Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

startpageing123.com mystart4.dealwifi.com Wirusy w Mozilli, logi FRST

mrsopran 12 Mar 2017 14:07 663 3
  • CControls
  • #2 12 Mar 2017 14:24
    Kolobos
    Spec od komputerów

    Odinstaluj:
    BikaQ Rss
    VidsqaurE
    WinSnare

    Wykonaj Fixlist.txt dla FRST:
    Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== AANDACHT
    Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== AANDACHT

    Odinstaluj:
    Online.io Application
    Traffic Exchange

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj kolejny Fixlist.txt dla FRST:
    Task: {133C0329-8F1A-4624-98BB-5C29890D7FE0} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== AANDACHT
    Task: {3D6BAEB2-D3F8-417C-9124-AD62E5979479} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== AANDACHT
    Task: {4BE9858C-62E7-4D5B-BE04-7E4356091626} - System32\Tasks\Online Application v2 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== AANDACHT
    Task: {55577589-C309-4AB8-8464-A5E5918D86E0} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== AANDACHT
    Task: {55D3CFFC-C332-47AC-AB61-3A9D3CB2EC49} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== AANDACHT
    Task: {601655D4-D839-4F91-879F-CF1D946944C1} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== AANDACHT
    Task: {6D11BBE3-1AF8-401B-B541-DD39F4CA32F6} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== AANDACHT
    Task: {76D452ED-A1A1-4363-93D6-40B94D97F67C} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-03-12] ()
    Task: {7770FE09-E327-4987-86A6-D4EA1BAB0CE8} - System32\Tasks\Online Application v2 => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== AANDACHT
    Task: {8681A17E-5E81-4699-B337-7F9A52C78149} - System32\Tasks\Pegasbetotion => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel....-8B128_KN1280L01360100713HC&amp;v=2017311 /q
    Task: {871A2F34-10C7-4388-9EC4-C7632656C33F} - System32\Tasks\Online Application Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== AANDACHT
    Task: {90E29D53-407C-423C-9354-264EC8F6310C} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== AANDACHT
    Task: {A146069F-BE0F-4042-A1C5-84F85DC03038} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== AANDACHT
    Task: {B3A505E1-173A-4C89-AFD6-404D7D48F0CD} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== AANDACHT
    Task: {B4495BE2-AD13-41E2-A01B-F44475ABF16E} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== AANDACHT
    Task: {B4FD1EA9-6F8A-4CC5-AD53-399BFEFB6EE0} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== AANDACHT
    Task: {BA2D9C2E-22E7-4BF5-A982-9A67055A9EBE} - System32\Tasks\Online Application Updater => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe [2017-02-15] (Microleaves) <==== AANDACHT
    Task: {BFE641D4-68A8-47F7-8EF4-3862C65703B9} - System32\Tasks\FUBTrackingByPLD => C:\OEM\Preload\FubTracking\FubTracking.exe [2015-05-14] ()
    Task: {D03888CC-8421-4604-854B-3344C2C90BB4} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== AANDACHT
    Task: {D7849D0D-B304-464A-900E-7B6D5E73C389} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== AANDACHT
    Task: {DB16F430-C7EE-4745-BC92-97B968CDC861} - System32\Tasks\Online Application Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== AANDACHT
    Task: {DE2815BF-CAC1-42B9-8C10-0D49D8632EBB} - System32\Tasks\Online Application v2 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== AANDACHT
    Task: {E65D1D9B-E315-477E-9A12-C77BB220771E} - System32\Tasks\Online Application => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== AANDACHT
    Task: {E6A45DF6-27CD-4E70-8796-51E574D4E270} - System32\Tasks\QForlLgs0EYm => qforllgs0eym.exe
    Task: {EA7CC1CA-AB8C-4F54-91EB-5809CE1FEC10} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== AANDACHT
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== AANDACHT
    ShortcutWithArgument: C:\Users\eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    ShortcutWithArgument: C:\Users\eigenaar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    2017-03-11 22:26 - 2017-03-12 12:37 - 00113152 _____ () C:\Users\eigenaar\AppData\Roaming\Kyubey\Kyubey.exe
    2017-03-12 12:33 - 2017-03-12 12:33 - 00148992 _____ () \\?\C:\Users\eigenaar\AppData\Local\Temp\7512.tmp.node
    (IEC) C:\Program Files (x86)\BikaQRss\BikaQ.exe
    () C:\Users\eigenaar\AppData\Roaming\Kyubey\Kyubey.exe
    (rod ltd) C:\Program Files (x86)\QForlLgs0EYm\qforllgs0eym.exe
    HKU\S-1-5-21-4233292975-2964482481-1621987578-1001\...\MountPoints2: {ed1ed0a5-0028-11e7-9cdd-1002b553748c} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    Tcpip\..\Interfaces\{cc415f1b-fab6-4c94-8fdc-b224fc3c216d}: [NameServer] 82.163.142.8,95.211.158.136
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...=LITEONXCV1-8B128_KN1280L01360100713HC&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...=LITEONXCV1-8B128_KN1280L01360100713HC&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...=LITEONXCV1-8B128_KN1280L01360100713HC&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...=LITEONXCV1-8B128_KN1280L01360100713HC&q={searchTerms}
    HKU\S-1-5-21-4233292975-2964482481-1621987578-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    HKU\S-1-5-21-4233292975-2964482481-1621987578-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...=LITEONXCV1-8B128_KN1280L01360100713HC&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...=LITEONXCV1-8B128_KN1280L01360100713HC&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...=LITEONXCV1-8B128_KN1280L01360100713HC&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...=LITEONXCV1-8B128_KN1280L01360100713HC&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4233292975-2964482481-1621987578-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...=LITEONXCV1-8B128_KN1280L01360100713HC&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4233292975-2964482481-1621987578-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...=LITEONXCV1-8B128_KN1280L01360100713HC&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    Edge HomeButtonPage: HKU\S-1-5-21-4233292975-2964482481-1621987578-1001 -> hxxp://www.startpageing123.com/?type=hp&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    FF Homepage: Mozilla\Firefox\Profiles\zoonerh0.default -> hxxp://www.startpageing123.com/?type=hp&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    FF SearchPlugin: C:\Users\eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\zoonerh0.default\searchplugins\startpageing123.xml [2017-03-11]
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.startpageing123.com/?type=sc&t...amp;uid=LITEONXCV1-8B128_KN1280L01360100713HC
    R2 Kyubey; C:\Users\eigenaar\AppData\Roaming\Kyubey\Kyubey.exe [113152 2017-03-12] () [Bestand niet getekend]
    R2 WinSAPSvc; C:\Users\eigenaar\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-03-11] (Windows) [Bestand niet getekend]
    R2 WinSnare; C:\Users\eigenaar\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-10] (InterSect Alliance Pty Ltd) [Bestand niet getekend] <==== AANDACHT
    S2 ed2kidle; "C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle [X]
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    S2 QForlLgs0EYm Updater; C:\Program Files (x86)\QForlLgs0EYm Updater\QForlLgs0EYm Updater.exe [X]
    2017-03-12 12:37 - 2017-03-12 12:37 - 00003342 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
    2017-03-12 12:37 - 2017-03-12 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
    2017-03-12 12:37 - 2017-03-12 12:37 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.2.8)
    2017-03-12 12:36 - 2017-03-12 12:36 - 00000000 ____D C:\Program Files (x86)\{1C44EEC5-6B82-4242-9ED7-B9A1FF6CEE0D}
    2017-03-11 22:27 - 2017-03-11 22:27 - 00000378 _____ C:\WINDOWS\SysWOW64\data.bin
    2017-03-11 22:27 - 2017-03-11 22:27 - 00000000 _____ C:\WINDOWS\SysWOW64\4
    2017-03-11 22:27 - 2017-03-11 22:27 - 00000000 _____ C:\WINDOWS\SysWOW64\3
    2017-03-11 22:26 - 2017-03-12 12:37 - 00003678 _____ C:\WINDOWS\System32\Tasks\Milimili
    2017-03-11 22:26 - 2017-03-12 12:37 - 00000000 ____D C:\Users\eigenaar\AppData\Roaming\WinSnare
    2017-03-11 22:26 - 2017-03-12 12:37 - 00000000 ____D C:\Program Files (x86)\BikaQRss
    2017-03-11 22:26 - 2017-03-11 22:26 - 00000000 ____D C:\Users\eigenaar\AppData\Roaming\WinSAPSvc
    2017-03-11 22:26 - 2017-03-11 22:26 - 00000000 ____D C:\Users\eigenaar\AppData\Roaming\Kyubey
    2017-03-11 22:26 - 2017-03-11 22:26 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-03-11 22:25 - 2017-03-11 22:25 - 00000000 ____D C:\Program Files (x86)\{05615704-3FE6-4C2B-87D4-B15A0C809805}
    2017-03-11 17:26 - 2017-03-11 17:26 - 00000000 ____D C:\Program Files (x86)\MK
    2017-03-11 17:25 - 2017-03-11 22:25 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
    2017-03-11 17:25 - 2017-03-11 17:25 - 00000000 ____D C:\Program Files (x86)\{62A7CD64-289D-4B94-A383-C8908EA4CC54}
    2017-03-11 16:29 - 2017-03-11 16:30 - 00000000 ____D C:\ProgramData\Microleaves
    2017-03-11 16:27 - 2017-03-11 17:27 - 00000406 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
    2017-03-11 16:27 - 2017-03-11 17:27 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
    2017-03-11 16:27 - 2017-03-11 17:27 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
    2017-03-11 16:27 - 2017-03-11 17:27 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
    2017-03-11 16:27 - 2017-03-11 17:27 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
    2017-03-11 16:27 - 2017-03-11 17:27 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
    2017-03-11 16:27 - 2017-03-11 17:27 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
    2017-03-11 16:27 - 2017-03-11 16:27 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
    2017-03-11 16:27 - 2017-03-11 16:27 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
    2017-03-11 16:27 - 2017-03-11 16:27 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
    2017-03-11 16:27 - 2017-03-11 16:27 - 00003294 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
    2017-03-11 16:27 - 2017-03-11 16:27 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
    2017-03-11 16:27 - 2017-03-11 16:27 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
    2017-03-11 16:27 - 2017-03-11 16:27 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
    2017-03-11 16:27 - 2017-03-11 16:27 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
    2017-03-11 16:27 - 2017-03-11 16:27 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
    2017-03-11 16:27 - 2017-03-11 16:27 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
    2017-03-11 16:26 - 2017-03-11 17:27 - 00000420 _____ C:\WINDOWS\Tasks\Online Application Updater.job
    2017-03-11 16:26 - 2017-03-11 17:27 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209.job
    2017-03-11 16:26 - 2017-03-11 17:27 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
    2017-03-11 16:26 - 2017-03-11 17:27 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
    2017-03-11 16:26 - 2017-03-11 17:27 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2.job
    2017-03-11 16:26 - 2017-03-11 17:27 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job
    2017-03-11 16:26 - 2017-03-11 17:27 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job
    2017-03-11 16:26 - 2017-03-11 16:27 - 00000000 ____D C:\Users\eigenaar\AppData\Roaming\Microleaves
    2017-03-11 16:26 - 2017-03-11 16:27 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-03-11 16:26 - 2017-03-11 16:26 - 00021608 _____ C:\WINDOWS\System32\Tasks\QForlLgs0EYm
    2017-03-11 16:26 - 2017-03-11 16:26 - 00003722 _____ C:\WINDOWS\System32\Tasks\Online Application Guardian
    2017-03-11 16:26 - 2017-03-11 16:26 - 00003716 _____ C:\WINDOWS\System32\Tasks\Online Application Guard
    2017-03-11 16:26 - 2017-03-11 16:26 - 00003704 _____ C:\WINDOWS\System32\Tasks\Online Application
    2017-03-11 16:26 - 2017-03-11 16:26 - 00003314 _____ C:\WINDOWS\System32\Tasks\Online Application Updater
    2017-03-11 16:26 - 2017-03-11 16:26 - 00003280 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
    2017-03-11 16:26 - 2017-03-11 16:26 - 00003274 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
    2017-03-11 16:26 - 2017-03-11 16:26 - 00003266 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian
    2017-03-11 16:26 - 2017-03-11 16:26 - 00003262 _____ C:\WINDOWS\System32\Tasks\Online Application v209
    2017-03-11 16:26 - 2017-03-11 16:26 - 00003260 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard
    2017-03-11 16:26 - 2017-03-11 16:26 - 00003248 _____ C:\WINDOWS\System32\Tasks\Online Application v2
    2017-03-11 16:26 - 2017-03-11 16:26 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-03-11 16:26 - 2017-03-11 16:26 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-03-11 16:26 - 2017-03-11 16:26 - 00000000 ____D C:\Program Files (x86)\QForlLgs0EYm
    2017-03-11 16:25 - 2017-03-11 16:29 - 00000000 ____D C:\WINDOWS\system32\SSL
    2017-03-11 16:25 - 2017-03-11 16:25 - 00005134 _____ C:\WINDOWS\System32\Tasks\Pegasbetotion
    2017-03-11 16:25 - 2017-03-11 16:25 - 00000000 ____D C:\Users\eigenaar\AppData\Local\Clwoshzuniing
    2017-03-11 16:25 - 2017-03-11 16:25 - 00000000 ____D C:\ProgramData\60da84b5-7923-0
    2017-03-11 16:25 - 2017-03-11 16:25 - 00000000 ____D C:\ProgramData\60da84b5-57d5-1
    2017-03-11 16:25 - 2017-03-11 16:25 - 00000000 ____D C:\Program Files (x86)\Vosucult
    2017-03-11 16:24 - 2017-03-11 16:24 - 01968128 _____ C:\Users\eigenaar\Downloads\Paladins Multihack.iso
    2017-03-11 16:20 - 2017-03-11 16:20 - 00396658 _____ C:\Users\eigenaar\Downloads\pLh Paladins Multihack v3.1.rar
    EmptyTemp:


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • CControls
  • #4 12 Mar 2017 15:01
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0