Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak się pozbyć niepożądanych programów?

StingerSan 06 Mar 2017 12:04 693 6
  • #1 06 Mar 2017 12:04
    StingerSan
    Poziom 2  

    Witam

    W swojej niewiedzy ściągnąłem aplikację, która zainstalowała sporo niepożądanych programów, część z nich udało mi się usunąć, jednak nie mogę pozbyć się UC浏览器. Komputer został przeskanowany programem Malwarebytes. Zrobiłem tez logi w FRST, które zamieszczam poniżej. Z góry dziękuję za pomoc.

    0 6
  • CControls
  • #2 06 Mar 2017 12:40
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    Task: {85CD1F83-B6C6-476C-BF81-1F60AC304368} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [2017-03-06] (Microsoft Corporation) <==== UWAGA
    Task: C:\Windows\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1498914]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1224482]
    FirewallRules: [{A216B3C4-6DDF-49E2-AB91-D99FA2631949}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
    FirewallRules: [{8B021990-C7FC-4BA8-BD1E-D6A171E4C32F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
    FirewallRules: [{6AF749EB-0B3E-4998-8D6A-EBB9C07F8D65}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
    HKU\S-1-5-21-2709881376-4002949015-483490678-1001\...\Run: [OneDrive] => C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\OneDrive.exe [1518304 2017-03-06] (Microsoft Corporation) <===== UWAGA
    HKU\S-1-5-21-2709881376-4002949015-483490678-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03062017113818965\...\MountPoints2: {69cad1a2-fe5d-11e5-9be5-d8cb8ae1b53b} - "F:\HPLauncher.exe"
    HKU\S-1-5-21-2709881376-4002949015-483490678-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03062017113818965\...\MountPoints2: {6aa59284-616c-11e6-9c10-d8cb8ae1b53b} - "G:\HTC_Sync_Manager_PC.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    ShellExecuteHooks: Brak nazwy - {18F9F110-FFD8-11E6-8FE5-64006A5CFC23} - C:\Users\Stinger\AppData\Roaming\Ghsepy\Moliry.dll -> Brak pliku




    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => -> Brak pliku
    GroupPolicy: Ograniczenia - Windows Defender <======= UWAGA
    CHR StartupUrls: Default -> "hxxp://www.youndoo.com/?z=d8038b0f959a27a399e7fe9gez0b4b6metbe1tfo4w&from=amz&uid=ADATAXSP550_2G0320061165&type=hp"
    S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
    R1 ucdrv; C:\Windows\System32\drivers:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
    S3 NTIOLib_OCKit_MB; \??\C:\Program Files (x86)\MSI\MSI OC Kit\Driver_Service\NTIOLib_X64.sys [X]
    2017-03-06 11:38 - 2017-03-06 11:38 - 00001619 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2017-03-06 11:38 - 2017-03-06 11:38 - 00001589 _____ C:\Users\TEMP\Desktop\UC浏览器.lnk
    2017-03-06 11:38 - 2017-03-06 11:38 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2017-03-06 11:38 - 2017-03-06 11:38 - 00000000 ____D C:\Users\TEMP\AppData\Local\UCBrowser
    2017-03-06 11:38 - 2017-03-06 11:38 - 00000000 ____D C:\Users\TEMP\AppData\Local\TileDataLayer
    2017-03-06 11:01 - 2017-03-06 11:12 - 00000000 ____D C:\Users\Stinger\Doctor Web
    2017-03-06 10:04 - 2017-03-06 10:25 - 00001619 _____ C:\Users\Stinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
    2017-03-06 10:04 - 2017-03-06 10:25 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2017-03-06 10:04 - 2017-03-06 10:23 - 00003476 _____ C:\Windows\System32\Tasks\UCBrowserSecureUpdater
    2017-03-06 10:04 - 2017-03-06 10:23 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-03-06 10:04 - 2017-03-06 10:05 - 00000476 _____ C:\Windows\Tasks\UCBrowserUpdater.job
    2017-03-06 10:04 - 2017-03-06 10:05 - 00000312 _____ C:\Windows\Tasks\UCBrowserUpdaterCore.job
    2017-03-06 10:04 - 2017-03-06 10:04 - 00000888 _____ C:\Users\Stinger\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-03-06 10:04 - 2017-03-06 10:04 - 00000864 _____ C:\Users\Stinger\Desktop\żěŃą.lnk
    2017-03-06 10:04 - 2017-03-06 10:04 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\UCChannel
    2017-03-06 10:04 - 2017-03-06 10:04 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\Softlink
    2017-03-06 10:04 - 2017-03-06 10:04 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\Mozilla
    2017-03-06 10:04 - 2017-03-06 10:04 - 00000000 ____D C:\Users\Stinger\AppData\Local\UCBrowser
    C:\Users\TEMP\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    C:\ProgramData\Gооglе Сhrоmе.lnk.bat
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 06 Mar 2017 17:01
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #5 20 Mar 2017 00:47
    Kolobos
    Spec od komputerów

    Zgraj zakladki z Chrome i FF, skrypt usunie katalog profilu.
    Jezeli synchronizujesz ustawienia Chrome z konta google to usun rowniez dane synchronizacji z konta.

    Usun skroty:
    C:\Users\Stinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk
    C:\Users\Stinger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    C:\Users\Stinger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    i utworz nowe poprawne.

    Odinstaluj:
    amulesw
    WinSnare
    Firefox (po zakonczeniu mozesz zainstalowac ponownie)
    Chrome (po zakonczeniu mozesz zainstalowac ponownie)

    Wykonaj Fixlist.txt w trybie awaryjnym:
    CloseProcesses:
    Task: {221FD982-7C53-4973-9290-D7B8BFCC7BA1} - System32\Tasks\Lajoing => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=ADATAXSP550_2G0320061165&amp;v=201736 /q <==== UWAGA
    Task: {290212A8-691F-4A88-A95E-97684A144353} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] ()
    Task: {5447761C-2822-465E-9445-03FC466AE47D} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: {948128C2-5C83-4F74-B790-47E0F2BDA7CA} - System32\Tasks\hostTask => C:\ProgramData\CloudPrinter\tree.exe
    Task: {963C9612-A65C-49EE-859E-25397B9ACCA8} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
    Task: {BA37B136-F79C-480B-ADF0-946D5374B090} - System32\Tasks\Dilerch Engine => C:\Program Files (x86)\Drarainganipition\xsohgh.exe
    Task: {D0153E8B-7F46-419B-9DE3-B2A9A18EA067} - \UCBrowserSecureUpdater -> Brak pliku <==== UWAGA
    Task: {D4F6F4FA-83A3-41B0-9C49-143C9FB8CFC3} - System32\Tasks\QForlLgs0EYm => qforllgs0eym.exe
    C:\Users\Stinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехрlоrеr.lnk
    C:\Users\Stinger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    C:\Users\Stinger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    ShortcutWithArgument: C:\Users\Stinger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e92a46d25f0fe9d7\Google Chrome.lnk -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&t...from=che0812&uid=ADATAXSP550_2G0320061165
    2017-03-09 19:47 - 2017-03-08 07:41 - 00104624 _____ () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
    2017-03-17 10:22 - 2017-03-17 10:22 - 00113152 ____N () C:\Windows\TEMP\winsap_update\Kyubey.exe
    2017-03-09 19:47 - 2017-03-08 05:16 - 00113152 _____ () c:\programdata\apple\apps\config.dll
    2017-03-09 19:47 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files (x86)\Footper\Application\libglesv2.dll
    2017-03-09 19:47 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files (x86)\Footper\Application\libegl.dll
    AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [25444]
    AlternateDataStreams: C:\Windows\system32\drivers:x64 [1498914]
    AlternateDataStreams: C:\Windows\system32\drivers:x86 [1224482]
    () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    () C:\Windows\Temp\winsap_update\Kyubey.exe
    (hxxp://www.amuleall.org/) C:\Program Files (x86)\amulell\ed2k.exe
    (Google Inc.) C:\Program Files (x86)\Footper\Application\chrome.exe
    HKU\S-1-5-21-2709881376-4002949015-483490678-1001\...\MountPoints2: {69cad1a2-fe5d-11e5-9be5-d8cb8ae1b53b} - "F:\HPLauncher.exe"
    HKU\S-1-5-21-2709881376-4002949015-483490678-1001\...\MountPoints2: {6aa59284-616c-11e6-9c10-d8cb8ae1b53b} - "G:\HTC_Sync_Manager_PC.exe"
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...from=che0812&uid=ADATAXSP550_2G0320061165
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...from=che0812&uid=ADATAXSP550_2G0320061165
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...from=che0812&uid=ADATAXSP550_2G0320061165
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...from=che0812&uid=ADATAXSP550_2G0320061165
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    HKU\S-1-5-21-2709881376-4002949015-483490678-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    HKU\S-1-5-21-2709881376-4002949015-483490678-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&t...from=che0812&uid=ADATAXSP550_2G0320061165
    HKU\S-1-5-21-2709881376-4002949015-483490678-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&t...from=che0812&uid=ADATAXSP550_2G0320061165
    HKU\S-1-5-21-2709881376-4002949015-483490678-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2709881376-4002949015-483490678-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2709881376-4002949015-483490678-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&t...from=che0812&uid=ADATAXSP550_2G0320061165
    FF Extension: (SimilarWeb) - C:\Users\Stinger\AppData\Roaming\Firefox\Firefox\Profiles\arvt5fiq.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-09] [Brak podpisu cyfrowego]
    FF Extension: (FF Adr) - C:\Users\Stinger\AppData\Roaming\Firefox\Firefox\Profiles\arvt5fiq.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-09] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\Stinger\AppData\Roaming\Firefox\Firefox\Profiles\arvt5fiq.default\searchplugins\startsearch.xml [2017-03-09]
    CHR DefaultProfile: ChromeDefaultData
    CHR HomePage: ChromeDefaultData -> hxxp://www.startpageing123.com/?type=hp&t...from=che0812&uid=ADATAXSP550_2G0320061165
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.startpageing123.com/?type=hp&ts=1489594942&z=860347a64a3bd528d1e6a6fg1zab8tdw6tbz7t2c9b&from=che0812&uid=ADATAXSP550_2G0320061165"
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.startpageing123.com/search/?type=d...e0812&uid=ADATAXSP550_2G0320061165&q={searchTerms}
    CHR DefaultSearchKeyword: ChromeDefaultData -> startpageing123
    CHR Profile: C:\Users\Stinger\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-15] <==== UWAGA
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.startpageing123.com/?type=sc&t...from=che0812&uid=ADATAXSP550_2G0320061165
    HKU\S-1-5-21-2709881376-4002949015-483490678-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Footper\Application\chrome.exe (Google Inc.) <==== UWAGA
    R2 Apps_Cfg; C:\ProgramData\Apple\Apps\config.dll [113152 2017-03-08] () [Brak podpisu cyfrowego]
    R2 ed2kidle; C:\Program Files (x86)\amulell\ed2k.exe [214528 2017-03-10] (hxxp://www.amuleall.org/) [Brak podpisu cyfrowego]
    R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [104624 2017-03-08] ()
    S2 Kyubey; C:\Users\Stinger\AppData\Roaming\Kyubey\Kyubey.exe [116224 2017-03-09] () [Brak podpisu cyfrowego]
    R2 WinSAPSvc; C:\Users\Stinger\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-17] (Windows) [Brak podpisu cyfrowego]
    R2 WinSnare; C:\Users\Stinger\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-17] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    R1 ucdrv; C:\Windows\System32\drivers:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA
    S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
    2017-03-19 23:41 - 2017-03-19 23:41 - 00000214 _____ C:\Users\Stinger\Downloads\Fixlog.txt
    2017-03-19 23:41 - 2017-03-19 23:41 - 00000000 ____D C:\Users\Stinger\Downloads\FRST-OlderVersion
    2017-03-19 23:19 - 2017-03-19 23:19 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
    2017-03-19 23:19 - 2017-03-19 23:19 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\aMule
    2017-03-19 23:19 - 2017-03-19 23:19 - 00000000 ____D C:\Program Files (x86)\amulell
    2017-03-19 23:18 - 2017-03-19 23:18 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.3.3)
    2017-03-13 14:04 - 2017-03-13 14:04 - 00000000 ____D C:\Users\Stinger\AppData\Local\AdvinstAnalytics
    2017-03-09 19:47 - 2017-03-19 23:19 - 00003634 _____ C:\Windows\System32\Tasks\Milimili
    2017-03-09 19:47 - 2017-03-19 23:18 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-03-09 19:47 - 2017-03-16 18:03 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-03-09 19:47 - 2017-03-16 18:02 - 00002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-03-09 19:47 - 2017-03-09 19:47 - 00002075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-03-09 19:47 - 2017-03-09 19:47 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\Mozilla
    2017-03-09 19:47 - 2017-03-09 19:47 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\Firefox
    2017-03-09 19:47 - 2017-03-09 19:47 - 00000000 ____D C:\Users\Stinger\AppData\Local\Footper
    2017-03-09 19:47 - 2017-03-09 19:47 - 00000000 ____D C:\Users\Stinger\AppData\Local\Firefox
    2017-03-09 19:47 - 2017-03-09 19:47 - 00000000 ____D C:\ProgramData\Apple
    2017-03-09 19:47 - 2017-03-09 19:47 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-03-09 19:47 - 2017-03-09 19:47 - 00000000 ____D C:\Program Files (x86)\Footper
    2017-03-09 19:47 - 2017-03-09 19:47 - 00000000 ____D C:\Program Files (x86)\Firefox
    2017-03-09 19:47 - 2017-03-09 19:47 - 00000000 ____D C:\Program Files (x86)\58C1A32B_cacayima
    2017-03-09 19:47 - 2016-05-23 03:41 - 00055056 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2017-03-09 19:47 - 2016-05-19 07:42 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2017-03-08 15:49 - 2017-03-19 23:19 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\WinSAPSvc
    2017-03-08 15:49 - 2017-03-19 23:18 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\WinSnare
    2017-03-08 15:49 - 2017-03-09 19:47 - 00000000 _____ C:\Windows\SysWOW64\4
    2017-03-08 15:49 - 2017-03-09 19:47 - 00000000 _____ C:\Windows\SysWOW64\3
    2017-03-08 15:49 - 2017-03-08 15:52 - 00000000 ____D C:\Program Files (x86)\BikaQRss
    2017-03-08 15:49 - 2017-03-08 15:49 - 00000352 _____ C:\Windows\SysWOW64\data.bin
    2017-03-08 15:49 - 2017-03-08 15:49 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\Kyubey
    2017-03-08 15:46 - 2017-03-19 23:18 - 00000000 ____D C:\Program Files (x86)\MK
    2017-03-08 15:45 - 2017-03-08 15:45 - 00000000 ____D C:\Program Files (x86)\thnlsb6c
    2017-03-06 13:48 - 2017-03-06 13:48 - 00004608 _____ C:\Windows\SECOH-QAD.exe
    2017-03-06 13:45 - 2017-03-06 13:46 - 05643069 _____ C:\Users\Stinger\Downloads\KMSpico.10.0.10240 Aktywator Windows 10 Polacam!!!.rar
    2017-03-06 10:08 - 2017-03-06 10:08 - 00021590 _____ C:\Windows\System32\Tasks\QForlLgs0EYm
    2017-03-06 10:06 - 2017-03-06 11:26 - 00000000 ____D C:\ProgramData\Microleaves
    2017-03-06 10:03 - 2017-03-06 11:36 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-03-06 10:03 - 2017-03-06 11:12 - 00000000 ____D C:\ProgramData\PrefersSecure
    2017-03-06 10:03 - 2017-03-06 11:12 - 00000000 ____D C:\ProgramData\Logic Cramble
    2017-03-06 10:03 - 2017-03-06 10:03 - 00140288 _____ C:\Users\Stinger\AppData\Roaming\Installer.dat
    2017-03-06 10:03 - 2017-03-06 10:03 - 00018432 _____ C:\Users\Stinger\AppData\Roaming\Main.dat
    2017-03-06 10:03 - 2017-03-06 10:03 - 00003096 _____ C:\Windows\System32\Tasks\hostTask
    2017-03-06 10:03 - 2017-03-06 10:03 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\Microleaves
    2017-03-06 10:03 - 2017-03-06 10:03 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-03-06 10:03 - 2017-03-06 10:03 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-03-06 10:02 - 2017-03-08 21:26 - 00000000 ____D C:\Program Files (x86)\Drarainganipition
    2017-03-06 10:02 - 2017-03-06 10:25 - 00000000 ____D C:\Users\Stinger\AppData\Roaming\Ghsepy
    2017-03-06 10:02 - 2017-03-06 10:02 - 00006048 _____ C:\Windows\System32\Tasks\Dilerch Engine
    2017-03-06 10:02 - 2017-03-06 10:02 - 00005082 _____ C:\Windows\System32\Tasks\Lajoing
    2017-03-06 10:02 - 2017-03-06 10:02 - 00000000 ____D C:\Users\Stinger\AppData\Local\Qefotojught
    2017-03-06 10:02 - 2017-03-06 10:02 - 00000000 ____D C:\Program Files (x86)\0b7b25eb-3aa3-4493-91f9-475cbb717ed91488790950
    2017-03-06 10:01 - 2017-03-06 11:36 - 00000000 ____D C:\Program Files (x86)\KMSPico
    2017-02-21 20:53 - 2017-02-21 20:53 - 00000000 ___HD C:\Program Files\Common FilesEAInstaller
    2017-03-06 11:35 - 2016-08-18 20:09 - 00000000 _____ C:\ProgramData\Gооglе Сhrоmе.lnk.bat
    2017-03-06 10:03 - 2017-03-06 10:03 - 0140288 _____ () C:\Users\Stinger\AppData\Roaming\Installer.dat
    2017-03-06 10:03 - 2017-03-06 10:03 - 0018432 _____ () C:\Users\Stinger\AppData\Roaming\Main.dat
    2016-08-18 20:09 - 2017-03-06 11:35 - 0000000 _____ () C:\ProgramData\Gооglе Сhrоmе.lnk.bat
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #7 20 Mar 2017 12:24
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0