Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus Sejheb.exe, Soccartuwc.exe Hemkajdoa.exe

ding37 02 Paź 2016 14:07 927 5
  • CControls
  • #2 02 Paź 2016 14:16
    Kolobos
    Spec od komputerów

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj Fixlist.txt dla FRST:
    Task: {3680AFC7-D0F9-4362-8BB6-C62900637D01} - System32\Tasks\{22323569-3259-4387-8F53-E1926E9B0B33} => pcalua.exe -a "C:\Program Files (x86)\EasyHotspot\uninstaller.exe"
    Task: {45E94B56-CD60-405C-9025-10D09D8E5E73} - System32\Tasks\{6A4F924A-229C-44DC-831C-D04AAEC1716D} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Ventoeco\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Ventoeco\uninstall.dat" -a uninstallme 7FAB3DAF-735D-478B-A8BD-430D56118197 DeviceId=8538d97e-5f2a-82f6-65fa-41fe264b7dda BarcodeId=51107003 ChannelId=3 DistributerName=APSFClickMeIn
    Task: {527CC4AF-C667-4225-BC6C-A2815562F376} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Opertaing System Transaction Task => C:\Program Files\Dentoholding\Techiholding.exe [2016-07-26] ()
    Task: {57F5407B-5116-46A1-A7D8-841C4F428FC3} - System32\Tasks\Microsoft\Windows\MUI\Msectrans => C:\Windows\lineholdings\unolab.exe [2016-07-26] ()
    Task: {5CF00236-9C25-4FAA-AEDB-BCFDAC5E2C97} - System32\Tasks\{0A0F3EA3-4B01-47EB-9DE4-D02CFA39520B} => pcalua.exe -a C:\Users\Bartek-komputer\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=squadm
    Task: {B30076B0-A072-47BC-B44F-52772E5953F4} - System32\Tasks\Microsoft\Windows\Media Center\SecurityCenterUpdate => C:\Users\Bartek-komputer\Donelectrics\siliconbam.exe [2016-07-26] ()
    Task: {DAB62ECF-6EF8-4D53-A05E-15C9FE88E26C} - System32\Tasks\Ghubodomtices Module => C:\Program Files (x86)\Quzother\GhbMdlzqs.exe
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Bartek-komputer\Desktop\chrome — skrót.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\BARTEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
    ShortcutWithArgument: C:\Users\Bartek-komputer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\BARTEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\BARTEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\BARTEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc




    ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\BARTEK~1\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://yeabests.cc
    2016-09-01 13:22 - 2016-09-01 13:22 - 00008192 _____ () C:\Users\Bartek-komputer\AppData\Roaming\D-tech\D-tech.exe
    2016-08-11 15:04 - 2016-08-11 15:04 - 00170496 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Geunfy\Geunfy.exe
    2016-09-01 11:12 - 2016-09-01 11:12 - 00008704 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Roundtouch\Roundtouch.exe
    2016-09-01 13:20 - 2016-09-01 13:20 - 00017920 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Tincan\Tincan.exe
    2016-08-11 15:44 - 2016-08-11 15:44 - 00170496 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe
    2016-08-11 15:04 - 2016-08-11 15:04 - 00668672 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Geunfy\Yjetipudl.dll
    2016-08-11 15:45 - 2016-08-11 15:45 - 00668672 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Hemkajdoa\Soccartuwc.dll
    2016-08-11 15:04 - 2016-08-11 15:04 - 00143872 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Geunfy\Yjetipudl.exe
    2016-08-11 15:44 - 2016-08-11 15:44 - 00112128 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Hemkajdoa\Sejheb.exe
    2016-08-11 15:04 - 2016-08-11 15:04 - 00112128 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Geunfy\Yurejjaeb.exe
    2016-08-11 15:45 - 2016-08-11 15:45 - 00143872 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Hemkajdoa\Soccartuwc.exe
    2016-08-11 15:45 - 2016-08-11 15:45 - 00258560 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Hemkajdoa\Sejheb.dll
    2016-08-11 15:04 - 2016-08-11 15:04 - 00258560 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Geunfy\Yurejjaeb.dll
    Hosts:
    Replace: C:\Windows\winsxs\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_6.3.9600.17415_none_90eb58f92b43cedd\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
    () C:\Users\Bartek-komputer\AppData\Roaming\D-tech\D-tech.exe
    () C:\Users\Bartek-komputer\AppData\Roaming\Geunfy\Geunfy.exe
    () C:\Users\Bartek-komputer\AppData\Roaming\Roundtouch\Roundtouch.exe
    () C:\Users\Bartek-komputer\AppData\Roaming\Tincan\Tincan.exe
    () C:\Users\Bartek-komputer\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe
    () C:\Users\Bartek-komputer\AppData\Roaming\Geunfy\Yjetipudl.exe
    () C:\Users\Bartek-komputer\AppData\Roaming\Hemkajdoa\Sejheb.exe
    () C:\Users\Bartek-komputer\AppData\Roaming\Geunfy\Yurejjaeb.exe
    () C:\Users\Bartek-komputer\AppData\Roaming\Hemkajdoa\Soccartuwc.exe
    HKLM-x32\...\Run: [mbot_pl_197] => [X]
    HKLM-x32\...\Run: [gmsd_pl_97] => [X]
    HKLM-x32\...\Run: [gmsd_pl_118] => [X]
    HKLM-x32\...\Run: [app] => C:\Program Files (x86)\sbqh\uc.exe
    HKLM-x32\...\Run: [win_en_77] => [X]
    HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [GoogleChromeAutoLaunch_F122D9EA6376B17933A32720520FD00F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1135944 2016-09-14] (Google Inc.)
    HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [CoupSeek] => C:\Users\Bartek-komputer\AppData\Roaming\CoupSeek\scpsk.exe
    HKU\S-1-5-21-1854063861-834038236-3450837710-1001\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe
    Tcpip\..\Interfaces\{7DD18515-C24D-480B-9003-A980DDBA6F8D}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{AC74C4EA-54FC-4B39-B2F4-1309246B9D72}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{AED59159-61E6-45A8-80E3-11B307D8F76F}: [NameServer] 104.197.191.4
    Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 104.197.191.4
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts...p;uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts...p;uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts...p;uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts...p;uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
    HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...mgpdHfWvVQFdL1VBMtq7SN79QmacCQhb2zlYwP&q={searchTerms}
    HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...ABj6AeYTt3A7zt_oRfL3U4hXVIlyYeWdkynd-Zh81ZVzO
    HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=dspp&...p;uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
    HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...mgpdHfWvVQFdL1VBMtq7SN79QmacCQhb2zlYwP&q={searchTerms}
    HKU\S-1-5-21-1854063861-834038236-3450837710-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...mgpdHfWvVQFdL1VBMtq7SN79QmacCQhb2zlYwP&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts...p;uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts...p;uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts...p;uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.oursurfing.com/web/?utm_source=b&a...LL5&ts=1432664168&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.oursurfing.com/web/?utm_source=b&a...LL5&ts=1432664168&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?utm_source=b&a...LL5&ts=1432664168&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1854063861-834038236-3450837710-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.oursurfing.com/web/?utm_source=b&a...LL5&ts=1432664168&type=default&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=143...=amt&uid=OCZ-VERTEX3_OCZ-ZWGNGZ2GY3JVFLL5
    CHR StartupUrls: gholdomphatcoperdom -> "search.mpc.am"
    CHR Profile: C:\Users\Bartek-komputer\AppData\Local\Google\Chrome\User Data\gholdomphatcoperdom [2016-10-02] <==== UWAGA
    CHR Extension: (Wize) - C:\Users\Bartek-komputer\AppData\Local\Google\Chrome\User Data\gholdomphatcoperdom\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj [2016-10-02]
    R2 D-tech; C:\Users\Bartek-komputer\AppData\Roaming\D-tech\D-tech.exe [8192 2016-09-01] () [Brak podpisu cyfrowego]
    R2 Noije; C:\Users\Bartek-komputer\AppData\Roaming\Geunfy\Geunfy.exe [170496 2016-08-11] () [Brak podpisu cyfrowego]
    R2 Roundtouch; C:\Users\Bartek-komputer\AppData\Roaming\Roundtouch\Roundtouch.exe [8704 2016-09-01] () [Brak podpisu cyfrowego]
    R2 Tincan; C:\Users\Bartek-komputer\AppData\Roaming\Tincan\Tincan.exe [17920 2016-09-01] () [Brak podpisu cyfrowego]
    R2 Viokdojvaf; C:\Users\Bartek-komputer\AppData\Roaming\Hemkajdoa\Hemkajdoa.exe [170496 2016-08-11] () [Brak podpisu cyfrowego]
    S2 Bokvunnu; "C:\Users\Bartek-komputer\AppData\Roaming\GowvePitpagf\Lurzem.exe" -cms [X]
    S2 GhbMdlcln.exe; "C:\Program Files (x86)\Quzother\GhbMdlcln.exe" {C25DA384-2010-45A4-A1ED-BFA540D4789B} {9DC74CD5-24EA-4ADE-9C42-608A8CE17116} [X]
    NETSVCx32: HpSvc -> Brak ścieżki do pliku.
    2016-10-02 13:54 - 2016-10-02 13:54 - 00000000 ____D C:\Windows\Stripcity
    2016-10-02 13:54 - 2016-10-02 13:54 - 00000000 ____D C:\Windows\lineholdings
    2016-10-02 13:54 - 2016-10-02 13:54 - 00000000 ____D C:\Users\Bartek-komputer\zotelectronics
    2016-10-02 13:54 - 2016-10-02 13:54 - 00000000 ____D C:\Users\Bartek-komputer\Transflex
    2016-10-02 13:54 - 2016-10-02 13:54 - 00000000 ____D C:\Users\Bartek-komputer\Ganja-lane
    2016-10-02 13:54 - 2016-10-02 13:54 - 00000000 ____D C:\Users\Bartek-komputer\Donelectrics
    2016-10-02 13:54 - 2016-10-02 13:54 - 00000000 ____D C:\Program Files\Canesolozap
    2016-10-02 13:51 - 2016-10-02 13:51 - 00000000 ____D C:\Windows\system32\puuu
    2016-10-02 13:18 - 2016-10-02 13:18 - 00000000 ____D C:\Users\Bartek-komputer\AppData\Local\Roundtaxon
    2016-10-02 13:18 - 2016-10-02 13:18 - 00000000 ____D C:\ProgramData\zencare
    2016-10-02 13:18 - 2016-10-02 13:18 - 00000000 ____D C:\ProgramData\Flexplex
    2016-10-02 13:18 - 2016-10-02 13:18 - 00000000 ____D C:\ProgramData\Fasedexon
    2016-10-02 13:18 - 2016-10-02 13:18 - 00000000 ____D C:\Program Files\Common Files\Technotouch
    2016-10-02 13:18 - 2016-10-02 13:18 - 00000000 ____D C:\Program Files\Common Files\Joydexon
    2016-10-02 13:18 - 2016-10-02 13:18 - 00000000 ____D C:\Program Files\Common Files\Geofase
    2016-10-02 13:18 - 2016-10-02 13:18 - 00000000 ____D C:\Program Files\Common Files\Faxlane
    2016-10-02 13:17 - 2016-10-02 13:17 - 00000000 ____D C:\Windows\system32\xov
    2016-09-19 18:57 - 2016-09-19 18:57 - 00000000 ____D C:\ProgramData\Freshlex
    2016-09-19 18:57 - 2016-09-19 18:57 - 00000000 ____D C:\Program Files\Common Files\Treehow
    2016-09-19 18:56 - 2016-09-19 18:56 - 00000000 ____D C:\Program Files\Common Files\zath-trax
    2016-09-14 17:54 - 2016-09-14 17:54 - 00000000 ____D C:\Users\Bartek-komputer\siliconbam
    2016-09-14 17:54 - 2016-09-14 17:54 - 00000000 ____D C:\Users\Bartek-komputer\AppData\Roaming\Tempkix
    2016-09-14 17:54 - 2016-09-14 17:54 - 00000000 ____D C:\Users\Bartek-komputer\AppData\Local\Donice
    2016-09-14 17:54 - 2016-09-14 17:54 - 00000000 ____D C:\Program Files\Common Files\Plextone
    2016-09-14 17:53 - 2016-09-14 17:54 - 00000000 ____D C:\ProgramData\Daltflex
    2016-09-14 17:53 - 2016-09-14 17:53 - 00000000 ____D C:\Users\Bartek-komputer\Viataxon
    2016-09-14 17:53 - 2016-09-14 17:53 - 00000000 ____D C:\ProgramData\Biotouch
    2016-09-11 09:24 - 2016-09-11 09:24 - 00000000 ____D C:\Windows\Zaamphase
    2016-09-11 09:24 - 2016-09-11 09:24 - 00000000 ____D C:\Windows\Toughstreet
    2016-09-11 09:24 - 2016-09-11 09:24 - 00000000 ____D C:\Users\Bartek-komputer\AppData\Roaming\Refind
    2016-09-11 09:24 - 2016-09-11 09:24 - 00000000 ____D C:\Users\Bartek-komputer\AppData\Roaming\Redtechnology
    2016-09-11 09:24 - 2016-09-11 09:24 - 00000000 ____D C:\Users\Bartek-komputer\AppData\Roaming\kongreen
    2016-09-11 09:24 - 2016-09-11 09:24 - 00000000 ____D C:\Users\Bartek-komputer\AppData\Local\Kondexon
    2016-09-11 09:24 - 2016-09-11 09:24 - 00000000 ____D C:\ProgramData\Medis
    2016-09-11 09:24 - 2016-09-11 09:24 - 00000000 ____D C:\Program Files\howtrans
    2016-09-11 09:22 - 2016-09-11 09:22 - 00000000 ____D C:\Windows\system32\iwo
    2016-09-03 16:24 - 2016-09-03 16:24 - 00000000 ____D C:\Windows\system32\rhno
    2016-09-03 16:24 - 2016-09-03 16:24 - 00000000 ____D C:\ProgramData\Ranelectrics
    2016-09-03 16:22 - 2016-09-03 16:22 - 00000000 ____D C:\ProgramData\Zaplane
    2016-09-03 16:22 - 2016-09-03 16:22 - 00000000 ____D C:\ProgramData\Ganja-lane
    2016-09-01 07:59 - 2016-09-01 07:59 - 7118336 _____ () C:\Users\Bartek-komputer\AppData\Roaming\agent.dat
    2016-09-01 07:59 - 2016-09-01 07:59 - 0054272 _____ () C:\Users\Bartek-komputer\AppData\Roaming\ApplicationHosting.dat
    2015-05-26 14:20 - 2015-05-26 14:20 - 2035200 _____ (Cinema PlusV16.03) C:\Users\Bartek-komputer\AppData\Roaming\BYAIAMUF.exe
    2016-09-01 07:59 - 2016-09-01 07:59 - 0071232 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Config.xml
    2016-09-01 08:00 - 2016-09-01 08:00 - 2279413 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Dento-Air.bin
    2016-09-01 07:59 - 2016-09-01 07:57 - 0707072 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Flexcanlab.exe
    2016-09-01 07:59 - 2016-09-01 07:59 - 0072817 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Flexcanlab.tst
    2016-09-01 07:58 - 2016-09-01 07:58 - 0018336 _____ () C:\Users\Bartek-komputer\AppData\Roaming\InstallationConfiguration.xml
    2016-09-01 07:58 - 2016-09-01 07:58 - 0138240 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Installer.dat
    2016-09-01 07:59 - 2016-09-01 07:59 - 0126464 _____ () C:\Users\Bartek-komputer\AppData\Roaming\lobby.dat
    2016-09-01 07:59 - 2016-09-01 07:59 - 0018432 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Main.dat
    2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Bartek-komputer\AppData\Roaming\Mb0XY8zQc.exe
    2016-09-01 07:59 - 2016-09-01 07:59 - 0005568 _____ () C:\Users\Bartek-komputer\AppData\Roaming\md.xml
    2016-09-01 07:59 - 2016-09-01 07:59 - 0126464 _____ () C:\Users\Bartek-komputer\AppData\Roaming\noah.dat
    2016-09-01 07:58 - 2016-09-01 07:58 - 0848565 _____ () C:\Users\Bartek-komputer\AppData\Roaming\StanFining.bin
    2016-09-01 07:59 - 2016-09-01 07:57 - 0707072 _____ () C:\Users\Bartek-komputer\AppData\Roaming\ZotSaillab.exe
    2016-09-01 07:59 - 2016-09-01 07:59 - 1901856 _____ () C:\Users\Bartek-komputer\AppData\Roaming\ZotSaillab.tst
    2015-05-26 20:16 - 2015-05-26 20:16 - 0613255 _____ (CMI Limited) C:\Users\Bartek-komputer\AppData\Local\nshE004.tmp
    2015-05-26 15:03 - 2015-05-26 15:02 - 0613255 _____ (CMI Limited) C:\Users\Bartek-komputer\AppData\Local\nsiF46.tmp
    2015-05-26 15:55 - 2015-05-26 15:55 - 0613255 _____ (CMI Limited) C:\Users\Bartek-komputer\AppData\Local\nskCDA2.tmp
    EmptyTemp:


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowy log z RepairDNS oraz nowe logi z FRST, ze skanowania.

    0
  • CControls
  • #4 02 Paź 2016 15:04
    2810376
    Użytkownik usunął konto  
  • #5 02 Paź 2016 15:11
    Kolobos
    Spec od komputerów

    @ding37 zostal jeszcze Chrome z profilem utworzonym przez infekcje. Odinstaluj Chrome i usun katalog profilu przegladarki: C:\Users\Bartek-komputer\AppData\Local\Google\Chrome\User Data\gholdomphatcoperdom
    Po wykonaniu zainstaluj Chrome ponownie.
    Jezeli masz tam jakies zakladki to zrob wczesniej kopie.

    Usun katalog C:\FRST i to wszystko.

    @niedziala1 nie wystarczy.

    0
  • #6 02 Paź 2016 15:21
    2810376
    Użytkownik usunął konto