Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Aplikacje same się instalują.

Adi2071 15 Paź 2017 17:03 561 10
  • Pomocny post
    #2 15 Paź 2017 17:32
    krzychupar
    Poziom 40  

    Odinstaluj:
    Online Application

    Otwórz notatnik systemowy i wklej:
    Task: {201EA634-BBEF-4CA2-84FB-6D99A7FB45AB} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: {35C42FC8-2577-431A-B44A-D7051E6F678A} - System32\Tasks\MostFun prographic => C:\Windows\system32\rundll32.exe "C:\Program Files\MostFun prographic\MostFun prographic.dll",vQfIHHEgwi <==== UWAGA
    Task: {45628918-DCB5-44A4-A0B2-86D52E4B65B4} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== UWAGA
    Task: {B37F6C43-3FAD-4794-91AE-ADADA382ADAC} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: {D174C5B6-C4F7-40BF-9017-122FB4B91887} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== UWAGA
    Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== UWAGA
    Shortcut: C:\Users\Wercia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
    Shortcut: C:\Users\Wercia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <==== Cyrillic
    Shortcut: C:\Users\Wercia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Сhromе.lnk -> C:\Users\Wercia\AppData\Roaming\Browsers\exe.emorhc.bat (Brak pliku) <==== Cyrillic
    Shortcut: C:\Users\Wercia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Internet Еxрlоrеr Вrowser.lnk -> C:\Users\Wercia\AppData\Roaming\Browsers\exe.erolpxei.bat (Brak pliku) <==== Cyrillic
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic




    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic
    Shortcut: C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== Cyrillic
    Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) <==== Cyrillic
    Hosts:HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
    HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
    HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
    HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
    HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
    HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
    HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
    HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
    HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    AppInit_DLLs: C:\ProgramData\Quoteex\Sol-Strong.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Quoteex\Greensoft.dll => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <==== UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3mV0xAMOwRfCsvjcl4Mwx2iuH2bVb00b9wCw,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-655650010-282394468-3099514986-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3mV0xAMOwRfCsvjcl4Mwx2iuH2bVb00b9wCw,,&q={searchTerms}
    CHR HKU\S-1-5-21-655650010-282394468-3099514986-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    R4 bdfsfltr; system32\DRIVERS\bdfsfltr.sys [X]
    U4 econceal; system32\DRIVERS\econceal.sys [X]
    U4 TBS; Brak ImagePath
    2017-10-15 12:30 - 2017-10-15 12:31 - 000000000 ____D C:\AdwCleaner
    2017-10-15 12:53 - 2017-10-15 14:41 - 000000000 ____D C:\Program Files\ZIC59ISBYT
    2017-10-15 12:53 - 2017-10-15 14:39 - 000000000 ____D C:\Program Files\8H5XDWAZMS
    2017-10-15 12:14 - 2017-10-15 14:41 - 000000000 ____D C:\Program Files\XJR6VZPH2W
    2017-10-15 12:14 - 2017-10-15 14:39 - 000000000 ____D C:\Program Files\9C4SUAGK9W
    2017-10-15 11:06 - 2017-10-15 14:39 - 000000000 ____D C:\Program Files\B7SIQ2FG1O
    2017-10-15 11:05 - 2017-10-15 14:39 - 000000000 ____D C:\Program Files\1HVKYVOQU4
    2017-10-15 10:46 - 2017-10-15 10:46 - 007334400 _____ () C:\Users\Wercia\AppData\Local\agent.dat
    2017-10-15 10:46 - 2017-10-15 10:46 - 000070800 _____ () C:\Users\Wercia\AppData\Local\Config.xml
    2017-10-15 10:46 - 2017-10-15 10:46 - 000016464 _____ () C:\Users\Wercia\AppData\Local\InstallationConfiguration.xml
    2017-10-15 10:46 - 2017-10-15 10:46 - 000140800 _____ () C:\Users\Wercia\AppData\Local\installer.dat
    2017-10-15 10:46 - 2017-10-15 10:46 - 000005568 _____ () C:\Users\Wercia\AppData\Local\md.xml
    2017-10-15 10:46 - 2017-10-15 10:46 - 000126464 _____ () C:\Users\Wercia\AppData\Local\noah.dat
    2017-10-15 10:49 - 2017-10-15 10:49 - 000032038 _____ () C:\Users\Wercia\AppData\Local\uninstall_temp.ico
    2017-10-15 10:46 - 2017-10-15 10:46 - 001900753 _____ () C:\Users\Wercia\AppData\Local\Zotsaofan.tst
    2017-10-11 16:18 - 2017-10-11 16:18 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
    2017-10-15 12:46 - 2017-10-15 12:46 - 000000004 _____ () C:\ProgramData\hgf.3dew
    C:\ProgramData\perfc.dat
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 15 Paź 2017 17:46
    Adi2071
    Poziom 6  

    Nic to nie dało, utworzyły się nowe foldery a w nim nowe pliki .exe

    0
  • Pomocny post
    #6 15 Paź 2017 18:04
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== UWAGA
    Task: {201EA634-BBEF-4CA2-84FB-6D99A7FB45AB} - \Online Application V2G2 -> Brak pliku <==== UWAGA
    Task: {35C42FC8-2577-431A-B44A-D7051E6F678A} - \MostFun prographic -> Brak pliku <==== UWAGA
    Task: {37913D04-3C03-464D-9D32-8BEF956D648E} - System32\Tasks\PjDfytumxbayONn2 => rundll32 "C:\Program Files (x86)\kqEuPYMaU\cArlTo.dll",#1
    Task: {445758D0-BAAE-4F66-B314-FEDEBAF365C6} - System32\Tasks\zjwPaeaadZaNwF => rundll32 "C:\Program Files (x86)\JIdcnntTvnKU2\ncDAnrklQTHoC.dll",#1
    Task: {45628918-DCB5-44A4-A0B2-86D52E4B65B4} - \Updater_Online_Application -> Brak pliku <==== UWAGA
    Task: {B37F6C43-3FAD-4794-91AE-ADADA382ADAC} - \Online Application V2G3 -> Brak pliku <==== UWAGA
    Task: {CA914A8D-E404-4B96-A33D-BC8377C6FC9C} - System32\Tasks\{C25B5FD3-B6FA-4625-B8FE-AFB891583A04} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://www.skype.com/go/downloading?source=l...taller&ver=7.40.0.103&LastError=12029
    Task: {CF235825-08EF-4817-93CF-282818593F79} - System32\Tasks\Driver Booster SkipUAC (Wercia) => D:\Program Files (x86)\IObit\Driver Booster\5.0.3\DriverBooster.exe
    Task: {D174C5B6-C4F7-40BF-9017-122FB4B91887} - \Online Application V2G1 -> Brak pliku <==== UWAGA
    Task: {D87ED409-DEAA-4E63-A356-A72B94723597} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ErrorReporting => C:\\Users\\Wercia\\AppData\\Roaming\\ErrorReporting\\ermgr.exe
    Task: {DDD72C0B-35BD-4DE7-A038-DDDEB64A8756} - System32\Tasks\PjDfytumxbayONn => rundll32 "C:\Program Files (x86)\kqEuPYMaU\cArlTo.dll",#1
    Task: C:\Windows\Tasks\MostFun prographic.job => rundll32.exe C:\Program Files\MostFun prographic\MostFun prographic.dll
    Task: C:\Windows\Tasks\PjDfytumxbayONn.job => C:\Program Files (x86)\kqEuPYMaU\cArlTo.dll
    ShortcutWithArgument: C:\Users\Wercia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    2017-10-15 17:43 - 2017-10-15 17:43 - 000732160 _____ () C:\Users\Wercia\AppData\Local\Temp\is-UOLMF.tmp\iiu5paq4qxm.tmp
    2017-10-15 17:43 - 2017-10-15 17:43 - 000732160 _____ () C:\Users\Wercia\AppData\Local\Temp\is-TSPM8.tmp\xpvbkuzkmoc.tmp
    2017-10-15 17:43 - 2017-10-15 17:43 - 000732160 _____ () C:\Users\Wercia\AppData\Local\Temp\is-EQPQF.tmp\e2t0xis1k2k.tmp
    2017-10-15 17:43 - 2008-10-15 16:44 - 000205312 _____ () C:\Users\Wercia\AppData\Local\Temp\is-D8R28.tmp\itdownload.dll
    2017-10-15 17:43 - 2008-10-15 16:44 - 000205312 _____ () C:\Users\Wercia\AppData\Local\Temp\is-O87OC.tmp\itdownload.dll
    2017-10-15 17:43 - 2008-10-15 16:44 - 000205312 _____ () C:\Users\Wercia\AppData\Local\Temp\is-D8R29.tmp\itdownload.dll
    ( ) C:\Users\Wercia\AppData\Roaming\onwkd5kd42c\e2t0xis1k2k.exe
    ( ) C:\Users\Wercia\AppData\Roaming\ozcbyrjqi15\iiu5paq4qxm.exe
    ( ) C:\Users\Wercia\AppData\Roaming\d5avonrwzgq\xpvbkuzkmoc.exe
    () C:\Users\Wercia\AppData\Local\Temp\is-UOLMF.tmp\iiu5paq4qxm.tmp
    () C:\Users\Wercia\AppData\Local\Temp\is-TSPM8.tmp\xpvbkuzkmoc.tmp
    () C:\Users\Wercia\AppData\Local\Temp\is-EQPQF.tmp\e2t0xis1k2k.tmp
    HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
    HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
    HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== UWAGA
    HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
    HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== UWAGA
    HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== UWAGA
    HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== UWAGA
    HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
    HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
    HKU\S-1-5-21-655650010-282394468-3099514986-1000\...\Run: [2677636] => C:\Users\Wercia\AppData\Roaming\onwkd5kd42c\e2t0xis1k2k.exe [518655 2017-10-15] ( )
    HKU\S-1-5-21-655650010-282394468-3099514986-1000\...\Run: [9796169] => C:\Users\Wercia\AppData\Roaming\ozcbyrjqi15\iiu5paq4qxm.exe [518655 2017-10-15] ( )
    HKU\S-1-5-21-655650010-282394468-3099514986-1000\...\Run: [6721052] => C:\Users\Wercia\AppData\Roaming\d5avonrwzgq\xpvbkuzkmoc.exe [518655 2017-10-15] ( )
    AppInit_DLLs: C:\ProgramData\Quoteex\Sol-Strong.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Quoteex\Greensoft.dll => Brak pliku
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-655650010-282394468-3099514986-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3mV0xAMOwRfCsvjcl4Mwx2iuH2bVb00b9wCw,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-655650010-282394468-3099514986-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...3mV0xAMOwRfCsvjcl4Mwx2iuH2bVb00b9wCw,,&q={searchTerms}
    BHO: YoutubeAdBlock -> {C0D38E5A-7CF8-4105-8FE8-31B81443A114} -> C:\Program Files (x86)\ZfJRwqLPhIE\tU9wrou.dll [2017-10-15] ()
    FF Homepage: Mozilla\Firefox\Profiles\dm47auzq.default -> user_pref("browser.startup.homepage","hxxp://page-ups.com/all/");
    FF NewTab: Mozilla\Firefox\Profiles\dm47auzq.default -> C:\ProgramData\Quoteexs\ff.NT
    FF Extension: (Tables) - C:\Users\Wercia\AppData\Roaming\Mozilla\Firefox\Profiles\dm47auzq.default\Extensions\378507@extcorp.net.xpi [2017-10-14]
    C:\Users\Wercia\AppData\Roaming\Mozilla\Firefox\Profiles\dm47auzq.default\Extensions\378507@extcorp.net.xpi
    FF Extension: (Adblocker for Youtube™) - C:\Program Files\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59} [2017-10-15] [Brak podpisu cyfrowego]
    C:\Program Files\Mozilla Firefox\browser\features\{5C3FD6D1-9185-4195-B5E1-FAB622427F59}
    CHR HomePage: Default -> msn.com
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Wercia\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnopfmccchnnfdoiddbihbcboeedll [2017-10-15]
    CHR HKU\S-1-5-21-655650010-282394468-3099514986-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
    R1 wfcre; C:\Windows\System32\drivers\wfcre.sys [124288 2017-07-04] ()
    U4 TBS; Brak ImagePath
    C:\Windows\System32\drivers\wfcre.sys
    2017-10-15 15:22 - 2017-10-15 15:22 - 000000000 ____D C:\Windows\logo1_.exe
    2017-10-15 15:20 - 2017-10-15 15:20 - 000001518 _____ C:\Windows\Tasks\MostFun prographic.job
    2017-10-15 14:34 - 2017-10-15 14:34 - 000000000 ____D C:\Windows\VDLL.DLL
    2017-10-15 14:34 - 2017-10-15 14:34 - 000000000 ____D C:\Windows\SysWOW64\wmicuclt.exe
    2017-10-15 14:34 - 2017-10-15 14:34 - 000000000 ____D C:\Windows\SysWOW64\wmicuclt
    2017-10-15 14:34 - 2017-10-15 14:34 - 000000000 ____D C:\Windows\SysWOW64\runouce.exe
    2017-10-15 14:34 - 2017-10-15 14:34 - 000000000 ____D C:\Windows\SysWOW64\regsvr.exe
    2017-10-15 14:34 - 2017-10-15 14:34 - 000000000 ____D C:\Windows\RUNDL132.EXE
    2017-10-15 14:34 - 2017-10-15 14:34 - 000000000 ____D C:\Windows\logo_1.exe
    2017-10-15 14:32 - 2017-10-15 14:32 - 000000000 __RHD C:\Windows\tasksche.exe
    2017-10-15 14:32 - 2017-10-15 14:32 - 000000000 __RHD C:\Windows\perfc.dat
    2017-10-15 14:32 - 2017-10-15 14:32 - 000000000 __RHD C:\Windows\mssecsvc.exe
    2017-10-15 14:32 - 2017-10-15 14:32 - 000000000 __RHD C:\Windows\dllhost.dat
    2017-10-15 13:14 - 2017-10-15 13:14 - 000485512 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
    2017-10-15 13:13 - 2017-08-01 17:34 - 000900336 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\test2.exe
    2017-10-15 13:12 - 2017-10-15 16:58 - 000000000 ____D C:\ProgramData\MicroWorld
    2017-10-15 13:12 - 2017-10-15 13:12 - 000000000 ____D C:\ProgramData\OEM Links
    2017-10-15 13:12 - 2017-08-01 17:45 - 000147768 _____ (MWTI) C:\Windows\SysWOW64\ZIPDLL.DLL
    2017-10-15 13:12 - 2017-08-01 17:45 - 000142584 _____ (MWTI) C:\Windows\SysWOW64\UNZDLL.DLL
    2017-10-15 13:12 - 2017-08-01 17:43 - 000278648 _____ (MicroWorld Technologies Inc.) C:\Windows\inst_tspx.exe
    2017-10-15 13:12 - 2017-08-01 17:43 - 000113312 _____ (MicroWorld Technologies Inc.) C:\Windows\inst_tsp.exe
    2017-10-15 13:12 - 2017-08-01 17:43 - 000091000 _____ (MicroWorld Technologies Inc.) C:\Windows\killproc.exe
    2017-10-15 13:12 - 2017-08-01 17:42 - 000156592 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\Drivers\BACKUP.77758181.mwfsmflt.sys
    2017-10-15 13:12 - 2017-08-01 17:39 - 000707800 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eslogon.dll
    2017-10-15 13:12 - 2017-08-01 17:35 - 003152824 _____ (Commtouch) C:\Windows\SysWOW64\ASAPSDK.DLL
    2017-10-15 13:12 - 2017-08-01 17:35 - 000422456 _____ C:\Windows\SysWOW64\wget.exe
    2017-10-15 13:12 - 2017-08-01 17:29 - 000306656 _____ C:\Windows\SysWOW64\curl.exe
    2017-10-15 13:12 - 2015-10-10 20:08 - 000086248 _____ C:\Windows\SysWOW64\unacev2.dll
    2017-10-15 13:06 - 2017-10-15 13:11 - 409820760 _____ (MicroWorld Technologies Inc. ) C:\Users\Wercia\Downloads\iwn4k3ek.exe
    2017-10-15 12:59 - 2017-10-15 12:59 - 000000000 ____D C:\Users\Wercia\AppData\LocalLow\CelGrfgXIrZdI
    2017-10-15 12:58 - 2017-10-15 12:58 - 000000000 ____D C:\ProgramData\Microleaves
    2017-10-15 12:57 - 2017-10-15 12:57 - 000000000 ____D C:\ProgramData\8c09387a-2d91-1
    2017-10-15 12:57 - 2017-10-15 12:57 - 000000000 ____D C:\ProgramData\8c09387a-04b1-1
    2017-10-15 12:55 - 2017-10-15 12:55 - 000000000 ____D C:\Program Files (x86)\Microleaves
    2017-10-15 12:54 - 2017-10-15 17:43 - 000000290 _____ C:\Windows\Tasks\PjDfytumxbayONn.job
    2017-10-15 12:54 - 2017-10-15 14:42 - 000000000 ____D C:\Program Files (x86)\ZfJRwqLPhIE
    2017-10-15 12:54 - 2017-10-15 14:42 - 000000000 ____D C:\Program Files (x86)\kqEuPYMaU
    2017-10-15 12:54 - 2017-10-15 14:41 - 000000000 ____D C:\Program Files (x86)\JIdcnntTvnKU2
    2017-10-15 12:54 - 2017-10-15 12:54 - 000003060 _____ C:\Windows\System32\Tasks\zjwPaeaadZaNwF
    2017-10-15 12:54 - 2017-10-15 12:54 - 000002706 _____ C:\Windows\System32\Tasks\PjDfytumxbayONn2
    2017-10-15 12:54 - 2017-10-15 12:54 - 000002564 _____ C:\Windows\System32\Tasks\PjDfytumxbayONn
    2017-10-15 12:53 - 2017-10-15 12:53 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\ozcbyrjqi15
    2017-10-15 12:53 - 2017-10-15 12:53 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\onwkd5kd42c
    2017-10-15 12:53 - 2017-10-15 12:53 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\d5avonrwzgq
    2017-10-15 12:52 - 2017-10-15 12:52 - 000000000 ____D C:\ProgramData\8c09387a-2b53-1
    2017-10-15 12:50 - 2017-10-15 12:50 - 000000000 ____D C:\ProgramData\3210e2be-7311-1
    2017-10-15 12:14 - 2017-10-15 12:14 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\y03v5kobsba
    2017-10-15 12:14 - 2017-10-15 12:14 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\0s0wsrsso0d
    2017-10-15 12:13 - 2017-10-15 12:13 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\dos4fwkyzwy
    2017-10-15 11:14 - 2017-10-15 17:38 - 000000008 __RSH C:\Users\Wercia\ntuser.pol
    2017-10-15 11:05 - 2017-10-15 11:06 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\vnlgp
    2017-10-15 11:05 - 2017-10-15 11:05 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\yba31qmgucf
    2017-10-15 11:05 - 2017-10-15 11:05 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\itjreyu0jqo
    2017-10-15 11:05 - 2017-10-15 11:05 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\BrowserModule
    2017-10-15 11:05 - 2017-10-15 11:05 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\4hlptanyo5s
    2017-10-15 11:04 - 2017-10-15 14:45 - 000000000 ____D C:\Windat
    2017-10-15 11:04 - 2017-10-15 14:39 - 000000000 ____D C:\Disk
    2017-10-15 11:03 - 2017-10-15 14:45 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\TablacusApp2
    2017-10-15 11:03 - 2017-10-15 11:03 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-10-15 11:02 - 2017-10-15 14:34 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\ErrorReporting
    2017-10-15 11:02 - 2017-10-15 11:02 - 000000000 ____D C:\ProgramData\WindowsTask
    2017-10-15 11:01 - 2017-10-15 14:43 - 000000000 ____D C:\Users\Wercia\AppData\Local\PCBooster
    2017-10-15 11:01 - 2017-10-15 11:03 - 000000000 ____D C:\ProgramData\explorer
    2017-10-15 11:01 - 2017-10-15 11:01 - 000000000 ____D C:\ProgramData\System32
    2017-10-15 10:56 - 2017-10-15 15:04 - 000000000 ____D C:\WinSys
    2017-10-15 10:56 - 2017-10-15 14:39 - 000000000 ____D C:\Applications
    2017-10-15 10:55 - 2017-10-15 14:24 - 000000000 ____D C:\Users\Wercia\AppData\Local\AdService
    2017-10-15 10:51 - 2017-10-15 10:51 - 000000000 ____D C:\Users\Wercia\AppData\Local\AdvinstAnalytics
    2017-10-15 10:48 - 2017-10-15 10:50 - 000000000 ____D C:\ProgramData\Quoteexs
    2017-10-15 10:47 - 2017-10-15 14:21 - 000000000 ____D C:\ProgramData\Logic Cramble
    2017-10-15 10:46 - 2017-10-15 14:42 - 000000000 ____D C:\ProgramData\Quoteex
    2017-10-11 20:32 - 2017-10-11 20:32 - 001525712 _____ (Tahug ) C:\Users\Wercia\Downloads\Bandicam-30315-AsystentPobierania.exe
    2017-10-11 20:30 - 2017-10-11 20:30 - 000003166 _____ C:\Windows\System32\Tasks\{C25B5FD3-B6FA-4625-B8FE-AFB891583A04}
    2017-10-11 20:29 - 2017-10-11 20:30 - 001632208 _____ (Skype Technologies S.A.) C:\Users\Wercia\Downloads\SkypeSetup (1).exe
    2017-10-11 18:31 - 2017-10-11 18:31 - 000000000 ____D C:\Program Files (x86)\GUM445F.tmp
    2017-10-11 16:02 - 2017-10-11 16:27 - 000002902 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Wercia)
    2017-10-11 16:02 - 2017-10-11 16:02 - 000027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
    2017-10-11 16:02 - 2017-10-11 16:02 - 000000000 ____D C:\Windows\IObit
    2017-10-11 16:02 - 2017-10-11 16:02 - 000000000 ____D C:\Users\Wercia\AppData\LocalLow\IObit
    2017-10-11 16:01 - 2017-10-11 16:33 - 000000000 ____D C:\Users\Wercia\AppData\Roaming\IObit
    2017-10-11 16:01 - 2017-10-11 16:02 - 000000000 ____D C:\ProgramData\IObit
    2017-10-11 15:59 - 2017-10-11 15:59 - 018056536 _____ (IObit ) C:\Users\Wercia\Downloads\driver_booster_setup.exe
    C:\Windows\logo1_.exe
    C:\Windows\logo_1.exe
    C:\Windows\mssecsvc.exe
    C:\Windows\RUNDL132.EXE
    C:\Windows\tasksche.exe
    C:\Windows\VDLL.DLL
    C:\Windows\SysWOW64\regsvr.exe
    C:\Windows\SysWOW64\runouce.exe
    C:\Windows\SysWOW64\wmicuclt.exe

    Po wykonaniu zamiesc nowe logi ze skanowania.

    0
  • #8 15 Paź 2017 18:25
    Kolobos
    Spec od komputerów

    Odinstaluj Online Application (pusty wpis)

    Nowy Fixlist:
    CHR Extension: (Adblocker for Youtube™) - C:\Users\Wercia\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnopfmccchnnfdoiddbihbcboeedll [2017-10-15]
    S1 HWiNFO32; \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [X]
    C:\Users\Wercia\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnopfmccchnnfdoiddbihbcboeedll

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #10 15 Paź 2017 19:55
    Kolobos
    Spec od komputerów

    Przeciez napisalem, ze to wszystko. Logi sa zbedne.

    0
  • #11 15 Paź 2017 20:45
    Adi2071
    Poziom 6  

    Dzięki za pomoc.

    0