Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus zena chinskie badziewie

jagol1 03 Kwi 2017 12:51 654 5
  • #1 03 Kwi 2017 12:51
    jagol1
    Poziom 2  

    Jak usunąc tą zene to okropne w załączniku przesyłam skan bo wiem że każdy przypadek wygląda inaczej proszę o pomoc dziękuje pozdrawiam

    0 5
  • Pomocny post
    #2 03 Kwi 2017 12:53
    RADU23
    Moderator - Komputery Serwis

    Jeszcze log Addition.txt załącz.

    0
  • Pomocny post
    #4 03 Kwi 2017 20:18
    Kolobos
    Spec od komputerów

    Zrob kopie zakladek z Chrome, skrypt usunie katalog profilu przegaldarki.

    Odinstaluj: Search module

    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    Task: {0BF5DF1E-24DD-4D6E-A6FC-B48370D91BCB} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-04-03] () <==== UWAGA
    Task: {211BB570-5EFB-46A0-9A43-E12ED604D056} - System32\Tasks\Coehak => "msiexec" /i hxxp://D2bUH1bF1g584W.clOuDfroNt.net/mmtsk/oc...310AS_6RYBX7KJXXXX6RYBX7KJ&amp;d=20170402 /q
    Task: {23E92834-01F4-48AE-B935-A41A0E1CD15B} - System32\Tasks\{8FE2362D-1815-4DDB-8CF7-DA219A00FD45} => pcalua.exe -a "C:\Program Files (x86)\Maoha\MaohaAP\Uninstall.exe"
    Task: {48956E19-9F16-4B47-BA63-0EA46F9D8BD1} - System32\Tasks\SMW_UpdateTask_Time_313938313233313337382d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== UWAGA
    Task: {74201BCC-E206-4E71-8CD2-92D78058B726} - System32\Tasks\IBUpd2 => C:\Users\Jagol\AppData\Local\BrowserAir\48.0.0.0\updater.exe <==== UWAGA
    Task: {A04DE12A-2832-4A13-A303-FE66F62D248A} - System32\Tasks\KuaiZip_Update => C:\PROGRA~1\88D7~1\X86\Update.exe <==== UWAGA
    Task: {A4BEB008-358C-4393-AB5F-4A18A523460A} - System32\Tasks\Feewardvemile Debuger => C:\Program Files (x86)\Chekaspanumerward\xatidom.exe
    Task: {CAFD2C9A-B175-4D6E-BC2A-BCB3DF9546C8} - System32\Tasks\{BA59C4FA-C314-4DAF-969E-0DE9F22F9AEA} => pcalua.exe -a C:\Users\Jagol\Downloads\LF2_v2.0a.exe -d C:\Users\Jagol\Downloads
    Task: {D2B3C861-D44A-42A3-8D82-6BD64B9AE265} - System32\Tasks\PC Clean Plus_DEFAULT => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== UWAGA
    Task: {DF1B8D3F-4179-469C-BEC4-CB05EEE3BD4D} - System32\Tasks\PC Clean Plus_UPDATES => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== UWAGA
    Task: {F6327C7C-B8A7-4912-B534-80EE50489F5A} - System32\Tasks\PC Clean Plus => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== UWAGA
    Task: C:\Windows\Tasks\PC Clean Plus_DEFAULT.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== UWAGA
    Task: C:\Windows\Tasks\PC Clean Plus_UPDATES.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Jagol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/




    ShortcutWithArgument: C:\Users\Jagol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Jagol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s...mbl10au,7d724498-4c22-4da3-9b3e-6df3ee6cef13,,
    ShortcutWithArgument: C:\Users\Jagol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Jagol\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Jagol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Jagol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Jagol\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Jagol\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Jagol\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Jagol\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    2017-04-02 14:04 - 2017-04-02 13:34 - 01164288 _____ () C:\ProgramData\AppalmaaZ\AppalmaaZ.exe
    2017-04-02 12:24 - 2017-04-02 12:24 - 01620992 _____ () C:\ProgramData\service.exe
    2017-04-02 12:24 - 2017-04-02 12:06 - 00043520 _____ () C:\ProgramData\PrefsSecure\Nettrans.exe
    2017-04-02 12:25 - 2017-04-02 12:25 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2016-12-25 20:33 - 2005-06-07 13:26 - 00043008 _____ () D:\Program Files (x86)\WinRAR\rarext64.dll
    2017-04-02 12:24 - 2017-04-02 12:24 - 02072064 _____ () C:\Users\Jagol\AppData\Local\Temp\00008438\msiql.exe
    2017-04-02 14:04 - 2017-04-02 14:04 - 00248320 _____ () C:\ProgramData\AppalmaaZ\InchRemlight.dll
    Hosts:
    () C:\ProgramData\AppalmaaZ\AppalmaaZ.exe
    () C:\ProgramData\service.exe
    () C:\ProgramData\PrefsSecure\Nettrans.exe
    () C:\Users\Jagol\AppData\Local\Temp\00008438\msiql.exe
    (Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
    HKLM-x32\...\RunOnce: [window.bat] => C:\Windows\window.bat [59 2017-01-05] ()
    HKU\S-1-5-21-3790932811-2775903325-2715533029-1000\...\Run: [svchost0] => C:\Program Files (x86)\ttt\uc.exe
    HKU\S-1-5-21-3790932811-2775903325-2715533029-1000\...\Run: [msiql] => C:\Users\Jagol\AppData\Local\Temp\00008438\msiql.exe [2072064 2017-04-02] () <===== UWAGA
    HKU\S-1-5-21-3790932811-2775903325-2715533029-1000\...\Run: [Aeub_wxDG2.exe] => C:\Program Files\Microsoft Games\2PHDXWSWMQK\Aeub_wxDG2.exe -r1_1 -r2_1
    HKU\S-1-5-21-3790932811-2775903325-2715533029-1000\...\MountPoints2: {6ff83ea1-caeb-11e6-8bcb-806e6f6e6963} - G:\Autorun.exe
    HKU\S-1-5-21-3790932811-2775903325-2715533029-1000\...\MountPoints2: {a07fdc97-0304-11e7-968f-001d607b14d8} - H:\Lenovo_Suite.exe
    HKU\S-1-5-21-3790932811-2775903325-2715533029-1000\...\MountPoints2: {b62436c9-cb44-11e6-917b-001d607b14d8} - H:\Lenovo_Suite.exe
    HKU\S-1-5-21-3790932811-2775903325-2715533029-1000\...\MountPoints2: {b62436ca-cb44-11e6-917b-001d607b14d8} - H:\Lenovo_Suite.exe
    HKLM\...\Providers\9cgi1jrb: C:\Program Files (x86)\Feewardvemile Debuger\local64spl.dll
    AppInit_DLLs: C:\ProgramData\AppalmaaZ\ScotPlus.dll => C:\ProgramData\AppalmaaZ\ScotPlus.dll [358912 2017-04-02] ()
    AppInit_DLLs-x32: C:\ProgramData\AppalmaaZ\InchRemlight.dll => C:\ProgramData\AppalmaaZ\InchRemlight.dll [248320 2017-04-02] ()
    ShellExecuteHooks: Brak nazwy - {0E2241DC-12F7-11E7-9DB4-64006A5CFC23} - C:\Users\Jagol\AppData\Roaming\Ckegoent\Qamition.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-04-02] ()
    HKU\S-1-5-21-3790932811-2775903325-2715533029-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...r0i8W8hKlo66eFjT0KhtB0X5iPIz6pM7ncemY,&q={searchTerms}
    HKU\S-1-5-21-3790932811-2775903325-2715533029-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...SshyGxgcEiLqH_LRRNfDFpiw7skH5HSziDNd39HRlAJw,,
    HKU\S-1-5-21-3790932811-2775903325-2715533029-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...r0i8W8hKlo66eFjT0KhtB0X5iPIz6pM7ncemY,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3790932811-2775903325-2715533029-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://zquirrel.com/SmartSearch/index.php?p={searchTerms}&bn=ie&ch_id=IMR1&g=6a92458e-79c6-4d77-b2f6-9b2735fea3f5&
    SearchScopes: HKU\S-1-5-21-3790932811-2775903325-2715533029-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://zquirrel.com/SmartSearch/index.php?p={searchTerms}&bn=ie&ch_id=IMR1&g=6a92458e-79c6-4d77-b2f6-9b2735fea3f5&
    SearchScopes: HKU\S-1-5-21-3790932811-2775903325-2715533029-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...r0i8W8hKlo66eFjT0KhtB0X5iPIz6pM7ncemY,&q={searchTerms}
    FF NewTab: Mozilla\Firefox\Profiles\kpp2f3wn.default -> C:\ProgramData\AppalmaaZs\ff.NT
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\kpp2f3wn.default -> initialsite123
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\kpp2f3wn.default -> initialsite123
    FF Homepage: Mozilla\Firefox\Profiles\kpp2f3wn.default -> C:\ProgramData\AppalmaaZs\ff.HP
    FF SearchPlugin: C:\Users\Jagol\AppData\Roaming\Mozilla\Firefox\Profiles\kpp2f3wn.default\searchplugins\9cgi1jrb.xml [2017-04-02]
    FF SearchPlugin: C:\Users\Jagol\AppData\Roaming\Mozilla\Firefox\Profiles\kpp2f3wn.default\searchplugins\findit.xml [2017-04-02]
    CHR HomePage: Profile 1 -> hxxp://www-searching.com/?pid=s&s=h42ztrm...3-9b3e-6df3ee6cef13,&vp=ch&prd=set_ch
    CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
    CHR DefaultSearchURL: Profile 1 -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...j_igf92VFapFdZObV3VwzcmaveSqGhdSTwef4,&q={searchTerms}
    CHR DefaultSearchKeyword: Profile 1 -> feed.sonic-search.com
    CHR Profile: C:\Users\Jagol\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-02] <==== UWAGA
    C:\Users\Jagol\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR Extension: (easychrome) - C:\Users\Jagol\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-04-02]
    CHR HKU\S-1-5-21-3790932811-2775903325-2715533029-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    R2 AppalmaaZ; C:\ProgramData\\AppalmaaZ\\AppalmaaZ.exe [1164288 2017-04-02] () [Brak podpisu cyfrowego]
    R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-04-02] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2017-04-02] () [Brak podpisu cyfrowego]
    R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [2989056 2017-04-03] (Search Module Ltd.) [Brak podpisu cyfrowego] <==== UWAGA
    S2 surfshieldsrv; C:\Windows\SysWOW64\SurfShield.exe [516096 2017-04-02] () [Brak podpisu cyfrowego]
    S2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [X]
    S2 serverss; C:\Windows\Temp\B49.tmp [X]
    R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-04-02] (WinMount International Inc)
    S3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2017-04-03] ()
    2017-04-03 12:32 - 2017-04-03 12:32 - 00003262 _____ C:\Windows\System32\Tasks\IBUpd2
    2017-04-03 12:29 - 2017-04-03 12:29 - 00000000 ____D C:\Program Files\Common Files\Noobzo
    2017-04-02 15:42 - 2017-04-02 15:42 - 00790016 _____ (te ) C:\Windows\system32\bi3.exe
    2017-04-02 14:04 - 2017-04-03 16:51 - 00000000 ____D C:\ProgramData\AppalmaaZ
    2017-04-02 14:04 - 2017-04-02 14:05 - 00015607 _____ C:\Windows\SysWOW64\findit.xml
    2017-04-02 14:04 - 2017-04-02 14:04 - 00000000 ____D C:\ProgramData\AppalmaaZs
    2017-04-02 14:00 - 2017-04-02 14:00 - 00000000 _____ C:\Users\Jagol\No
    2017-04-02 12:48 - 2017-04-02 12:48 - 00003110 _____ C:\Windows\System32\Tasks\{8FE2362D-1815-4DDB-8CF7-DA219A00FD45}
    2017-04-02 12:31 - 2017-04-02 12:40 - 00000286 _____ C:\Windows\Tasks\PC Clean Plus_UPDATES.job
    2017-04-02 12:31 - 2017-04-02 12:40 - 00000278 _____ C:\Windows\Tasks\PC Clean Plus_DEFAULT.job
    2017-04-02 12:31 - 2017-04-02 12:31 - 00003228 _____ C:\Windows\System32\Tasks\PC Clean Plus_DEFAULT
    2017-04-02 12:31 - 2017-04-02 12:31 - 00003040 _____ C:\Windows\System32\Tasks\PC Clean Plus_UPDATES
    2017-04-02 12:26 - 2017-04-02 13:12 - 00000000 ____D C:\Users\Jagol\AppData\Roaming\KuaiZip
    2017-04-02 12:26 - 2017-04-02 12:31 - 00003122 _____ C:\Windows\System32\Tasks\PC Clean Plus
    2017-04-02 12:26 - 2017-04-02 12:31 - 00000000 ____D C:\Users\Jagol\AppData\Roaming\PC Clean Plus
    2017-04-02 12:26 - 2017-04-02 12:26 - 00003386 _____ C:\Windows\System32\Tasks\KuaiZip_Update
    2017-04-02 12:26 - 2017-04-02 12:26 - 00000837 _____ C:\Users\Jagol\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-04-02 12:26 - 2017-04-02 12:26 - 00000000 ____D C:\Users\Jagol\AppData\Roaming\Event Monitor
    2017-04-02 12:26 - 2017-04-02 12:25 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2017-04-02 12:25 - 2017-04-03 12:38 - 00000000 ____D C:\Users\Jagol\AppData\Local\BrowserAir
    2017-04-02 12:25 - 2017-04-02 13:42 - 00000000 ____D C:\Program Files\żěŃą
    2017-04-02 12:25 - 2017-04-02 12:26 - 00000000 __SHD C:\ProgramData\WindowsMsg
    2017-04-02 12:25 - 2017-04-02 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
    2017-04-02 12:25 - 2017-04-02 12:25 - 00000000 ____D C:\Users\Jagol\AppData\Roaming\Softlink
    2017-04-02 12:24 - 2017-04-03 16:53 - 00000228 _____ C:\Windows\web.bat
    2017-04-02 12:24 - 2017-04-03 12:29 - 00004252 _____ C:\Windows\System32\Tasks\SMW_UpdateTask_Time_313938313233313337382d3437415a556c2a3223346c41
    2017-04-02 12:24 - 2017-04-02 14:04 - 00000000 ____D C:\ProgramData\PrefsSecure
    2017-04-02 12:24 - 2017-04-02 12:24 - 01620992 _____ C:\ProgramData\service.exe
    2017-04-02 12:24 - 2017-04-02 12:24 - 00720033 _____ C:\Windows\unins000.exe
    2017-04-02 12:24 - 2017-04-02 12:24 - 00278509 _____ C:\Users\Jagol\AppData\Roaming\ZumLax.bin
    2017-04-02 12:24 - 2017-04-02 12:24 - 00042556 _____ C:\Windows\unins000.dat
    2017-04-02 12:24 - 2017-04-02 12:24 - 00000000 __SHD C:\Users\Jagol\AppData\Local\svchost
    2017-04-02 12:24 - 2017-04-02 12:24 - 00000000 ____D C:\Users\Jagol\AppData\Roaming\UCChannel
    2017-04-02 12:24 - 2017-04-02 12:24 - 00000000 ____D C:\Users\Jagol\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-04-02 12:24 - 2017-04-02 12:24 - 00000000 ____D C:\ProgramData\SearchModule
    2017-04-02 12:24 - 2017-04-02 12:24 - 00000000 ____D C:\ProgramData\ef211307-5393-1
    2017-04-02 12:24 - 2017-04-02 12:24 - 00000000 ____D C:\ProgramData\ef211307-4345-0
    2017-04-02 12:24 - 2017-01-16 17:06 - 00385510 _____ ( ) C:\Windows\window.exe
    2017-04-02 12:24 - 2017-01-05 11:10 - 00000059 _____ C:\Windows\window.bat
    2017-04-02 12:23 - 2017-04-03 12:29 - 00327680 _____ C:\ProgramData\smp2.exe
    2017-04-02 12:23 - 2017-04-03 12:29 - 00004164 _____ C:\Windows\System32\Tasks\SMW_P
    2017-04-02 12:23 - 2017-04-02 12:24 - 00016224 _____ C:\Users\Jagol\AppData\Roaming\InstallationConfiguration.xml
    2017-04-02 12:23 - 2017-04-02 12:23 - 00516096 _____ C:\Windows\SysWOW64\SurfShield.exe
    2017-04-02 12:23 - 2017-04-02 12:23 - 00140288 _____ C:\Users\Jagol\AppData\Roaming\Installer.dat
    2017-04-02 12:20 - 2017-04-02 12:20 - 00000000 ____D C:\ProgramData\21d68d73-4761-1
    2017-04-02 12:20 - 2017-04-02 12:20 - 00000000 ____D C:\ProgramData\21d68d73-3e15-0
    2017-04-02 12:19 - 2017-04-02 12:27 - 00000000 ____D C:\Users\Jagol\AppData\Roaming\Ckegoent
    2017-04-02 12:19 - 2017-04-02 12:22 - 00000000 ____D C:\Users\Jagol\AppData\Local\Arachcidory
    2017-04-02 12:19 - 2017-04-02 12:19 - 00006094 _____ C:\Windows\System32\Tasks\Feewardvemile Debuger
    2017-04-02 12:18 - 2017-04-02 12:18 - 00005074 _____ C:\Windows\System32\Tasks\Coehak
    2017-04-02 12:23 - 2017-04-02 12:23 - 0023622 _____ () C:\Users\Jagol\AppData\Roaming\aliexpress.ico
    2017-04-02 12:23 - 2017-04-02 12:23 - 0099678 _____ () C:\Users\Jagol\AppData\Roaming\booking.ico
    2017-04-02 12:23 - 2017-04-02 12:24 - 0016224 _____ () C:\Users\Jagol\AppData\Roaming\InstallationConfiguration.xml
    2017-04-02 12:23 - 2017-04-02 12:23 - 0140288 _____ () C:\Users\Jagol\AppData\Roaming\Installer.dat
    2017-04-02 12:24 - 2017-04-02 12:24 - 0278509 _____ () C:\Users\Jagol\AppData\Roaming\ZumLax.bin
    2017-04-02 12:24 - 2017-04-02 12:24 - 1620992 _____ () C:\ProgramData\service.exe
    2017-04-02 12:23 - 2017-04-03 12:29 - 0327680 _____ () C:\ProgramData\smp2.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 04 Kwi 2017 08:35
    Domino_2
    Pomocny dla użytkowników

    Miałeś zamieścić nowe logi ze skanowania, a nie fixlog.

    0