Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Lenovo Y700 Win10 - Wirus KuaiZip jak usunąć złośliwe oprogrmowanie?

dino_14 14 Mar 2017 20:24 375 10
  • #1 14 Mar 2017 20:24
    dino_14
    Poziom 3  

    Witam,
    Dziś wieczorem ściągałem save do Assassins Creed i po wypakowaniu antywirus zaczął wyswietlać komunikat że komputer jest zainfekowany.
    Po skanowaniu wyskoczyło że jest nim oprogramowanie KuaiZip i nie mogę go w żaden sposób odinstalować. Nie wiem co to za program i jak z nim walczyć bo to pierwszy mój taki przypadek. Proszę o pomoc i wskazówki.

    0 10
  • #2 14 Mar 2017 20:26
    Kolobos
    Spec od komputerów

    Zamiesc w zalaczniku wymagane logi z FRST!

    0
  • #3 14 Mar 2017 20:28
    dino_14
    Poziom 3  

    Mogę prosić o wyjaśnienie? Nie jestem za specjalnie w temacie.

    0
  • Pomocny post
    #6 14 Mar 2017 20:53
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA
    Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA

    W FRST wybierz Napraw.

    Odinstaluj:
    Online.io Application
    Traffic Exchange
    Trojan Killer

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj kolejny Fixlist.txt dla FRST:
    CloseProcesses:
    Task: {092E90AD-CC2A-420B-96B6-AD9DBAC3E044} - System32\Tasks\Online Application Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {1BB1E8E7-D1B9-4072-9DB3-0BA2C312E2D9} - System32\Tasks\Online Application Updater => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe [2017-02-15] (Microleaves) <==== UWAGA
    Task: {1EFC5969-B19F-4C25-B337-332C682D8288} - System32\Tasks\Online Application v2 => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {275A0C2A-3CBF-45EB-99AE-677B0C97BFFA} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {28508C08-E69D-4093-A8BF-460EBBD21C95} - System32\Tasks\snp => C:\ProgramData\Hotfresh\Hotfresh.exe <==== UWAGA
    Task: {2A9705AA-0E50-46DC-8968-6A7C3B4AE138} - System32\Tasks\Online Application v2 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {2C14427E-58BC-45FF-8599-292C0F76505C} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {37C99203-8144-45AA-A65F-2632599FE10E} - System32\Tasks\psv_Goodhold => cmd.exe /c regedit.exe /s "C:\ProgramData\Hotfresh\Kay-Touch.reg" &amp; del "C:\ProgramData\Hotfresh\Kay-Touch.reg" &amp; SCHTASKS /Delete /TN "psv_Goodhold" /F <==== UWAGA
    Task: {585BBA10-81F3-41C8-8B5C-8DC253313F7C} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {5AEE82A7-72BA-4F1C-B944-D74F074FDAB3} - System32\Tasks\Online Application => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {5CD27747-B952-4DF5-98F7-3322120643D5} - System32\Tasks\Online Application Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA




    Task: {6CF0E58A-F8EE-4245-A019-FBCEB2D033C1} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {722BEF53-13D7-46AE-986D-ED4BA1F44499} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {7437FCED-6185-48ED-9C0C-D2631C9C3A36} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {7CA5DB34-2F9D-4F3C-B5ED-4265C5790CBB} - System32\Tasks\psv_K-Golab => cmd.exe /c regedit.exe /s "C:\ProgramData\Hotfresh\Zonetraxzap.reg" &amp; del "C:\ProgramData\Hotfresh\Zonetraxzap.reg" &amp; SCHTASKS /Delete /TN "psv_K-Golab" /F <==== UWAGA
    Task: {863AE183-E359-4F84-9B8C-253BAEE68672} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe [2017-02-15] (Microleaves) <==== UWAGA
    Task: {8CA426B0-2B72-4C8D-A953-BCF5219E07B6} - System32\Tasks\KuaiZip_Update => C:\Program Files\żěŃą\X86\Update.exe [2017-03-14] (Shanghai Guangle Network Technology Ltd
    ) <==== UWAGA
    Task: {9E30F831-46CF-4D7A-A00B-F1DD2ADF7E0A} - System32\Tasks\psv_Topdox => cmd.exe /c regedit.exe /s "C:\ProgramData\Hotfresh\RunKix.reg" &amp; del "C:\ProgramData\Hotfresh\RunKix.reg" &amp; SCHTASKS /Delete /TN "psv_Topdox" /F <==== UWAGA
    Task: {ABEAF246-B8B7-49FC-81B9-4FB3ACD621BA} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {B0CBD530-E7A0-48D7-B8D0-E17AEB8325BF} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {B38CF91E-9F23-40DF-A0EE-04E02EC91566} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {B7152ED2-A37D-4A1E-B92B-1AB1DE0FE5CD} - System32\Tasks\Online Application v2 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: {C0E9FB77-9C44-4944-B76B-842A7603DDA7} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe [2016-08-17] (Microleaves LTD) <==== UWAGA
    Task: {CB2E34E9-1244-4E87-BE80-AF3013284227} - System32\Tasks\snf => C:\ProgramData\Hotfresh\Hotfresh.exe <==== UWAGA
    Task: {D9229E3B-1991-4DB8-9D92-D08405EC6515} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe [2017-02-07] (Microleaves LTD) <==== UWAGA
    Task: {FEFF98C9-0754-4EB3-A275-D28717A24BEE} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe [2016-11-22] (Microleaves LTD) <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\Hubert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hubert\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Hubert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hubert\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hubert\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hubert\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    2017-03-14 19:23 - 2017-03-14 19:23 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    2017-03-14 19:23 - 2017-03-14 19:23 - 00219032 _____ () c:\program files\żěńą\x86\kuaizipupdatechecker.dll
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKU\S-1-5-18\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-03-14] ()
    Tcpip\..\Interfaces\{9a8b1ba0-3c21-4220-b151-4cb624fc86e3}: [DhcpNameServer] 150.207.1.3
    Tcpip\..\Interfaces\{ad9a0295-bcfb-4cb6-9f28-d9dee8407400}: [NameServer] 82.163.142.8,95.211.158.136
    HKU\S-1-5-21-2807512041-2557869618-4014255153-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...4riPPBlW8nAxR1e7wFbLs4mULF0I43NpiyJFo,&q={searchTerms}
    HKU\S-1-5-21-2807512041-2557869618-4014255153-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61...TP9emQIxzuC0Rlz_XU1-31KgAG1deAduG3HontBEOrrc,,
    HKU\S-1-5-21-2807512041-2557869618-4014255153-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-2807512041-2557869618-4014255153-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...4riPPBlW8nAxR1e7wFbLs4mULF0I43NpiyJFo,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2807512041-2557869618-4014255153-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...4riPPBlW8nAxR1e7wFbLs4mULF0I43NpiyJFo,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2807512041-2557869618-4014255153-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%6...4riPPBlW8nAxR1e7wFbLs4mULF0I43NpiyJFo,&q={searchTerms}
    CHR DefaultSearchURL: Default -> hxxp://feed.wizesearch.com/?fext=true&pub...54&publisher=defaultwize&st=ed&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> Wize
    CHR Extension: (Wize) - C:\Users\Hubert\AppData\Local\Google\Chrome\User Data\Default\Extensions\feeilhmlfcpfchpbgoknoeefdkbgionj [2017-03-14]
    CHR Extension: (easychrome) - C:\Users\Hubert\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-03-14]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-03-14] ()
    S2 RunBooster; C:\Program Files\RunBooster\RunBoosterService64.exe [286720 2017-03-14] (SkyNET Corporation) [Brak podpisu cyfrowego] <==== UWAGA
    S2 backlh; C:\ProgramData\Logic Cramble\set.exe [X]
    S2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a
    S2 GoogleChromeUpService; C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51504 /local:br [X] <==== UWAGA
    S2 Hotfresh; C:\ProgramData\\Hotfresh\\Hotfresh.exe shuz -f "C:\ProgramData\\Hotfresh\\Hotfresh.dat" -l -a
    R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92832 2017-03-14] (WinMount International Inc)
    R2 WinDivert1.2; C:\WINDOWS\system32\drivers\WinDivert64.sys [37552 2017-03-14] (Basil)
    S1 ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== UWAGA
    2017-03-14 20:02 - 2017-03-14 20:02 - 01811408 _____ (GridinSoft LLC) C:\Users\Hubert\Downloads\TrojanKiller-Setup.exe
    2017-03-14 20:02 - 2017-03-14 20:02 - 00000907 _____ C:\Users\Hubert\Desktop\Trojan Killer.lnk
    2017-03-14 20:02 - 2017-03-14 20:02 - 00000000 ____D C:\Program Files\Trojan Killer
    2017-03-14 19:28 - 2017-03-14 20:00 - 00000000 ____D C:\Program Files\RunBooster
    2017-03-14 19:28 - 2017-03-14 19:28 - 00037552 _____ (Basil) C:\WINDOWS\system32\Drivers\WinDivert64.sys
    2017-03-14 19:25 - 2017-03-14 19:26 - 00000000 ____D C:\ProgramData\Microleaves
    2017-03-14 19:24 - 2017-03-14 19:42 - 00000000 ____D C:\Program Files (x86)\UCBrowser
    2017-03-14 19:24 - 2017-03-14 19:24 - 00000000 ____D C:\Users\Hubert\AppData\Local\UCBrowser
    2017-03-14 19:23 - 2017-03-14 19:43 - 00000406 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
    2017-03-14 19:23 - 2017-03-14 19:43 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
    2017-03-14 19:23 - 2017-03-14 19:43 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
    2017-03-14 19:23 - 2017-03-14 19:43 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
    2017-03-14 19:23 - 2017-03-14 19:43 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
    2017-03-14 19:23 - 2017-03-14 19:43 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
    2017-03-14 19:23 - 2017-03-14 19:43 - 00000354 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
    2017-03-14 19:23 - 2017-03-14 19:24 - 00000000 ____D C:\Users\Hubert\AppData\Roaming\UCChannel
    2017-03-14 19:23 - 2017-03-14 19:23 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003722 _____ C:\WINDOWS\System32\Tasks\snp
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003562 _____ C:\WINDOWS\System32\Tasks\KuaiZip_Update
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003334 _____ C:\WINDOWS\System32\Tasks\psv_Goodhold
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003314 _____ C:\WINDOWS\System32\Tasks\snf
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003294 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
    2017-03-14 19:23 - 2017-03-14 19:23 - 00003242 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
    2017-03-14 19:23 - 2017-03-14 19:23 - 00000889 _____ C:\Users\Hubert\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-03-14 19:23 - 2017-03-14 19:23 - 00000000 ____D C:\Users\Hubert\AppData\Roaming\Softlink
    2017-03-14 19:23 - 2017-03-14 19:23 - 00000000 ____D C:\Users\Hubert\AppData\Roaming\Mozilla
    2017-03-14 19:23 - 2017-03-14 19:23 - 00000000 ____D C:\Users\Hubert\AppData\Roaming\KuaiZip
    2017-03-14 19:23 - 2017-03-14 19:23 - 00000000 ____D C:\Users\Hubert\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-03-14 19:23 - 2017-03-14 19:23 - 00000000 ____D C:\Program Files\żěŃą
    2017-03-14 19:22 - 2017-03-14 19:43 - 00000420 _____ C:\WINDOWS\Tasks\Online Application Updater.job
    2017-03-14 19:22 - 2017-03-14 19:43 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209.job
    2017-03-14 19:22 - 2017-03-14 19:43 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
    2017-03-14 19:22 - 2017-03-14 19:43 - 00000374 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
    2017-03-14 19:22 - 2017-03-14 19:43 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2.job
    2017-03-14 19:22 - 2017-03-14 19:43 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job
    2017-03-14 19:22 - 2017-03-14 19:43 - 00000364 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job
    2017-03-14 19:22 - 2017-03-14 19:29 - 00000000 ____D C:\ProgramData\Logic Cramble
    2017-03-14 19:22 - 2017-03-14 19:29 - 00000000 ____D C:\ProgramData\Hotfresh
    2017-03-14 19:22 - 2017-03-14 19:29 - 00000000 ____D C:\ProgramData\CloudPrinter
    2017-03-14 19:22 - 2017-03-14 19:23 - 00000000 ____D C:\Users\Hubert\AppData\Roaming\Microleaves
    2017-03-14 19:22 - 2017-03-14 19:23 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-03-14 19:22 - 2017-03-14 19:23 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-03-14 19:22 - 2017-03-14 19:23 - 00000000 ____D C:\ProgramData\Hotfreshs
    2017-03-14 19:22 - 2017-03-14 19:23 - 00000000 ____D C:\Program Files (x86)\Microleaves
    2017-03-14 19:22 - 2017-03-14 19:22 - 07298560 _____ C:\Users\Hubert\AppData\Roaming\agent.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 01938540 _____ C:\Users\Hubert\AppData\Roaming\Volcore.bin
    2017-03-14 19:22 - 2017-03-14 19:22 - 01893433 _____ C:\Users\Hubert\AppData\Roaming\Ankix.tst
    2017-03-14 19:22 - 2017-03-14 19:22 - 00140288 _____ C:\Users\Hubert\AppData\Roaming\Installer.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 00126464 _____ C:\Users\Hubert\AppData\Roaming\noah.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 00126464 _____ C:\Users\Hubert\AppData\Roaming\lobby.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 00072787 _____ C:\Users\Hubert\AppData\Roaming\Zumovefax.tst
    2017-03-14 19:22 - 2017-03-14 19:22 - 00070752 _____ C:\Users\Hubert\AppData\Roaming\Config.xml
    2017-03-14 19:22 - 2017-03-14 19:22 - 00054272 _____ C:\Users\Hubert\AppData\Roaming\ApplicationHosting.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 00018432 _____ C:\Users\Hubert\AppData\Roaming\Main.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 00016560 _____ C:\Users\Hubert\AppData\Roaming\InstallationConfiguration.xml
    2017-03-14 19:22 - 2017-03-14 19:22 - 00005568 _____ C:\Users\Hubert\AppData\Roaming\md.xml
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003722 _____ C:\WINDOWS\System32\Tasks\Online Application Guardian
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003716 _____ C:\WINDOWS\System32\Tasks\Online Application Guard
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003704 _____ C:\WINDOWS\System32\Tasks\Online Application
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003338 _____ C:\WINDOWS\System32\Tasks\psv_K-Golab
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Topdox
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003314 _____ C:\WINDOWS\System32\Tasks\Online Application Updater
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003280 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003274 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003266 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003262 _____ C:\WINDOWS\System32\Tasks\Online Application v209
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003260 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard
    2017-03-14 19:22 - 2017-03-14 19:22 - 00003248 _____ C:\WINDOWS\System32\Tasks\Online Application v2
    2017-03-14 19:22 - 2017-03-14 19:22 - 00002394 _____ C:\WINDOWS\SysWOW64\findit.xml
    2017-03-14 19:22 - 2017-03-14 19:22 - 7298560 _____ () C:\Users\Hubert\AppData\Roaming\agent.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 1893433 _____ () C:\Users\Hubert\AppData\Roaming\Ankix.tst
    2017-03-14 19:22 - 2017-03-14 19:22 - 0054272 _____ () C:\Users\Hubert\AppData\Roaming\ApplicationHosting.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 0070752 _____ () C:\Users\Hubert\AppData\Roaming\Config.xml
    2017-03-14 19:22 - 2017-03-14 19:22 - 0016560 _____ () C:\Users\Hubert\AppData\Roaming\InstallationConfiguration.xml
    2017-03-14 19:22 - 2017-03-14 19:22 - 0140288 _____ () C:\Users\Hubert\AppData\Roaming\Installer.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 0126464 _____ () C:\Users\Hubert\AppData\Roaming\lobby.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 0018432 _____ () C:\Users\Hubert\AppData\Roaming\Main.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 0005568 _____ () C:\Users\Hubert\AppData\Roaming\md.xml
    2017-03-14 19:22 - 2017-03-14 19:22 - 0126464 _____ () C:\Users\Hubert\AppData\Roaming\noah.dat
    2017-03-14 19:22 - 2017-03-14 19:22 - 0032038 _____ () C:\Users\Hubert\AppData\Roaming\uninstall_temp.ico
    2017-03-14 19:22 - 2017-03-14 19:22 - 1938540 _____ () C:\Users\Hubert\AppData\Roaming\Volcore.bin
    2017-03-14 19:22 - 2017-03-14 19:22 - 0072787 _____ () C:\Users\Hubert\AppData\Roaming\Zumovefax.tst
    EmptyTemp:

    W FRST wybierz napraw.

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Usun katalog C:\FRST i to wszystko.

    0
  • #7 14 Mar 2017 21:07
    dino_14
    Poziom 3  

    Nie mogę odinstalować : Trojan Killer

    0
  • Pomocny post
    #8 14 Mar 2017 21:13
    Kolobos
    Spec od komputerów

    Trudno, pomin i wykonaj reszte.

    0
  • #9 14 Mar 2017 21:36
    dino_14
    Poziom 3  

    Myślę, że wszystko jest już na dobrej drodze. Chciał bym ci serdecznie podziękować za pomoc bo nie ukrywam, że się trochę wystraszyłem. BTW rozumiem, że aplikacje których używałem nie będą mi już potrzebne. Chciał bym jeszcze zapytać się o antywirus, a konkretnie czy mój podstawowy darmowy awast wystarczy czy lepiej zainwestować w coś lepszego? Ew. wyposażyć się w jakąś dodatkową ochronę??

    0
  • Pomocny post
    #10 14 Mar 2017 21:37
    Kolobos
    Spec od komputerów

    Zostaw mbam i skanuj co jakis czas.

    0
  • #11 14 Mar 2017 21:50
    dino_14
    Poziom 3  

    Dziękuję serdecznie za pomoc, wszystko się udało i nie ma już nic niepokojącego. Temat zostawię jeszcze do jutra, jeśli nic się nie będzie działo to jutro po powrocie z pracy zamknę. dziękuję jeszcze raz i Pozdrawiam. 5!

    0