Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Reimageplus infekcja Windows 7

rhitmo89 13 Mar 2017 17:56 405 6
  • Pomocny post
    #2 13 Mar 2017 18:08
    Kolobos
    Spec od komputerów

    Nie sciagaj pirackich programow, nie bedziesz mial problemow z infekcja.

    Zrob kopie zakladek z Chrome, skrypt usunie katalog profilu Chrome.

    Zamiast Adblock zainstaluj uBlock Origin.

    Odinstaluj:
    amulesw
    BikaQ Rss
    Browser-Security
    SafeFinder
    VidsqaurE
    WinSnare
    QForlLgs0EYm Updater version 1.2.0.4

    Wykonaj Fixlist.txt dla FRST:
    Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA
    Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA

    Odinstaluj:
    Online.io Application
    Traffic Exchange

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj kolejny Fixlist.txt:
    CloseProcesses:
    Task: {03F73C06-2306-4F5B-B0BB-147083FE903A} - System32\Tasks\Online Application Updater => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe [2017-02-15] (Microleaves) <==== UWAGA
    Task: {0E705659-8B9C-4EFD-B373-5280C2F00490} - System32\Tasks\Online Application Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {13B4F15D-6DFB-4032-AB81-1E191CA7F1AB} - System32\Tasks\psv_Dalttough => cmd.exe /c regedit.exe /s "C:\ProgramData\Hotfresh\Konkcore.reg" &amp; del "C:\ProgramData\Hotfresh\Konkcore.reg" &amp; SCHTASKS /Delete /TN "psv_Dalttough" /F <==== UWAGA
    Task: {26B83A5E-BCD1-4066-ADD3-BCEEE62E08C6} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {28099423-BAAE-4730-AC4F-5B9E193C4A9C} - System32\Tasks\Online Application v2 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {2F3E1A6B-F64C-46FE-992B-699D2BFF214E} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== UWAGA
    Task: {3382921D-3635-4D70-8E1C-A7E05271E99C} - System32\Tasks\Gdaied => "msiexec" /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel....0SSD1_164414826CEE14826CEE&amp;v=20170309 /q <==== UWAGA
    Task: {38C0D582-E530-49B7-B97D-DD78A94C4BC0} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {3E614D41-BC39-4C3C-B0E3-B90C26D932BB} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== UWAGA




    Task: {3EA5E862-0768-4B3A-BA45-5A992561A19C} - System32\Tasks\Online Application => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {439ECC8E-0471-4161-ADA1-9425B38A4779} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {4FBB6274-7CC8-43DB-BD7C-4F1C7C724A0D} - System32\Tasks\Werbering Configuration => C:\Program Files (x86)\Chadtain\xpurecult.exe [2017-03-09] (Glarysoft Ltd)
    Task: {521AB08C-98D3-4F48-8ED4-5A0579F22AC0} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {5545921E-1D77-4E75-882F-BD47526324EB} - System32\Tasks\psv_SanTop => cmd.exe /c regedit.exe /s "C:\ProgramData\Hotfresh\Rundex.reg" &amp; del "C:\ProgramData\Hotfresh\Rundex.reg" &amp; SCHTASKS /Delete /TN "psv_SanTop" /F <==== UWAGA
    Task: {61D02EF3-9773-43C7-9E40-A6B967CACAF0} - System32\Tasks\hostTask => C:\ProgramData\CloudPrinter\tree.exe [2017-03-09] ()
    Task: {6899D7FC-0A2D-44FE-951C-E53117548C1F} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {6C8EC127-644C-4DDD-B49B-D4332A6EF4A8} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {6DDA021D-6FC9-481D-9C0C-6D8403D7A3F0} - System32\Tasks\snf => C:\ProgramData\Hotfresh\Hotfresh.exe [2017-03-09] () <==== UWAGA
    Task: {788AC2FA-9E59-4CF8-BB24-BF5D2B978521} - System32\Tasks\QForlLgs0EYm => qforllgs0eym.exe
    Task: {7D62548A-C082-41EF-B88C-583D51377B56} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {7F9AFACE-6D82-448A-942D-AE5E2C7EB558} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-03-13] ()
    Task: {86BDD691-1FD7-4063-89A1-531FCDD50528} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {8F4B2F96-3E44-4D4F-BF47-68B4187221AF} - System32\Tasks\Online Application Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {A3769D06-7F82-4AF1-9659-CF2FAEBBB65A} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {A435751B-1427-40CC-BAA4-61C68BB2DD89} - System32\Tasks\Online Application v2 => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {C3FF637B-D4DE-4880-B403-30E162DD00E7} - System32\Tasks\snp => C:\ProgramData\Hotfresh\Hotfresh.exe [2017-03-09] () <==== UWAGA
    Task: {C7829B3D-0364-43B3-8993-C0BC6E65107B} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {C7DC75A9-A254-4EE7-BDC0-B0348979AE35} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {D1E68079-514E-4894-AA0D-A83708AB6B11} - System32\Tasks\psv_Ozertough => cmd.exe /c regedit.exe /s "C:\ProgramData\Hotfresh\Donlam.reg" &amp; del "C:\ProgramData\Hotfresh\Donlam.reg" &amp; SCHTASKS /Delete /TN "psv_Ozertough" /F <==== UWAGA
    Task: {E25D2C6F-A784-4A47-BD8B-2103DA90F410} - System32\Tasks\psv_Labla => cmd.exe /c regedit.exe /s "C:\ProgramData\Hotfresh\Freetrax.reg" &amp; del "C:\ProgramData\Hotfresh\Freetrax.reg" &amp; SCHTASKS /Delete /TN "psv_Labla" /F <==== UWAGA
    Task: {E7DB5C41-4993-48C4-8A07-543B13457717} - System32\Tasks\Online Application v2 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {FDF1F8A1-9D48-442E-A7C8-6E1FFDE5D5D4} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {FE4BB7C8-2E7A-496E-8B4C-88CFCCC97AC6} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-01] ()
    Task: C:\Windows\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\Windows\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
    ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Marcin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
    2017-03-09 19:43 - 2017-03-09 19:43 - 00307200 _____ () C:\Program Files (x86)\Werbering Configuration\local64spl.dll
    2017-03-09 19:40 - 2017-03-09 19:40 - 01125376 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe
    2017-03-09 19:40 - 2017-03-09 19:40 - 01125376 _____ () C:\ProgramData\Hotfresh\Hotfresh.exe
    2017-03-09 19:41 - 2017-03-01 23:57 - 02794496 _____ () C:\Users\Marcin\AppData\Roaming\gplyra\gplyra\gplyra.exe
    2017-03-09 19:41 - 2017-02-22 15:40 - 00313344 _____ () C:\Program Files (x86)\QForlLgs0EYm Updater\QForlLgs0EYm Updater.exe
    2017-03-09 19:40 - 2017-03-09 19:40 - 00358912 _____ () C:\ProgramData\Hotfresh\NewTraxtop.dll
    2017-03-10 16:14 - 2017-03-13 07:31 - 00113664 _____ () C:\Users\Marcin\AppData\Roaming\Kyubey\Kyubey.exe
    () C:\ProgramData\CloudPrinter\CloudPrinter.exe
    () C:\ProgramData\Hotfresh\Hotfresh.exe
    () C:\Users\Marcin\AppData\Roaming\gplyra\gplyra\gplyra.exe
    () C:\Program Files (x86)\QForlLgs0EYm Updater\QForlLgs0EYm Updater.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe
    (hxxp://www.amuleall.org/) C:\Program Files (x86)\amulell\ed2k.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe
    (rod ltd) C:\Program Files (x86)\QForlLgs0EYm\qforllgs0eym.exe
    () C:\Users\Marcin\AppData\Roaming\Kyubey\Kyubey.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    (Microleaves LTD) C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe
    HKLM\...\Run: [gplyra] => C:\Users\Marcin\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] ()
    HKU\S-1-5-21-2659545665-1724747453-2590309073-1000\...\MountPoints2: G - G:\SETUP.EXE
    HKU\S-1-5-18\...\Run: [] => [X]
    HKLM\...\Providers\9i0hqj4q: C:\Program Files (x86)\Werbering Configuration\local64spl.dll [307200 2017-03-09] ()
    AppInit_DLLs: C:\ProgramData\Hotfresh\NewTraxtop.dll => C:\ProgramData\Hotfresh\NewTraxtop.dll [358912 2017-03-09] ()
    AppInit_DLLs-x32: C:\ProgramData\Hotfresh\Dongfresh.dll => C:\ProgramData\Hotfresh\Dongfresh.dll [248320 2017-03-10] ()
    ShellExecuteHooks: Brak nazwy - {A3B75268-0389-11E7-BBCC-64006A5CFC23} - C:\Users\Marcin\AppData\Roaming\Vuneing\Ritydreversh.dll -> Brak pliku
    Tcpip\..\Interfaces\{078D4DFC-2ACF-440E-B06C-02ABA9969AD3}: [NameServer] 82.163.142.8,95.211.158.136
    Tcpip\..\Interfaces\{95E66F5E-9341-4275-A05B-E28798D04B65}: [NameServer] 82.163.142.8,95.211.158.136
    HKU\S-1-5-21-2659545665-1724747453-2590309073-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...wlDeFnkadx1WmEgY9GydWrbZFsgWsfQIU_bg,,&q={searchTerms}
    HKU\S-1-5-21-2659545665-1724747453-2590309073-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...vdJen51GriiLV45BJADnjWptz97RQ-U-HN3fNk30aFg,,,,
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...wlDeFnkadx1WmEgY9GydWrbZFsgWsfQIU_bg,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2659545665-1724747453-2590309073-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...wlDeFnkadx1WmEgY9GydWrbZFsgWsfQIU_bg,,&q={searchTerms}
    FF user.js: detected! => C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\6e6n0r1z.default\user.js [2017-03-07]
    FF Homepage: Mozilla\Firefox\Profiles\6e6n0r1z.default -> C:\ProgramData\Hotfreshs\ff.HP
    FF NewTab: Mozilla\Firefox\Profiles\6e6n0r1z.default -> C:\ProgramData\Hotfreshs\ff.NT
    FF Extension: (Browser-Security) - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\6e6n0r1z.default\Extensions\firefox@browser-security.de.xpi [2017-03-08]
    FF Extension: (Adblock Plus) - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\6e6n0r1z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-07]
    FF SearchPlugin: C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\6e6n0r1z.default\searchplugins\9i0hqj4q.xml [2017-03-09]
    FF SearchPlugin: C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\6e6n0r1z.default\searchplugins\findit.xml [2017-03-12]
    CHR DefaultProfile: ChromeDefaultData
    CHR HomePage: ChromeDefaultData -> hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...KimF1Fybu-ie2dRzQc3foH4BMNgq-kNHEdPa3qLpOkA,,,,
    CHR Profile: C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-13] <==== UWAGA
    C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR Extension: (Wize) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj [2017-03-09]
    CHR Extension: (AdBlock) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-07]
    CHR HKU\S-1-5-21-2659545665-1724747453-2590309073-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [1125376 2017-03-09] () [Brak podpisu cyfrowego]
    R2 ed2kidle; C:\Program Files (x86)\amulell\ed2k.exe [214528 2017-03-10] (hxxp://www.amuleall.org/) [Brak podpisu cyfrowego]
    R2 Hotfresh; C:\ProgramData\\Hotfresh\\Hotfresh.exe [1125376 2017-03-09] () [Brak podpisu cyfrowego]
    R2 Kyubey; C:\Users\Marcin\AppData\Roaming\Kyubey\Kyubey.exe [113664 2017-03-13] () [Brak podpisu cyfrowego]
    S2 PrefersSecure; C:\ProgramData\PrefersSecure\Nettrans.exe [44544 2017-03-02] () [Brak podpisu cyfrowego]
    R2 QForlLgs0EYm Updater; C:\Program Files (x86)\QForlLgs0EYm Updater\QForlLgs0EYm Updater.exe [313344 2017-02-22] () [Brak podpisu cyfrowego]
    R2 WinSAPSvc; C:\Users\Marcin\AppData\Roaming\WinSAPSvc\WinSAP.dll [184320 2017-03-13] (Windows) [Brak podpisu cyfrowego]
    R2 WinSnare; C:\Users\Marcin\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-13] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    2017-03-13 07:31 - 2017-03-13 07:31 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.2.9)
    2017-03-13 07:25 - 2017-03-13 07:25 - 00000000 ____D C:\Program Files (x86)\9i0hqj4q
    2017-03-12 19:40 - 2017-03-12 19:40 - 00003678 _____ C:\Windows\System32\Tasks\snp
    2017-03-12 19:40 - 2017-03-12 19:40 - 00003266 _____ C:\Windows\System32\Tasks\snf
    2017-03-12 19:40 - 2017-03-12 19:40 - 00003264 _____ C:\Windows\System32\Tasks\psv_Ozertough
    2017-03-12 19:40 - 2017-03-12 19:40 - 00003264 _____ C:\Windows\System32\Tasks\psv_Labla
    2017-03-11 09:35 - 2017-03-13 07:27 - 00000000 _____ C:\Windows\SysWOW64\1
    2017-03-10 16:14 - 2017-03-13 07:31 - 00003602 _____ C:\Windows\System32\Tasks\Milimili
    2017-03-10 16:14 - 2017-03-13 07:31 - 00003206 _____ C:\Windows\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
    2017-03-10 16:14 - 2017-03-13 07:31 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\WinSnare
    2017-03-10 16:14 - 2017-03-13 07:31 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\WinSAPSvc
    2017-03-10 16:14 - 2017-03-10 16:14 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
    2017-03-10 16:14 - 2017-03-10 16:14 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\Kyubey
    2017-03-10 16:14 - 2017-03-10 16:14 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\aMule
    2017-03-10 16:14 - 2017-03-10 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
    2017-03-10 16:14 - 2017-03-10 16:14 - 00000000 ____D C:\Program Files (x86)\MIO
    2017-03-10 16:14 - 2017-03-10 16:14 - 00000000 ____D C:\Program Files (x86)\BikaQRss
    2017-03-10 16:14 - 2017-03-10 16:14 - 00000000 ____D C:\Program Files (x86)\amulell
    2017-03-10 16:14 - 2017-03-10 16:14 - 00000000 _____ C:\Windows\SysWOW64\4
    2017-03-10 16:14 - 2017-03-10 16:14 - 00000000 _____ C:\Windows\SysWOW64\3
    2017-03-10 16:09 - 2017-03-13 07:31 - 00000000 ____D C:\Program Files (x86)\MK
    2017-03-10 07:02 - 2017-03-10 07:02 - 00003272 _____ C:\Windows\System32\Tasks\psv_Dalttough
    2017-03-10 06:49 - 2017-03-10 06:49 - 00003258 _____ C:\Windows\System32\Tasks\psv_SanTop
    2017-03-09 19:48 - 2017-03-09 19:48 - 06404636 _____ C:\Users\Marcin\Downloads\PowerISO v5.5 plus keygen.waqarr.rar
    2017-03-09 19:48 - 2012-12-26 17:39 - 00000000 ____D C:\Users\Marcin\Downloads\PowerISO v5.5 plus keygen.waqarr
    2017-03-09 19:44 - 2017-03-09 19:44 - 00000000 ____D C:\ProgramData\Microleaves
    2017-03-09 19:43 - 2017-03-10 07:01 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\Vuneing
    2017-03-09 19:43 - 2017-03-09 19:43 - 00006090 _____ C:\Windows\System32\Tasks\Werbering Configuration
    2017-03-09 19:43 - 2017-03-09 19:43 - 00000000 ____D C:\Users\Marcin\AppData\Local\Stices
    2017-03-09 19:43 - 2017-03-09 19:43 - 00000000 ____D C:\Program Files (x86)\Werbering Configuration
    2017-03-09 19:42 - 2017-03-13 07:25 - 00000000 ____D C:\Program Files (x86)\Chadtain
    2017-03-09 19:42 - 2017-03-09 19:42 - 00005072 _____ C:\Windows\System32\Tasks\Gdaied
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000334 _____ C:\Windows\Tasks\Online Application v209.job
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000334 _____ C:\Windows\Tasks\Online Application v209 Guardian.job
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000334 _____ C:\Windows\Tasks\Online Application v209 Guard.job
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 3.job
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 2.job
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000324 _____ C:\Windows\Tasks\Traffic Exchange v209 - 1.job
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000324 _____ C:\Windows\Tasks\Online Application v2.job
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000324 _____ C:\Windows\Tasks\Online Application v2 Guardian.job
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000324 _____ C:\Windows\Tasks\Online Application v2 Guard.job
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 3.job
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 2.job
    2017-03-09 19:41 - 2017-03-13 17:47 - 00000314 _____ C:\Windows\Tasks\Traffic Exchange v2 - 1.job
    2017-03-09 19:41 - 2017-03-13 16:44 - 00000366 ____H C:\Windows\Tasks\Traffic Exchange Updater.job
    2017-03-09 19:41 - 2017-03-13 07:44 - 00000380 _____ C:\Windows\Tasks\Online Application Updater.job
    2017-03-09 19:41 - 2017-03-09 19:41 - 00021544 _____ C:\Windows\System32\Tasks\QForlLgs0EYm
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003590 _____ C:\Windows\System32\Tasks\Online Application Guardian
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003590 _____ C:\Windows\System32\Tasks\Online Application Guard
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003590 _____ C:\Windows\System32\Tasks\Online Application
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guardian
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange Guard
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003580 _____ C:\Windows\System32\Tasks\Traffic Exchange
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003212 _____ C:\Windows\System32\Tasks\Online Application Updater
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003196 _____ C:\Windows\System32\Tasks\Traffic Exchange Updater
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209 Guardian
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209 Guard
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003160 _____ C:\Windows\System32\Tasks\Online Application v209
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 3
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 2
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003150 _____ C:\Windows\System32\Tasks\Traffic Exchange v209 - 1
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003150 _____ C:\Windows\System32\Tasks\Online Application v2 Guardian
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003150 _____ C:\Windows\System32\Tasks\Online Application v2 Guard
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003150 _____ C:\Windows\System32\Tasks\Online Application v2
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 3
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 2
    2017-03-09 19:41 - 2017-03-09 19:41 - 00003140 _____ C:\Windows\System32\Tasks\Traffic Exchange v2 - 1
    2017-03-09 19:41 - 2017-03-09 19:41 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\gplyra
    2017-03-09 19:41 - 2017-03-09 19:41 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-03-09 19:41 - 2017-03-09 19:41 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-03-09 19:41 - 2017-03-09 19:41 - 00000000 ____D C:\Program Files (x86)\QForlLgs0EYm Updater
    2017-03-09 19:41 - 2017-03-09 19:41 - 00000000 ____D C:\Program Files (x86)\QForlLgs0EYm
    2017-03-09 19:41 - 2017-03-09 19:41 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-03-09 19:40 - 2017-03-13 17:19 - 00000000 ____D C:\ProgramData\Hotfresh
    2017-03-09 19:40 - 2017-03-12 19:40 - 00002398 _____ C:\Windows\SysWOW64\findit.xml
    2017-03-09 19:40 - 2017-03-10 06:52 - 00000000 ____D C:\ProgramData\Logic Cramble
    2017-03-09 19:40 - 2017-03-09 19:41 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\Microleaves
    2017-03-09 19:40 - 2017-03-09 19:40 - 07288832 _____ C:\Users\Marcin\AppData\Roaming\agent.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 01938535 _____ C:\Users\Marcin\AppData\Roaming\TempSonstrong.bin
    2017-03-09 19:40 - 2017-03-09 19:40 - 01893818 _____ C:\Users\Marcin\AppData\Roaming\Inhome.tst
    2017-03-09 19:40 - 2017-03-09 19:40 - 01125376 _____ C:\Users\Marcin\AppData\Roaming\Voyatop.exe
    2017-03-09 19:40 - 2017-03-09 19:40 - 01125376 _____ C:\Users\Marcin\AppData\Roaming\Inhome.exe
    2017-03-09 19:40 - 2017-03-09 19:40 - 00140288 _____ C:\Users\Marcin\AppData\Roaming\Installer.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 00126464 _____ C:\Users\Marcin\AppData\Roaming\noah.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 00126464 _____ C:\Users\Marcin\AppData\Roaming\lobby.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 00072787 _____ C:\Users\Marcin\AppData\Roaming\Voyatop.tst
    2017-03-09 19:40 - 2017-03-09 19:40 - 00070752 _____ C:\Users\Marcin\AppData\Roaming\Config.xml
    2017-03-09 19:40 - 2017-03-09 19:40 - 00054272 _____ C:\Users\Marcin\AppData\Roaming\ApplicationHosting.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 00018432 _____ C:\Users\Marcin\AppData\Roaming\Main.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 00016560 _____ C:\Users\Marcin\AppData\Roaming\InstallationConfiguration.xml
    2017-03-09 19:40 - 2017-03-09 19:40 - 00005568 _____ C:\Users\Marcin\AppData\Roaming\md.xml
    2017-03-09 19:40 - 2017-03-09 19:40 - 00003072 _____ C:\Windows\System32\Tasks\hostTask
    2017-03-09 19:40 - 2017-03-09 19:40 - 00000000 ____D C:\ProgramData\PrefersSecure
    2017-03-09 19:40 - 2017-03-09 19:40 - 00000000 ____D C:\ProgramData\Hotfreshs
    2017-03-09 19:40 - 2017-03-09 19:40 - 00000000 ____D C:\ProgramData\CloudPrinter
    2017-03-09 19:40 - 2017-03-09 19:40 - 7288832 _____ () C:\Users\Marcin\AppData\Roaming\agent.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 0054272 _____ () C:\Users\Marcin\AppData\Roaming\ApplicationHosting.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 0070752 _____ () C:\Users\Marcin\AppData\Roaming\Config.xml
    2017-03-09 19:40 - 2017-03-09 19:40 - 1125376 _____ () C:\Users\Marcin\AppData\Roaming\Inhome.exe
    2017-03-09 19:40 - 2017-03-09 19:40 - 1893818 _____ () C:\Users\Marcin\AppData\Roaming\Inhome.tst
    2017-03-09 19:40 - 2017-03-09 19:40 - 0016560 _____ () C:\Users\Marcin\AppData\Roaming\InstallationConfiguration.xml
    2017-03-09 19:40 - 2017-03-09 19:40 - 0140288 _____ () C:\Users\Marcin\AppData\Roaming\Installer.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 0126464 _____ () C:\Users\Marcin\AppData\Roaming\lobby.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 0018432 _____ () C:\Users\Marcin\AppData\Roaming\Main.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 0005568 _____ () C:\Users\Marcin\AppData\Roaming\md.xml
    2017-03-09 19:40 - 2017-03-09 19:40 - 0126464 _____ () C:\Users\Marcin\AppData\Roaming\noah.dat
    2017-03-09 19:40 - 2017-03-09 19:40 - 1938535 _____ () C:\Users\Marcin\AppData\Roaming\TempSonstrong.bin
    2017-03-09 19:40 - 2017-03-09 19:40 - 0032038 _____ () C:\Users\Marcin\AppData\Roaming\uninstall_temp.ico
    2017-03-09 19:40 - 2017-03-09 19:40 - 1125376 _____ () C:\Users\Marcin\AppData\Roaming\Voyatop.exe
    2017-03-09 19:40 - 2017-03-09 19:40 - 0072787 _____ () C:\Users\Marcin\AppData\Roaming\Voyatop.tst
    EmptyTemp:


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 13 Mar 2017 22:53
    Kolobos
    Spec od komputerów

    Wykonaj:
    > Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 13 Mar 2017 23:25
    Kolobos
    Spec od komputerów

    Usun dane synchronizacyjne Chrome z konta google:
    https://support.google.com/chrome/answer/6386691?hl=pl

    Nowy Fixlist.txt dla FRST:
    CHR DefaultProfile: ChromeDefaultData
    CHR StartupUrls: ChromeDefaultData -> "hxxp://google.pl/"
    CHR Profile: C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-13] <==== UWAGA
    C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    2017-03-13 22:29 - 2017-03-13 22:31 - 00000000 ____D C:\AdwCleaner
    2017-03-13 22:26 - 2017-03-13 22:26 - 00000000 ____D C:\Users\Marcin\Downloads\FRST-OlderVersion

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #7 14 Mar 2017 00:02
    rhitmo89
    Poziom 10  

    Rozwiązano zgodnie z poleceniami. Dziękuję.

    0