logo elektroda
logo elektroda
X
logo elektroda
Szukanie Zaawansowane
logo elektroda
REKLAMA
REKLAMA
Adblock/uBlockOrigin/AdGuard mogą powodować znikanie niektórych postów z powodu nowej reguły.

Jak usunąć infekcję ŻeŃą? Logi z FRST załączone

XKONRADOSX 25 Mar 2017 17:39 1143 7
REKLAMA
Zgłoś naruszenie prawa
Odpowiedz | Nowy temat
  • #1 16370851
    XKONRADOSX
    Poziom 7  
    Posty: 6
    Witam, zainfekowałem system i nie mogę się pozbyć infekcji. Widziałem niżej coś o ŻeŃą, ale boję się. Proszę o pomoc. Logi z FRST zrobiłem, załączam.
    Załączniki:
    • FRST_25-03-2017 17.07.18.txt (164.85 KB) Musisz być zalogowany, aby pobrać ten załącznik.
    • Addition_25-03-2017 17.07.18.txt (87.96 KB) Musisz być zalogowany, aby pobrać ten załącznik.
    • Shortcut_25-03-2017 17.07.18.txt (125.77 KB) Musisz być zalogowany, aby pobrać ten załącznik.
  • REKLAMA
  • Pomocny post
    #2 16370906
    Kolobos
    Spec od komputerów
    Posty: 85157
    Pomógł: 17161
    Ocena: 10425
    Zrob kopie zakladek z Firefox, nastepnie odinstaluj Fierefox. Po usunieciu infekcji mozesz go zainstalowac ponownie.
    To samo dotyczy Chrome.

    Odinstaluj:
    BikaQ Rss
    McAfee Security Scan Plus
    Sparta
    WarThunder
    WinSnare
    Youtube AdBlock

    Wykonaj Fixlist.txt dla FRST:
    Online.io Application (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA
    Traffic Exchange (x32 Version: 2.1.0 - Microleaves) Hidden <==== UWAGA

    Odinstaluj po wykonaniu:
    Online.io Application
    Traffic Exchange

    Uzyj: https://sourceforge.net/projects/adobeflashup...an%20Remover/RemoveMcAfee_silent.exe/download

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Wykonaj kolejny Fixlist.txt dla FRST:
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\...\ChromeHTML: -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) <==== UWAGA
    CustomCLSID: HKU\S-1-5-21-1721894570-3153355890-4190203950-1000_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 -> C:\Users\user\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll => Brak pliku
    Task: {03E032E9-5A9C-430C-B9B3-704347844A35} - System32\Tasks\SpinTires => C:\Users\user\AppData\Local\Temp\is-07PVO.tmp\prsetup.exe <==== UWAGA
    Task: {063598D0-9539-46D2-9140-E17DC41472C6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {0753260B-D8AE-4A9F-A993-2F562AFE43A1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {08764D92-7EF7-473D-90D2-8A9CE614E586} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {08994F2C-E402-4595-9BC4-C4E002B8E6C1} - System32\Tasks\Online Application v2 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: {149172A6-FD21-4842-98E5-8D5710D0C615} - System32\Tasks\{C7098651-FC27-4AF6-BF40-770A54FE860A} => D:\System\GOTHIC.EXE
    Task: {15D2F8FC-1681-45E7-950B-7B100E1448D8} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-02-06] ()
    Task: {18EC471C-2EF9-42A5-B445-9481ECB9D225} - System32\Tasks\Traffic Exchange v2 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {1BEF9F50-C7A7-46A0-B252-97E95D897A6D} - System32\Tasks\Traffic Exchange v209 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {252469F1-215F-47D4-A984-0D6684C5CE86} - System32\Tasks\{30BB414A-0D3E-4357-85CD-1C8FC895766C} => pcalua.exe -a C:\Users\user\Desktop\ggg\Setup.exe -d C:\Users\user\Desktop\ggg
    Task: {28AD4FE7-BBA2-4631-959E-073AFE82C9AF} - System32\Tasks\{9164EFF7-4F82-4F13-B509-6E2BBFDB0CC6} => D:\DAEMON Tools Lite\daemon.exe [2009-04-23] (DT Soft Ltd)
    Task: {2AF875B4-9AA9-4FB2-B4A0-A5AC695B78BD} - System32\Tasks\{E35A6179-52D0-4AA1-81B1-6AC0627EC242} => Chrome.exe
    Task: {2EEF1798-C528-4D05-A10E-2F8332902B07} - System32\Tasks\osTip => Chrome.exe <==== UWAGA
    Task: {32E3A094-9D11-4EF0-A8D0-3C057442421A} - System32\Tasks\{035106C2-CC57-4CF6-87F9-0CBEDC707182} => D:\FIFA 14 Ultimate Edition\Game\fifa14-www.skidrowcrack.com.exe
    Task: {351B3CD8-2445-4AF6-8854-4BC139C7CB1D} - System32\Tasks\{13655EE5-1E0E-4D9B-81F3-1F4C0644FDCD} => D:\Origin\Origin.exe [2017-01-27] (Electronic Arts)
    Task: {353D5E6E-C565-4CFB-BD7B-297CFDC8564D} - System32\Tasks\{A7A2A281-DA3E-4B80-A719-212A15CE7677} => pcalua.exe -a I:\Uninstall.exe -d I:\
    Task: {40C06309-647D-497A-9959-39E420F0BE78} - System32\Tasks\Online Application Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe <==== UWAGA
    Task: {4383F020-6004-4FF6-9654-D1235A560BA3} - System32\Tasks\{C1307F54-7611-46E0-B0AE-338FFF77DBB2} => pcalua.exe -a D:\Simcity2\SC4_uninst.exe -d D:\Simcity2
    Task: {51F5E2A9-D4AA-4E15-8440-4CA75B4868CB} - System32\Tasks\Online Application v209 Guardian => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {58AB468F-F45C-4452-974B-68140AD04D4A} - System32\Tasks\Traffic Exchange Updater => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== UWAGA
    Task: {5BD6613B-8AC9-463E-809F-7DD98F89EDEA} - System32\Tasks\Online Application v2 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: {64170CE5-6618-4D47-B2DC-3B913DE24662} - System32\Tasks\Traffic Exchange v209 - 3 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {680386F3-6FD8-48D3-BF87-9F7F878E0AD3} - System32\Tasks\Traffic Exchange v2 - 1 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: {6C4E6DAF-C67D-4487-B98A-FC0D1F009C66} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
    Task: {6D6F44A3-9815-4179-815F-45A0621102FD} - System32\Tasks\{3757761C-A32F-45BE-82BE-FC258E71E25B} => Chrome.exe hxxp://ui.skype.com/ui/0/7.23.85.105/pl/abandoninstall?page=tsProgressBar
    Task: {6F9A8AB9-2E4E-46C0-B948-615DF80E0539} - System32\Tasks\Traffic Exchange Guardian => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe <==== UWAGA
    Task: {7356E531-16EA-4FFB-B872-E619363D1FD3} - System32\Tasks\{630F60D2-AE2C-42E7-BED6-52B1EB02098E} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{C73956E6-44C2-4B2C-A470-DF60917FC66C}\setup.exe" -c -runfromtemp -l0x0015 -removeonly
    Task: {753D9460-B588-46D3-9DD7-8FC6CA93AADA} - System32\Tasks\{C4E544F6-D3BB-4AE2-890D-8DDB50A33EFC} => pcalua.exe -a "D:\GTA San Andreas\samp.exe" -d "D:\GTA San Andreas"
    Task: {7717470B-0B5E-455C-9ABF-53AB13F0BB3D} - System32\Tasks\{CDAA2CB4-FEF8-431E-BD96-2DB1CB4DFEFB} => Chrome.exe
    Task: {796946C5-328D-4777-86B8-3DD9F20BC62B} - System32\Tasks\{4566EA33-521B-4F15-A061-CCE0626A58D2} => pcalua.exe -a H:\Autorun.exe -d H:\
    Task: {84D1A2DA-8B0B-4B80-B661-9003F789A9A7} - System32\Tasks\SoftwareInformerService => C:\Program Files\Software Informer\softinfo.exe [2015-06-26] (Informer Technologies, Inc.)
    Task: {8ADB676E-5CA2-4EC2-A86D-3F4973A10F25} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {9766C159-EA7A-44C9-BC24-CB6B6888AA87} - System32\Tasks\{1D4458FC-E836-4D12-B17A-1B7487C01B1E} => pcalua.exe -a "C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TZADQ8M\JavaSetup8u40[1].exe" -d C:\Users\user\Desktop
    Task: {9D17DF5A-B952-405A-9701-5B76D65FDF86} - System32\Tasks\{AAC35477-F3B6-4540-99DD-DBB3E411E1B3} => D:\DAEMON Tools Lite\daemon.exe [2009-04-23] (DT Soft Ltd)
    Task: {9D99A784-4746-4CB3-B4FD-5D9964E85C9F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.exe /NOUACCHECK
    Task: {A41E2C0F-AF68-4195-963E-82BD3B235350} - System32\Tasks\Online Application Updater => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== UWAGA
    Task: {AEEEAD79-DD78-47C4-8B32-6B79E45FFF08} - System32\Tasks\Online Application v209 Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {AF02FBF7-D1A9-4196-BBE0-63083B46CE95} - System32\Tasks\Traffic Exchange => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe <==== UWAGA
    Task: {AF29D359-0E83-4CEC-BE26-70C4EFD08D99} - System32\Tasks\Online Application Guard => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe <==== UWAGA
    Task: {B14FAD39-5982-4B66-9954-312E6C81FDB7} - System32\Tasks\Stoboght System => C:\Program Files (x86)\Grecoentgoquy\derray.exe [2017-01-25] (Glarysoft Ltd)
    Task: {B3AE6DF7-08B7-412A-8A59-37E1F83B99A0} - System32\Tasks\Online Application v2 => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: {B3F3B5CB-9D04-44B9-BF2B-D5A15295798B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: {B9A8A337-7A2B-4019-B711-5E8E7F969A3D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {BD231FBE-8A73-41A0-B3DD-521F5EB71771} - System32\Tasks\{E0163683-59B5-472C-A1AF-9CD80EDF95C0} => pcalua.exe -a I:\install.exe -d I:\
    Task: {BDE2BA2C-50D2-4B3B-B54C-EF9C2D6F1E86} - System32\Tasks\Traffic Exchange v209 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {C14B610C-70FD-418B-97C6-E8727CE31097} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {C5702490-2C93-4BBA-B683-9AF51CE9B33A} - System32\Tasks\{5B92232E-DCE0-48E4-818A-83C1DF1B6E6B} => Chrome.exe hxxp://ui.skype.com/ui/0/7.17.0.105/pl/abandoninstall?page=tsProgressBar
    Task: {CAC5B389-E3BE-48E2-92CC-94869162636A} - System32\Tasks\Traffic Exchange Guard => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian.exe <==== UWAGA
    Task: {D36F9E72-35D9-4DEC-80C5-02675A5152AB} - System32\Tasks\Zercase => msiexec /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&amp;v=2017125 /q <==== UWAGA
    Task: {D64288D5-7304-4690-8459-D602418F690D} - System32\Tasks\Online Application => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian.exe <==== UWAGA
    Task: {D6A7A0BD-856C-4962-8A55-5BD0B5B6AE70} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> Brak pliku <==== UWAGA
    Task: {D9674B0E-9445-4F8B-A60B-B195DFD0A3D0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
    Task: {DB507229-FE6C-4F11-915B-E48ADC53EDB6} - System32\Tasks\newsonlyonlinenetkrofts => Chrome.exe newsonlyonline.net/krofts <==== UWAGA
    Task: {DDE1186A-514A-4D87-832C-700EAC5B2F5A} - System32\Tasks\{FE7C7D71-E3AF-41AA-B202-8F03BF34F2CE} => pcalua.exe -a "C:\Users\user\Desktop\Nowy folder (2)\Install.exe" -d "C:\Users\user\Desktop\Nowy folder (2)"
    Task: {DEA90F7B-44AF-445A-8D37-0B72E0054748} - System32\Tasks\Online Application v209 => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: {DFE64388-9CA1-4E63-9153-789C235AFCF3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {E6929D0A-A97E-4649-99D7-E6E7EB436FC7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {E72B64D0-3FE7-4CB2-9E44-DD09A3079C13} - System32\Tasks\{82BDA570-1B71-48C7-AFAF-4D648E310443} => Chrome.exe hxxp://ui.skype.com/ui/0/7.8.0.102/pl/abandoninstall?source=lightinstaller&amp;page=tsInstall
    Task: {E9F866D3-353C-4A0F-9154-3918EBB32C6E} - System32\Tasks\{33FCC140-3233-4322-B53C-43C539B84493} => pcalua.exe -a "D:\Deluxe Ski Jump 3\Setup.exe" -d "D:\Deluxe Ski Jump 3"
    Task: {ECF566C2-6D87-4ED0-9182-53C3DB47F2F3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {F07AA16C-20C8-4E15-A2E9-67CCB64BC7E2} - System32\Tasks\MailRuUpdater => C:\Users\user\AppData\Local\Mail.Ru\MailRuUpdater.exe
    Task: {F5984894-1C84-4567-8A70-607F706D6861} - System32\Tasks\{BF3236B9-1FFC-4E90-8AC9-915F5A7CFFBF} => D:\DAEMON Tools Lite\daemon.exe [2009-04-23] (DT Soft Ltd)
    Task: {FD3457A6-E2AA-4DD6-BBE6-EE141FDEE3D9} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-03-21] (IEC) <==== UWAGA
    Task: {FE732760-D56F-4872-A9B3-A6C921A889D7} - System32\Tasks\Traffic Exchange v2 - 2 => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application Updater.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online Application Updater.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v2 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v2 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v2.job => C:\Program Files (x86)\Microleaves\Online.io Application\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209 Guard.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209 Guardian.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Online Application v209.job => C:\Program Files (x86)\Microleaves\Online.io Application\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange Updater.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Traffic Exchange Updater.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3d-Coat-V4.5\Online_Documentation.lnk -> hxxp://3d-coat.com/manual
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ВКонтакте.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Одноклассники.lnk -> C:\Users\user\AppData\Local\Amigo\Application\amigo.exe (Brak pliku) <===== Cyrillic
    Shortcut: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.)
    ShortcutWithArgument: C:\Users\user\Desktop\RÓZNE\Google Chrome.lnk -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&ts=1488476432&z=591915ff917e888419202a4gdzabdb4z8mdqczec3o&from=ggg0221&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    ShortcutWithArgument: C:\Users\user\Desktop\RÓZNE\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1487688150&z=4b35f596a01180bb08730f2g1zeb1m8qeb4bbgdwae&from=ggg0221&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    ShortcutWithArgument: C:\Users\user\Desktop\RÓZNE\TruckersMP.lnk -> C:\Program Files\TruckersMP Launcher\Launcher.exe (Truckersmp.com) -> hxxp://www.amisites.com/?type=sc&ts=1486388710&z=e217c9dd26632305edf7f24gdz6b8qec4bdbam0e2w&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1486388710&z=e217c9dd26632305edf7f24gdz6b8qec4bdbam0e2w&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sparta\Sparta.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1486388710&z=e217c9dd26632305edf7f24gdz6b8qec4bdbam0e2w&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=12117&utm_medium=desktop&x-pos=Metro
    2017-03-01 13:41 - 2017-03-01 07:02 - 00055992 _____ () C:\Program Files (x86)\Explorer\iedvutils.exe
    2017-03-24 11:55 - 2017-03-24 11:55 - 00524696 _____ () C:\Program Files\żěŃą\X64\KZipShell.dll
    AlternateDataStreams: C:\Users\user:Heroes & Generals [38]
    AlternateDataStreams: C:\ProgramData\TEMP:C8B8CEBD [132]
    AlternateDataStreams: C:\Users\user\Local Settings:init [1479637]
    Hosts:
    (IEC) C:\Program Files (x86)\BikaQRss\BikaQ.exe
    () C:\Program Files (x86)\Explorer\iedvutils.exe
    (Kyubey.exe) C:\Users\user\AppData\Roaming\Kyubey\Kyubey.exe
    (Informer Technologies, Inc.) C:\Program Files\Software Informer\softinfo.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\...\Run: [comrepl] => C:\Users\user\AppData\Roaming\com\comrepl.exe [7293280 2013-02-19] (TeamViewer GmbH)
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\...\Run: [amigo] => C:\Users\user\AppData\Local\Amigo\Application\amigo.exe --no-startup-window
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\...\Run: [MailRuUpdater] => C:\Users\user\AppData\Local\Mail.Ru\MailRuUpdater.exe
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\...\Policies\Explorer\Run: [Cheat Engine] => C:\Users\user\AppData\Roaming\Microsoft\ctvhiuwd\vitfdcvu.exe [145920 2016-07-16] ()
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\...\MountPoints2: {20fa1c58-349a-11e6-b536-e8de2700ca83} - "J:\setup.exe"
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\...\MountPoints2: {a69d1869-21a6-11e6-b530-e8de2700ca83} - "J:\autorun.exe"
    HKU\S-1-5-18\...\Run: [] => [X]
    HKLM\...\Providers\ahtkriav: C:\Program Files (x86)\Stoboght System\local64spl.dll
    IFEO\taskmgr.exe: [Debugger]
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    ShellExecuteHooks: Brak nazwy - {77C40B00-DE3D-11E6-A6A5-64006A5CFC23} - C:\Users\user\AppData\Roaming\Ponophulatain\Reernesplocily.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Brak pliku
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-03-24] ()
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> Brak pliku
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-28]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FacebookGamesNotifier.exe.lnk [2016-07-13]
    ShortcutTarget: FacebookGamesNotifier.exe.lnk -> C:\Users\user\AppData\Local\Facebook\Games\FacebookGamesNotifier.exe (Brak pliku)
    Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs [2017-02-04] ()
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    GroupPolicy\User: Ograniczenia <======= UWAGA
    AutoConfigURL: [S-1-5-21-1721894570-3153355890-4190203950-1000] => hxxp://no-blocked.net/wpad.dat?27caf8e1b3448ced5c54b383b353bb0924368526
    ManualProxies: 0hxxp://no-blocked.net/wpad.dat?27caf8e1b3448ced5c54b383b353bb0924368526
    RemoveProxy:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1486388710&z=e217c9dd26632305edf7f24gdz6b8qec4bdbam0e2w&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1486388710&z=e217c9dd26632305edf7f24gdz6b8qec4bdbam0e2w&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1486388710&z=e217c9dd26632305edf7f24gdz6b8qec4bdbam0e2w&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1486388710&z=e217c9dd26632305edf7f24gdz6b8qec4bdbam0e2w&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&q={searchTerms}
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1488476432&z=591915ff917e888419202a4gdzabdb4z8mdqczec3o&from=ggg0221&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&q={searchTerms}
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488476432&z=591915ff917e888419202a4gdzabdb4z8mdqczec3o&from=ggg0221&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1486388710&z=e217c9dd26632305edf7f24gdz6b8qec4bdbam0e2w&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1486388710&z=e217c9dd26632305edf7f24gdz6b8qec4bdbam0e2w&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1721894570-3153355890-4190203950-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1721894570-3153355890-4190203950-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1721894570-3153355890-4190203950-1000 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7BF38BF80B-EA63-481C-B263-0E062F36C8EE%7D&gp=811041
    BHO: Youtube AdBlock -> {E3605470-291B-44EB-8648-745EE356599A} -> C:\Program Files (x86)\Youtube AdBlockIE\GWIN6l.dll => Brak pliku
    BHO-x32: Ďîčńę@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\user\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll => Brak pliku
    Toolbar: HKU\S-1-5-21-1721894570-3153355890-4190203950-1000 -> Brak nazwy - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.amisites.com/?type=sc&ts=1486388710&z=e217c9dd26632305edf7f24gdz6b8qec4bdbam0e2w&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    Edge HomeButtonPage: HKU\S-1-5-21-1721894570-3153355890-4190203950-1000 -> hxxp://www.mylucky123.com/?type=hp&ts=1476290258&z=73474c728300c37651e55c6gbz2m3q8o8tde7cco3q&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\fll8x3wv.default\Profiles\fll8x3wv.default [nie znaleziono]
    FF ProfilePath: C:\Users\user\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\fll8x3wv.default\Profiles\fll8x3wv.default [nie znaleziono]
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fll8x3wv.default [2017-03-24]
    FF NewTab: Mozilla\Firefox\Profiles\fll8x3wv.default -> hxxp://www.trotux.com/?z=ab1a50086724bd6c3af5c33g4z8b2wcc3c7z4o7z0q&from=icb&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&type=hp
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\fll8x3wv.default -> Поиск@Mail.Ru
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\fll8x3wv.default -> Поиск@Mail.Ru
    FF Homepage: Mozilla\Firefox\Profiles\fll8x3wv.default -> hxxp://www.startpageing123.com/?type=hp&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    FF Keyword.URL: Mozilla\Firefox\Profiles\fll8x3wv.default -> hxxp://go.mail.ru/distib/ep/?product_id=%7B0A786338-CDC6-484F-8D7D-983398E64ED4%7D&gp=811041
    FF Extension: (Firefox Hotfix) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fll8x3wv.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-30]
    FF Extension: (Домашняя страница Mail.Ru) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fll8x3wv.default\Extensions\homepage@mail.ru [2017-03-24]
    FF Extension: (Free Flash, Unity3D and html5 games) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fll8x3wv.default\Extensions\jid1-461B0PwxL3oTt1@jetpack.xpi [2016-07-13]
    FF Extension: (Поиск@Mail.Ru) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fll8x3wv.default\Extensions\search@mail.ru [2017-03-24]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fll8x3wv.default\searchplugins\ahtkriav.xml [2017-01-25]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fll8x3wv.default\searchplugins\amisites.xml [2017-02-06]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fll8x3wv.default\searchplugins\mailru.xml [2017-03-24]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fll8x3wv.default\searchplugins\startpageing123.xml [2017-03-24]
    FF ProfilePath: C:\Users\user\AppData\Roaming\Firefox\Firefox\Profiles\fll8x3wv.default [2017-03-24]
    FF NewTab: Firefox\Firefox\Profiles\fll8x3wv.default -> hxxp://www.trotux.com/?z=ab1a50086724bd6c3af5c33g4z8b2wcc3c7z4o7z0q&from=icb&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&type=hp
    FF SelectedSearchEngine: Firefox\Firefox\Profiles\fll8x3wv.default -> trotux
    FF Extension: (FF Adr) - C:\Users\user\AppData\Roaming\Firefox\Firefox\Profiles\fll8x3wv.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2016-10-21] [Brak podpisu cyfrowego]
    FF Extension: (Free Flash, Unity3D and html5 games) - C:\Users\user\AppData\Roaming\Firefox\Firefox\Profiles\fll8x3wv.default\Extensions\jid1-461B0PwxL3oTt1@jetpack.xpi [2016-07-13]
    FF Extension: (Polski Language Pack) - C:\Users\user\AppData\Roaming\Firefox\Firefox\Profiles\fll8x3wv.default\Extensions\langpack-pl@firefox.mozilla.org.xpi [2017-03-15] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Firefox\Firefox\Profiles\fll8x3wv.default\searchplugins\ahtkriav.xml [2017-01-25]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Firefox\Firefox\Profiles\fll8x3wv.default\searchplugins\startsearch.xml [2017-03-15]
    FF Extension: (Adblocker for Youtube™) - C:\Program Files (x86)\Mozilla Firefox\browser\features\{E3605470-291B-44EB-8648-745EE356599A} [2017-03-11] [Brak podpisu cyfrowego]
    FF HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => nie znaleziono
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.startpageing123.com/?type=sc&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\150528421.js [2017-01-25] <==== UWAGA (Linkuje do pliku *.cfg)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\150528421.cfg [2017-01-25] <==== UWAGA
    CHR DefaultProfile: ChromeDefaultData
    CHR HomePage: ChromeDefaultData -> mail.ru/cnt/11956636?rciguc__PARAM__
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.startpageing123.com/?type=hp&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX"
    CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.startpageing123.com/search/?type=ds&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX&q={searchTerms}
    CHR DefaultSearchKeyword: ChromeDefaultData -> startpageing123
    CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-24] <==== UWAGA
    C:\Users\user\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [oelpkepjlgmehajehfeicfbjdiobdkfj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.startpageing123.com/?type=sc&ts=1490362332&z=96ab38efb099ee247493a9eg6z7t2e1cdq2o2c5c3o&from=che0812&uid=HitachiXHDS721050CLA360_JP1532FR31333K31333KX
    HKU\S-1-5-21-1721894570-3153355890-4190203950-1000\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Mapbob\Application\chrome.exe (Google Inc.) <==== UWAGA
    OPR Extension: (Brak nazwy) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\jdndmdjgkfpggnpnmhpmanlhmhcapenc [2017-03-11]
    R2 iedvutils; C:\Program Files (x86)\Explorer\iedvutils.exe [55992 2017-03-01] ()
    R2 Kyubey; C:\Users\user\AppData\Roaming\Kyubey\Kyubey.exe [116736 2017-03-24] (Kyubey.exe) [Brak podpisu cyfrowego]
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
    R2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
    R2 WinSAPSvc; C:\Users\user\AppData\Roaming\WinSAPSvc\WinSAP.dll [218624 2017-03-24] (Windows) [Brak podpisu cyfrowego]
    R2 WinSnare; C:\Users\user\AppData\Roaming\WinSnare\WinSnare.dll [775168 2017-03-24] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    R2 Chilepy; C:\Program Files (x86)\Grecoentgoquy\jerjipyckvoseHost.dll [X]
    S2 ed2kidle; "C:\Program Files (x86)\amuleC3\ed2k.exe" -downloadwhenidle [X]
    S2 GoogleChromeUpService; C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51504 /local:br [X] <==== UWAGA
    S2 Updater.Mail.Ru; C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe --s [X]
    R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92832 2017-03-24] (WinMount International Inc)
    2017-03-24 13:29 - 2017-03-24 14:32 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.3.8)
    2017-03-24 12:57 - 2017-03-24 12:57 - 00000000 ____D C:\Program Files (x86)\58D50992tmp
    2017-03-24 12:08 - 2017-03-24 12:08 - 00003188 _____ C:\WINDOWS\System32\Tasks\MailRuUpdater
    2017-03-24 12:07 - 2017-03-24 12:07 - 00002430 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Одноклассники.lnk
    2017-03-24 12:07 - 2017-03-24 12:07 - 00002430 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ВКонтакте.lnk
    2017-03-24 12:07 - 2017-03-24 12:07 - 00002348 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amigo.lnk
    2017-03-24 12:07 - 2017-03-24 12:07 - 00000000 ____D C:\Users\user\AppData\Local\Amigo
    2017-03-24 12:06 - 2017-03-24 12:06 - 00003012 _____ C:\WINDOWS\System32\Tasks\osTip
    2017-03-24 12:05 - 2017-03-24 15:55 - 00000000 __SHD C:\ProgramData\WindowsMsg
    2017-03-24 11:56 - 2017-03-24 20:14 - 00000000 ____D C:\Users\user\AppData\Roaming\KuaiZip
    2017-03-24 11:56 - 2017-03-24 15:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2017-03-24 11:56 - 2017-03-24 13:09 - 00000000 ____D C:\ProgramData\Mail.Ru
    2017-03-24 11:56 - 2017-03-24 11:56 - 00000882 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
    2017-03-24 11:56 - 2017-03-24 11:56 - 00000000 ____D C:\Users\user\AppData\Local\UCBrowser
    2017-03-24 11:56 - 2017-03-24 11:55 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys
    2017-03-24 11:55 - 2017-03-25 16:55 - 00000000 ____D C:\Program Files\żěŃą
    2017-03-24 11:55 - 2017-03-24 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\Softlink
    2017-03-24 11:54 - 2017-03-24 11:54 - 00003720 _____ C:\WINDOWS\System32\Tasks\newsonlyonlinenetkrofts
    2017-03-24 11:47 - 2017-03-24 20:11 - 00000000 __SHD C:\Users\user\AppData\Local\svchost
    2017-03-24 11:47 - 2017-03-24 11:55 - 00000000 ____D C:\Users\user\AppData\Roaming\UCChannel
    2017-03-24 11:47 - 2017-03-24 11:47 - 00003650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
    2017-03-24 11:46 - 2017-03-24 11:52 - 05465912 _____ (InstallShield Software Corporation) C:\Users\user\Downloads\hurncheat-3.4.2-r1343.exe
    2017-03-24 11:46 - 2017-03-24 11:47 - 00000000 ____D C:\ProgramData\Microleaves
    2017-03-24 11:44 - 2017-03-24 15:51 - 00000402 ____H C:\WINDOWS\Tasks\Traffic Exchange Updater.job
    2017-03-24 11:44 - 2017-03-24 15:51 - 00000360 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
    2017-03-24 11:44 - 2017-03-24 15:51 - 00000360 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
    2017-03-24 11:44 - 2017-03-24 15:51 - 00000360 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
    2017-03-24 11:44 - 2017-03-24 15:51 - 00000350 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job
    2017-03-24 11:44 - 2017-03-24 15:51 - 00000350 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job
    2017-03-24 11:44 - 2017-03-24 15:51 - 00000350 _____ C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job
    2017-03-24 11:44 - 2017-03-24 11:44 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
    2017-03-24 11:44 - 2017-03-24 11:44 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
    2017-03-24 11:44 - 2017-03-24 11:44 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
    2017-03-24 11:44 - 2017-03-24 11:44 - 00003290 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Updater
    2017-03-24 11:44 - 2017-03-24 11:44 - 00003252 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
    2017-03-24 11:44 - 2017-03-24 11:44 - 00003252 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
    2017-03-24 11:44 - 2017-03-24 11:44 - 00003252 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
    2017-03-24 11:44 - 2017-03-24 11:44 - 00003238 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 3
    2017-03-24 11:44 - 2017-03-24 11:44 - 00003238 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 2
    2017-03-24 11:44 - 2017-03-24 11:44 - 00003238 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v2 - 1
    2017-03-24 11:44 - 2017-03-24 11:44 - 00000000 ____D C:\Users\user\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-03-24 11:43 - 2017-03-24 15:51 - 00000416 _____ C:\WINDOWS\Tasks\Online Application Updater.job
    2017-03-24 11:43 - 2017-03-24 15:51 - 00000370 _____ C:\WINDOWS\Tasks\Online Application v209.job
    2017-03-24 11:43 - 2017-03-24 15:51 - 00000370 _____ C:\WINDOWS\Tasks\Online Application v209 Guardian.job
    2017-03-24 11:43 - 2017-03-24 15:51 - 00000370 _____ C:\WINDOWS\Tasks\Online Application v209 Guard.job
    2017-03-24 11:43 - 2017-03-24 15:51 - 00000360 _____ C:\WINDOWS\Tasks\Online Application v2.job
    2017-03-24 11:43 - 2017-03-24 15:51 - 00000360 _____ C:\WINDOWS\Tasks\Online Application v2 Guardian.job
    2017-03-24 11:43 - 2017-03-24 15:51 - 00000360 _____ C:\WINDOWS\Tasks\Online Application v2 Guard.job
    2017-03-24 11:43 - 2017-03-24 11:44 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
    2017-03-24 11:43 - 2017-03-24 11:44 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
    2017-03-24 11:43 - 2017-03-24 11:43 - 00003722 _____ C:\WINDOWS\System32\Tasks\Online Application Guardian
    2017-03-24 11:43 - 2017-03-24 11:43 - 00003716 _____ C:\WINDOWS\System32\Tasks\Online Application Guard
    2017-03-24 11:43 - 2017-03-24 11:43 - 00003704 _____ C:\WINDOWS\System32\Tasks\Online Application
    2017-03-24 11:43 - 2017-03-24 11:43 - 00003310 _____ C:\WINDOWS\System32\Tasks\Online Application Updater
    2017-03-24 11:43 - 2017-03-24 11:43 - 00003276 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guardian
    2017-03-24 11:43 - 2017-03-24 11:43 - 00003270 _____ C:\WINDOWS\System32\Tasks\Online Application v209 Guard
    2017-03-24 11:43 - 2017-03-24 11:43 - 00003262 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guardian
    2017-03-24 11:43 - 2017-03-24 11:43 - 00003258 _____ C:\WINDOWS\System32\Tasks\Online Application v209
    2017-03-24 11:43 - 2017-03-24 11:43 - 00003256 _____ C:\WINDOWS\System32\Tasks\Online Application v2 Guard
    2017-03-24 11:43 - 2017-03-24 11:43 - 00003244 _____ C:\WINDOWS\System32\Tasks\Online Application v2
    2017-03-24 11:42 - 2017-03-24 11:45 - 00000000 ____D C:\Users\user\AppData\Roaming\Microleaves
    2017-03-24 11:41 - 2017-03-24 11:41 - 00140288 _____ C:\Users\user\AppData\Roaming\Installer.dat
    2017-03-23 13:46 - 2017-03-23 13:52 - 00000000 ____D C:\Program Files (x86)\58D3C391_cacayima
    2017-03-18 06:42 - 2017-03-24 13:31 - 00000000 _____ C:\WINDOWS\SysWOW64\4
    2017-03-18 06:42 - 2017-03-18 06:42 - 00000000 ____D C:\Program Files (x86)\58CCC8BE_cacayima
    2017-03-15 17:42 - 2017-03-24 14:52 - 00000000 ____D C:\Program Files (x86)\n1
    2017-03-15 17:37 - 2017-03-15 17:37 - 00000000 ____D C:\WINDOWS\SysWOW64\{7C50CB74-B73D-4118-BC8F-BCE6D4EC2EC1}
    2017-03-15 17:19 - 2017-03-15 17:19 - 00000000 ____D C:\Program Files (x86)\Firefox
    2017-03-15 17:12 - 2017-03-15 17:12 - 00000000 ____D C:\Program Files (x86)\58C967EA_cacayima
    2017-03-13 16:17 - 2017-03-13 16:17 - 00000000 ____D C:\Program Files (x86)\58C6B7F1_cacayima
    2017-03-11 09:56 - 2017-03-24 20:11 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlockIE
    2017-03-11 09:54 - 2017-03-24 20:11 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlockU
    2017-03-09 17:08 - 2017-03-09 17:08 - 00000000 ____D C:\Program Files (x86)\58C17DEF_cacayima
    2017-03-08 19:38 - 2017-03-21 14:31 - 00000000 ____D C:\Program Files (x86)\ahtkriav
    2017-03-07 16:06 - 2017-03-07 16:06 - 00000000 ____D C:\Program Files (x86)\58BECC8A_cacayima
    2017-03-06 16:22 - 2017-03-21 14:32 - 00003338 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
    2017-03-06 16:22 - 2017-03-21 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
    2017-03-06 16:22 - 2017-03-21 14:32 - 00000000 ____D C:\Program Files (x86)\BikaQRss
    2017-03-06 16:18 - 2017-03-06 16:18 - 00000000 ____D C:\Program Files\ahtkriav
    2017-03-03 14:34 - 2017-03-24 14:31 - 00000000 ____D C:\Program Files (x86)\MK
    2017-03-01 13:42 - 2017-03-24 16:01 - 00000000 ____D C:\Users\user\AppData\LocalLow\Youtube AdBlock
    2017-03-01 13:41 - 2017-03-24 20:10 - 00000000 ____D C:\Program Files (x86)\Explorer
    2017-03-01 13:41 - 2017-03-24 13:31 - 00000000 _____ C:\WINDOWS\SysWOW64\3
    2017-03-01 12:15 - 2017-03-01 12:15 - 00000000 ____D C:\Users\user\AppData\Roaming\Kyubey
    2017-03-24 20:14 - 2017-01-26 13:32 - 00000000 ___HD C:\Users\user\AppData\Roaming\com
    2017-03-24 20:11 - 2017-02-13 14:40 - 00000000 ____D C:\ProgramData\wintools
    2017-03-24 20:11 - 2017-02-03 14:24 - 00000000 ____D C:\ProgramData\WinSAPSvc
    2017-03-24 20:11 - 2017-01-25 09:51 - 00000000 ____D C:\Program Files (x86)\Youtube AdBlock
    2017-03-24 20:10 - 2017-02-09 16:27 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.1.0)
    2017-03-24 20:10 - 2017-02-06 10:07 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.0.9)
    2017-03-24 20:10 - 2017-02-06 10:07 - 00000000 ____D C:\Program Files (x86)\Gub
    2017-03-24 20:10 - 2017-02-03 14:24 - 00000000 ____D C:\Program Files (x86)\Gubed
    2017-03-24 20:10 - 2017-01-25 09:50 - 00000000 ____D C:\Program Files (x86)\Stoboght System
    2017-03-24 20:10 - 2017-01-25 09:50 - 00000000 ____D C:\Program Files (x86)\Grecoentgoquy
    2017-03-24 20:10 - 2015-03-09 16:30 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
    2017-03-24 19:37 - 2016-10-21 13:38 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-03-24 14:52 - 2017-02-13 14:34 - 00000000 ____D C:\Users\user\AppData\Roaming\WinSAPSvc
    2017-03-24 14:52 - 2017-02-03 14:24 - 00003682 _____ C:\WINDOWS\System32\Tasks\Milimili
    2017-03-24 14:52 - 2016-09-29 15:15 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-03-24 14:32 - 2017-02-04 16:02 - 00000040 _____ C:\Program Files (x86)\settings.dat
    2017-03-24 13:56 - 2017-01-28 09:21 - 00000000 ____D C:\ProgramData\basdfpa
    2017-03-24 13:29 - 2017-02-06 10:07 - 00000000 ____D C:\Users\user\AppData\Roaming\WinSnare
    2017-02-04 16:02 - 2017-02-06 15:18 - 0000212 _____ () C:\Program Files (x86)\metadata
    2017-02-04 16:02 - 2017-03-24 14:32 - 0000040 _____ () C:\Program Files (x86)\settings.dat
    2017-03-24 11:41 - 2017-03-24 11:41 - 0011568 _____ () C:\Users\user\AppData\Roaming\InstallationConfiguration.xml
    2017-03-24 11:41 - 2017-03-24 11:41 - 0140288 _____ () C:\Users\user\AppData\Roaming\Installer.dat
    2016-12-20 06:31 - 2016-12-20 06:31 - 0000016 _____ () C:\ProgramData\mntemp
    EmptyTemp:



    Po wykonaniu zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Oraz zamiesc nowe logi z FRST, ze skanowania.



    Ps. Tylko nie pisz, ze nie umiesz, nie rozumiesz itp. Wszystko masz podane w innych watkach.
  • REKLAMA
  • #3 16370956
    XKONRADOSX
    Poziom 7  
    Posty: 6
    Czemu ta naprawa tak dlugo trwa ???
  • Pomocny post
    #4 16370994
    Kolobos
    Spec od komputerów
    Posty: 85157
    Pomógł: 17161
    Ocena: 10425
    Mozliwe, ze FRST sie zawiesil. Uruchom ponownie i sprobuj wykonac jeszcze raz, mozesz tez sprawdzic w trybie awaryjnym. W ostatecznosci wykonywac Fixlist.txt po kawalku az ustalisz na czym sie zawiesza.
  • #5 16371063
    XKONRADOSX
    Poziom 7  
    Posty: 6
    Tylko to mam już po wykonaniu kolejnego FRST
    Załączniki:
    • FRST.txt (607 Bajtów) Musisz być zalogowany, aby pobrać ten załącznik.
  • REKLAMA
  • #6 16371676
    Kolobos
    Spec od komputerów
    Posty: 85157
    Pomógł: 17161
    Ocena: 10425
    To pusty plik jak widzisz, z samym naglowkiem.

    Przeskanuj jeszcze raz, zaznacz tworzenie addition.txt i zamiesc nowe logi.
  • #7 16372200
    XKONRADOSX
    Poziom 7  
    Posty: 6
    Cały czas mam tylko to co podałem
  • REKLAMA
  • #8 16372263
    Kolobos
    Spec od komputerów
    Posty: 85157
    Pomógł: 17161
    Ocena: 10425
    Caly czas tworzy sie pusty plik? W trybie awaryjnym rowniez?
Odpowiedz | Nowy temat
Zgłoś naruszenie prawa

Podsumowanie tematu

✨ Użytkownik zgłosił problem z infekcją systemu, podejrzewając złośliwe oprogramowanie związane z ŻeŃą. W odpowiedzi zasugerowano wykonanie kopii zakładek w przeglądarkach Firefox i Chrome, a następnie ich odinstalowanie. Wskazano również na konieczność usunięcia kilku aplikacji, takich jak BikaQ Rss, McAfee Security Scan Plus, Sparta, WarThunder, WinSnare oraz Youtube AdBlock. Użytkownik powinien wykonać Fixlist.txt dla narzędzia FRST, a także użyć AdwCleaner do skanowania i usuwania złośliwego oprogramowania. W przypadku problemów z FRST, zalecano uruchomienie go w trybie awaryjnym oraz sprawdzenie, czy pliki logów są poprawnie generowane.
Wygenerowane przez model językowy.
REKLAMA