Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Ads by Albireo z logami FRST

morgaliel 18 Sie 2016 19:07 486 5
  • #1 18 Sie 2016 19:07
    morgaliel
    Poziom 3  

    Znowu pojawił się u mnie problem Ads by Albireo :c
    Nic nie pobierałem i całkowicie nie wiem skąd to ustrojstwo mogło znowu się tu wziąć... Czy ktoś może mi pomóc?

    0 5
  • CControls
  • Pomocny post
    #2 18 Sie 2016 19:35
    Kolobos
    Spec od komputerów

    Po datach plikow widac, ze nie wykonales tego co podalem w poprzednim watku...

    Odinstaluj:
    WinZip

    Fixlist.txt dla FRST:
    Task: {1268BC84-F432-4F75-9962-740B37B389F1} - System32\Tasks\b2929b72a96a471893ecaa9c51368bae => C:\Program Files (x86)\rw68F59\b728F59.bat [2016-08-09] ()
    Task: {1623A7A2-2034-458F-AB28-A9FD0D07D175} - \{89DEF5B1-28F3-417C-97D0-6E4F8699B18D} -> Brak pliku <==== UWAGA
    Task: {25F57D21-0FD5-4D46-8F3E-7557B3DFF1BC} - System32\Tasks\BirdeyeUpdateTaskMachineUA => C:\Program Files (x86)\Birdeye\Update\BirdeyeUpdate.exe [2016-08-16] () <==== UWAGA
    Task: {A958D3A1-57C7-4801-BC09-F7007FFBD299} - System32\Tasks\BirdeyeUpdateTaskMachineCore => C:\Program Files (x86)\Birdeye\Update\BirdeyeUpdate.exe [2016-08-16] () <==== UWAGA
    Hosts:
    () C:\ProgramData\Birdeye\Birdeye.exe
    CHR HomePage: prerlasehasaghtplehotion -> hxxp://www.nicesearches.com?type=hp&ts=14...;z=2391b8bbb3c48ab4c607356g7z8mbgbc6w8qdzbbbg
    CHR StartupUrls: prerlasehasaghtplehotion -> "hxxp://www.nicesearches.com?type=hp&ts=1471356481&from=c3a00815&uid=spccxsolidxstatexdisk_ff3607660c0804742282&z=2391b8bbb3c48ab4c607356g7z8mbgbc6w8qdzbbbg"
    CHR DefaultSearchURL: prerlasehasaghtplehotion -> hxxp://www.nicesearches.com/search.php?type=d...b8bbb3c48ab4c607356g7z8mbgbc6w8qdzbbbg&q={searchTerms}
    CHR DefaultSearchKeyword: prerlasehasaghtplehotion -> nice
    CHR DefaultSuggestURL: prerlasehasaghtplehotion -> hxxp://suggests.go.mail.ru/chrome?q={searchTerms}
    R2 BirdeyeP; C:\ProgramData\Birdeye\Birdeye.exe [458112 2016-08-16] ()
    S2 BirdeyeU; C:\Program Files (x86)\Birdeye\Update\BirdeyeUpdate.exe [605056 2016-08-16] ()
    S2 Buhnimr; "C:\Users\Max\AppData\Roaming\SaculRat\Nhgeciq.exe" -cms [X]
    S2 Jafba; "C:\Users\Max\AppData\Roaming\Meldokmiyk\Meldokmiyk.exe" -cms [X]
    U4 catchme; Brak ImagePath
    U4 EsgScanner; Brak ImagePath
    U4 Konksolex; Brak ImagePath
    U4 ktip; Brak ImagePath
    U4 Tablet2k; Brak ImagePath
    U4 Tiuauh; Brak ImagePath
    U4 TuneUpUtilitiesDrv; Brak ImagePath
    U4 VGPU; Brak ImagePath
    2016-08-18 11:28 - 2016-08-18 18:53 - 00000000 ____D C:\AdwCleaner
    2016-08-18 11:24 - 2016-08-18 11:24 - 00000001 _____ C:\Windows\SysWOW64\pl.html
    2016-08-17 17:39 - 2016-08-17 17:39 - 00000000 ____D C:\Windows\system32\%ALLUSERSPROFILE%




    2016-08-16 17:54 - 2016-08-16 17:54 - 00000000 ____D C:\Users\Public\Documents\chrome
    2016-08-16 16:04 - 2016-08-16 16:54 - 00003678 _____ C:\Windows\System32\Tasks\BirdeyeUpdateTaskMachineCore
    2016-08-16 16:04 - 2016-08-16 16:54 - 00003592 _____ C:\Windows\System32\Tasks\BirdeyeUpdateTaskMachineUA
    2016-08-16 16:04 - 2016-08-16 16:04 - 00000000 ____D C:\Users\Max\AppData\Local\Birdeye
    2016-08-16 16:04 - 2016-08-16 16:04 - 00000000 ____D C:\ProgramData\Birdeye
    2016-08-16 16:03 - 2016-08-18 18:31 - 00000000 _____ C:\Users\Public\Documents\report1.dat
    2016-08-16 16:03 - 2016-08-18 11:29 - 00000000 ____D C:\Windows\system32\log
    2016-08-16 16:03 - 2016-08-16 16:04 - 00000000 ____D C:\Program Files (x86)\Birdeye
    2016-08-16 16:03 - 2016-08-16 16:03 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2016-08-15 14:10 - 2016-08-15 14:10 - 00000000 ____D C:\Users\Max\AppData\Roaming\setup1
    2016-08-15 14:10 - 2016-08-15 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    2016-08-15 14:10 - 2016-08-15 14:10 - 00000000 ____D C:\Program Files (x86)\b2irxa9c
    2016-08-15 12:44 - 2016-08-15 12:44 - 00000000 ____D C:\Program Files (x86)\diwvdnhy
    2016-08-15 12:40 - 2016-08-15 12:40 - 00000000 ____D C:\Program Files (x86)\syjj12ml
    2016-08-09 22:20 - 2016-08-10 11:24 - 00000000 ___HD C:\Program Files (x86)\f098EFB
    2016-08-09 22:20 - 2016-08-09 22:20 - 00003484 _____ C:\Windows\System32\Tasks\b2929b72a96a471893ecaa9c51368bae
    2016-08-09 22:20 - 2016-08-09 22:20 - 00000000 ___HD C:\Program Files (x86)\rw68F59
    2016-08-05 14:20 - 2016-08-05 14:20 - 00000000 ____D C:\Windows\system32\lab
    2016-08-05 14:17 - 2016-08-05 14:18 - 07616340 _____ C:\Users\Max\AppData\Roaming\setup.apk
    2016-08-05 14:15 - 2016-07-01 11:19 - 08284704 _____ (深圳市伟创科技软件有限公司) C:\Users\Max\AppData\Roaming\MaoHaWiFiSetup_262.exe
    2016-08-05 14:14 - 2016-06-30 09:59 - 05267952 _____ () C:\Users\Max\AppData\Roaming\ziptool_wc-9025_setup.exe
    2016-08-05 14:14 - 2016-02-18 10:10 - 05267952 _____ () C:\Users\Max\AppData\Roaming\ziptool_wc-9015_setup.exe
    2016-08-05 14:12 - 2016-08-05 14:12 - 00000000 ____D C:\Users\Max\AppData\Roaming\Mozilla
    2016-08-05 14:11 - 2016-08-05 14:11 - 07129600 _____ C:\Users\Max\AppData\Roaming\agent.dat
    2016-08-05 14:11 - 2016-08-05 14:11 - 02279413 _____ C:\Users\Max\AppData\Roaming\Scottough.bin
    2016-08-05 14:11 - 2016-08-05 14:11 - 01906097 _____ C:\Users\Max\AppData\Roaming\Quodax.tst
    2016-08-05 14:11 - 2016-08-05 14:11 - 00126464 _____ C:\Users\Max\AppData\Roaming\noah.dat
    2016-08-05 14:11 - 2016-08-05 14:11 - 00070896 _____ C:\Users\Max\AppData\Roaming\Config.xml
    2016-08-05 14:11 - 2016-08-05 14:11 - 00018432 _____ C:\Users\Max\AppData\Roaming\Main.dat
    2016-08-05 14:11 - 2016-08-05 14:11 - 00000000 ____D C:\Users\Max\AppData\Roaming\Macromedia
    2016-08-05 14:11 - 2016-08-05 14:09 - 00679424 _____ C:\Users\Max\AppData\Roaming\Quodax.exe
    2016-08-05 14:10 - 2016-08-10 11:24 - 00000000 ___HD C:\Program Files (x86)\imaD433
    2016-08-05 14:10 - 2016-08-06 15:43 - 00000000 ____D C:\Users\Max\AppData\Roaming\Meldokmiyk
    2016-08-05 14:10 - 2016-08-05 14:11 - 00005568 _____ C:\Users\Max\AppData\Roaming\md.xml
    2016-08-05 14:10 - 2016-08-05 14:10 - 00126464 _____ C:\Users\Max\AppData\Roaming\lobby.dat
    2016-08-05 14:10 - 2016-08-05 14:10 - 00072721 _____ C:\Users\Max\AppData\Roaming\Physdex.tst
    2016-08-05 14:10 - 2016-08-05 14:10 - 00054272 _____ C:\Users\Max\AppData\Roaming\ApplicationHosting.dat
    2016-08-05 14:10 - 2016-08-05 14:10 - 00000000 ____D C:\Users\Max\AppData\LocalLow\Company
    2016-08-05 14:10 - 2016-08-05 14:10 - 00000000 ____D C:\Users\Max\AppData\Local\Tempfolder
    2016-08-05 14:09 - 2016-08-05 14:35 - 00000000 ____D C:\Users\Max\AppData\Local\Apps\2.0
    2016-08-05 14:09 - 2016-08-05 14:10 - 00000000 ____D C:\Users\Max\AppData\Local\jlghtqedersyzerzich
    2016-08-05 14:09 - 2016-08-05 14:09 - 00848437 _____ C:\Users\Max\AppData\Roaming\Sanair.bin
    2016-08-05 14:09 - 2016-08-05 14:09 - 00679424 _____ C:\Users\Max\AppData\Roaming\Physdex.exe
    2016-08-05 14:09 - 2016-08-05 14:09 - 00138240 _____ C:\Users\Max\AppData\Roaming\Installer.dat
    2016-08-05 14:09 - 2016-08-05 14:09 - 00018336 _____ C:\Users\Max\AppData\Roaming\InstallationConfiguration.xml
    2016-06-28 03:12 - 2016-06-28 03:12 - 00314434 ____N C:\Users\Max\AppData\Roaming\EYapp.apk
    2010-08-28 22:43 - 2010-08-28 22:43 - 0096256 ____N (Google, inc) C:\Users\Max\AppData\Roaming\AdbWinApi.dll
    2010-08-28 22:43 - 2010-08-28 22:43 - 0060928 ____N (Google, inc) C:\Users\Max\AppData\Roaming\AdbWinUsbApi.dll
    2016-08-05 14:11 - 2016-08-05 14:11 - 7129600 _____ () C:\Users\Max\AppData\Roaming\agent.dat
    2016-08-05 14:10 - 2016-08-05 14:10 - 0054272 _____ () C:\Users\Max\AppData\Roaming\ApplicationHosting.dat
    2016-08-05 14:11 - 2016-08-05 14:11 - 0070896 _____ () C:\Users\Max\AppData\Roaming\Config.xml
    2016-06-28 03:12 - 2016-06-28 03:12 - 0314434 ____N () C:\Users\Max\AppData\Roaming\EYapp.apk
    2016-08-05 14:09 - 2016-08-05 14:09 - 0018336 _____ () C:\Users\Max\AppData\Roaming\InstallationConfiguration.xml
    2016-08-05 14:09 - 2016-08-05 14:09 - 0138240 _____ () C:\Users\Max\AppData\Roaming\Installer.dat
    2016-08-05 14:10 - 2016-08-05 14:10 - 0126464 _____ () C:\Users\Max\AppData\Roaming\lobby.dat
    2016-08-05 14:11 - 2016-08-05 14:11 - 0018432 _____ () C:\Users\Max\AppData\Roaming\Main.dat
    2016-08-05 14:15 - 2016-07-01 11:19 - 8284704 _____ (深圳市伟创科技软件有限公司) C:\Users\Max\AppData\Roaming\MaoHaWiFiSetup_262.exe
    2016-08-05 14:10 - 2016-08-05 14:11 - 0005568 _____ () C:\Users\Max\AppData\Roaming\md.xml
    2016-08-05 14:11 - 2016-08-05 14:11 - 0126464 _____ () C:\Users\Max\AppData\Roaming\noah.dat
    2016-08-05 14:09 - 2016-08-05 14:09 - 0679424 _____ () C:\Users\Max\AppData\Roaming\Physdex.exe
    2016-08-05 14:10 - 2016-08-05 14:10 - 0072721 _____ () C:\Users\Max\AppData\Roaming\Physdex.tst
    2016-08-05 14:11 - 2016-08-05 14:09 - 0679424 _____ () C:\Users\Max\AppData\Roaming\Quodax.exe
    2016-08-05 14:11 - 2016-08-05 14:11 - 1906097 _____ () C:\Users\Max\AppData\Roaming\Quodax.tst
    2016-08-05 14:09 - 2016-08-05 14:09 - 0848437 _____ () C:\Users\Max\AppData\Roaming\Sanair.bin
    2016-08-05 14:11 - 2016-08-05 14:11 - 2279413 _____ () C:\Users\Max\AppData\Roaming\Scottough.bin
    2016-08-05 14:17 - 2016-08-05 14:18 - 7616340 _____ () C:\Users\Max\AppData\Roaming\setup.apk
    2016-08-05 14:14 - 2016-02-18 10:10 - 5267952 _____ () C:\Users\Max\AppData\Roaming\ziptool_wc-9015_setup.exe
    2016-08-05 14:14 - 2016-06-30 09:59 - 5267952 _____ () C:\Users\Max\AppData\Roaming\ziptool_wc-9025_setup.exe
    EmptyTemp:

    Po wykonaniu zamiesc Fixlog.txt

    0
  • CControls
  • #4 18 Sie 2016 19:59
    Kolobos
    Spec od komputerów

    Zamiesc jeszcze nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #6 19 Sie 2016 10:12
    Kolobos
    Spec od komputerów

    Usun:
    C:\found.000
    oraz C:\FRST i to wszystko.

    0