Odinstaluj:
amuleC
aMuleCustom
amulesw
AnyProtect
BikaQ Rss
Bing Bar
Booking.com version 1.1.0.5019
ConvertAd
Remote Desktop Access (VuuPC)
WinSnare
YAC(Yet Another Cleaner!)
Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
HKU\S-1-5-21-440993295-1936931963-1078574451-1002\...\ChromeHTML: -> C:\Program Files (x86)\Birdjob\Application\chrome.exe (Google Inc.) <==== UWAGA
Task: {05DD3311-D5AB-43E5-8D18-826C305C082D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Brak pliku <==== UWAGA
Task: {0F13A8A2-1260-49D3-A6AC-7710BCE0053A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
Task: {12CDE9B9-EF47-41E1-8456-CED0C05E9F6F} - \UncheckitTaskMN -> Brak pliku <==== UWAGA
Task: {2E066C50-67B0-4B40-B50F-29FBEAE7FB63} - \WPD\SqmUpload_S-1-5-21-440993295-1936931963-1078574451-1002 -> Brak pliku <==== UWAGA
Task: {35A4BE99-A29E-4949-A04B-F06D6AF6583C} - System32\Tasks\Voo Update => C:\Users\Zbych\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
Task: {3E3EB888-999F-4FBB-ADA6-65F8175DD3DE} - System32\Tasks\{C72163BA-4F61-4EF7-9251-CA3B293F2DFE} => pcalua.exe -a C:\Users\Zbych\Desktop\CAD\progecadSMART\pcad2009smarteng.exe -d C:\Users\Zbych\Desktop\CAD\progecadSMART
Task: {49EBBB12-EEF2-44EB-AF31-05BB5334372B} - \Microsoft\Windows\Setup\gwx\rundetector -> Brak pliku <==== UWAGA
Task: {4D7B348A-9887-4B9B-B2D6-2F4F87353049} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
Task: {55D5E1D3-8E2A-42E7-9B02-C39A997C695C} - \Lenovo\Lenovo Service Bridge\S-1-5-21-440993295-1936931963-1078574451-1002 -> Brak pliku <==== UWAGA
Task: {58FC6243-129C-4358-8A51-447F63F182FC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
Task: {5F19FF80-5526-46A0-A79F-F15919E1C0B7} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: {7465BACB-2BC1-4862-A2D0-AA56649291B3} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> Brak pliku <==== UWAGA
Task: {75FF6EBC-647E-446F-981E-4E67CFCD36FD} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== UWAGA
Task: {76984341-E4FC-442B-9360-CBE1AD33A0AA} - \UncheckitUpdateTaskDB -> Brak pliku <==== UWAGA
Task: {8184FCB9-FD20-4C15-BB47-4818DA026879} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
Task: {8BAF7DAC-3965-44D9-A0CA-946316C50AD9} - \Jejochclipasp Schedule -> Brak pliku <==== UWAGA
Task: {93FE584B-365A-450E-BDAD-DC7511026865} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {95FC6A6D-7E3D-4897-93BF-26B9731EDCD8} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\TXQQBrowser\Update\4B8ABE7DCAECE32A24B70935456765F5\Update\BrowserUpdate.exe [2016-04-25] (Tencent) <==== UWAGA
Task: {A0BA3800-7ADD-4683-9446-52378B98F0BD} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Brak pliku <==== UWAGA
Task: {A4292CC4-0510-4E14-B6CB-E46B938F0F2F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: {C7DC5E1B-0D18-40DB-9367-497966AD7730} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-03-21] ()
Task: {D84A0DD4-0372-42FD-B3B4-C0109FD1F3BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {DBD6FE37-88FC-4857-95AE-751671112958} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: {E260FCE3-646B-4A3B-B04F-4428029FD9BE} - \UncheckitUpdateTaskC -> Brak pliku <==== UWAGA
Task: {E5A797CE-A575-48A8-8E7C-4842BDC8F7C6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
Task: {F5C613A5-A547-4828-9072-A216DDD6FCC9} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: {F92F6EAA-153E-439B-B2D9-20447C5BAE34} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Brak pliku <==== UWAGA
Task: {FBAD78EC-F4BD-48A9-8EC7-54C6640EC5D7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {FE8E3758-CD10-4325-9E9D-F99392A632C7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\Voo Update.job => C:\Users\Zbych\AppData\Roaming\VOOUPD~1\UPDATE~1\UPDATE~1.EXE <==== UWAGA
ShortcutWithArgument: C:\Users\Zbych\Desktop\Skroty\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software) -> hxxp://www.mylucky123.com/?type=sc&ts=1478089555&z=8df4308ef17e2990d9970b9gczam1b8eab9t3w2wcg&from=che0812&uid=3219913727_198313_427EDCC7
ShortcutWithArgument: C:\Users\Zbych\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
ShortcutWithArgument: C:\Users\Zbych\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Birdjob\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1484911596&z=ce50cccb8c395575762b402g1z0b8zet1g3g9wfm7b&from=che0812&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
ShortcutWithArgument: C:\Users\Zbych\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1479114115&z=5e57f24def4e1f2a9ff777dgdz1m7t3g2g0z5g2g9z&from=che0812&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
ShortcutWithArgument: C:\Users\Zbych\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Birdjob\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
ShortcutWithArgument: C:\Users\Zbych\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Birdjob\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1484911596&z=ce50cccb8c395575762b402g1z0b8zet1g3g9wfm7b&from=che0812&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1482741564&z=b91170d8c1bbcecc55599e5g8zeb8odm4zdg7w3qbo&from=archer1028&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Birdjob\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
ShortcutWithArgument: C:\Users\Public\Desktop\System Diagnostyczny.lnk -> C:\GenRad\DiagSystem\Launcher\Launcher.exe (Teradyne Diagnostic Solutions Ltd) -> hxxp://www.amisites.com/?type=sc&ts=1482741564&z=b91170d8c1bbcecc55599e5g8zeb8odm4zdg7w3qbo&from=archer1028&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
Hosts:
HKLM-x32\...\Run: [mbot_pl_118] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-440993295-1936931963-1078574451-1002\...\MountPoints2: {0339d668-009e-11e7-82d5-142d27ee5738} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-440993295-1936931963-1078574451-1002\...\MountPoints2: {0339d66f-009e-11e7-82d5-142d27ee5738} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-440993295-1936931963-1078574451-1002\...\MountPoints2: {0339d67e-009e-11e7-82d5-142d27ee5738} - "I:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-440993295-1936931963-1078574451-1002\...\MountPoints2: {e13ff54f-0275-11e6-829a-142d27ee5738} - "G:\startuj.exe"
IFEO\taskmgr.exe: [Debugger]
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
Winsock: Catalog9 01 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 02 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 03 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 04 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 05 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 06 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 07 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 08 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 09 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 10 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 11 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 12 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 13 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
Winsock: Catalog9 27 C:\Program Files\wwchromek4\webspeedopX86.dll => Brak pliku
cmd: netsh winsock reset
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1467381799&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=eve0629&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mylucky123.com/search/?type=ds&ts=1478089555&z=8df4308ef17e2990d9970b9gczam1b8eab9t3w2wcg&from=che0812&uid=3219913727_198313_427EDCC7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1467381799&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=eve0629&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mylucky123.com/search/?type=ds&ts=1478089555&z=8df4308ef17e2990d9970b9gczam1b8eab9t3w2wcg&from=che0812&uid=3219913727_198313_427EDCC7&q={searchTerms}
HKU\S-1-5-21-440993295-1936931963-1078574451-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1469694166&z=3775e23c78720b1e98e6381g2zeq8t4qat5z4gfmeo&from=ihpm0722&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372&q={searchTerms}
HKU\S-1-5-21-440993295-1936931963-1078574451-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gazeta.pl/0,0.html?p=150
HKU\S-1-5-21-440993295-1936931963-1078574451-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
HKU\S-1-5-21-440993295-1936931963-1078574451-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1469694166&z=3775e23c78720b1e98e6381g2zeq8t4qat5z4gfmeo&from=ihpm0722&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1467381799&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=eve0629&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-440993295-1936931963-1078574451-1002 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372&q={searchTerms}
SearchScopes: HKU\S-1-5-21-440993295-1936931963-1078574451-1002 -> {2D9ED581-B60B-4E37-91A6-C6207426A73C} URL =
SearchScopes: HKU\S-1-5-21-440993295-1936931963-1078574451-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1488456017&z=e801f4ff73383675d5b9646g5z4b8b2z1wdqfe3g4z&from=pr0302&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372&q={searchTerms}
Toolbar: HKU\S-1-5-21-440993295-1936931963-1078574451-1002 -> Brak nazwy - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - Brak pliku
IE Session Restore: HKU\S-1-5-21-440993295-1936931963-1078574451-1002 -> [funkcja włączona]
StartMenuInternet: IEXPLORE.EXE - c:\program files\internet explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=1489571786&z=c67096f7cae731fabd3ad2cg3zcbbt6w2m4g1m7m1b&from=nhe1&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
Edge HomeButtonPage: HKU\S-1-5-21-440993295-1936931963-1078574451-1002 -> hxxp://www.amisites.com/?type=hp&ts=1486144171&z=6b1c0b06def941caecc8eb3g6z4b5q1g2z7z9g5q5q&from=che0812&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
Edge Session Restore: HKU\S-1-5-21-440993295-1936931963-1078574451-1002 -> [funkcja włączona]
FF NewTab: Mozilla\Firefox\Profiles\s98yk38h.default -> hxxp://www.nicesearches.com?type=hp&ts=1477321132&from=e2dd1024&uid=st1000lm024xhn-m101mbb_s30yj9gf432372&z=11e0f3d78bd8321c7f4e4eagdzdm7mbcco4gag7edb
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\s98yk38h.default -> nuesearch
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\s98yk38h.default -> nice
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\s98yk38h.default -> nice
FF SearchPlugin: C:\Users\Zbych\AppData\Roaming\Mozilla\Firefox\Profiles\s98yk38h.default\searchplugins\nice.xml [2016-08-15]
FF SearchPlugin: C:\Users\Zbych\AppData\Roaming\Mozilla\Firefox\Profiles\s98yk38h.default\searchplugins\nuesearch.xml [2016-08-25]
FF NewTab: Firefox\Firefox\Profiles\s98yk38h.default -> hxxp://www.nicesearches.com?type=hp&ts=1477321132&from=e2dd1024&uid=st1000lm024xhn-m101mbb_s30yj9gf432372&z=11e0f3d78bd8321c7f4e4eagdzdm7mbcco4gag7edb
FF DefaultSearchEngine: Firefox\Firefox\Profiles\s98yk38h.default -> nuesearch
FF SearchEngineOrder.1: Firefox\Firefox\Profiles\s98yk38h.default -> nice
FF SelectedSearchEngine: Firefox\Firefox\Profiles\s98yk38h.default -> nice
FF Extension: (SimilarWeb) - C:\Users\Zbych\AppData\Roaming\Firefox\Firefox\Profiles\s98yk38h.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-01-18] [Brak podpisu cyfrowego]
FF Extension: (FF Adr) - C:\Users\Zbych\AppData\Roaming\Firefox\Firefox\Profiles\s98yk38h.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-01-18] [Brak podpisu cyfrowego]
FF SearchPlugin: C:\Users\Zbych\AppData\Roaming\Firefox\Firefox\Profiles\s98yk38h.default\searchplugins\nice.xml [2016-08-15]
FF SearchPlugin: C:\Users\Zbych\AppData\Roaming\Firefox\Firefox\Profiles\s98yk38h.default\searchplugins\nuesearch.xml [2016-08-25]
FF SearchPlugin: C:\Users\Zbych\AppData\Roaming\Firefox\Firefox\Profiles\s98yk38h.default\searchplugins\searchinme.xml [2017-01-18]
FF HKLM-x32\...\Firefox\Extensions: [{190bc294-c8e5-471c-9466-3eb945b09542}] - C:\Program Files (x86)\Mozilla Firefox\extensions\{190bc294-c8e5-471c-9466-3eb945b09542} => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [arthurj8283@gmail.com] - C:\Users\Zbych\AppData\Roaming\Mozilla\Firefox\Profiles\s98yk38h.default\extensions\arthurj8283@gmail.com => nie znaleziono
CHR HomePage: Default -> hxxp://www.attirerpage.com/?type=hp&ts=1467030528&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ihpm0627&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
CHR StartupUrls: Default -> "hxxp://www.attirerpage.com/?type=hp&ts=1467030528&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=ihpm0627&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372"
CHR DefaultSearchURL: Default -> hxxp://www.amisites.com/search/?type=ds&ts=1484746522&z=ba16b79ffb2b249c1937262g0zbbdz2m1z4qew5e1q&from=che0812&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372&q={searchTerms}
CHR DefaultSearchKeyword: Default -> amisites
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.startpageing123.com/?type=sc&ts=1489571786&z=c67096f7cae731fabd3ad2cg3zcbbt6w2m4g1m7m1b&from=nhe1&uid=ST1000LM024XHN-M101MBB_S30YJ9GF432372
HKU\S-1-5-21-440993295-1936931963-1078574451-1002\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Birdjob\Application\chrome.exe (Google Inc.) <==== UWAGA
R2 Themes; C:\WINDOWS\system32\themeservice.dll [70656 2016-07-16] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
U4 vsserv; Brak ImagePath
U2 WinSnare; Brak ImagePath
2017-04-01 20:31 - 2017-04-01 21:10 - 00000000 ____D C:\AdwCleaner
2017-03-16 19:32 - 2017-03-17 07:42 - 00000000 ____D C:\Program Files\wwchromek4
2017-03-16 16:00 - 2017-03-16 16:09 - 00000000 ____D C:\Program Files (x86)\9eiku4ar
2017-03-16 13:54 - 2017-03-16 13:55 - 00000000 ____D C:\Program Files (x86)\f8kxzbk4
2017-03-15 16:42 - 2017-03-15 16:42 - 00000000 ____D C:\Program Files (x86)\58C952DB_cacayima
2017-03-15 11:57 - 2017-03-16 19:31 - 00000000 ____D C:\Program Files (x86)\n1
2017-03-15 11:55 - 2017-03-15 11:56 - 00000000 ____D C:\Program Files (x86)\0b9sn9kb
2017-03-14 20:16 - 2017-03-14 20:16 - 00000000 ____D C:\Program Files (x86)\58C8338A_cacayima
2017-03-13 12:22 - 2017-03-13 12:22 - 00000000 ____D C:\Program Files (x86)\58C672D0_cacayima
2017-03-13 08:54 - 2017-03-13 08:56 - 00000000 ____D C:\Program Files (x86)\5239xg8d
2017-03-10 12:57 - 2017-03-10 12:57 - 00000000 ____D C:\Program Files (x86)\58C28696_cacayima
2017-03-09 16:07 - 2017-03-09 16:07 - 00000000 ____D C:\Program Files (x86)\58C161BC_cacayima
2017-03-09 16:04 - 2017-03-15 10:33 - 00000000 _____ C:\WINDOWS\SysWOW64\1
2017-03-09 16:03 - 2017-03-23 17:06 - 00000000 ____D C:\Program Files (x86)\MK
2017-03-09 16:02 - 2017-03-24 15:52 - 00000000 ____D C:\Program Files (x86)\deskapp
2017-03-09 09:52 - 2017-03-09 09:52 - 00000000 ____D C:\Program Files (x86)\su1fslra
2017-03-06 15:52 - 2017-03-12 09:13 - 00000000 ____D C:\Program Files (x86)\amulell
2017-03-06 15:51 - 2017-03-15 11:57 - 00003334 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel
2017-03-06 15:51 - 2017-03-06 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ
2017-03-06 15:51 - 2017-03-06 15:51 - 00000000 ____D C:\Program Files (x86)\njm84jkr
2017-03-03 12:11 - 2017-03-17 07:42 - 00000000 ____D C:\Program Files (x86)\amuleCexx
2017-03-02 14:09 - 2017-03-15 16:42 - 00000000 _____ C:\WINDOWS\SysWOW64\4
2017-03-02 14:09 - 2017-03-15 16:42 - 00000000 _____ C:\WINDOWS\SysWOW64\3
2017-03-02 13:58 - 2017-03-02 13:58 - 00000000 ____D C:\Program Files (x86)\f41o3cnv
2017-03-24 15:52 - 2017-01-20 13:26 - 00003664 _____ C:\WINDOWS\System32\Tasks\Milimili
2017-03-24 15:52 - 2017-01-09 13:51 - 00000000 ____D C:\Users\Zbych\AppData\Roaming\WinSnare
2017-03-20 08:12 - 2017-02-25 08:21 - 00009620 _____ C:\Program Files (x86)\metadata
2017-03-20 08:12 - 2017-02-25 08:21 - 00000040 _____ C:\Program Files (x86)\settings.dat
2017-03-20 08:12 - 2017-02-25 08:21 - 00000000 ____D C:\Program Files (x86)\reports
2017-03-13 08:55 - 2016-11-09 23:51 - 00000000 ____D C:\Program Files (x86)\yesbnd
2017-03-12 09:13 - 2016-10-12 14:51 - 00000000 ____D C:\Users\Zbych\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC
2017-03-12 09:13 - 2016-09-23 10:49 - 00000000 ____D C:\Users\Zbych\AppData\Roaming\aMule
2017-03-06 15:51 - 2017-02-28 11:51 - 00000000 ____D C:\Program Files (x86)\BikaQRss
2017-03-03 10:40 - 2017-02-20 13:38 - 00000000 ____D C:\Program Files (x86)\BikaQRssReader
EmptyTemp:
W FRST wybierz Napraw.
Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
oraz
http://ftp.drweb.com/pub/drweb/cureit/launch.exe
Uzyj ponownie adwc i usun to co znajdzie.
Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.