____D C:\Users\jaaaa\AppData\Roaming\WinZiper
    2016-05-16 21:02 - 2016-05-16 21:02 - 00000000 ____D C:\Users\jaaaa\AppData\Roaming\eCyber
    2016-05-16 15:45 - 2016-05-16 15:45 - 01380712 _____ C:\Users\Kuba\Downloads\steam.exe.EXE
    2016-05-16 15:44 - 2016-05-16 15:45 - 01040920 _____ (Bemeh ) C:\Users\Kuba\Downloads\steam.exe
    2016-05-16 14:35 - 2016-05-22 21:56 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-05-16 14:35 - 2016-05-22 21:52 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\eCyber
    2016-05-16 14:35 - 2016-05-16 14:35 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\WinZiper
    2016-05-16 14:34 - 2016-05-25 11:34 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\TSv
    2016-05-16 14:34 - 2016-05-23 17:43 - 00000001 _____ C:\Windows\SysWOW64\pl.html
    2016-05-16 14:34 - 2016-05-20 12:01 - 00009426 _____ C:\Windows\System32\Tasks\Browser Updater Task(Core)
    2016-05-13 11:29 - 2016-05-20 21:24 - 00000000 ____D C:\Program Files (x86)\hohobnd
    2016-05-13 11:23 - 2016-05-13 11:23 - 00003024 _____ C:\Windows\System32\Tasks\{FA9E79ED-DE66-4893-A340-F96BF8A6380B}
    2016-05-13 07:53 - 2016-05-27 21:41 - 00000000 ____D C:\AdwCleaner
    2016-05-05 16:23 - 2016-05-05 16:23 - 00000000 ____D C:\Windows\system32\ura
    2016-05-05 13:04 - 2016-05-05 18:19 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-05-05 13:04 - 2016-05-05 13:04 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-05-05 13:03 - 2016-05-05 16:27 - 00087800 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-05-05 13:03 - 2016-05-05 16:27 - 00045304 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2016-05-05 13:02 - 2016-05-05 13:02 - 00413439 _____ C:\ProgramData\xdo.zip
    2016-05-05 13:02 - 2016-05-05 09:36 - 01612800 _____ C:\ProgramData\360dlr.exe
    2016-05-05 13:02 - 2016-04-26 23:03 - 01253376 _____ (eee) C:\ProgramData\apptj.exe
    2016-05-05 13:00 - 2016-04-19 17:41 - 01266176 _____ C:\ProgramData\conhost.exe
    2016-05-05 13:00 - 2016-04-19 12:39 - 00114176 _____ C:\ProgramData\hp.exe
    2016-05-04 21:28 - 2016-05-04 21:28 - 00000000 ____D C:\Windows\system32\xoi
    2016-05-04 21:28 - 2016-05-04 21:28 - 00000000 ____D C:\Windows\system32\upi
    2016-05-04 21:22 - 2016-05-04 21:22 - 00000000 ____D C:\Users\jaaaa\AppData\Local\tuto_monetize_120160504
    2016-05-04 21:22 - 2016-05-04 21:22 - 00000000 ____D C:\Users\jaaaa\AppData\Local\csdi_monetize_120160504
    2016-05-04 16:00 - 2016-05-04 16:00 - 00000000 ____D C:\Users\Kuba\AppData\Local\csdi_monetize_220160504
    2016-05-04 15:59 - 2016-05-04 15:59 - 00000000 ____D C:\Users\Kuba\AppData\Local\csdi_monetize_120160504
    2016-05-04 15:57 - 2016-05-04 15:57 - 00000000 ____D C:\Users\Kuba\AppData\Local\tuto_monetize_120160504
    2016-05-04 15:56 - 2016-05-04 15:56 - 00000000 ____D C:\Users\Kuba\AppData\LocalLow00619BC8
    2016-05-04 15:56 - 2016-05-04 15:56 - 00000000 ____D C:\Users\Kuba\AppData\LocalLow005BD010
    2016-05-04 15:56 - 2016-05-04 15:56 - 00000000 ____D C:\Users\Kuba\AppData\LocalLow000000000041FEA8
    2016-05-04 15:56 - 2016-05-04 15:56 - 00000000 ____D C:\Users\Kuba\AppData\LocalLow000000000041FDD8
    2016-05-04 15:56 - 2016-05-04 15:56 - 00000000 ____D C:\Users\Kuba\AppData\LocalLow000000000041FD08
    2016-05-04 15:56 - 2016-05-04 15:56 - 00000000 ____D C:\Users\Kuba\AppData\LocalLow000000000041FC38
    2016-05-04 15:56 - 2016-05-04 15:56 - 00000000 ____D C:\Users\Kuba\AppData\LocalLow00000000003F4858
    2016-05-04 15:55 - 2016-05-04 16:04 - 00000000 ____D C:\Users\Kuba\AppData\Local\app
    2016-05-04 15:55 - 2016-05-04 15:58 - 00000000 ____D C:\Users\Kuba\AppData\Local\Apps\2.0
    2016-05-04 15:48 - 2016-05-05 18:33 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\Cedfis
    2016-05-04 15:46 - 2016-05-05 18:33 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\Sijonevje
    2016-05-04 15:46 - 2016-05-04 15:46 - 00000000 ____D C:\Users\Kuba\AppData\LocalLow0074FE98
    2016-05-04 15:46 - 2016-05-04 15:46 - 00000000 ____D C:\Users\Kuba\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2016-05-04 15:27 - 2016-05-04 16:00 - 00003726 _____ C:\Windows\System32\Tasks\DNS Monitoring
    2016-05-04 15:27 - 2016-05-04 15:27 - 00000000 ____D C:\ProgramData\52e60ef1-6d55-0
    2016-05-04 15:27 - 2016-05-04 15:27 - 00000000 ____D C:\ProgramData\52e60ef1-0517-1
    2016-05-04 15:24 - 2016-05-10 15:41 - 00000000 ____D C:\Program Files (x86)\00000000-1462368240-0000-0000-D8CB8A350F82
    2016-05-04 15:24 - 2016-05-04 15:24 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\SpringFiles
    2016-05-04 15:22 - 2016-05-04 15:22 - 00000000 ____D C:\ProgramData\LuckyBrowse
    2016-05-04 13:21 - 2016-05-04 15:48 - 00082240 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
    2016-05-03 08:15 - 2014-03-30 22:59 - 00097792 _____ (Tecar Forum) C:\Windows\SysWOW64\Drivers\NSHE.SYS
    2016-05-28 10:01 - 2016-03-25 20:48 - 00000000 ____D C:\Qoobox
    2016-05-04 15:58 - 2016-04-06 21:01 - 00000000 ____D C:\Users\Kuba\AppData\Roaming\UPUpdata
    2016-05-04 15:57 - 2016-04-06 19:53 - 00000000 ____D C:\Users\Public\Thunder Network
    2016-05-04 15:56 - 2016-03-20 19:43 - 00000000 ____D C:\Users\Kuba\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-05-04 15:48 - 2016-02-07 00:38 - 00000000 ____D C:\Users\Kuba\AppData\Local\Tempfolder
    2016-05-05 13:02 - 2016-05-05 09:36 - 1612800 _____ () C:\ProgramData\360dlr.exe
    2016-04-26 14:24 - 2016-04-26 14:24 - 0000009 ____N () C:\ProgramData\a.bat
    2010-08-28 22:43 - 2010-08-28 22:43 - 0577335 ____N () C:\ProgramData\adb.exe
    2010-08-28 22:43 - 2010-08-28 22:43 - 0096256 ____N (Google, inc) C:\ProgramData\AdbWinApi.dll
    2010-08-28 22:43 - 2010-08-28 22:43 - 0060928 ____N (Google, inc) C:\ProgramData\AdbWinUsbApi.dll
    2016-05-05 13:02 - 2016-04-26 23:03 - 1253376 _____ (eee) C:\ProgramData\apptj.exe
    2016-05-05 13:00 - 2016-04-19 17:41 - 1266176 _____ () C:\ProgramData\conhost.exe
    2016-02-02 20:17 - 2016-02-02 20:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2010-08-28 22:43 - 2010-08-28 22:43 - 0356009 ____N () C:\ProgramData\fastboot.exe
    2016-05-05 13:00 - 2016-04-19 12:39 - 0114176 _____ () C:\ProgramData\hp.exe
    2016-05-05 13:02 - 2016-05-05 13:02 - 0413439 _____ () C:\ProgramData\xdo.zip
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Uzyj RepairDNS i zamiesc log, ktory sie utworzy:
    https://www.elektroda.pl/rtvforum/download.php?id=731083
    Oraz nowe logi z FRST, ze skanowania, utworzone PO uzyciu RepairDNS.

    0
  • Pomocny post
    #4 28 Maj 2016 12:50
    Kolobos
    Spec od komputerów

    Miales zamiescic log z RepairDNS, a nie z mbam. Do tego brakuje addition.txt z FRST (zaznacz stosowna opcje w FRST i zamiesc brakujacy nowy log).

    0
  • Pomocny post
    #6 28 Maj 2016 13:02
    Kolobos
    Spec od komputerów

    Widze, ze musze napisac trzeci raz to samo... zamiesc log z RepairDns!

    0
  • #8 28 Maj 2016 13:06
    Kolobos
    Spec od komputerów

    Wykonaj taki Fixlist.txt dla FRST:
    Replace: C:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll

    Po wykonaniu uzyj ponownie RepairDNS i zamiesc nowy log.

    0
  • #10 28 Maj 2016 15:26
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #11 29 Maj 2016 09:44
    poldzer
    Poziom 17  

    Wszystko wróciło do normy. Dzięki.
    FRST - analiza logów, dużo reklam w przeglądarkach.

    0