Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Safe finder - jak usunąć?

machal 05 Cze 2016 10:51 1029 5
  • #2 05 Cze 2016 11:44
    Acorus 20
    Spec od komputerów

    Jeszcze jeden polecacz Spyhuntera. Odinstaluj Body Text Feathering, CleanBrowser. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {1CB458BA-E4A6-4113-8545-8E0A8C6872AA} - System32\Tasks\osTip => C:\ProgramData\WindowsMsg\osmsg.exe [2016-06-03] ()
    Task: {CB9BF172-0BD7-44BE-8089-59D696E68786} - System32\Tasks\Ghaneckugick Adapter => C:\Program Files (x86)\Ghaneckugick\Ghnadptsk.exe [2016-05-27] () <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA (yeabests)
    ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Exqlore.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://t.cn/R4ZGDXs
    ShortcutWithArgument: C:\Users\Maciek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://t.cn/R4ZGDXs
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://t.cn/R4ZGDXs




    Hosts:
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpf64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdpr64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpf64.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdpr64.sys => ""="Driver"
    HKLM\...\Run: [WINCOM4RK] => C:\Program Files (x86)\sunnyday\wincom_4RK.exe [3995136 2016-05-29] ()
    HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\bd\uc.exe [524288 2016-05-29] ()
    HKLM-x32\...\Run: [sun21] => [X]
    HKLM-x32\...\Run: [XiangYingDir] => C:\Users\Maciek\AppData\Roaming\XiangYingDir\JianXiuKey.exe [540144 2016-06-02] ()
    HKLM-x32\...\Run: [JingLuoDir] => C:\Users\Maciek\AppData\Roaming\JingLuoDir\JingLuoShen.exe [904688 2016-06-02] ()
    HKLM-x32\...\Run: [Cosp] => C:\Users\Maciek\AppData\Roaming\Cosp\\Cosplay.exe [422056 2016-06-05] ()
    HKLM-x32\...\Run: [MTview] => C:\Program Files (x86)\MTV20160128\MTView.exe [1877512 2016-01-26] (STA)
    HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files (x86)\EasyHotspot\idscservice.exe [147456 2016-05-29] (uZsfMv)
    HKLM\...\RunOnce: [OTUTPRODUCT_WRTA9] => C:\Program Files (x86)\sunnyday\otutnetwork.exe [148480 2016-05-29] (uZsfMv)
    HKU\S-1-5-21-4077008815-1668317903-872208325-1000\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\osmsg.exe [1933824 2016-06-03] ()
    HKU\S-1-5-21-4077008815-1668317903-872208325-1000\...\Run: [Pritc] => C:\Users\Maciek\AppData\Local\Temp\00018167\casrss.exe [2967552 2016-06-02] (VLOME) <===== UWAGA
    HKU\S-1-5-21-4077008815-1668317903-872208325-1000\...\Run: [aa] => C:\Program Files (x86)\ms\launch.exe [370688 2016-06-02] ()
    AppInit_DLLs: C:\ProgramData\Quoteex\Konstring.dll => C:\ProgramData\Quoteex\Konstring.dll [363008 2016-05-29] ()
    AppInit_DLLs-x32: C:\ProgramData\Quoteex\SanTom.dll => C:\ProgramData\Quoteex\SanTom.dll [257536 2016-05-29] ()
    ShellExecuteHooks: - {7AD1C0F5-07A2-40E5-8608-C6EAA0FF362F} - C:\Program Files (x86)\Ckidiry\explibss\x64explibss.dll [418488 2016-05-27] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-05-12]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-4077008815-1668317903-872208325-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-4077008815-1668317903-872208325-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...SMQ0hu2lDuohioJqpduN_D_JajFK-DJCIt8A,,&q={searchTerms}
    HKU\S-1-5-21-4077008815-1668317903-872208325-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://t.cn/R4ZGDXs
    HKU\S-1-5-21-4077008815-1668317903-872208325-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...SMQ0hu2lDuohioJqpduN_D_JajFK-DJCIt8A,,&q={searchTerms}
    HKU\S-1-5-21-4077008815-1668317903-872208325-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...SMQ0hu2lDuohioJqpduN_D_JajFK-DJCIt8A,,&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...SMQ0hu2lDuohioJqpduN_D_JajFK-DJCIt8A,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4077008815-1668317903-872208325-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...SMQ0hu2lDuohioJqpduN_D_JajFK-DJCIt8A,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4077008815-1668317903-872208325-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...SMQ0hu2lDuohioJqpduN_D_JajFK-DJCIt8A,,&q={searchTerms}
    FF NewTab: C:\ProgramData\Quoteexs\ff.NT
    FF DefaultSearchEngine: cloudfront
    FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=cloudfront
    FF SelectedSearchEngine: hohosearch
    FF Homepage: C:\ProgramData\Quoteexs\ff.HP
    FF Keyword.URL: hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.p....&v=20160527&mode=ffexttoolbar&q=
    FF Extension: GsearchFinder - C:\Users\Maciek\AppData\Roaming\Profiles\e9prbx5t.default\Extensions\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi [2016-05-29]
    CHR HomePage: ChromeDefaultData -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%...911O2ByFY22Z1aaDfyMK_ftPtTRIOoLdHlk6IjMLYLA,,,,
    CHR StartupUrls: ChromeDefaultData -> "hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqB3IoAn0nA0..&v=20160527&uid=6E98393D2E945231E10D28E94EE28207&ptid=clc&mode=loadm"
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Xl4Wpulaf2sw3nXSWfZaRmjLkO4qxagFvpYA,,&q={searchTerms}
    CHR DefaultSearchKeyword: ChromeDefaultData -> feed.sonic-search.com
    CHR DefaultSuggestURL: ChromeDefaultData -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    "Qzmker" => serwis nie został odblokowany. <===== UWAGA
    R2 dowidoly; C:\Program Files (x86)\1E004B00-1464542876-5500-8AFB-10BF487E0697\jnsc9D5E.tmp [244224 2016-05-29] () [Brak podpisu cyfrowego]
    R2 qehoticizbt; C:\Program Files (x86)\1E004B00-1464542876-5500-8AFB-10BF487E0697\knslC797.tmp [199680 2016-05-29] () [Brak podpisu cyfrowego]
    R2 Quoteex; C:\ProgramData\\Quoteex\\Quoteex.exe [941568 2016-05-29] () [Brak podpisu cyfrowego]
    R2 rijufoze; C:\Program Files (x86)\1E004B00-1464542876-5500-8AFB-10BF487E0697\hnsmB42A.tmp [138240 2016-05-29] () [Brak podpisu cyfrowego]
    S2 Service Keep; C:\Users\Maciek\AppData\Roaming\TFEIMLPE\sevice_884_39390.exe [5628512 2016-06-05] () [Brak podpisu cyfrowego]
    R2 zigipyro; C:\Users\Maciek\AppData\Local\1E004B00-1464898965-5500-8AFB-10BF487E0697\qnscEF9E.tmp [158720 2015-12-26] () [Brak podpisu cyfrowego]
    S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
    R1 {0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64; C:\Windows\System32\drivers\{0c0bb4a8-45a4-4685-9c1d-08d98af4b926}Gw64.sys [61112 2014-07-24] (StdLib)
    R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61072 2014-07-25] (StdLib)
    R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-07] (StdLib)
    S3 blNetFilter; \??\C:\Windows\system32\drivers\blNetFilter.sys [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    U5 Qzmker; <===== UWAGA: Zablokowana usługa
    2016-06-05 10:40 - 2016-06-05 10:42 - 00000896 _____ C:\Users\Maciek\Desktop\ÓŔşăµÄ´«Ćć.lnk
    2016-06-05 10:40 - 2016-06-05 10:41 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\kvc_mtfp
    2016-06-05 10:40 - 2016-06-05 10:40 - 00000996 _____ C:\Users\Public\Desktop\9377łŕÔ´«Ëµ˘ň.lnk
    2016-06-05 10:40 - 2016-06-05 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\łŕÔ´«Ëµ˘ň
    2016-06-05 10:40 - 2016-06-05 10:40 - 00000000 ____D C:\Program Files (x86)\Cycs˘ň
    2016-06-05 10:38 - 2016-06-05 10:38 - 01068791 _____ C:\Windows\SET85.dat
    2016-06-05 10:38 - 2016-06-05 10:38 - 00525312 _____ C:\Windows\SET35.dat
    2016-06-05 10:38 - 2016-06-05 10:38 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flyż´ÍĽ
    2016-06-05 10:38 - 2016-06-05 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flyż´ÍĽ
    2016-06-05 10:38 - 2016-06-05 10:38 - 00000000 ____D C:\Program Files (x86)\Flyż´ÍĽ
    2016-06-05 10:37 - 2016-06-05 10:37 - 00000880 _____ C:\Users\Maciek\Desktop\ł¬¸ç°ÔÖ÷.lnk
    2016-06-05 10:37 - 2016-06-05 10:37 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\xmz_kapp
    2016-06-05 10:37 - 2016-06-05 10:37 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\mygames
    2016-06-05 10:37 - 2016-06-05 10:37 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BZCGÍřŇłÓÎĎ·
    2016-06-05 10:33 - 2016-06-05 10:33 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\vx_mvcp
    2016-06-05 10:33 - 2016-06-05 10:33 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MUÓÎĎ·ÖĐĐÄ
    2016-06-05 10:33 - 2016-06-05 10:33 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\»¶ŔÖ°É
    2016-06-05 10:32 - 2016-06-05 10:32 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\mt_avtp
    2016-06-05 10:32 - 2016-06-05 10:32 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DTSVÓÎĎ·ÖĐĐÄ
    2016-06-05 10:31 - 2016-06-05 10:32 - 00000000 ____D C:\ProgramData\SQ PlatForm
    2016-06-05 10:31 - 2016-06-05 10:31 - 00000000 ____D C:\ProgramData\tmpst
    2016-06-05 10:31 - 2016-06-05 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ĂŔÍĽäŻŔŔ
    2016-06-05 10:31 - 2016-06-05 10:31 - 00000000 ____D C:\ProgramData\MD PlatForm
    2016-06-05 10:31 - 2016-06-05 10:31 - 00000000 ____D C:\Program Files (x86)\MTV20160128
    2016-06-05 10:29 - 2016-06-05 10:40 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZNETł¬°ÔÓÎĎ·
    2016-06-05 10:29 - 2016-06-05 10:29 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\kvk_mtfp
    2016-06-05 10:26 - 2016-06-05 10:26 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\łĚĐň
    2016-06-05 10:26 - 2016-06-05 10:26 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\Cosp
    2016-06-05 10:26 - 2016-06-05 10:26 - 00000000 ____D C:\Users\Maciek\AppData\Local\Cosp
    2016-06-05 10:24 - 2016-06-05 10:24 - 00122144 ___SH C:\Windows\system32\Drivers\TnvmmG.sys
    2016-06-02 20:38 - 2016-06-02 20:38 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\iPxVSzIqV5z8Zh
    2016-06-02 20:37 - 2016-06-02 20:37 - 00000000 ____D C:\Users\Maciek\Documents\JingLuoDir
    2016-06-02 20:37 - 2016-06-02 20:37 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\JingLuoDir
    2016-06-02 20:35 - 2016-06-02 20:35 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\ÎäÉńŐÔ×ÓÁú
    2016-06-02 20:34 - 2016-06-02 20:34 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\Winnav
    2016-06-02 20:33 - 2016-06-05 10:32 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\TFEIMLPE
    2016-06-02 20:32 - 2016-06-02 20:38 - 00000000 ____D C:\Program Files (x86)\iPxVSzIqV5z8Zh
    2016-06-02 20:31 - 2016-06-02 20:31 - 00000000 ____D C:\Users\Maciek\Documents\XiangYingDir
    2016-06-02 20:31 - 2016-06-02 20:31 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\XiangYingDir
    2016-06-02 20:30 - 2016-06-02 20:30 - 00000000 ____D C:\Program Files (x86)\ms
    2016-06-02 20:29 - 2016-06-02 20:29 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\随身截屏
    2016-06-02 20:29 - 2016-06-02 20:29 - 00000000 ____D C:\Users\Maciek\AppData\Roaming\ADSKIP
    2016-06-02 20:29 - 2016-06-02 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\随身截屏
    2016-06-02 20:29 - 2016-06-02 20:29 - 00000000 ____D C:\Program Files (x86)\ssjp
    2016-06-02 20:29 - 2016-06-02 20:29 - 00000000 ____D C:\Program Files (x86)\ADSKIP
    2016-06-02 20:23 - 2016-06-02 20:23 - 00002930 _____ C:\Windows\System32\Tasks\osTip
    2016-06-02 20:23 - 2016-06-02 20:23 - 00000000 ____D C:\ProgramData\WindowsMsg
    2016-05-30 20:22 - 2016-05-30 20:22 - 00003592 _____ C:\Windows\System32\Tasks\{285CD56D-CF62-455B-ADB4-72CB7C4BC947}
    2016-05-29 19:53 - 2016-05-29 19:53 - 00000000 ____D C:\Users\Maciek\AppData\Local\tuto_monetize_120160529
    2016-05-29 19:53 - 2016-05-29 19:53 - 00000000 ____D C:\Program Files (x86)\sunnyday
    2016-05-29 19:33 - 2016-05-29 19:33 - 00009024 _____ C:\Windows\System32\Tasks\Ghaneckugick Adapter
    2016-05-29 19:33 - 2016-05-29 19:33 - 00000000 ____D C:\Program Files (x86)\{516D9F5A-D8E3-485A-838A-AE688ED07E5C}
    2016-05-29 19:32 - 2016-05-29 19:33 - 00000000 ____D C:\Program Files\Caster
    2016-05-29 19:32 - 2016-05-29 19:32 - 00027456 _____ C:\Windows\system32\Drivers\bsdpf64.sys
    2016-05-29 19:32 - 2016-05-29 19:32 - 00026944 _____ C:\Windows\system32\Drivers\bsdpr64.sys
    2016-05-29 19:32 - 2016-05-29 19:32 - 00000000 ____D C:\Program Files\Coodnifgedlagp
    2016-05-29 19:31 - 2016-05-29 19:33 - 00000000 ____D C:\Program Files (x86)\Ghaneckugick
    2016-05-29 19:31 - 2016-05-29 19:33 - 00000000 ____D C:\Program Files (x86)\Ckidiry
    2016-05-29 19:31 - 2016-05-29 19:31 - 00293320 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\xldl.dll
    2016-05-29 19:31 - 2016-05-29 19:31 - 00000000 ____D C:\Users\Public\Thunder Network
    2016-05-29 19:31 - 2016-05-29 19:31 - 00000000 ____D C:\ProgramData\Thunder Network
    2016-05-29 19:31 - 2016-05-29 19:31 - 00000000 ____D C:\ProgramData\download
    2016-05-29 19:31 - 2016-05-29 19:31 - 00000000 ____D C:\Program Files (x86)\Phubish
    2016-05-29 19:30 - 2016-05-29 19:30 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
    2016-05-29 19:30 - 2016-05-29 19:30 - 00000000 ____D C:\Program Files (x86)\bd
    2016-05-29 19:27 - 2016-05-29 23:28 - 00000000 ____D C:\Program Files (x86)\1E004B00-1464542876-5500-8AFB-10BF487E0697
    2016-05-29 19:26 - 2016-06-05 10:26 - 00000000 ____D C:\ProgramData\Quoteex
    2016-05-29 19:26 - 2016-06-02 19:51 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
    2016-05-29 19:26 - 2016-05-29 19:26 - 06859776 _____ C:\Users\Maciek\AppData\Roaming\agent.dat
    2016-05-29 19:26 - 2016-05-29 19:26 - 01756999 _____ C:\Users\Maciek\AppData\Roaming\Tip-Tom.tst
    2016-05-29 19:26 - 2016-05-29 19:26 - 00126464 _____ C:\Users\Maciek\AppData\Roaming\noah.dat
    2016-05-29 19:26 - 2016-05-29 19:26 - 00126464 _____ C:\Users\Maciek\AppData\Roaming\lobby.dat
    2016-05-29 19:26 - 2016-05-29 19:26 - 00072820 _____ C:\Users\Maciek\AppData\Roaming\Singdex.tst
    2016-05-29 19:26 - 2016-05-29 19:26 - 00067776 _____ C:\Users\Maciek\AppData\Roaming\Config.xml
    2016-05-29 19:26 - 2016-05-29 19:26 - 00054272 _____ C:\Users\Maciek\AppData\Roaming\ApplicationHosting.dat
    2016-05-29 19:26 - 2016-05-29 19:26 - 00018432 _____ C:\Users\Maciek\AppData\Roaming\Main.dat
    2016-05-29 19:26 - 2016-05-29 19:26 - 00005568 _____ C:\Users\Maciek\AppData\Roaming\md.xml
    2016-05-29 19:26 - 2016-05-29 19:26 - 00000000 ____D C:\ProgramData\Quoteexs
    2016-05-29 19:26 - 2016-05-29 19:26 - 00000000 ____D C:\ProgramData\Logic Handler
    2016-05-29 19:26 - 2016-05-29 19:26 - 00000000 ____D C:\ProgramData\CloudPrinter
    2016-05-29 19:25 - 2016-05-29 19:25 - 02701179 _____ C:\Windows\chromebrowser.exe
    2016-05-29 19:25 - 2016-05-29 19:25 - 00128512 _____ C:\Users\Maciek\AppData\Roaming\Installer.dat
    2016-05-29 19:25 - 2016-05-29 19:25 - 00018432 _____ C:\Users\Maciek\AppData\Roaming\InstallationConfiguration.xml
    2016-05-29 19:26 - 2016-05-29 19:26 - 6859776 _____ () C:\Users\Maciek\AppData\Roaming\agent.dat
    2016-05-29 19:26 - 2016-05-29 19:26 - 0054272 _____ () C:\Users\Maciek\AppData\Roaming\ApplicationHosting.dat
    2016-05-29 19:26 - 2016-05-29 19:26 - 0067776 _____ () C:\Users\Maciek\AppData\Roaming\Config.xml
    2016-05-29 19:25 - 2016-05-29 19:25 - 0018432 _____ () C:\Users\Maciek\AppData\Roaming\InstallationConfiguration.xml
    2016-05-29 19:25 - 2016-05-29 19:25 - 0128512 _____ () C:\Users\Maciek\AppData\Roaming\Installer.dat
    2016-05-29 19:26 - 2016-05-29 19:26 - 0126464 _____ () C:\Users\Maciek\AppData\Roaming\lobby.dat
    2016-05-29 19:26 - 2016-05-29 19:26 - 0018432 _____ () C:\Users\Maciek\AppData\Roaming\Main.dat
    2016-05-29 19:26 - 2016-05-29 19:26 - 0005568 _____ () C:\Users\Maciek\AppData\Roaming\md.xml
    2016-05-29 19:26 - 2016-05-29 19:26 - 0126464 _____ () C:\Users\Maciek\AppData\Roaming\noah.dat
    2016-05-29 19:26 - 2016-05-29 19:26 - 0072820 _____ () C:\Users\Maciek\AppData\Roaming\Singdex.tst
    2016-05-29 19:26 - 2016-05-29 19:26 - 1756999 _____ () C:\Users\Maciek\AppData\Roaming\Tip-Tom.tst
    2016-05-29 19:26 - 2016-05-29 19:26 - 0032038 _____ () C:\Users\Maciek\AppData\Roaming\uninstall_temp.ico
    2016-06-02 20:34 - 2016-06-02 20:34 - 0068601 _____ () C:\Users\Maciek\AppData\Roaming\°˛Č«äŻŔŔĆ÷.ico
    2016-05-29 19:31 - 2016-05-29 19:31 - 0293320 _____ (深圳市迅雷网络技术有限公司) C:\ProgramData\xldl.dll
    C:\Users\Maciek\AppData\Local\Temp\00018167\casrss.exe
    C:\ProgramData\xldl.dll
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Zapisując Fixlist kodowanie ustaw na UTF-8
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Przeskanuj progr. Malwarebytes Anti-Malware http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
    Pokaż nowe logi z FRST.

    0
  • #4 05 Cze 2016 14:40
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {BCC474B6-4088-4772-8824-E719BEB66385} - \{285CD56D-CF62-455B-ADB4-72CB7C4BC947} -> Brak pliku <==== UWAGA
    Startup: C:\Users\Maciek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\爱奇艺PPS.lnk [2016-06-05]
    ShortcutTarget: 爱奇艺PPS.lnk -> C:\Program Files (x86)\IQIYI Video\LStyle\QyClient.exe (Brak pliku)
    Handler-x32: KuGoo - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\8.0.43.18701\KuGoo3DownXControl.ocx [2016-05-11] (广州酷狗计算机科技有限公司)
    Handler-x32: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\Program Files (x86)\KuGou\KGMusic\8.0.43.18701\KuGoo3DownXControl.ocx [2016-05-11] (广州酷狗计算机科技有限公司)
    2016-06-05 13:07 - 2016-06-05 13:08 - 00000000 ____D C:\AdwCleaner
    2016-05-12 22:22 - 2016-05-12 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2016-05-12 22:22 - 2016-05-12 22:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-05-11 22:22 - 2016-06-05 14:07 - 00001968 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-05-11 22:22 - 2016-05-11 22:22 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Przeskanuj programem Dr.WEB CureIt http://www.freedrweb.com/cureit/?lng=pl

    0
  • #6 11 Cze 2016 21:08
    Kolobos
    Spec od komputerów

    @xCandy twoje swietne rady tutaj nie pomoga. Nie wiesz jak rozwiazac problem to nie pisz.

    W logach widac, ze autor uzyj juz adwc, a ccleaner jest calkowicie zbedny.

    Od tego sa logi zeby nie trzeba bylo "wyszukiwac" plikow i liczyc na cud.

    0