Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyj±tek www.elektroda.pl do Adblock.
Dzięki temu, że ogl±dasz reklamy, wspierasz portal i użytkowników.

Usunięcie wirusa żěѱ (dziwne chińskie znaki)

mariusz198787 11 Mar 2017 21:28 498 2
  • #2 11 Mar 2017 21:38
    Swistak00126
    Poziom 10  

    Cze¶ć :)
    Pobierz i zainstaluj sobie na pocz±tek program MalwareBytes
    Przeskanujesz tym komputer niechciane pliki oraz je usuniesz itp(w większo¶ci przypadków pomaga).
    Je¶li to nie wystarczy i dalej będziesz miał problemy użyj programu ADW Cleaner

    Pozdrawiam Swistak :)

    0
  • #3 11 Mar 2017 23:13
    Kolobos
    Spec od komputerów

    Odinstaluj:
    WinRAR Packages
    SpyBot

    Wykonaj Fixlist.txt dla FRST:
    Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA

    Odinstaluj: Traffic Exchange

    Wykonaj kolejny Fixlist.txt:
    CloseProcesses:
    Task: {0CB04F85-EA49-4F94-B881-C2538DA5BB99} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {233BEC28-3080-465A-BE96-0D96362AC72F} - System32\Tasks\{48048342-FFAF-34E9-2F1D-65F97C09C1ED} => C:\ProgramData\{B7B79B9C-001C-2C37-3762-713B3E7D8DC2}\86B031DE-311B-8675-0D35-9B3CBB2CB1FC.exe [2017-03-11] () <==== UWAGA
    Task: {26FE5E41-FC84-46D9-A468-2E8C4445F249} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program
    Task: {45372C91-D306-4BD5-A4F9-C3E8292A0862} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {47E6D81E-D6EB-4582-99E1-415FEC16A308} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {5789326E-ED45-4C91-AC1B-206FF6072BF1} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {5A944AC7-61C7-4C5C-AC4A-0E0B0EB6166F} - System32\Tasks\PPI Update => C:\Windows\explorer.exe "hxxp://insightcdn.online/download/index.php?mn=9995" <==== UWAGA
    Task: {5CAADF27-32BC-47F2-BE27-4243173B8645} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {5E67D809-E522-4276-A0AF-CEECBEADA4B6} - System32\Tasks\Muhecult => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel....7E680_TMA55CPY28LTLL28LTLLX&amp;v=2017311 /q
    Task: {5E7FD5FA-4F72-4C1F-AB57-A2C8B88EF975} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {6F212C3D-C949-4927-AA36-6440AF9EEAA0} - System32\Tasks\{396CE0A1-F11A-4046-A835-BC5C43BA5FA3} => pcalua.exe -a C:\Users\Marian\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=amt
    Task: {7680EA7A-78F8-47FF-A97B-214E1C5BB46D} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {7BBB0541-F318-487C-A58E-BAAFC0834F84} - System32\Tasks\osTip => Chrome.exe <==== UWAGA




    Task: {8562A80C-38EC-4C53-8F28-0DE6B6F98001} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {9407CCBB-5D1E-473D-9DA5-D86568C7AB07} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {9F7D34D4-7A73-4991-8B73-FBA1C426B1B5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {AE2CC2B5-5326-40B1-AE66-7E1293827A76} - System32\Tasks\KuaiZip_Update => C:\Program Files\żěѱ\X86\Update.exe [2017-03-11] (Shanghai Guangle Network Technology Ltd
    ) <==== UWAGA
    Task: {BE417370-B65A-417C-BE00-C06D19F96703} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files (x86)\Rising\RAV\rsdelaylauncher.exe
    Task: {CDD00735-1907-4FFD-A2FB-342786A69078} - System32\Tasks\{E87FC7D7-E7FC-9479-EF65-28148E31950A} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\93093d4a\ac5ddb8a.dll" <==== UWAGA
    Task: {CED99559-8919-4B1F-8B5B-7600F13E62A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {D0310C66-CF6C-4660-B564-850122C76970} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {E615250E-2149-49F2-A75F-1FDD4E5E86FC} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Marian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Marian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    2017-03-11 20:36 - 2017-03-11 20:36 - 01620992 _____ () C:\ProgramData\service.exe
    2017-03-11 20:38 - 2017-03-11 20:38 - 00524696 _____ () C:\Program Files\żěѱ\X64\KZipShell.dll
    2017-03-11 20:36 - 2017-03-11 20:36 - 02072064 _____ () C:\Users\Marian\AppData\Local\Temp\00004317\msiql.exe
    2017-03-11 20:36 - 2017-03-08 14:31 - 00117561 _____ () C:\Users\Marian\AppData\Local\Epjhtion\aacdbc6111cfb3aea70f7f85aa148411.exe
    2017-03-11 20:52 - 2017-03-01 23:57 - 02794496 _____ () C:\Users\Marian\AppData\Roaming\gplyra\gplyra\gplyra.exe
    2017-03-11 20:38 - 2017-03-11 20:38 - 00579992 _____ () C:\Program Files\żěѱ\X86\UpdateChecker.exe
    2017-03-11 20:38 - 2017-03-11 20:38 - 00219032 _____ () c:\program files\żěń±\x86\kuaizipupdatechecker.dll
    2017-03-11 20:36 - 2017-03-11 20:36 - 01259520 _____ () C:\Users\Marian\AppData\Local\Ujrmedia\htgqexjl.dll
    2017-03-11 20:38 - 2017-03-11 20:38 - 01289216 _____ () C:\Users\Marian\AppData\Local\Epjhtion\plswazkx.dll
    2015-06-14 10:51 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-06-14 10:51 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-06-14 10:51 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-06-14 10:51 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-06-14 10:51 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    () C:\ProgramData\service.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    () C:\Users\Marian\AppData\Local\Temp\00004317\msiql.exe
    (Filefacts.net) C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    () C:\Users\Marian\AppData\Local\Epjhtion\aacdbc6111cfb3aea70f7f85aa148411.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe
    () C:\Users\Marian\AppData\Roaming\gplyra\gplyra\gplyra.exe
    () C:\Program Files\żěѱ\X86\UpdateChecker.exe
    HKLM\...\Run: [gplyra] => C:\Users\Marian\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] ()
    HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [283248 2014-10-10] (Filefacts.net)
    HKLM-x32\...\Run: [SFAUpdater] => C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe [655472 2014-10-10] (Filefacts.net)
    HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rising\Rs.exe
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [35328 2007-05-14] ()
    HKU\S-1-5-21-1910115470-2127154807-2346064159-1001\...\Run: [Epjhtion] => C:\Users\Marian\AppData\Local\Epjhtion\aacdbc6111cfb3aea70f7f85aa148411.exe [117561 2017-03-08] ()
    HKU\S-1-5-21-1910115470-2127154807-2346064159-1001\...\Run: [Ujrmedia] => regsvr32.exe C:\Users\Marian\AppData\Local\Ujrmedia\htgqexjl.dll <===== UWAGA
    HKU\S-1-5-21-1910115470-2127154807-2346064159-1001\...\Run: [msiql] => C:\Users\Marian\AppData\Local\Temp\00004317\msiql.exe [2072064 2017-03-11] () <===== UWAGA
    HKU\S-1-5-21-1910115470-2127154807-2346064159-1001\...\Run: [osmsg] => C:\ProgramData\WindowsMsg\Chrome.exe [7316992 2017-03-10] ()
    HKU\S-1-5-21-1910115470-2127154807-2346064159-1001\...\Run: [Akkworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marian\AppData\Local\Epjhtion\plswazkx.dll <===== UWAGA
    HKU\S-1-5-21-1910115470-2127154807-2346064159-1001\...\MountPoints2: {57ece4d6-d8c4-11e5-8484-485ab6bcd816} - H:\startme.exe
    HKU\S-1-5-21-1910115470-2127154807-2346064159-1001\...\MountPoints2: {648d09f5-c5ab-11e4-8366-485ab6bcd816} - H:\LG_PC_Programs.exe
    HKU\S-1-5-18\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => -> Brak pliku
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěѱ\X64\KZipShell.dll [2017-03-11] ()
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    CHR HKU\S-1-5-21-1910115470-2127154807-2346064159-1001\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    AutoConfigURL: [.DEFAULT] => hxxp://no-blok.biz/wpad.dat?c90a1f64ee83b557ec6be46f2bdc857126193381
    AutoConfigURL: [S-1-5-21-1910115470-2127154807-2346064159-1001] => hxxp://no-blok.biz/wpad.dat?c90a1f64ee83b557ec6be46f2bdc857126193381
    Tcpip\Parameters: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{0C3E246B-F7E3-4B72-B639-E1F1B5CDF411}: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{0C3E246B-F7E3-4B72-B639-E1F1B5CDF411}: [DhcpNameServer] 82.163.143.157
    Tcpip\..\Interfaces\{5C660ED3-B8D6-4310-AAC0-BAA2B5A8C2E3}: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{9AC0F7A9-13FA-44CC-804A-D5503A06CFEC}: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{A6A895B6-2EE3-4634-832C-DFC205254989}: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{BB0ACD08-971A-4377-BB92-841D01177F75}: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{C2124593-B2E9-4044-A05C-AA25F496C29A}: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{E3644D87-2094-42E0-AEAA-C24016E98FB0}: [NameServer] 82.163.143.157 82.163.142.159
    Tcpip\..\Interfaces\{E3644D87-2094-42E0-AEAA-C24016E98FB0}: [DhcpNameServer] 82.163.143.157
    ManualProxies: 0hxxp://no-blok.biz/wpad.dat?c90a1f64ee83b557ec6be46f2bdc857126193381
    RemoveProxy:
    BHO: Brak nazwy -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Brak pliku
    BHO-x32: Brak nazwy -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> Brak pliku
    FF Extension: (APK Downloader) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\y1cr3xwc.default-1471641659299\Extensions\jid1-6MGm94JnyY2VkA@jetpack.xpi [2017-03-08]
    FF Extension: (Adblock Plus) - C:\Users\Marian\AppData\Roaming\Mozilla\Firefox\Profiles\y1cr3xwc.default-1471641659299\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-01]
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\npQMExtensionsMozilla.dll [Brak pliku]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\4807498.js [2017-03-11] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\4807498.cfg [2017-03-11] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [mgmkibjehmijilgdlafejbedipjcjeaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-03-11] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 KuaizipUpdateChecker; C:\Program Files\żěѱ\X86\kuaizipUpdateChecker.dll [219032 2017-03-11] ()
    S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
    R1 cryptfd; C:\Windows\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-16] ()
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-08-16] ()
    R2 KuaiZipDrive; C:\Windows\system32\drivers\KuaiZipDrive.sys [92832 2017-03-11] (WinMount International Inc)
    S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [54904 2016-03-16] (电脑管家)
    S3 NETwNs64; system32\DRIVERS\Netwsw00.sys [X]
    S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\TsDefenseBT64.sys [X]
    S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17347.218\TsNetHlpX64.sys [X]
    2017-03-11 20:52 - 2017-03-11 20:52 - 00000000 ____D C:\Users\Marian\AppData\Roaming\gplyra
    2017-03-11 20:42 - 2017-03-11 20:42 - 00000000 ____D C:\ProgramData\03916249-4d15-1
    2017-03-11 20:42 - 2017-03-11 20:42 - 00000000 ____D C:\ProgramData\03916249-3477-0
    2017-03-11 20:40 - 2017-03-11 20:40 - 00000000 ____D C:\ProgramData\Microleaves
    2017-03-11 20:40 - 2017-03-11 20:40 - 00000000 ____D C:\ProgramData\142865ee-38e3-0
    2017-03-11 20:40 - 2017-03-11 20:40 - 00000000 ____D C:\ProgramData\03916249-4217-0
    2017-03-11 20:40 - 2017-03-11 20:40 - 00000000 ____D C:\ProgramData\03916249-27d7-1
    2017-03-11 20:38 - 2017-03-11 21:22 - 00000000 ____D C:\Users\Marian\AppData\Roaming\KuaiZip
    2017-03-11 20:38 - 2017-03-11 20:38 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2017-03-11 20:38 - 2017-03-11 20:38 - 00003390 _____ C:\Windows\System32\Tasks\KuaiZip_Update
    2017-03-11 20:38 - 2017-03-11 20:38 - 00002932 _____ C:\Windows\System32\Tasks\osTip
    2017-03-11 20:38 - 2017-03-11 20:38 - 00000839 _____ C:\Users\Marian\AppData\Roaming\Microsoft\Windows\Start Menu\żěѱ.lnk
    2017-03-11 20:38 - 2017-03-11 20:38 - 00000815 _____ C:\Users\Marian\Desktop\żěѱ.lnk
    2017-03-11 20:38 - 2017-03-11 20:38 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Softlink
    2017-03-11 20:38 - 2017-03-11 20:38 - 00000000 ____D C:\Program Files\żěѱ
    2017-03-11 20:37 - 2017-03-11 21:22 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 3.job
    2017-03-11 20:37 - 2017-03-11 21:22 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 2.job
    2017-03-11 20:37 - 2017-03-11 21:22 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 1.job
    2017-03-11 20:37 - 2017-03-11 21:22 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
    2017-03-11 20:37 - 2017-03-11 21:22 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
    2017-03-11 20:37 - 2017-03-11 21:22 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
    2017-03-11 20:37 - 2017-03-11 20:55 - 00000366 ____H C:\Windows\Tasks\Traffic Exchange Updater.job
    2017-03-11 20:37 - 2017-03-11 20:53 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
    2017-03-11 20:37 - 2017-03-11 20:53 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
    2017-03-11 20:37 - 2017-03-11 20:53 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange
    2017-03-11 20:37 - 2017-03-11 20:53 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 3
    2017-03-11 20:37 - 2017-03-11 20:53 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 1
    2017-03-11 20:37 - 2017-03-11 20:53 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
    2017-03-11 20:37 - 2017-03-11 20:53 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
    2017-03-11 20:37 - 2017-03-11 20:52 - 00003196 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
    2017-03-11 20:37 - 2017-03-11 20:52 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 2
    2017-03-11 20:37 - 2017-03-11 20:52 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
    2017-03-11 20:37 - 2017-03-11 20:38 - 00000000 __SHD C:\ProgramData\WindowsMsg
    2017-03-11 20:37 - 2017-03-11 20:37 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-03-11 20:36 - 2017-03-11 20:53 - 00000000 ____D C:\Users\Marian\AppData\Roaming\Microleaves
    2017-03-11 20:36 - 2017-03-11 20:38 - 00000000 ____D C:\Users\Marian\AppData\Local\Epjhtion
    2017-03-11 20:36 - 2017-03-11 20:36 - 01620992 _____ C:\ProgramData\service.exe
    2017-03-11 20:36 - 2017-03-11 20:36 - 00001105 _____ C:\Users\Marian\Desktop\AutoTime.lnk
    2017-03-11 20:36 - 2017-03-11 20:36 - 00001008 _____ C:\Users\Marian\Desktop\Install Registry Activation - Free Download.lnk
    2017-03-11 20:36 - 2017-03-11 20:36 - 00000000 __SHD C:\Users\Marian\AppData\Local\svchost
    2017-03-11 20:36 - 2017-03-11 20:36 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
    2017-03-11 20:36 - 2017-03-11 20:36 - 00000000 ____D C:\Users\Marian\AppData\Roaming\UCChannel
    2017-03-11 20:36 - 2017-03-11 20:36 - 00000000 ____D C:\Users\Marian\AppData\Local\Ujrmedia
    2017-03-11 20:36 - 2017-03-11 20:36 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-03-11 20:36 - 2017-03-11 20:36 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-03-11 20:35 - 2017-03-11 20:37 - 00000000 ____D C:\ProgramData\03916249-7bd5-0
    2017-03-11 20:35 - 2017-03-11 20:35 - 00003820 _____ C:\Windows\System32\Tasks\{48048342-FFAF-34E9-2F1D-65F97C09C1ED}
    2017-03-11 20:35 - 2017-03-11 20:35 - 00003730 _____ C:\Windows\System32\Tasks\{E87FC7D7-E7FC-9479-EF65-28148E31950A}
    2017-03-11 20:35 - 2017-03-11 20:35 - 00000000 ____D C:\ProgramData\93093d4a
    2017-03-11 20:35 - 2017-03-11 20:35 - 00000000 ____D C:\ProgramData\142865ee-4f13-0
    2017-03-11 20:35 - 2017-03-11 20:35 - 00000000 ____D C:\ProgramData\03916249-2bf5-1
    2017-03-11 20:35 - 2017-03-11 20:35 - 00000000 ____D C:\ProgramData\{B7B79B9C-001C-2C37-3762-713B3E7D8DC2}
    2017-03-11 20:35 - 2017-03-11 20:35 - 00000000 ____D C:\ProgramData\{3fd87efa-112c-0}
    2017-03-11 20:35 - 2017-03-11 20:35 - 00000000 ____D C:\ProgramData\{0c7c77ce-412c-1}
    2017-03-11 20:33 - 2017-03-11 20:33 - 00005072 _____ C:\Windows\System32\Tasks\Muhecult
    2017-03-11 20:33 - 2017-03-11 20:33 - 00000000 ____D C:\Users\Marian\AppData\Local\Qowage
    2017-03-11 20:33 - 2017-03-11 20:33 - 00000000 ____D C:\Program Files (x86)\Serhesy
    2017-03-11 20:32 - 2017-03-11 20:32 - 00003544 _____ C:\Windows\System32\Tasks\PPI Update
    2017-03-03 03:35 - 2017-03-03 03:35 - 00193448 _____ C:\Windows\system32\Drivers\cryptfd.sys
    2016-03-23 22:20 - 2016-03-23 22:20 - 6493696 _____ () C:\Users\Marian\AppData\Roaming\agent.dat
    2016-03-23 22:24 - 2016-03-23 22:24 - 0005120 _____ () C:\Users\Marian\AppData\Roaming\GiftBag.db
    2016-03-23 22:18 - 2016-03-23 22:18 - 0127488 _____ () C:\Users\Marian\AppData\Roaming\Installer.dat
    2016-03-23 22:20 - 2016-03-23 22:20 - 0018432 _____ () C:\Users\Marian\AppData\Roaming\Main.dat
    2015-07-27 20:34 - 2015-07-27 20:34 - 0000000 _____ () C:\Users\Marian\AppData\Local\Temp.dat
    2017-03-11 20:36 - 2017-03-11 20:36 - 1620992 _____ () C:\ProgramData\service.exe
    EmptyTemp:

    Podany Fixlist.txt wykonaj w trybie awaryjnym.

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0