Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

yeadesktopbr.com ciągle siedzi w przeglądarkach

Ark777 13 Lip 2017 00:01 570 5
  • #2 13 Lip 2017 00:33
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Advanced SystemCare 10
    Driver Booster 4.3
    Driver Genius Professional Edition
    greaaTsaover
    GS.Enabler
    GS.Supporter 1.80
    TheTorntv V10
    vShare.tv plugin 1.3

    Wykonaj Fixlist.txt dla FRST:
    Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== UWAGA

    Po wykonaniu odinstaluj Online Application.

    Wykonaj kolejny Fixlist.txt dla FRST:
    ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku
    ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku
    ContextMenuHandlers01: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
    ContextMenuHandlers02: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
    ContextMenuHandlers04: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll [2016-09-20] (IObit)
    ContextMenuHandlers1_S-1-5-21-439274392-3969886743-3587469441-1002: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku
    ContextMenuHandlers4_S-1-5-21-439274392-3969886743-3587469441-1002: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku
    ContextMenuHandlers5_S-1-5-21-439274392-3969886743-3587469441-1002: [GGDriveMenu] -> {E68D0A55-3C40-4712-B90D-DCFA93FF2534} => -> Brak pliku
    Task: {00A74C97-C45D-48E8-A8F9-090491148888} - System32\Tasks\e2b84041-0c1a-4381-8a1d-9da93992f838-1 => C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exe <==== UWAGA
    Task: {0F1AFE92-D05D-42D3-B92D-CDB56641B0F0} - System32\Tasks\3ddf4a18-7215-43ac-84e9-9179509c9243 => C:\Program Files (x86)\TheTorntv V10\e2b84041-0c1a-4381-8a1d-9da93992f838-4.exe <==== UWAGA
    Task: {2914DFDF-8D18-4171-AA20-7E2687C772F4} - System32\Tasks\U2_B3A986DC-C2DD-40A0-8C0C-FEF66B783511 => Rundll32.exe "C:\Program Files (x86)\MediaSerchU2\EKmyIvM.dll",#1
    Task: {68C4F171-CB39-4A31-BCBA-1F51DC1B562E} - System32\Tasks\{9FB330D5-0FA5-45A4-8A78-9AE10B9F4F55} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/pl/abandoninstall?page=tsProgressBar
    Task: {7364CCC4-C17E-4212-BB0D-3CD954E249C4} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2017-03-22] (IObit)




    Task: {78DD500E-77E7-478B-BBD8-0F1198077F24} - System32\Tasks\{F18149EA-DE28-447B-9EFB-1E279E8D57B2} => pcalua.exe -a C:\Users\Ark7\Desktop\MT6592_Drivers\MT6592_Drivers\install_driver.exe -d C:\Users\Ark7\Desktop\MT6592_Drivers\MT6592_Drivers
    Task: {80619E6E-8F9C-4E06-9C4F-9220665467A5} - System32\Tasks\{08ADDACB-BF5A-425E-B966-7039C5943A20} => pcalua.exe -a C:\Users\Ark7\Downloads\chromeinstall-8u31.exe -d C:\Users\Ark7\Downloads
    Task: {8F57FA7F-370A-40A0-9A23-BF7B6EA3D358} - System32\Tasks\Driver Booster SkipUAC (Ark7) => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\DriverBooster.exe [2017-03-16] (IObit)
    Task: {9B06EFB8-5D2F-44A2-A958-7F2030EC1E4F} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== UWAGA
    Task: {A2284252-E7BA-4C80-AC15-FF9E663AC1CE} - System32\Tasks\{B3802F70-7817-458B-AC6F-0235BF75EED5} => Firefox.exe hxxp://ui.skype.com/ui/0/6.0.0.126/pl/abandoninstall?page=tsProgressBar
    Task: {A2A7205B-9672-4F6E-A373-7B53325495D0} - System32\Tasks\{74F7259F-E274-457E-B882-B2D751AF3D08} => pcalua.exe -a C:\Users\Ark7\Downloads\irfanview_lang_polski.exe -d C:\Users\Ark7\Downloads
    Task: {B42610C9-06AB-4892-BAE5-6FA683EC0FAC} - System32\Tasks\ASC10_SkipUac_Ark7 => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-03-30] (IObit)
    Task: {BAA1F10A-EB3B-4589-AA6D-0AB965B78726} - System32\Tasks\e2b84041-0c1a-4381-8a1d-9da93992f838-5 => C:\Program Files (x86)\TheTorntv V10\e2b84041-0c1a-4381-8a1d-9da93992f838-5.exe <==== UWAGA
    Task: {C7E3D1AB-A8D2-4600-BB3A-53916776DE23} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.3.0\Scheduler.exe [2017-03-10] (IObit)
    Task: {CFDF2105-224A-4B20-9E49-BB70421D2F9F} - System32\Tasks\{14269C82-D2F3-46FD-B2BD-4271930B2158} => pcalua.exe -a C:\Users\Ark7\Downloads\burrrn_package.exe -d C:\Users\Ark7\Downloads
    Task: {EE9B6764-E341-4658-B5B8-AB6CCBE414B5} - System32\Tasks\{849A61A1-3815-4BC5-8612-012261E835CC} => pcalua.exe -a C:\Users\Ark7\Downloads\iview432_setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: C:\Windows\Tasks\3ddf4a18-7215-43ac-84e9-9179509c9243.job => C:\Program Files (x86)\TheTorntv V10\e2b84041-0c1a-4381-8a1d-9da93992f838-4.exe <==== UWAGA
    Task: C:\Windows\Tasks\e2b84041-0c1a-4381-8a1d-9da93992f838-1.job => C:\Program Files (x86)\TheTorntv V10\TheTorntv V10-codedownloader.exeʀ/xCYZSbT /wEtho=task /gWMvJLxn='TheTorntv V10' /YvgNWEiZ=61855 /qjYqrTs='001823' /YMzvqm='0' /xhEZSH='0' /UWEIILQ=04FAE93763B54638AC9B192E15EF297CIE /tAUqrfGD=6511f4bfc216bd53452a7c1bfbc491d5 /CdtCD=1_34_07_29 /CAkff=1.34.7.29 /PTiMhXL=1407743707 /BaZoM=hxxp:/stats.infostatsserv.com /TZCuVMt=hxxp:/errors.infostatsserv.com /Iqwke=hxxp:/cr.install-daddy.com /GNLClozm=ch /KKzjOg='TheTorntv V10' /SxUoVy=hxxp:/cr.install-daddy.com /ejSGpgz /iLqzES='{asw:[0, -2113929211, 603979776],browser_name:__BROWSER_NAME__}' /rHVwYZrlR='hxxp:/update.infostatsserv.com/ie_code_agent_updates/{CAMP_ID}/update.jso <==== UWAGA
    Task: C:\Windows\Tasks\e2b84041-0c1a-4381-8a1d-9da93992f838-5.job => C:\Program Files (x86)\TheTorntv V10\e2b84041-0c1a-4381-8a1d-9da93992f838-5.exeș/vANheSHL /gWMvJLxn='TheTorntv V10' /YvgNWEiZ=61855 /qjYqrTs='001823' /YMzvqm='0' /xhEZSH='0' /UWEIILQ=04FAE93763B54638AC9B192E15EF297CIE /tAUqrfGD=6511f4bfc216bd53452a7c1bfbc491d5 /CdtCD=1_34_07_29 /PTiMhXL=1407743707 /BaZoM=hxxp:/stats.infostatsserv.com /TZCuVMt=hxxp:/errors.infostatsserv.com /zMUgFZgpo=hxxp:/ipgeoapi.com/ /JBLZsB=hxxp:/update.infostatsserv.com /OULKyFomL=2 /ddJUN=hxxp:/logs.infostatsserv.com /rHVwYZrlR='hxxp:/update.infostatsserv.com/updater_agent_updates/{CAMP_ID}/update.jso <==== UWAGA
    Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <==== UWAGA
    ShortcutWithArgument: C:\Users\Ark7\Desktop\chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Ark7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/
    ShortcutWithArgument: C:\Users\Ark7\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/
    ShortcutWithArgument: C:\Users\Ark7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/
    ShortcutWithArgument: C:\Users\Ark7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Ark7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/
    ShortcutWithArgument: C:\Users\Ark7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktopbr.com/
    ShortcutWithArgument: C:\Users\Ark7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
    ShortcutWithArgument: C:\Users\Ark7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Ark7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktopbr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktopbr.com/
    AlternateDataStreams: C:\Users\Ark7\Cookies:1DmH136KtNiVgN3mFD8Dv4Nj2Z2 [1996]
    AlternateDataStreams: C:\Users\Ark7\AppData\Local\aXiCTqylzQ:KZm89HmyszbczUwMYcChAK796z [2384]
    AlternateDataStreams: C:\Users\Ark7\AppData\Local\Temporary Internet Files:3JJLTf3an6mFVYzx8gj33yJZ [2164]
    AlternateDataStreams: C:\Users\Ark7\AppData\Local\Temporary Internet Files:dUWvnrIvkAyU5hCGVy6K2GJa2i [2302]
    HKLM\...\Run: [gplyra] => C:\Users\Ark7\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] () <==== UWAGA
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [3920672 2017-03-30] (IObit)
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\...\MountPoints2: {5224e09d-3019-11e2-ae11-ccaf78712138} - H:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\...\MountPoints2: {64cd3862-3207-11e1-99b8-b870f4e83f60} - E:\LaunchBFII.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\...\MountPoints2: {7402abf7-de10-11e1-b21b-b870f4e83f60} - E:\Startme.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\...\MountPoints2: {77bf4c72-2fc2-11e1-85cb-b870f4e83f60} - E:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\...\MountPoints2: {77bf4cbd-2fc2-11e1-85cb-b870f4e83f60} - E:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\...\MountPoints2: {83bfbb38-3b7d-11e1-8a83-b870f4e83f60} - E:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\...\MountPoints2: {cfa33eab-3f79-11e1-bc89-b870f4e83f60} - E:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\...\MountPoints2: {dd9e1627-08a9-11e2-b249-b870f4e83f60} - H:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\...\RunOnce: [ScrSav] => C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\...\MountPoints2: {0c1f618c-06eb-11e2-8dab-b870f4e83f60} - H:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\...\MountPoints2: {5224e09d-3019-11e2-ae11-ccaf78712138} - E:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\...\MountPoints2: {64cd3862-3207-11e1-99b8-b870f4e83f60} - E:\LaunchBFII.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\...\MountPoints2: {7402abf7-de10-11e1-b21b-b870f4e83f60} - E:\Startme.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\...\MountPoints2: {77bf4c72-2fc2-11e1-85cb-b870f4e83f60} - E:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\...\MountPoints2: {77bf4cbd-2fc2-11e1-85cb-b870f4e83f60} - E:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\...\MountPoints2: {83bfbb38-3b7d-11e1-8a83-b870f4e83f60} - E:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\...\MountPoints2: {cfa33eab-3f79-11e1-bc89-b870f4e83f60} - E:\AutoRun.exe
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\...\MountPoints2: {dd9e1627-08a9-11e2-b249-b870f4e83f60} - E:\AutoRun.exe
    AppInit_DLLs: C:\PROGRA~2\GS_X64~1.ENA => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910...amp;GUID=00000000-0000-0000-0000-000000000000
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110823&t...s&mntrId=8cf62cf5000000000000ccaf78712138
    HKU\S-1-5-21-439274392-3969886743-3587469441-1002\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&am...mp;affID=124001&tt=040813_10&tsp=4964
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910...amp;GUID=00000000-0000-0000-0000-000000000000
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110823&t...s&mntrId=8cf62cf5000000000000ccaf78712138
    HKU\S-1-5-21-439274392-3969886743-3587469441-1007\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.onet.pl/
    URLSearchHook: [S-1-5-21-439274392-3969886743-3587469441-1002] UWAGA => Brak domyślnego URLSearchHook
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0C9461E9-B56A-4712-BC65-635E1557D8EF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-439274392-3969886743-3587469441-1002 -> DefaultScope {ADD525F6-C759-49C2-A8FA-907F08A7364B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-439274392-3969886743-3587469441-1002 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    SearchScopes: HKU\S-1-5-21-439274392-3969886743-3587469441-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-439274392-3969886743-3587469441-1002 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8CF6CCAF78712138&affID=124001&tt=040813_10&tsp=4964
    SearchScopes: HKU\S-1-5-21-439274392-3969886743-3587469441-1002 -> {ADD525F6-C759-49C2-A8FA-907F08A7364B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-439274392-3969886743-3587469441-1002 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms}
    SearchScopes: HKU\S-1-5-21-439274392-3969886743-3587469441-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-439274392-3969886743-3587469441-1007 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    SearchScopes: HKU\S-1-5-21-439274392-3969886743-3587469441-1007 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-439274392-3969886743-3587469441-1007 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=110823&tt=3712_8&babsrc=SP_ss&mntrId=8cf62cf5000000000000ccaf78712138
    SearchScopes: HKU\S-1-5-21-439274392-3969886743-3587469441-1007 -> {ADD525F6-C759-49C2-A8FA-907F08A7364B} URL = hxxp://www.google.com/search?hl=pl&q={searchTerms}
    BHO: Brak nazwy -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> Brak pliku
    BHO-x32: Brak nazwy -> {97510FAC-ED50-46BF-B2A1-25F434BF1030} -> Brak pliku
    FF user.js: detected! => C:\Users\Ark7\AppData\Roaming\Mozilla\Firefox\Profiles\ycbhueuq.default-1365718582968\user.js [2017-01-04]
    FF Keyword.URL: Mozilla\Firefox\Profiles\ycbhueuq.default-1365718582968 -> hxxp://go.mail.ru/search?fr=fftb&q=
    FF SearchPlugin: C:\Users\Ark7\AppData\Roaming\Mozilla\Firefox\Profiles\ycbhueuq.default-1365718582968\searchplugins\babylon.xml [2013-08-04]
    FF Extension: (Brak nazwy) - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-10-26] [Brak podpisu cyfrowego]
    FF Extension: (Adblocker for Youtube™) - C:\Program Files\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} [2017-07-10] [Brak podpisu cyfrowego]
    FF Extension: (TSearch) - C:\Program Files\Mozilla Firefox\browser\features\{D29DBC80-E8B5-4116-AB62-ECD8ED032A33} [2017-07-10] [Brak podpisu cyfrowego]
    FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} [2017-07-10] [Brak podpisu cyfrowego]
    FF Extension: (TSearch) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{D29DBC80-E8B5-4116-AB62-ECD8ED032A33} [2017-07-10] [Brak podpisu cyfrowego]
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Ark7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgokgcnplbfnkjpejjgafogeecgaini [2017-07-10]
    CHR Extension: (TSearch) - C:\Users\Ark7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgphcdjbnlbnkdooieahfmbmaaipogf [2017-07-10]
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Ark7\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nhgokgcnplbfnkjpejjgafogeecgaini [2017-07-10]
    CHR Extension: (TSearch) - C:\Users\Ark7\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ohgphcdjbnlbnkdooieahfmbmaaipogf [2017-07-10]
    CHR HKU\S-1-5-21-439274392-3969886743-3587469441-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [aeppgfljjlhcnnbddcccndljodpdkpdh] - <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [kpionmjnkbpcdpcflammlgllecmejgjj] - <Brak Path/update_url>
    S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\GSSvc.dll",service
    R1 wfcre; C:\Windows\System32\drivers\wfcre.sys [124288 2017-07-04] ()
    U3 a86dlgxx; C:\Windows\System32\Drivers\a86dlgxx.sys [0 ] (Advanced Micro Devices) <==== UWAGA (zerobajtowy plik/folder)
    2017-07-12 00:38 - 2017-07-12 00:38 - 00000000 _____ C:\autoexec.bat
    2017-07-10 14:53 - 2017-07-10 14:53 - 00000000 ____D C:\Users\Ark7\AppData\Local\Meltytech
    2017-07-10 14:52 - 2017-07-10 14:52 - 00001674 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk
    2017-07-10 14:48 - 2017-07-10 14:52 - 00000000 ____D C:\Program Files\Shotcut
    2017-07-10 14:36 - 2017-07-10 14:36 - 00000266 __RSH C:\Users\Ark7\ntuser.pol
    2017-07-10 14:08 - 2017-07-11 22:34 - 00000000 ____D C:\Program Files (x86)\MediaSerchU2
    2017-07-10 14:08 - 2017-07-10 14:10 - 00000000 ____D C:\Users\Ark7\AppData\Roaming\gplyra
    2017-07-10 14:07 - 2017-07-10 16:49 - 00000000 ____D C:\Program Files (x86)\MediaSerchU
    2017-07-10 14:07 - 2017-07-10 15:59 - 00000000 ____D C:\Program Files (x86)\MediaSerchIE
    2017-07-10 14:07 - 2017-07-10 14:16 - 00003320 _____ C:\Windows\System32\Tasks\Updater_Online_Application
    2017-07-10 14:07 - 2017-07-10 14:07 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-07-10 14:07 - 2017-07-10 14:07 - 00000000 ____D C:\ProgramData\e7fb6f5e-1273-0
    2017-07-10 14:07 - 2017-06-25 14:09 - 00000000 ____D C:\Users\Ark7\AppData\Roaming\UCChannel
    2017-07-10 14:06 - 2017-07-10 14:33 - 00000374 _____ C:\Windows\Tasks\Updater_Online_Application.job
    2017-07-10 14:06 - 2017-07-10 14:07 - 00000000 ____D C:\ProgramData\e7fb6f5e-31e1-1
    2017-07-10 14:05 - 2017-07-10 14:07 - 00000266 __RSH C:\ProgramData\ntuser.pol
    2017-07-10 13:53 - 2017-07-10 13:53 - 00000000 ____D C:\ProgramData\Microleaves
    2017-07-10 13:50 - 2017-07-10 13:50 - 00000000 ____D C:\Users\Ark7\AppData\Roaming\Microleaves
    2017-07-10 13:50 - 2017-07-10 13:50 - 00000000 ____D C:\Users\Ark7\AppData\Local\AdvinstAnalytics
    2017-07-10 13:50 - 2017-07-10 13:50 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-07-04 10:46 - 2017-07-04 10:46 - 00124288 _____ C:\Windows\system32\Drivers\wfcre.sys
    2017-06-25 14:09 - 2017-06-25 14:09 - 00000000 ____D C:\Users\Ark7\AppData\Roaming\baidu
    2017-06-25 14:09 - 2017-06-25 14:09 - 00000000 ____D C:\Users\Ark7\AppData\Roaming\360se6
    2017-06-25 14:09 - 2017-06-25 14:09 - 00000000 ____D C:\Users\Ark7\AppData\Local\UCBrowser
    2017-06-25 14:09 - 2017-06-25 14:09 - 00000000 ____D C:\Users\Ark7\AppData\Local\Tencent
    2017-06-25 14:09 - 2017-06-25 14:09 - 00000000 ____D C:\Users\Ark7\AppData\Local\360chrome
    2017-06-25 14:09 - 2017-06-25 14:09 - 00000000 ____D C:\Users\Ark7\AppData\Local\2345explorer
    2017-06-25 14:08 - 2017-06-25 14:08 - 00003046 _____ C:\Windows\System32\Tasks\U2_B3A986DC-C2DD-40A0-8C0C-FEF66B783511
    2017-06-25 14:08 - 2017-06-25 14:08 - 00000000 ____D C:\ProgramData\d86771bd-1cc1-1

    2017-07-12 13:52 - 2013-08-13 10:25 - 00003532 _____ C:\Windows\System32\Tasks\BrowserDefendert
    2017-07-12 13:46 - 2014-08-11 09:55 - 00000000 ____D C:\Program Files (x86)\TheTorntv V10
    2017-07-12 09:40 - 2017-05-07 22:47 - 00002894 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Ark7)
    2014-01-01 21:19 - 2014-01-01 21:42 - 0009762 _____ () C:\Users\Ark7\AppData\Roaming\LiveSupport.exe_log.txt
    2014-01-01 21:19 - 2014-01-02 22:05 - 0000092 _____ () C:\Users\Ark7\AppData\Roaming\regsvr32.exe_log.txt
    2013-02-28 22:00 - 2013-02-28 22:00 - 0004096 _____ () C:\ProgramData\tbythlfa.ktx
    C:\Users\Ark7\AppData\Roaming\gplyra\gplyra\start.cmd
    EmptyTemp:



    Uzyj AdwCleaner, opcja Scan/Szukaj i Clean/Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #3 13 Lip 2017 01:07
    Ark777
    Poziom 2  

    Nie mogę znaleźć:

    Driver Genius Professional Edition
    GS.Enabler
    TheTorntv V10
    vShare.tv plugin 1.3

    0
  • #4 13 Lip 2017 07:48
    Kolobos
    Spec od komputerów

    To pomin i wykonaj reszte.

    0
  • #5 13 Lip 2017 11:40
    Ark777
    Poziom 2  

    Zrobiłem wszystko.

    Jak włączam skanuj w FRST to się wyłącza program.

    0
  • #6 13 Lip 2017 12:04
    Kolobos
    Spec od komputerów

    Wykonales wszystko co podalem i dopiero uruchamiasz FRST?

    W trybie awaryjnym tez sie zamyka?

    0