Elektroda.pl
Elektroda.pl
X
CControls
Prosz, dodaj wyj徠ek www.elektroda.pl do Adblock.
Dzi瘯i temu, 瞠 ogl康asz reklamy, wspierasz portal i u篡tkownik闚.

Jak usun望 wirusy 辦拲, uc(chi雟kie znaczki)?

michal70975 05 Kwi 2017 18:43 561 8
  • CControls
  • Pomocny post
    #2 05 Kwi 2017 19:34
    krzychupar
    Poziom 40  

    Odinstaluj:
    amuleC (HKLM-x32\...\{19539992-061C-4E8B-9053-07B175303AF4}) (Version: 1.0.1 - amuleC) <==== UWAGA

    Otw鏎z notatnik systemowy i wklej:
    HKU\S-1-5-21-3067621585-4006159766-3944490062-1000\...\ChromeHTML: -> C:\Program Files (x86)\Standuck\Application\chrome.exe (Google Inc.) <==== UWAGA
    Task: {55DB92F6-79BA-487C-AA57-4EEE2F2E99C8} - System32\Tasks\5adb5f38f0ba7e1c20dc60f518d34e61 => Rundll32.exe "C:\Program Files (x86)\Google\mvtdc3.dll",e62dc6c6547f46bda862da2d05af6862 <==== UWAGA
    Task: {8EA98E16-754F-4036-AEB2-C082BEC325DF} - System32\Tasks\{21274569-FB9C-4C5D-90E6-DDD7C892BC14} => pcalua.exe -a "D:\Ubisoft Game Launcher\games\The Crew (Worldwide)\Support\InsHelper.exe" -d "D:\Ubisoft Game Launcher\games\The Crew (Worldwide)\Support"
    Task: {ABD77583-95DB-44CA-847D-A39F5A50146B} - System32\Tasks\{F260FE52-3914-4E2A-85F8-D36680AC633B} => pcalua.exe -a "C:\drivers\WLAN Driver (Atheros, Broadcom, Realtek)\Setup.exe" -d "C:\drivers\WLAN Driver (Atheros, Broadcom, Realtek)"
    Task: {E52F06C9-5AE9-4329-97DF-0A3D776C4183} - System32\Tasks\osTip => Chrome.exe <==== UWAGA
    Task: {EA770A93-88DE-4A71-A116-A53064BC8967} - System32\Tasks\KuaiZip_Update => C:\PROGRA~1\88D7~1\X86\Update.exe <==== UWAGA
    WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
    ShortcutWithArgument: C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Standuck\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\LENOVO\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Standuck\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\LENOVO\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Standuck\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\LENOVO\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/




    ShortcutWithArgument: C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\88ed70759ffebbd3\Google Chrome.lnk -> C:\Program Files (x86)\Standuck\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
    ShortcutWithArgument: C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Standuck\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
    ShortcutWithArgument: C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\16367def828dc9c9\Google Chrome.lnk -> C:\Program Files (x86)\Standuck\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\LENOVO\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\LENOVO\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Firefox\Firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
    2017-04-05 17:23 - 2017-04-05 17:23 - 00524696 ____C () C:\Program Files\辦拲\X64\KZipShell.dll
    HKU\S-1-5-21-3067621585-4006159766-3944490062-1000\...\Run: [msiql] => C:\Users\LENOVO\AppData\Local\Temp\00028444\msiql.exe [2072064 2017-04-05] () <===== UWAGA
    2017-04-05 17:23 - 2017-04-05 17:23 - 00219032 ____C () c:\program files\辦騉\x86\kuaizipupdatechecker.dll
    HKU\S-1-5-18\...\Run: [] => [X]
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
    IFEO\MRT.exe: [Debugger] c:\programdata\winsapsvc\winsap_update\Gubed.exe -Yrrehs
    ShellExecuteHooks: Brak nazwy - {1D2D8076-AB2D-11E6-9126-64006A5CFC23} - C:\Users\LENOVO\AppData\Roaming\Woweward\Pligtaintemergh.dll -> Brak pliku
    ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\辦拲\X64\KZipShell.dll [2017-04-05] ()
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    Tcpip\..\Interfaces\{6577DBF8-D386-4A33-A6BB-6E5026E3EE1E}: [NameServer] 77.234.40.79
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-3067621585-4006159766-3944490062-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=14809...D10S21X-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71
    HKU\S-1-5-21-3067621585-4006159766-3944490062-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=14809...D10S21X-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71&q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3067621585-4006159766-3944490062-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3067621585-4006159766-3944490062-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&t...-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71&q={searchTerms}
    FF Extension: (Brak nazwy) - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\rgr5cst0.default\extensions\browsermodulecorp@browcorporation.org.xpi [nie znaleziono]
    CHR HomePage: ChromeDefaultData -> hxxp://www.ourluckysites.com/?type=hp&ts=...D10S21X-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.ourluckysites.com/?type=hp&ts=1491084783&z=fec41a98ba25fa9373688a2g7z0t8geebbcz1b5e5o&from=gggn1&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71"
    CHR Profile: C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-04-05] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [459264 2017-02-13] () [Brak podpisu cyfrowego] <==== UWAGA
    R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [DependOnService: iThemes5]<==== UWAGA
    S2 WINSNARE; C:\Users\LENOVO\AppData\Roaming\WINSNARE\WinSnare.dll [1291776 2017-04-05] (InterSect Alliance Pty Ltd) [Brak podpisu cyfrowego] <==== UWAGA
    S4 ed2kidle; "C:\Program Files (x86)\amuleC1\ed2k.exe" -downloadwhenidle [X]
    S2 GoogleChromeUpService; C:\ProgramData\service.exe /s GoogleChromeUpService /uid:51504 /local:br [X] <==== UWAGA
    S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
    S1 iSafeKrnlMon; \??\C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [X]
    S1 p1481094742am; \??\C:\Users\LENOVO\AppData\Local\Temp\bk5B97.tmp\p1481094742am.sys [X] <==== UWAGA
    S1 p1481290870am; \??\C:\Users\LENOVO\AppData\Local\Temp\bk98E5.tmp\p1481290870am.sys [X] <==== UWAGA
    S1 p1481573116am; \??\C:\Users\LENOVO\AppData\Local\Temp\bkF5E3.tmp\p1481573116am.sys [X] <==== UWAGA
    S1 p1481573213am; \??\C:\Users\LENOVO\AppData\Local\Temp\bk7188.tmp\p1481573213am.sys [X] <==== UWAGA
    S1 p1481577470am; \??\C:\Users\LENOVO\AppData\Local\Temp\bk678A.tmp\p1481577470am.sys [X] <==== UWAGA
    S1 p1482422962am; \??\C:\Users\LENOVO\AppData\Local\Temp\bkF70B.tmp\p1482422962am.sys [X] <==== UWAGA
    S1 p1482423026am; \??\C:\Users\LENOVO\AppData\Local\Temp\bkF057.tmp\p1482423026am.sys [X] <==== UWAGA
    S1 p1482423156am; \??\C:\Users\LENOVO\AppData\Local\Temp\bkEF00.tmp\p1482423156am.sys [X] <==== UWAGA
    S1 p1482833246am; \??\C:\Users\LENOVO\AppData\Local\Temp\bkF863.tmp\p1482833246am.sys [X] <==== UWAGA
    S1 p1482833332am; \??\C:\Users\LENOVO\AppData\Local\Temp\bk49EB.tmp\p1482833332am.sys [X] <==== UWAGA
    S1 p1482833376am; \??\C:\Users\LENOVO\AppData\Local\Temp\bkF576.tmp\p1482833376am.sys [X] <==== UWAGA
    S1 p1482922456am; \??\C:\Users\LENOVO\AppData\Local\Temp\bkE60B.tmp\p1482922456am.sys [X] <==== UWAGA
    S1 p1483094549am; \??\C:\Users\LENOVO\AppData\Local\Temp\bk3820.tmp\p1483094549am.sys [X] <==== UWAGA
    S1 p1483178401am; \??\C:\Users\LENOVO\AppData\Local\Temp\bk1CF3.tmp\p1483178401am.sys [X] <==== UWAGA
    S1 p1486233560am; \??\C:\Users\LENOVO\AppData\Local\Temp\bkBBEF.tmp\p1486233560am.sys [X] <==== UWAGA
    S1 p1486233771am; \??\C:\Users\LENOVO\AppData\Local\Temp\bkF585.tmp\p1486233771am.sys [X] <==== UWAGA
    S1 p1486233948am; \??\C:\Users\LENOVO\AppData\Local\Temp\bkA795.tmp\p1486233948am.sys [X] <==== UWAGA
    S1 p1486234079am; \??\C:\Users\LENOVO\AppData\Local\Temp\bkAA15.tmp\p1486234079am.sys [X] <==== UWAGA
    S1 p1486641048am; \??\C:\Users\LENOVO\AppData\Local\Temp\bk3247.tmp\p1486641048am.sys [X] <==== UWAGA
    S3 RTSPER; system32\DRIVERS\RtsPer.sys [X]
    S1 ucdrv; \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [X] <==== UWAGA
    2017-04-05 17:32 - 2017-04-05 17:25 - 00797672 ____C (深圳市史宾赛科技有限公司) C:\Users\LENOVO\AppData\Local\FlowSprit.dll
    2017-04-05 17:32 - 2017-04-05 17:25 - 00516072 ____C (深圳市史宾赛科技有限公司) C:\Users\LENOVO\AppData\Local\uninst.tmp
    2017-04-05 17:23 - 2017-04-05 17:26 - 00000000 ___DC C:\Program Files\辦拲
    2017-04-05 17:23 - 2017-04-05 17:23 - 00092832 _____ (WinMount International Inc) C:\Windows\system32\Drivers\KuaiZipDrive.sys
    2017-04-05 17:23 - 2017-04-05 17:23 - 00003390 _____ C:\Windows\System32\Tasks\KuaiZip_Update
    2017-04-05 17:23 - 2017-04-05 17:23 - 00000000 ___DC C:\Users\LENOVO\AppData\Roaming\Softlink
    2017-04-05 17:23 - 2017-04-05 17:23 - 00000000 ___DC C:\Users\LENOVO\AppData\Roaming\KuaiZip
    2017-04-05 17:23 - 2017-04-05 17:23 - 00000000 ___DC C:\Users\LENOVO\AppData\Local\UCBrowser
    2016-12-07 17:55 - 2017-04-05 18:32 - 0082236 ____C () C:\Program Files (x86)\metadata
    2016-12-07 17:55 - 2017-04-05 18:26 - 0000040 ____C () C:\Program Files (x86)\settings.dat
    2017-04-05 17:32 - 2017-04-05 17:25 - 0797672 ____C (深圳市史宾赛科技有限公司) C:\Users\LENOVO\AppData\Local\FlowSprit.dll
    2016-12-04 06:06 - 2016-12-04 06:06 - 0005689 ____C () C:\Users\LENOVO\AppData\Local\recently-used.xbel
    2017-02-04 21:10 - 2017-03-19 19:31 - 0007609 ____C () C:\Users\LENOVO\AppData\Local\Resmon.ResmonCfg
    2017-04-05 17:32 - 2017-04-05 17:25 - 0516072 ____C (深圳市史宾赛科技有限公司) C:\Users\LENOVO\AppData\Local\uninst.tmp
    2016-08-21 15:43 - 2016-08-21 15:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2017-04-05 17:21 - 2017-04-05 17:31 - 0965632 __SHC () C:\ProgramData\igfxDH.dll
    C:\Users\LENOVO\AppData\Local\Temp\00028444\msiql.exe
    C:\ProgramData\igfxDH.dll
    EmptyTemp:

    Plik zapisz pod nazw fixlist.txt i umie嗆 obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix/Napraw.

    Po wykonaniu zamie嗆 nowe logi z FRST.

    0
  • CControls
  • #3 05 Kwi 2017 20:31
    michal70975
    Poziom 3  

    Nie mog odinstalowa tego programu amulec (nie pokazuje mi go w programach)

    0
  • Pomocny post
    #4 05 Kwi 2017 20:32
    Kolobos
    Spec od komputer闚

    Pomin i wykonaj reszte.

    0
  • Pomocny post
    #6 05 Kwi 2017 20:52
    Kolobos
    Spec od komputer闚

    Odinstaluj Adobe Reader 9.0, zmien na najnowsza wersje AR lub na Foxit: http://ninite.com/foxit/

    µTorrent przeinstaluj.

    Nowy Fixlist.txt dla FRST:
    Task: {9A7A35DC-FFA5-48DF-B9AC-A6EB20A8B1E0} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-03-31] ()
    Task: {F0D2158A-1469-443F-80FE-54E8BC075E10} - System32\Tasks\Gifosh Server => C:\Program Files (x86)\Reerjale\rapus.exe [2016-12-02] (Glarysoft Ltd)
    C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
    C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk
    C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\88ed70759ffebbd3\Google Chrome.lnk
    C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk
    C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\16367def828dc9c9\Google Chrome.lnk
    () C:\Users\LENOVO\AppData\Local\clean\Kyubey.exe
    () C:\Users\LENOVO\AppData\Roaming\Kyubey\Kyubey.exe
    () C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
    () C:\Program Files (x86)\ttt\uc.exe
    () C:\Program Files (x86)\ttt\uc.exe
    (BitTorrent Inc.) C:\Users\LENOVO\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
    (BitTorrent Inc.) C:\Users\LENOVO\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe
    HKU\S-1-5-21-3067621585-4006159766-3944490062-1000\...\Run: [svchost0] => C:\Program Files (x86)\ttt\uc.exe [139350 2017-04-05] ()
    HKU\S-1-5-21-3067621585-4006159766-3944490062-1000\...\Run: [apphide] => C:\Program Files (x86)\ttt\uc.exe [139350 2017-04-05] ()
    HKLM\...\Providers\gmvtdc3g: C:\Program Files (x86)\OpenAL\\local64spl.dll
    IFEO\taskmgr.exe: [Debugger]
    ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll -> Brak pliku
    ProxyServer: [S-1-5-21-3067621585-4006159766-3944490062-1000] => http=127.0.0.1:8808;https=127.0.0.1:8808
    Tcpip\..\Interfaces\{EED09DF5-0D04-4CA2-A463-DBC34291867F}: [DhcpNameServer] 172.16.243.1
    FF Extension: (SimilarWeb) - C:\Users\LENOVO\AppData\Roaming\Firefox\Firefox\Profiles\rgr5cst0.default\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-02-04] [Brak podpisu cyfrowego]
    FF Extension: (FF Adr) - C:\Users\LENOVO\AppData\Roaming\Firefox\Firefox\Profiles\rgr5cst0.default\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-02-04] [Brak podpisu cyfrowego]
    FF SearchPlugin: C:\Users\LENOVO\AppData\Roaming\Firefox\Firefox\Profiles\rgr5cst0.default\searchplugins\startsearch.xml [2017-03-31]
    CHR DefaultProfile: ChromeDefaultData
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Standuck\Application\chrome.exe
    R2 clean; C:\Users\LENOVO\AppData\Local\clean\Kyubey.exe [114176 2017-03-31] () [Brak podpisu cyfrowego]
    R2 FirefoxU; C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe [108208 2017-03-31] ()
    R2 Kyubey; C:\Users\LENOVO\AppData\Roaming\Kyubey\Kyubey.exe [240128 2017-04-05] () [Brak podpisu cyfrowego]
    R2 WinSAPSvc; C:\Users\LENOVO\AppData\Roaming\WinSAPSvc\WinSAP.dll [181248 2017-04-05] (Windows) [Brak podpisu cyfrowego]
    S2 KuaizipUpdateChecker; C:\Program Files\辦拲\X86\kuaizipUpdateChecker.dll [X]
    R0 flowhlp; C:\Windows\System32\drivers\flowhlp.dat [155168 2017-04-05] () [Brak podpisu cyfrowego]
    S2 KuaiZipDrive; \??\C:\Windows\system32\drivers\KuaiZipDrive.sys [X]
    2017-04-05 20:38 - 2017-04-05 20:39 - 00001208 ____C C:\Program Files (x86)\metadata
    2017-04-05 20:38 - 2017-04-05 20:38 - 00000040 ____C C:\Program Files (x86)\settings.dat
    2017-04-05 17:35 - 2017-04-05 18:21 - 00000058 _____ C:\Windows\SysWOW64\data
    2017-04-05 17:33 - 2017-04-05 17:33 - 00000000 __HDC C:\$AV_ASW
    2017-04-05 17:25 - 2017-04-05 17:25 - 00155168 _____ C:\Windows\system32\Drivers\flowhlp.dat
    2017-04-05 17:22 - 2017-04-05 17:22 - 00000000 _SHDC C:\ProgramData\WindowsMsg
    2017-04-05 17:22 - 2017-04-05 17:22 - 00000000 ___DC C:\Users\LENOVO\AppData\Roaming\UCChannel
    2017-04-05 17:22 - 2017-04-05 17:22 - 00000000 ___DC C:\Program Files (x86)\ttt
    2017-04-05 17:21 - 2017-04-05 18:22 - 00000000 ___DC C:\Users\LENOVO\AppData\Local\MicrosoftHelper
    2017-04-05 17:21 - 2017-04-05 17:21 - 00000000 _SHDC C:\Users\LENOVO\AppData\Local\svchost
    2017-04-05 17:21 - 2017-04-05 17:21 - 00000000 ___DC C:\Users\LENOVO\AppData\Local\MicrosoftUpdater
    2017-04-05 17:21 - 2017-04-05 17:21 - 00000000 ___DC C:\Users\LENOVO\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
    2017-04-05 15:28 - 2017-04-05 15:28 - 00000000 ___DC C:\Users\LENOVO\AppData\Local\clean
    2017-04-02 00:13 - 2017-04-05 13:29 - 00000000 ___DC C:\Program Files (x86)\n1
    2017-03-30 13:56 - 2017-04-05 10:36 - 00000000 ___DC C:\Program Files\MK
    2017-03-27 15:06 - 2017-04-04 12:02 - 00000000 ___DC C:\Users\LENOVO\AppData\Roaming\clean
    2017-03-07 15:52 - 2016-05-23 04:41 - 00055056 _____ (Elex do Brasil Participaões Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
    2017-03-07 15:52 - 2016-05-19 08:42 - 00052392 _____ (Elex do Brasil Participaões Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2017-04-05 20:39 - 2016-12-07 17:55 - 00000000 ___DC C:\Program Files (x86)\reports
    2017-04-05 20:35 - 2016-12-07 17:54 - 00000000 _____ C:\Users\Public\Documents\report.dat
    2017-04-05 20:34 - 2017-03-02 15:45 - 00000000 _____ C:\Windows\SysWOW64\4
    2017-04-05 20:34 - 2017-02-06 12:31 - 00000000 ___DC C:\Users\LENOVO\AppData\Roaming\WinSnare
    2012017-04-05 19:04 - 2016-12-07 17:54 - 00000000 ___DC C:\ProgramData\ttff
    2017-04-05 19:04 - 2016-12-07 17:54 - 00000000 ___DC C:\ProgramData\dgjdg
    2017-04-05 19:04 - 2016-12-02 15:23 - 00000000 ___DC C:\ProgramData\WinSAPSvc
    2017-04-05 15:28 - 2017-03-02 15:44 - 00000000 ___DC C:\Users\LENOVO\AppData\Roaming\Kyubey
    2017-04-05 15:28 - 2017-02-04 20:48 - 00003616 _____ C:\Windows\System32\Tasks\Milimili
    2017-04-05 15:28 - 2016-12-07 17:54 - 00000000 _____ C:\Users\Public\Documents\temp.dat
    2017-04-05 13:29 - 2017-02-13 14:18 - 00000000 ___DC C:\Users\LENOVO\AppData\Roaming\WinSAPSvc
    2017-03-17 11:18 - 2017-02-13 14:18 - 00000000 ___DC C:\ProgramData\wintools
    2017-03-08 13:51 - 2016-12-28 16:59 - 00000000 ___DC C:\Program Files (x86)\Elex-tech
    2017-04-05 20:38 - 2017-04-05 20:39 - 0001208 ____C () C:\Program Files (x86)\metadata
    2017-04-05 20:38 - 2017-04-05 20:38 - 0000040 ____C () C:\Program Files (x86)\settings.dat
    EmptyTemp:


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
    oraz http://ftp.drweb.com/pub/drweb/cureit/launch.exe

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #8 05 Kwi 2017 21:36
    Kolobos
    Spec od komputer闚

    Sprawdz czy juz mozesz usunac amuleC z listy programow.



    Zgraj zakladki z Chrome, odinstaluj Chrome, usun dane synchronizacji z konta google:
    https://support.google.com/chrome/answer/6386691?hl=pl

    Wykonaj nowy Fixlist.txt:
    CHR DefaultProfile: ChromeDefaultData
    CHR HomePage: ChromeDefaultData -> hxxps://www.google.pl/
    CHR StartupUrls: ChromeDefaultData -> "hxxp://www.google.pl/","hxxp://www.amisites.com/?type=hp&ts=1480929589&z=a5a2f5bbe8c68e09bf8baa5g5z1bce1taobt1w7tfc&from=che0812&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71","hxxp://www.amisites.com/?type=hp&ts=1481294456&z=1a41089b68c252ca5e8a50fg7z5b4gfo0t2zdzbqfe&from=archer1028&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71","hxxp://www.amisites.com/?type=hp&ts=1482132075&z=1d021c6518962ff0ed63e3eg1zeb6odgcc7o1eam7m&from=archer1028&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71","hxxp://www.amisites.com/?type=hp&ts=1482313259&z=9e51f52f28889d18dc9ef38gaz8b8oec4g7c6o1q6o&from=che0812&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX71A456FY716FY71"
    CHR Session Restore: ChromeDefaultData -> [funkcja w陰czona]
    C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
    R0 flowhlp; system32\drivers\flowhlp.dat [X]
    2017-04-05 21:17 - 2017-04-05 21:18 - 00000040 ____C C:\Program Files (x86)\settings.dat
    2017-04-05 21:17 - 2017-04-05 21:17 - 00000000 ___DC C:\Program Files (x86)\reports
    2017-04-05 21:17 - 2017-04-05 21:17 - 00000000 ____C C:\Program Files (x86)\metadata
    2017-04-05 19:04 - 2016-12-07 17:54 - 00000000 ___DC C:\ProgramData\ttff
    2017-04-01 11:48 - 2017-03-02 15:45 - 00000000 _____ C:\Windows\SysWOW64\3

    Po wykonaniu usun katalog C:\FRST i zainstaluj Chrome ponownie.

    0
  • #9 05 Kwi 2017 22:18
    michal70975
    Poziom 3  

    Dzi瘯uje za pomoc ;) programu amulec nadal nie pokazuje na li軼ie program闚

    0